Hidden objects found after scan

Lenovo / 7659ck8
May 28, 2010 at 23:07:25
Specs: Windows XP SP3, 2.094 GHz / 2022 MB
I have Avira antivirus and I scan my computer
daily. Usually the searches come up clean but
for the past couple of day it's been finding
more and more hidden objects and I'm not
sure if they're dangerous or not. Here is part of
the log of my last scan:


Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet
001\Services\SKYNETalxjnawv\main
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet
001\Services\SKYNETalxjnawv\modules
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet
001\Services\SKYNETalxjnawv\start
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet
001\Services\SKYNETalxjnawv\type
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet
001\Services\SKYNETalxjnawv\group
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet
001\Services\SKYNETalxjnawv\group
\systemroot\system32\drivers\SKYNETyaqonp
sa.sys
C:\WINDOWS\system32\drivers\SKYNETyaqo
npsa.sys
[NOTE] The registry entry is invisible.
\systemroot\system32\drivers\SKYNETyaqonp
sa.sys
HKEY_LOCAL_MACHINE\System\ControlSet
002\Services\SKYNETalxjnawv\main
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet
002\Services\SKYNETalxjnawv\modules
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet
002\Services\SKYNETalxjnawv\start
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet
002\Services\SKYNETalxjnawv\type
[NOTE] The registry entry is invisible.
SynTPLpr.exe
[NOTE] The process is not visible.

So I just wanted to know if I should be worried
about any of these?


See More: Hidden objects found after scan

Report •


#1
May 28, 2010 at 23:23:33
Yes, you need to perform certain necessary actions, since these are hidden objects found in your Registry. The SKYNETalxjnawv is a form of Trojan known as Trojan.TDSS

Scan your computer using MalwareBytes Anti-Malware (MBAM)

Steps:
1. Download and Install MBAM
2. Update Malware Definitions
3. Perform a System Scan
4. Check Scan Restuls


Report •

#2
May 29, 2010 at 01:18:15
I MBAM and the searches have been coming up clean. I also
have SuperAntiSpyware and it even after I remove what's found
they just keep coming back when I re-scan.

Report •

#3
May 29, 2010 at 10:42:52
I scanned with combofix too but it did not delete the TDSS.
Here's the log though:

ComboFix 10-05-28.06 - sfene349 05/29/2010 7:59.1.2 - x86
Microsoft Windows XP Professional
5.1.2600.3.1252.1.1033.18.2022.1419 [GMT -4:00]
Running from: c:\documents and settings\student\My
Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled*
(Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application
Data\93899526.ini
c:\documents and settings\All Users\Start
Menu\Programs\Internet Explorer.lnk

c:\windows\system32\drivers\asyncmac.sys was missing
Restored copy from -
c:\windows\system32\dllcache\asyncmac.sys

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-
29 )))))))))))))))))))))))))))))))
.

2010-05-29 12:05 . 2008-04-13 18:57 14336 -c--a-w-
c:\windows\system32\dllcache\asyncmac.sys
2010-05-29 10:53 . 2010-05-29 10:53 -------- d-----w-
c:\documents and settings\student\Local Settings\Application
Data\Help
2010-05-29 10:43 . 2010-05-29 10:43 2 --shatr-
c:\windows\winstart.bat
2010-05-29 10:43 . 2010-05-29 11:46 -------- d-----w-
c:\program files\UnHackMe
2010-05-23 17:04 . 2010-05-23 17:06 -------- d-----w-
c:\program files\Windows Live Safety Center
2010-05-10 02:30 . 2010-05-10 02:30 -------- d-----w-
c:\documents and settings\All Users\Application Data\AIM
2010-05-10 02:30 . 2010-05-10 02:30 -------- d-----w-
c:\program files\AIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 12:08 . 2009-02-06 23:09 17408 ----a-w-
c:\windows\system32\rpcnetp.exe
2010-05-29 12:08 . 2008-05-02 21:01 56680 ----a-w-
c:\windows\system32\rpcnet.dll
2010-05-27 14:39 . 2009-09-02 06:54 -------- d-----w-
c:\program files\SUPERAntiSpyware
2010-05-14 08:27 . 2010-01-13 17:45 -------- d-----w-
c:\documents and settings\student\Application Data\IMVU
2010-05-11 20:47 . 2008-04-08 18:37 -------- d-----w-
c:\documents and settings\All Users\Application
Data\Microsoft Help
2010-05-10 02:30 . 2009-06-30 03:23 -------- d-----w-
c:\documents and settings\All Users\Application Data\AOL
Downloads
2010-05-04 06:09 . 2009-09-02 21:26 -------- d-----w-
c:\program files\GIMP-2.0
2010-05-01 07:46 . 2009-11-22 23:06 -------- d-----w-
c:\documents and settings\student\Application Data\vlc
2010-04-30 02:02 . 2010-02-10 01:10 -------- d-----w-
c:\program files\Malwarebytes' Anti-Malware
2010-04-29 19:39 . 2010-02-10 01:10 38224 ------w-
c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-02-10 01:10 20952 ------w-
c:\windows\system32\drivers\mbam.sys
2010-04-15 06:13 . 2010-04-04 00:58 -------- d-----w-
c:\program files\Sophos
2010-04-12 02:59 . 2010-04-03 23:53 -------- d-----w-
c:\program files\ProcessGuard
2010-04-05 00:05 . 2009-09-02 21:28 -------- d-----w-
c:\documents and settings\student\Application Data\gtk-2.0
2010-04-04 00:43 . 2010-04-04 00:43 -------- d-----w-
c:\documents and settings\All Users\Application Data\F-
Secure
2010-03-31 03:18 . 2010-03-31 03:18 -------- d-----w-
c:\documents and settings\student\Application Data\Avira
2010-03-11 12:18 . 2009-02-07 22:45 69232 ------w-
c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w-
c:\windows\system32\vbscript.dll
2010-03-01 13:05 . 2009-09-03 18:56 124784 ------w-
c:\windows\system32\drivers\avipbb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Run]
"Google Update"="c:\documents and settings\student\Local
Settings\Application Data\Google\Update\GoogleUpdate.exe"
[2009-02-08 133104]
"SUPERAntiSpyware"="c:\program
files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-
27 2397424]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14
15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05
141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-
03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-
05 137752]
"TPHOTKEY"="c:\program
files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Ex
e" [2007-04-27 243248]
"ACTray"="c:\program
files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05
413696]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRT
R.DLL" [2008-01-11 294912]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL"
[2008-01-11 208896]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe"
[2008-03-26 59680]
"TPKMAPHELPER"="c:\program
files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SynTPLpr"="c:\program
files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program
files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"TVT Scheduler Proxy"="c:\program files\Common
Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04
487424]
"SoundMAXPnP"="c:\program files\Analog
Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe"
[2008-01-11 144728]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.
exe" [2008-01-11 124248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-
02-02 122940]
"CameraApplicationLauncher"="c:\program
files\Lenovo\Camera
Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-
01-04 16384]
"AwaySch"="c:\program
files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ISUSScheduler"="c:\program files\Common
Files\InstallShield\UpdateService\issch.exe" [2004-07-27
81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe"
[2010-03-02 282792]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe"
[2009-09-04 158448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe"
[2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[2009-11-12 141600]
"ISUSPM
Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.
exe" [2004-07-27 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Curr
entVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~
1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\windows\system32\config\systemprofile\Start
Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program
files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26
97680]

c:\documents and settings\student\Start
Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program
files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26
97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curren
tversion\policies\system]
"LogonType"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversi
on\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=
"c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-
05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 03:48 548352 ------w- c:\program
files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 20:37 34344 ------w- c:\program
files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 20:36 28672 ------w- c:\program
files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\s
ession manager]
BootExecute REG_MULTI_SZ autocheck autochk /r
\??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\13889534
HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\93899526
HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ShStatEXE
HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\sysldtray
HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\systgray2
HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Windows Defender

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ------w- c:\program
files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\snp2uvc]
2006-12-28 23:48 569344 ------w-
c:\windows\vsnp2uvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-08 05:08 149280 ------w- c:\program
files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\TpShocks]
2007-11-22 19:09 181536 ------w-
c:\windows\system32\TpShocks.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\sta
ndardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common
Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft
Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft
Office\\Office12\\ONENOTE.EXE"=
"c:\\Program
Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common
Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\student\\Local
Settings\\Application
Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Zune\\ZuneLauncher.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

R0
TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86
.sys [10/16/2007 6:32 PM 19504]
R1 SASDIFSV;SASDIFSV;c:\program
files\SUPERAntiSpyware\SASDIFSV.SYS [8/5/2009 4:06 PM
12872]
R1 SASKUTIL;SASKUTIL;c:\program
files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM
67656]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys
[12/5/2007 4:42 PM 46656]
R2 AntiVirSchedulerService;Avira AntiVir
Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe
[9/3/2009 2:56 PM 135336]
R2 TVT Backup Protection Service;TVT Backup Protection
Service;c:\program files\Lenovo\Rescue and
Recovery\rrpservice.exe [12/5/2007 5:17 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update
Monitor;c:\program files\Lenovo\Rescue and
Recovery\UpdateMonitor.exe [12/5/2007 4:42 PM 249856]
R3 TVTI2C;Lenovo SM bus
driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 2:59
PM 30336]
S3 MEMSWEEP2;MEMSWEEP2;\??
\c:\windows\system32\2F.tmp -->
c:\windows\system32\2F.tmp [?]
S3 SASENUM;SASENUM;c:\program
files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM
12872]
.
Contents of the 'Scheduled Tasks' folder

2010-05-28 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-
21-2557646409-1051260155-4167241404-1005Core.job
- c:\documents and settings\student\Local
Settings\Application Data\Google\Update\GoogleUpdate.exe
[2009-02-08 08:05]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-
21-2557646409-1051260155-4167241404-1005UA.job
- c:\documents and settings\student\Local
Settings\Application Data\Google\Update\GoogleUpdate.exe
[2009-02-08 08:05]

2010-05-28 c:\windows\Tasks\Malwarebytes' Anti-Malware.job
- c:\progra~1\MALWAR~1\mbam.exe [2010-04-03 19:39]

2010-05-29 c:\windows\Tasks\User_Feed_Synchronization-
{2407B7C9-A876-4BCB-A881-E614B95A352D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cpprod.stjohns.edu
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} -
c:\documents and settings\student\Start
Menu\Programs\IMVU\Run IMVU.lnk
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Notify-ACNotify - ACNotify.dll

***********************************************************************
***

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware
detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 08:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

***********************************************************************
***

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\M
EMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curre
ntVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curre
ntVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curre
ntVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes --------
-------------

- - - - - - - > 'winlogon.exe'(1020)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'explorer.exe'(1132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common
Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\Common
Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common
Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
.
***********************************************************************
***
.
Completion time: 2010-05-29 08:23:25 - machine was
rebooted
ComboFix-quarantined-files.txt 2010-05-29 12:23

Pre-Run: 31,749,849,088 bytes free
Post-Run: 33,016,217,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery
Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft
Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=2 LastKnownGood=3
Sets=1,2,3,4
- - End Of File - - 8FC9F7C377A2324072BDD72738D8312B


Report •

Related Solutions

#4
May 31, 2010 at 16:15:40
Hi, I would try booting into safe mode (F8) and then trying this: http://support.kaspersky.com/viruse... (download the one that says TDDS). Let me know if it works.

Report •

#5
June 2, 2010 at 14:10:47
Actually a friend of a friend was able to finally remove the virus,
but thanks for the advice. The only problem now is that when I
scan with SAS it keeps finding a flash tracking cookie. The folder
is called content.oddcast.com and the only file in it is named
oddcast_so. I tried removing it with SAS but it just keeps coming
back after I reboot, so I tried to delete it manually. As soon as I
move it to the recycle bin it instantly reappears. Any advice on
how to remove it permanently?

Report •

#6
January 15, 2011 at 07:18:51
Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
I have Avira antivirus and I scan my computer
daily. so now it found 2 hidden objects does it means i have vrius?

AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/7/2011 04:23:32
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/7/2011 04:23:32
LUKE.DLL : 10.0.3.2 104296 Bytes 1/7/2011 04:23:35
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 15:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 01:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 12:39:54
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 12:39:54
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 12:39:54
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 12:39:54
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 12:39:54
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 12:39:54
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 12:39:54
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 12:39:54
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 12:39:54
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 12:39:55
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 12:39:55
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 12:39:55
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 12:39:55
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 12:39:55
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 12:39:55
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 12:39:55
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 12:39:55
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 12:39:55
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 04:23:29
VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 12:07:35
VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 12:07:36
VBASE022.VDF : 7.11.1.87 225280 Bytes 1/11/2011 11:03:47
VBASE023.VDF : 7.11.1.124 125440 Bytes 1/14/2011 11:37:00
VBASE024.VDF : 7.11.1.125 2048 Bytes 1/14/2011 11:37:00
VBASE025.VDF : 7.11.1.126 2048 Bytes 1/14/2011 11:37:01
VBASE026.VDF : 7.11.1.127 2048 Bytes 1/14/2011 11:37:01
VBASE027.VDF : 7.11.1.128 2048 Bytes 1/14/2011 11:37:02
VBASE028.VDF : 7.11.1.129 2048 Bytes 1/14/2011 11:37:02
VBASE029.VDF : 7.11.1.130 2048 Bytes 1/14/2011 11:37:03
VBASE030.VDF : 7.11.1.131 2048 Bytes 1/14/2011 11:37:04
VBASE031.VDF : 7.11.1.144 41472 Bytes 1/14/2011 11:37:07
Engineversion : 8.2.4.140
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/3/2011 12:41:48
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/7/2011 04:23:30
AESCN.DLL : 8.1.7.2 127349 Bytes 1/3/2011 12:41:24
AESBX.DLL : 8.1.3.2 254324 Bytes 1/3/2011 12:41:52
AERDL.DLL : 8.1.9.2 635252 Bytes 1/3/2011 12:41:19
AEPACK.DLL : 8.2.4.7 512375 Bytes 1/3/2011 12:41:09
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 1/3/2011 12:41:03
AEHEUR.DLL : 8.1.2.64 3154294 Bytes 1/7/2011 04:23:30
AEHELP.DLL : 8.1.16.0 246136 Bytes 1/3/2011 12:40:33
AEGEN.DLL : 8.1.5.1 397683 Bytes 1/7/2011 04:23:30
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/3/2011 12:40:17
AECORE.DLL : 8.1.19.0 196984 Bytes 1/3/2011 12:40:13
AEBB.DLL : 8.1.1.0 53618 Bytes 1/3/2011 12:40:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 04:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 04:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 08:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 1/7/2011 04:23:32
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/7/2011 04:23:32
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/7/2011 04:23:30
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 01:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 04:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 07:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 06:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 05:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/7/2011 04:23:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, January 15, 2011 21:12

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot13\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000009\00000000\type
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot13\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000009\00000000\data
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'taskeng.exe' - '26' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '67' Module(s) have been scanned
Scan process 'chrome.exe' - '65' Module(s) have been scanned
Scan process 'chrome.exe' - '76' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avcenter.exe' - '101' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '29' Module(s) have been scanned
Scan process 'taskhost.exe' - '47' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '58' Module(s) have been scanned
Scan process 'skypePM.exe' - '72' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'sidebar.exe' - '107' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'StikyNot.exe' - '37' Module(s) have been scanned
Scan process 'Skype.exe' - '169' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '50' Module(s) have been scanned
Scan process 'USBGuard.exe' - '51' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'avguard.exe' - '64' Module(s) have been scanned
Scan process 'Explorer.EXE' - '196' Module(s) have been scanned
Scan process 'Dwm.exe' - '46' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'taskhost.exe' - '52' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '84' Module(s) have been scanned
Scan process 'svchost.exe' - '72' Module(s) have been scanned
Scan process 'svchost.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '145' Module(s) have been scanned
Scan process 'svchost.exe' - '119' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '64' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '0' files ).


Starting the file scan:

Begin scan in 'C:\'


End of the scan: Saturday, January 15, 2011 22:53
Used time: 1:40:54 Hour(s)

The scan has been done completely.

12476 Scanned directories
144810 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
144810 Files not concerned
1116 Archives were scanned
0 Warnings
0 Notes
359124 Objects were scanned with rootkit scan
2 Hidden objects were found


Report •

Ask Question