Remote Access Trojan?

[chewbaccagu]

Windows Defender gave me a warning message saying I had a severe threat on my system. It was listed as RemoteAccess:Win32/HostControl

I spent a great deal of time scanning my pc but nothing was found and the warning message has come up a few times.

Thanks in advance.

Here is my DDS text: (quick note - my user name is my full name, so in the DDS file I changed my last name wherever listed to -lastname- since this is a public forum)

DDS (Ver_09-10-26.01) - NTFSx86
Run by Thomas -lastname- at 20:22:31.67 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2229 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\libusbd-nt.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Users\Thomas -lastname-\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\Thomas -lastname-\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://students.animationmentor.com/#main.main
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080905
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080905
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [SansaDispatch] c:\users\thomas -lastname-\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [Aim6]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [<NO NAME>]
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [OEM05Mon.exe] c:\windows\OEM05Mon.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\thomas~1\appdata\roaming\mozilla\firefox\profiles\pjjzih72.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.thehungersite.com/clickToGive/home.faces?siteId=1
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-25 309008]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-28 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-18 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-2-3 33792]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-9-5 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-9-5 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-9-5 31616]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2009-2-3 15616]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 AKJDGF;AKJDGF;c:\users\thomas~1\appdata\local\temp\akjdgf.exe --> c:\users\thomas~1\appdata\local\temp\AKJDGF.exe [?]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2009-8-24 297472]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-9-5 141376]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-2-4 27904]

=============== Created Last 30 ================

2009-10-28 23:09:04 0 d-----w- c:\programdata\F-Secure
2009-10-28 15:52:04 0 d-----w- c:\users\thomas -lastname-\DoctorWeb
2009-10-28 13:50:53 0 d---a-w- c:\programdata\TEMP
2009-10-28 12:52:45 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-28 12:52:45 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-27 21:47:20 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 21:47:18 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 21:57:45 0 d-----w- c:\programdata\IObit
2009-10-25 21:57:43 0 d-----w- c:\program files\IObit
2009-10-20 03:29:03 8430 ----a-w- C:\SUNSHINE_CLEANING.MDS
2009-10-20 03:17:46 8026966016 ----a-w- C:\SUNSHINE_CLEANING.ISO
2009-10-15 01:54:25 0 d-sh--w- c:\windows\system32\%APPDATA%
2009-10-14 23:48:41 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 23:48:37 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 23:48:37 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 23:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 23:41:56 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 23:41:55 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-07 06:49:53 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-07 06:49:28 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-07 06:49:06 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-07 06:49:06 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-04 14:35:59 0 d-----w- c:\temp\DMTemp
2009-10-03 07:28:31 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 17:03:46 0 d-----w- c:\program files\Fraps
2009-10-02 16:15:22 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-10-02 16:15:21 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-10-02 16:15:04 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-10-02 16:14:54 0 d-----w- c:\windows\Replay Media Catcher
2009-10-02 16:14:45 0 d-----w- c:\program files\Replay Media Catcher
2009-10-02 16:07:08 0 d-----w- c:\program files\Zeallsoft
2009-10-02 15:56:57 0 d-----w- c:\program files\Quick Screen Capture
2009-10-02 15:56:57 0 d-----w- C:\MyCaptures
2009-10-01 20:29:43 0 d-----w- c:\programdata\Yahoo! Companion
2009-10-01 20:29:06 0 d-----w- c:\programdata\Yahoo!
2009-10-01 20:29:02 0 d-----w- c:\program files\Yahoo!
2009-09-30 16:40:05 0 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-09-30 16:35:19 0 d-----w- c:\program files\common files\Nikon
2009-09-30 16:35:15 0 d-----w- c:\program files\Nikon
2009-09-30 16:34:52 0 d-----w- c:\programdata\Ultima_T15
2009-09-30 16:34:52 0 d-----w- c:\programdata\EnterNHelp
2009-09-30 16:34:52 0 ---h--w- c:\programdata\PKP_DLdu.DAT

==================== Find3M ====================

2009-10-27 14:53:42 8068 ----a-w- c:\users\thomas~1\appdata\roaming\wklnhst.dat
2009-09-30 16:49:46 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-30 16:34:46 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-09-16 15:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 15:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-13 12:18:57 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-13 12:18:57 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-13 04:12:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-13 04:00:40 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-05 20:55:06 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-05 20:55:06 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-29 05:09:28 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:56:34 186581 ----a-w- c:\windows\hpwins23.dat
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 14:11:08 108544 ------w- c:\windows\system32\pxcpyi64.exe
2009-08-04 14:11:08 10752 ------w- c:\windows\system32\pxwma.dll
2009-08-04 14:11:08 103936 ------w- c:\windows\system32\pxinsi64.exe
2009-08-03 20:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-10-11 20:57:18 76 --sh--r- c:\windows\CT4CET.bin
2008-09-05 16:27:15 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:23:57.53 ===============

[chewbaccagu]

BUMP, please

[chewbaccagu]

Is anyone going to help or should I just go somewhere else?

[Ried]

Hello chewbaccagu,

I'm not seeing any malware in the logs, and unfortunately, Windows Defender isn't telling you what file or program is being detected as such. Without more information, there isn't much we can do.

It could also be a false positive, flagging one of your onboard programs such as downloader software.


Please run this online scan and we'll see if it reveals anything for us.


Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

[chewbaccagu]

Here's the scan. Doesn't look like it found anything.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, November 12, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 11, 2009 17:19:38
Records in database: 3192082
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 293697
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 26:52:48


File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.

[Ried]

I'm wondering if Windows Defender is alerting to mIRC as well, due to the nature of the program. If you installed mIRC, you can safely ignore the warnings.

As I mentioned before, without Windows Defender giving us more detail - like the name of the file it sees as a threat, there isn't much we can do. All your scans are coming up clean so it leads me to believe that it is a false positive.

Any software you have installed that has the capability of remote access, (programs that search your system such as HP, to determine if you need updates, etc.,) could be what it is flagging.

[chewbaccagu]

I'll keep an eye on it. Thanks for your help.