# Is this a virus?



## victim8u (Oct 25, 2007)

A0000120.EXE. Showing up in my comodo anti-virus sweep as suspicious. Im wondering if comodo is being paranoid or if this is something I should worry about. Don't see anything online either way to confirm or deny. Thanks.

Here is the comodo log and hijack this.

COMODO Internet Security Logs

Table

:

Antivirus Logs

Date Created

:

7/9/2009 9:18:46 AM

Log Scope

:

Today

Records count

:

5
Date/Time	Action	Location	Malware Name	Status
7/9/2009 1:59:29 AM	Detect	E:\System Volume Information\_restore{636E0830-93BC-42CA-9E58-8CDFD6E3B8A6}\RP6\A0000120.exe	[email protected] Success
7/9/2009 3:08:04 AM	Detect	E:\System Volume Information\_restore{636E0830-93BC-42CA-9E58-8CDFD6E3B8A6}\RP6\A0000120.exe	[email protected] Success
7/9/2009 4:11:23 AM	Detect	E:\System Volume Information\_restore{636E0830-93BC-42CA-9E58-8CDFD6E3B8A6}\RP6\A0000120.exe	[email protected] Success
7/9/2009 5:59:23 AM	Detect	E:\System Volume Information\_restore{636E0830-93BC-42CA-9E58-8CDFD6E3B8A6}\RP6\A0000120.exe	[email protected] Success
7/9/2009 7:59:23 AM	Detect	E:\System Volume Information\_restore{636E0830-93BC-42CA-9E58-8CDFD6E3B8A6}\RP6\A0000120.exe	[email protected] Success

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:47 AM, on 7/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
E:\Programs\Comodo\COMODO Internet Security\cmdagent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
D:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\CTHELPER.EXE
D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
D:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ASUS\EPU\EPU.exe
D:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe
E:\Programs\iTunes\iTunesHelper.exe
E:\Programs\Acronis\TrueImageMonitor.exe
E:\Programs\Acronis\TimounterMonitor.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\Programs\Comodo\COMODO Internet Security\cfp.exe
D:\Program Files\ASUS\Ai Suite\AiSuite.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ASUS\AASP\1.00.82\aaCenter.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
E:\Programs\Pianissimo\PianissimoHost.exe
D:\WINDOWS\system32\dlbtcoms.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\WINDOWS\system32\NOTEPAD.EXE
E:\Programs\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "D:\Program Files\ASUS\EPU\EPU.exe" -r
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe"
O4 - HKLM\..\Run: [QFan Help] "D:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programs\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Programs\Acronis\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] E:\Programs\Acronis\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Programs\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AODService - Unknown owner - D:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - D:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - E:\Programs\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: dlbt_device - Dell - D:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - D:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7537 bytes


----------



## cybertech (Apr 16, 2002)

Flush your System Restore: Turn off system restore, restart the machine and then turn it back on: http://support.microsoft.com/kb/310405


----------



## victim8u (Oct 25, 2007)

so I'll take that as a no? this is not a virus ?


----------



## cybertech (Apr 16, 2002)

It may have been and it's been removed but still sitting in system restore so if you use system restore you may bring it back.


----------



## victim8u (Oct 25, 2007)

Will do, thanks.


----------



## cybertech (Apr 16, 2002)

You're welcome!


----------

