1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Don't Know Type of Infection Referred Here by broni

Discussion in 'Malware and Virus Removal Archive' started by Ann, 2009/07/01.

  1. 2009/07/01
    Ann

    Ann Well-Known Member Thread Starter

    Joined:
    2002/01/10
    Messages:
    597
    Likes Received:
    1
    [Resolved] Don't Know Type of Infection Referred Here by broni

    broni thinks I have a virus so he asked me to post these logs here for help.


    DDS (Ver_09-06-26.01) - NTFSx86
    Run by Owner at 19:46:19.85 on Wed 07/01/2009
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.352 [GMT -7:00]

    AV: avast! antivirus 4.8.1335 [VPS 090701-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Lexmark 6200 Series\lxbumon.exe
    C:\Program Files\Lexmark 6200 Series\ezprint.exe
    K:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    svchost.exe
    J:\Program Files\Hallmark Card Studio 2008 Deluxe\Planner\PLNRnote.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Tiny Personal Firewall\persfw.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\lxbucoms.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://www.google.com/
    uSearch Page = www.google.com
    uWindow Title =
    mWindow Title =
    uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe "
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - k:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe "
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
    mRun: [lxbumon.exe] "c:\program files\lexmark 6200 series\lxbumon.exe "
    mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
    mRun: [EzPrint] "c:\program files\lexmark 6200 series\ezprint.exe "
    mRun: [GrooveMonitor] "k:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [LXBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBUtime.dll,_RunDLLEntry@16
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{747a6a10-da58-48c2-a1f0-c15514419c8a}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - j:\program files\printmaster silver 17\Remind.exe
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - k:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - k:\progra~1\micros~1\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: adobe.com
    Trusted Zone: aol.com
    Trusted Zone: att.net
    Trusted Zone: http
    Trusted Zone: sbcglobal.net
    Trusted Zone: turbotax.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136945801983
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136946304062
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: {5F9E58F1-E6A3-4F00-87AB-11684DCF14CA} = 68.94.156.1,68.94.157.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - k:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - k:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\j2sdyqf3.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-27 114768]
    R1 fwdrv;Tiny Personal Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2006-1-10 77312]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-27 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-27 138680]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-27 254040]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-27 352920]
    R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2007-7-3 36224]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
    S0 SSI;SSI;c:\windows\system32\drivers\ssi.sys --> c:\windows\system32\drivers\SSI.SYS [?]
    S1 GhPciScan;GhostPciScanner;\??\c:\program files\symantec\norton ghost 2003\ghpciscan.sys --> c:\program files\symantec\norton ghost 2003\ghpciscan.sys [?]
    S3 NOD32krn;NOD32 Kernel Service;m:\nod32\nod32krn.exe --> m:\nod32\nod32krn.exe [?]

    =============== Created Last 30 ================

    2009-06-28 14:36 <DIR> --d----- c:\program files\VS Revo Group
    2009-06-21 13:05 <DIR> --d----- c:\program files\CCleaner
    2009-06-08 02:06 410,984 a------- c:\windows\system32\deploytk.dll

    ==================== Find3M ====================

    2009-06-30 12:35 26,608 a------- c:\docume~1\owner\applic~1\wklnhst.dat
    2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
    2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll
    2009-04-28 21:52 659,456 a------- c:\windows\system32\wininet.dll
    2009-04-28 21:52 81,920 a------- c:\windows\system32\ieencode.dll
    2009-04-17 02:58 1,846,656 a------- c:\windows\system32\win32k.sys
    2009-04-15 08:11 584,192 a------- c:\windows\system32\rpcrt4.dll
    2008-04-05 16:31 87,608 a------- c:\docume~1\owner\applic~1\inst.exe
    2008-04-05 16:31 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys

    ============= FINISH: 19:46:59.76 ===============
     
    Ann,
    #1
  2. 2009/07/01
    Ann

    Ann Well-Known Member Thread Starter

    Joined:
    2002/01/10
    Messages:
    597
    Likes Received:
    1
    Part Two of Logs

    This is the log of Attach.txt which broni told me to copy and paste here.
    I hope you guys find nothing. Now I am worried. TIA

    DDS (Ver_09-06-26.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/10/2006 11:33:02 AM
    System Uptime: 7/1/2009 11:14:31 AM (8 hours ago)

    Motherboard: First International Computer, Inc. | | AU31
    Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2088/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 117 GiB total, 96.524 GiB free.
    D: is CDROM ()
    E: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 20 GiB total, 8.455 GiB free.
    K: is FIXED (NTFS) - 5 GiB total, 3.341 GiB free.
    L: is FIXED (NTFS) - 7 GiB total, 7.091 GiB free.
    M: is Removable
    W: is FIXED (FAT) - 2 GiB total, 0.91 GiB free.
    X: is FIXED (FAT) - 2 GiB total, 1.479 GiB free.
    Y: is FIXED (FAT) - 2 GiB total, 0.855 GiB free.
    Z: is FIXED (FAT) - 2 GiB total, 1.77 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NVIDIA nForce MCP Networking Controller
    Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_904D1509&REV_A1\3&13C0B0C5&0&20
    Manufacturer: Nvidia
    Name: NVIDIA nForce MCP Networking Controller
    PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_904D1509&REV_A1\3&13C0B0C5&0&20
    Service: NVENET

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 2 (SP2)
    ABBYY FineReader 6.0 Sprint Plus
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Help Center 2.0
    Adobe Photoshop Elements 4.0
    America Online (Choose which version to remove)
    AoA Audio Extractor 1.0
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Connectivity Services
    AOL Spyware Protection
    avast! Antivirus
    CCleaner (remove only)
    ConvertXtoDVD 3.0.0.9
    Digital Media Reader
    DVD Shrink 3.2
    DVDFab HD Decrypter 3.1.8.0
    Eraser
    ERUNT 1.1j
    Foxit Reader
    Hallmark Card Studio 2006 Deluxe
    Hallmark Card Studio 2008 Deluxe
    HijackThis 2.0.2
    Hotfix for Windows XP (KB952287)
    ImgBurn (Remove Only)
    K-Lite Codec Pack 3.8.5 Standard
    Learn2 Player (Uninstall Only)
    Lexmark 6200 Series
    Lexmark Fax Solutions
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office FrontPage 2003
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio Professional 2003
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works
    Mozilla Firefox (3.0.11)
    MP3 CD Converter Professional 5.03
    MSN
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    Nero 6 Ultra Edition
    NVIDIA Display Driver
    NVIDIA Ethernet Driver
    NVIDIA nForce Drivers
    Opera 9.64
    Orbit Downloader
    PartitionMagic
    PowerDVD
    PowerQuest PartitionMagic 8.0
    PrintMaster 7.00
    PrintMaster Silver 17
    Pure Networks Port Magic
    Quicken WillMaker Plus 2007
    QuickTime
    RealPlayer Basic
    Revo Uninstaller 1.83
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Serif DrawPlus 3.0
    SnagIt 7
    SoftV92 Data Fax Modem with SmartCP
    Spybot - Search & Destroy
    SpywareBlaster 4.2
    SUPERAntiSpyware Free Edition
    Tiny Personal Firewall 2.0.15 A (221001)
    Unlocker 1.8.5
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Outlook 2007 Junk Email Filter (kb970012)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Viewpoint Media Player
    WebFldrs XP
    Windows Backup Utility
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 10
    Windows Presentation Foundation
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinDriversBackup
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    6/30/2009 10:04:58 AM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/30/2009 10:04:58 AM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/29/2009 9:20:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb SSI ssmdrv
    6/29/2009 9:20:25 AM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/29/2009 9:20:25 AM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/29/2009 7:47:25 PM, error: Print [6161] - The document Microsoft Word - Envelopes1 owned by Owner failed to print on printer Lexmark 6200 Series. Data type: LEMF. Size of the spool file in bytes: 30608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RBI-250. Win32 error code returned by the print processor: 0 (0x0).
    6/29/2009 3:06:23 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/29/2009 3:06:23 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/28/2009 2:03:00 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/28/2009 2:03:00 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/28/2009 12:37:11 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/28/2009 12:37:11 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 8:34:44 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 8:34:44 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 7:09:46 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 7:09:46 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 6:51:04 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 6:51:04 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 6:37:18 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 6:37:18 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 5:31:59 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 5:31:59 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 5:23:47 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 5:23:47 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 4:44:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb SSI
    6/27/2009 4:44:04 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Scheduler service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 4:44:04 PM, error: Service Control Manager [7000] - The Avira AntiVir Personal "“ Free Antivirus Guard service failed to start due to the following error: The system cannot find the path specified.
    6/27/2009 4:27:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SSI ssmdrv
    6/25/2009 6:17:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SSI
    6/25/2009 6:17:09 PM, error: Service Control Manager [7000] - The svcWRSSSDK service failed to start due to the following error: The system cannot find the path specified.
    6/25/2009 1:19:23 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

    ==== End Of File ===========================
     
    Ann,
    #2

  3. to hide this advert.

  4. 2009/07/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's run some basic scans....

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.

    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.

    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. 2009/07/03
    Ann

    Ann Well-Known Member Thread Starter

    Joined:
    2002/01/10
    Messages:
    597
    Likes Received:
    1
    broni - Let me advise that I did not need to D/L SuperAntiSpyware, Malwarebytes or Hijackthis, as I already have these programs. As to GMER, I had trouble running it because I got a Windows Error:
    Windows No Disk error Processing Message cooooo13 Parameters 75b6bf9c
    75b6bf9c 75b6bf9c

    I persisted in trying to close the window and finally was able to restart it. I cancelled and tried two more times but always had the same difficulty.

    Here are the logs requested:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/03/2009 at 03:03 AM

    Application Version : 4.26.1006

    Core Rules Database Version : 3967
    Trace Rules Database Version: 1907

    Scan type : Complete Scan
    Total Scan Time : 04:18:36

    Memory items scanned : 221
    Memory threats detected : 0
    Registry items scanned : 6621
    Registry threats detected : 0
    File items scanned : 67798
    File threats detected : 0


    Malwarebytes' Anti-Malware 1.38
    Database version: 2365
    Windows 5.1.2600 Service Pack 2

    7/3/2009 8:11:32 AM
    mbam-log-2009-07-03 (08-11-32).txt

    Scan type: Full Scan (C:\|J:\|K:\|L:\|)
    Objects scanned: 158281
    Time elapsed: 32 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-07-03 10:02:53
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF55BD6B8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF55BD574]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF55BDA52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF55BD14C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF55BD64E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF55BD08C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF55BD0F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF55BD76E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF55BD72E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF55BD8AE]

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGENDSM NDIS.sys!NdisMIndicateStatus F72BCA5F 6 Bytes JMP F579AAC0 \SystemRoot\System32\Drivers\fwdrv.sys

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwLoadDriver] [F579A928] \SystemRoot\System32\Drivers\fwdrv.sys
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F579A820] \SystemRoot\System32\Drivers\fwdrv.sys
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F579A83B] \SystemRoot\System32\Drivers\fwdrv.sys
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F579A8CB] \SystemRoot\System32\Drivers\fwdrv.sys
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!ZwLoadDriver] [F579A928] \SystemRoot\System32\Drivers\fwdrv.sys
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F579A8CB] \SystemRoot\System32\Drivers\fwdrv.sys
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F579A83B] \SystemRoot\System32\Drivers\fwdrv.sys
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F579A820] \SystemRoot\System32\Drivers\fwdrv.sys
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F579A8CB] \SystemRoot\System32\Drivers\fwdrv.sys
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F579A820] \SystemRoot\System32\Drivers\fwdrv.sys
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F579A83B] \SystemRoot\System32\Drivers\fwdrv.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[624] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
    IAT C:\WINDOWS\system32\services.exe[624] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys
    AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys
    AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- EOF - GMER 1.0.15 ----


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:06:53 AM, on 7/3/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Lexmark 6200 Series\lxbumon.exe
    C:\Program Files\Lexmark 6200 Series\ezprint.exe
    K:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    J:\Program Files\Hallmark Card Studio 2008 Deluxe\Planner\PLNRnote.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Tiny Personal Firewall\persfw.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\lxbucoms.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe "
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - K:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe "
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "K:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
    O4 - Global Startup: Event Planner Reminder 2008.lnk = ?
    O4 - Global Startup: Event Reminder.lnk = J:\Program Files\PrintMaster Silver 17\Remind.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: *.att.net
    O15 - Trusted Zone: http://*.att.net
    O15 - Trusted Zone: *.sbcglobal.net
    O15 - Trusted Zone: http://*.sbcglobal.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136945801983
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136946304062
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F9E58F1-E6A3-4F00-87AB-11684DCF14CA}: NameServer = 68.94.156.1,68.94.157.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - K:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - M:\NOD32\nod32krn.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: svcWRSSSDK - Unknown owner - (no file)
    O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

    --
    End of file - 8200 bytes

    Thanks for your help and I hope you find nothing.
     
    Ann,
    #4
  6. 2009/07/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm glad to tell you, that malware-wise all looks clean.

    You have couple of unnecessary startups, and some NOD32, and Norton leftovers, so we didn't waste our time, and we can clean those....


    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    nothing malicious here

    4. You may also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe "
    - O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    - O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe "
    - O4 - HKLM\..\Run: [GrooveMonitor] "K:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    - O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    - O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
    - O4 - Global Startup: Event Planner Reminder 2008.lnk = ?
    - O4 - Global Startup: Event Reminder.lnk = J:\Program Files\PrintMaster Silver 17\Remind.exe
    - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    5. Click on Fix checked button.

    6. Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, hold CTRL, and SHIFT, hit Enter).

    At Command Prompt, type in:
    sc stop NOD32krn
    Hit Enter.
    Wait for the service to be stopped.

    Type in:
    sc delete NOD32krn
    Hit Enter.
    Wait for confirmation.

    Repeat same set of two commands (sc stop, sc delete), this time, replacing NOD32krn with svcWRSSSDK, and then with SymWSC


    8. Restart computer.

    9. Post new HijackThis log.
     
  7. 2009/07/04
    Ann

    Ann Well-Known Member Thread Starter

    Joined:
    2002/01/10
    Messages:
    597
    Likes Received:
    1
    broni,

    Happy Independence Day!

    I am so relieved to hear the good news. :D I do take care with my computer and it seems to pay off. Doing all the scans certainly was a good learning experience.

    I'll take today off, tackle the cleaning tomorrow, and post the log.

    Thank you so much for your help.

    Ann
     
    Ann,
    #6
  8. 2009/07/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Not a problem :)
    Happy 4th!
     
  9. 2009/07/05
    Ann

    Ann Well-Known Member Thread Starter

    Joined:
    2002/01/10
    Messages:
    597
    Likes Received:
    1
    broni,

    I deleted the extra NOD32 and Norton entries and I thank you for that. It is so impossible to get rid of AV programs.

    As far as the start up entries, I only deleted Groove Monitor, SunJavaUpdateSched, Event Planner Reminder and SASWinLogon. I chose to keep the others, as all but one belong to my printer. The remaining one, I need to Start up at Boot so I can get my messages. Will this be OK?

    We made changes to SuperantiSpyware and I want to know if I should return to the defaults in the General/Startup and Scanning Control tabs.

    The only thing I am noticing is that my programs open more slowly than before.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:01:23 PM, on 7/4/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Lexmark 6200 Series\lxbumon.exe
    C:\Program Files\Lexmark 6200 Series\ezprint.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Tiny Personal Firewall\persfw.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\lxbucoms.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe "
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - K:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe "
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe "
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
    O4 - Global Startup: Event Reminder.lnk = J:\Program Files\PrintMaster Silver 17\Remind.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: *.att.net
    O15 - Trusted Zone: http://*.att.net
    O15 - Trusted Zone: *.sbcglobal.net
    O15 - Trusted Zone: http://*.sbcglobal.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136945801983
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136946304062
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F9E58F1-E6A3-4F00-87AB-11684DCF14CA}: NameServer = 68.94.156.1,68.94.157.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - K:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    --
    End of file - 7390 bytes
     
    Ann,
    #8
  10. 2009/07/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    There is no need for any printer related entry to be in startups.
    The printer will work anyway.

    I'm not sure, if I understand your question...

    Other than that...


    Your computer is clean :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    2. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    3. Restart computer.

    4. Turn System Restore on.

    5. Make sure, Windows Updates are current.

    [SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    8. Run defrag at your convenience.

    9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    10. Let me know, how is your computer doing.
     
  11. 2009/07/05
    Ann

    Ann Well-Known Member Thread Starter

    Joined:
    2002/01/10
    Messages:
    597
    Likes Received:
    1
    The Scanning instructions told me to:

    Open SuperantiSpyware
    Click Scan your Computer
    Click Scanning Preferences/Control Center
    Under General and Startup tab, Uncheck "Start SuperantiSpyware when Windows starts. "
    Under Scanner Options only check "Close browsers before scanning" and
    "terminate memory threats before quarantining. "

    Before the above changes I had different items selected. Do I go back to what I had selected or leave it the way it is now.




    I understood that my computer did not have any malware or virus, only the unnecessary NOD32 and Norton entries. Is this correct?

    I use CCleaner to clean my temp files. Do I need to run this in addition to CCleaner?

    I have never used System Restore, only ERUNT. Are you saying I hsould start using System restore? I prefer to leave it the way it is.

    They are current.

    I'm confused by this because all the scans said computer was clean, remember?

    I already have this.

    OK

    OK

    Please clarify my doubts and questions. Thank you for your time and patience.
     
    Ann,
    #10
  12. 2009/07/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Leave them as they're now.

    Yes.

    CCleaner is perfectly fine.

    Very good. I like Erunt better too. I use them both, but you're fine.

    Disregard. It's my general speech ( "If ").
     
  13. 2009/07/05
    Ann

    Ann Well-Known Member Thread Starter

    Joined:
    2002/01/10
    Messages:
    597
    Likes Received:
    1
    broni,

    Many thanks for your help. I have certainly learned a few things. I have both printed and saved to my computer all the instructions posted by you. Good to have if I ever need them again. :)
     
    Ann,
    #12
  14. 2009/07/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.