Is my computer possesed ? do i need an Exorcism? HLT log incl.

Hi 2OG,
All de-fragged, all anti-mal-ware installed and updated, except for the fire-wall(had issues w/ COMODO in the past), unless you can suggest a good alternative. Other than that...all is well.
I did just update HJT. Heres a new log if you'd like. It looks OK to me. See What you think.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:48 PM, on 9/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140654306906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140654255531
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 5588 bytes

 

@ narcismo,

Your HJT Log is as clean as an Old Maid’s parlor. No problems showing.

I have found that AVG8 uses a lot of resources and tends to slow you down.
Of the 3 top Free AV’s I find Avira AntiVir to be the best and this is my recommendation.
.
Avira AntiVir – The free version has Nag screens but they can be stopped by googling avira antivir nag disable – This is the best of the free AV’s and better than most of the paid. I like it better than any AV that I’ve tried/tested, Free or Paid.

You really do need a 3rd party Firewall. I suggest Comodo Pro for those that are a little geeky but for the average user I suggest Zone Alarm.

Download ZoneAlarm Free
It is a very good Firewall and does the job. I am the IT Guy for a Hotel Chain and use it on 90 percent of the machines.

Here is another suggestion that you might look into. Read about it and make the decision:

HOST file –> MVPS hosts HERE. This is a very important layer for blocking Malware. It blocks Bad Sites from being able to get into your computer – MVPS Host file only, for the novice and a combination of MVPS and HP Hosts with HostXpert.exe to manage them for the geeks.
Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.

To resolve this issue (manually) open the "Services Editor"
• Go to > Start > Run (type) "services.msc" (no quotes)
• Scroll down to "DNS Client", Right-click and select: Properties
• Click the drop-down arrow for "Startup type"
• Select: Manual, or Disabled (recommended) click Apply/Ok and restart.


2OG

 

Hi 2OG,
Sorry for the late reply. I've been really busy latley. I just checked my available memory. No problems there. Plenty of avail memory now. Reallocated some programs to other partitions and I'm good to go.
I'll take your advice(which has been fantastic,ZEN BUDDA like!) on the AV prog and firewall....and thanks again for all your help.

narcismo

 

You’re welcome, narcismo.

Run a tight ship and keep the bugs out.


2OG

 

2OG,
Just a quick shout-out. I took your advice and switched AV and Firewall progs.
Heres a partial log of AVIR ANTIVIR that i just ran.....



Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{6CB69BF9-A23A-4F16-A580-68923DB64035}\RP112\A0017647.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '490c35c8.qua'!
C:\System Volume Information\_restore{6CB69BF9-A23A-4F16-A580-68923DB64035}\RP113\A0017928.dll
[DETECTION] Contains recognition pattern of the W95/Blumblebee.1738 Windows virus
[NOTE] The file was moved to '490c35ed.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'E:\'


End of the scan: Thursday, September 25, 2008 21:28
Used time: 36:15 Minute(s)

The scan has been done completely.

4444 Scanning directories
183201 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
183197 Files not concerned
1130 Archives were scanned
2 Warnings
2 Notes



Again...excellent advice!
You are THE MAN! Thanks 1,000,000.

narcismo

 

A couple of those were in old restore points. Not to worry…

sptd.sys is part of Daemon Tools Version 4 and AntiVir thinks it’s a virus.
If you use Daemon tools you can restore it from the quarantine and have Antivir ignore it.

 

Oh yeah, now i see the "restore" in my log. OK.
Thanks for all the help.

PS
Can you help "fix" my 401K ? lol !
Take care.

 

I can FIX anything except a “Broken heart”……

 

Dear kind sir,
I'm still getting use to this new program(AVIRA), and wonderd if you could shed any light on this WARNING from AVIRA.
I could'nt find anything in the FAQ or appendix (otherwise i would'nt bother you).
But since i started this thread because of LOW VIRTUAL MEM. warnings....
C:\pagefile.sys
[WARNING] The file could not be opened!


PS
I heard you could fix a broken heart by playing a "country-western"
song BACKWARDS.

 

Not to worry…


This probably is the most common warning we get in an antivirus scan. It shows up on every scan I run. It's not a virus, it's your paging file(of the o/s) or virtual memory. It compliments your RAM by using hard drive space as more memory.

These are system files that Windows is using so the scanner can't scan them because they are already in use.

NO, NO – That just brings the “Bar Flies” out of the woodwork…

 

2OG,
Thanks. I feel warm and snuggly again. Just thought it might be related to my original source of sorrow.
Have a Great Day !

 

Enjoy your fetal position, just don’t suck your thumb. It will give you an overbite and Buck Teeth.

2OG

 

Thats odd. My mother told me it would give me a GIANT RED THUMB with SUPER POWERS ! Well, that just confirms....be very picky who you take advice from. lol.

 

My mother told me the same thing…. The only advantage it gave me is: I can eat corn off the cob through a Picket Fence and drive tacks with my thumb..

 

Meet you in the corn field???

 

Notorius enemys that have abused their "buck tooth powers".



"


Their punishment!



You can suck your thumb all you want now buddy!

 

I guess there's an up-side and a down-side to everything.

 

who is that handsome man???

There must be up’s and down’s. Life as a merry-go-round would be very boring, kinda like wiping your butt with a bicycle tire….. Same old s—t over and over!

An elevator would also be boring.. up, down, up, down, up, down.

But life as a Roller Coaster…Slow, Fast, Up, Down, Roll, Loop-d-loop..Wheeeeeeeeeeeeeeeeeeeeeeeee

 

HHHHMMM!
Oviously your mind is warped. As is mine. Since we will both (OVIOUSLY) get BOOTED! for our off topic antics....(comedy central may hire us!)Here we go...



Witch one owns Super Powers ?
Hard to tell them apart???
Look very closely!...

...they will slowely MORPH together ! And become ONE SUPER BEING !!!
with BUCK TEETH oviously!

 

NeeeeeeeYYYYY!!!!! WeeeeeeAWAAAAAHHHH!!!!!


D O N K E Y !!!

Super Powers are Stupid!!!
LIFE AS WE KNOW IT....HAS COME TO AN END, COMRADE !