1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is my computer possesed ? do i need an Exorcism? HLT log incl.

Discussion in 'Windows - Virus and spyware problems' started by narcismo, Sep 8, 2008.

  1. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    Hi 2OG,
    All de-fragged, all anti-mal-ware installed and updated, except for the fire-wall(had issues w/ COMODO in the past), unless you can suggest a good alternative. Other than that...all is well.
    I did just update HJT. Heres a new log if you'd like. It looks OK to me. See What you think.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:29:48 PM, on 9/22/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Comodo\CBOClean\BOCORE.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140654306906
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140654255531
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 5588 bytes
     
    Last edited: Sep 22, 2008
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @ narcismo,

    Your HJT Log is as clean as an Old Maid’s parlor. No problems showing.

    I have found that AVG8 uses a lot of resources and tends to slow you down.
    Of the 3 top Free AV’s I find Avira AntiVir to be the best and this is my recommendation.
    .
    Avira AntiVir – The free version has Nag screens but they can be stopped by googling avira antivir nag disable – This is the best of the free AV’s and better than most of the paid. I like it better than any AV that I’ve tried/tested, Free or Paid.

    You really do need a 3rd party Firewall. I suggest Comodo Pro for those that are a little geeky but for the average user I suggest Zone Alarm.

    Download ZoneAlarm Free
    It is a very good Firewall and does the job. I am the IT Guy for a Hotel Chain and use it on 90 percent of the machines.

    Here is another suggestion that you might look into. Read about it and make the decision:

    HOST file –> MVPS hosts HERE. This is a very important layer for blocking Malware. It blocks Bad Sites from being able to get into your computer – MVPS Host file only, for the novice and a combination of MVPS and HP Hosts with HostXpert.exe to manage them for the geeks.
    Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.

    To resolve this issue (manually) open the "Services Editor"
    • Go to > Start > Run (type) "services.msc" (no quotes)
    • Scroll down to "DNS Client", Right-click and select: Properties
    • Click the drop-down arrow for "Startup type"
    • Select: Manual, or Disabled (recommended) click Apply/Ok and restart.


    2OG
     
  3. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    Hi 2OG,
    Sorry for the late reply. I've been really busy latley. I just checked my available memory. No problems there. Plenty of avail memory now. Reallocated some programs to other partitions and I'm good to go.
    I'll take your advice(which has been fantastic,ZEN BUDDA like!) on the AV prog and firewall....and thanks again for all your help.

    narcismo
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    You’re welcome, narcismo.

    Run a tight ship and keep the bugs out. [​IMG]


    2OG [​IMG]
     
  5. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    2OG,
    Just a quick shout-out. I took your advice and switched AV and Firewall progs.
    Heres a partial log of AVIR ANTIVIR that i just ran.....



    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{6CB69BF9-A23A-4F16-A580-68923DB64035}\RP112\A0017647.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '490c35c8.qua'!
    C:\System Volume Information\_restore{6CB69BF9-A23A-4F16-A580-68923DB64035}\RP113\A0017928.dll
    [DETECTION] Contains recognition pattern of the W95/Blumblebee.1738 Windows virus
    [NOTE] The file was moved to '490c35ed.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'
    Begin scan in 'E:\'


    End of the scan: Thursday, September 25, 2008 21:28
    Used time: 36:15 Minute(s)

    The scan has been done completely.

    4444 Scanning directories
    183201 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    183197 Files not concerned
    1130 Archives were scanned
    2 Warnings
    2 Notes



    Again...excellent advice!
    You are THE MAN! Thanks 1,000,000.

    narcismo
     
    Last edited: Sep 25, 2008
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    A couple of those were in old restore points. Not to worry…

    sptd.sys is part of Daemon Tools Version 4 and AntiVir thinks it’s a virus.
    If you use Daemon tools you can restore it from the quarantine and have Antivir ignore it.
     
  7. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    Oh yeah, now i see the "restore" in my log. OK.
    Thanks for all the help.

    PS
    Can you help "fix" my 401K ? lol !
    Take care.
     
    Last edited: Sep 26, 2008
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    I can FIX anything except a “Broken heart”…… [​IMG]
     
  9. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    Dear kind sir,
    I'm still getting use to this new program(AVIRA), and wonderd if you could shed any light on this WARNING from AVIRA.
    I could'nt find anything in the FAQ or appendix (otherwise i would'nt bother you).
    But since i started this thread because of LOW VIRTUAL MEM. warnings....
    C:\pagefile.sys
    [WARNING] The file could not be opened!



    PS
    I heard you could fix a broken heart by playing a "country-western"
    song BACKWARDS. :)
     
    Last edited: Sep 27, 2008
  10. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78


    Not to worry… [​IMG]


    This probably is the most common warning we get in an antivirus scan. It shows up on every scan I run. It's not a virus, it's your paging file(of the o/s) or virtual memory. It compliments your RAM by using hard drive space as more memory.

    These are system files that Windows is using so the scanner can't scan them because they are already in use.




    NO, NO – That just brings the “Bar Flies” out of the woodwork… [​IMG]
     
  11. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    2OG,
    Thanks. I feel warm and snuggly again. Just thought it might be related to my original source of sorrow. :)
    Have a Great Day !
     
  12. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Enjoy your fetal position, just don’t suck your thumb. It will give you an overbite and Buck Teeth. [​IMG]

    2OG
     
  13. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    Thats odd. My mother told me it would give me a GIANT RED THUMB with SUPER POWERS ! Well, that just confirms....be very picky who you take advice from. lol.
     
  14. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    My mother told me the same thing…. The only advantage it gave me is: I can eat corn off the cob through a Picket Fence and drive tacks with my thumb.. [​IMG]
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Meet you in the corn field???
     
    Last edited: Oct 9, 2008
  16. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    Notorius enemys that have abused their "buck tooth powers".



    "[​IMG]


    Their punishment!

    [​IMG]

    You can suck your thumb all you want now buddy!
     
    Last edited: Oct 2, 2008
  17. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    I guess there's an up-side and a down-side to everything.
     
    Last edited: Oct 2, 2008
  18. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    who is that handsome man???

    There must be up’s and down’s. Life as a merry-go-round would be very boring, kinda like wiping your butt with a bicycle tire….. Same old s—t over and over!

    An elevator would also be boring.. up, down, up, down, up, down.

    But life as a Roller Coaster…Slow, Fast, Up, Down, Roll, Loop-d-loop..Wheeeeeeeeeeeeeeeeeeeeeeeee [​IMG]
     
    Last edited: Oct 9, 2008
  19. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    HHHHMMM!
    Oviously your mind is warped. As is mine. Since we will both (OVIOUSLY) get BOOTED! for our off topic antics....(comedy central may hire us!)Here we go...

    [​IMG]

    Witch one owns Super Powers ?
    Hard to tell them apart???
    Look very closely!...

    ...they will slowely MORPH together ! And become ONE SUPER BEING !!!
    with BUCK TEETH oviously!
     
    Last edited: Oct 5, 2008
  20. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    NeeeeeeeYYYYY!!!!! WeeeeeeAWAAAAAHHHH!!!!!

    [​IMG]
    D O N K E Y !!!

    Super Powers are Stupid!!!
    LIFE AS WE KNOW IT....HAS COME TO AN END, COMRADE !
     
    Last edited: Oct 5, 2008

Share This Page