Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Infection , but Not Sure !!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Infection , but Not Sure !!!

Unread postby dukwhunter » December 5th, 2011, 8:59 pm

Hello ,

I have a Dell E521 Dimension desktop with Vista Home Premium installed it is fully updated !!!

Avast 6 Free , Malwarebytes Free , Superantispyware Free & Online Armor Free Firewall

Around a week ago my anti virus Avast 6 Free found a trojan which it promptly quarantined . Computer has been running pretty good , so i deleted said trojan (don't remember the name ) from quarantine .

I had uninstalled all of my security software today (so it would conflict with SD) to run a scan with Spyware Doctor and SD found what was termed as a advertising infection , but they wanted you to pay to remove it .

Have also ran scans with Malwarebytes Free & Superantispyware Free , but they found nothing . Still kinda worried !!!

Can anyone help !!!


Thanks
JOEY
dukwhunter
Active Member
 
Posts: 6
Joined: October 6th, 2009, 10:12 am
Advertisement
Register to Remove

Re: Possible Infection , but Not Sure !!!

Unread postby troy3636 » December 5th, 2011, 10:16 pm

Hello JOEY,

Welcome to the Malware Removal Forum. My name is Troy and I will be assisting you with the malware issues on your computer.
Because I am still in training, all the advice I give must first be checked by an instructor, therefore there may be some delays in my replies.

A few things before we get started
  1. If you have not already done so Please read these forum rules.
  2. Please be aware that removing malware is not without risk and while unrecoverable damage to systems is rare, it can happen and require a re-format and re-install of your operating system. Because of this it is a good idea to back-up anything important saved on your computer.
  3. Any fixes I may post will be specific to your computer and should not be used on other computers.
  4. While we work on your computer please don't install any new programs, try any other fixes, or run any tools other than those requested.
  5. If at any time my instructions are not clear please ask before proceeding.
  6. Failure to respond within 3 days will result in this topic being closed - If you need more time to complete the steps required, please let me know.

Step 1
Scan with DDS
  1. Please download DDS ... by sUBs. Save it to your desktop. Alternate download links here or here.
  2. Disable any script blocking software you have running before running DDS.
  3. Right click dds.com select "Run as Administrator" and allow it to run. (File name will be different if alternate download used).
    A black window will open with some instructions/comments...
  4. When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
    Caution: The above logs will NOT be saved... you must save them to your desktop.
  5. Please post both logs in your next reply.

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Possible Infection , but Not Sure !!!

Unread postby dukwhunter » December 5th, 2011, 10:36 pm

Hi Troy ,

Thanks for the quick response .

Here is the first DDS Log


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by JOEY at 21:25:42 on 2011-12-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1536 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Online Armor\OAcat.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6fa9efce\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\JOEY\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\JOEY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JOEY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\JOEY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JOEY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\joey\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [<NO NAME>]
mRun: [SigmatelSysTrayApp] "%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: $talisma_url$
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7FF3E927-148B-43BE-BF2F-04EB991C1503} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~1\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joey\appdata\roaming\mozilla\firefox\profiles\2iunjj3s.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\users\joey\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-5 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-5 314456]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-12-5 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-12-5 40296]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-12-5 25192]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-5 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-5 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-5 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-3-30 21504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-24 2253120]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-12-5 207936]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-12-5 4363040]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2011-12-5 29312]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-14 136176]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-1 45288]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-14 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-9-23 23624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-05 23:51:56 -------- d-----w- c:\users\joey\appdata\roaming\OnlineArmor
2011-12-05 23:51:56 -------- d-----w- c:\programdata\OnlineArmor
2011-12-05 23:49:26 40296 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-12-05 23:49:26 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-12-05 23:49:26 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-12-05 23:49:26 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-12-05 23:49:23 -------- d-----w- c:\program files\Online Armor
2011-12-05 19:08:30 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-05 19:08:29 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-05 19:08:11 41184 ----a-w- c:\windows\avastSS.scr
2011-12-05 19:07:58 -------- d-----w- c:\programdata\AVAST Software
2011-12-05 19:07:58 -------- d-----w- c:\program files\AVAST Software
2011-12-05 18:48:20 -------- d-----w- c:\users\joey\appdata\roaming\Malwarebytes
2011-12-05 18:48:16 -------- d-----w- c:\programdata\Malwarebytes
2011-12-05 18:48:13 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-05 18:48:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-05 18:17:20 -------- d-----w- c:\users\joey\appdata\roaming\SUPERAntiSpyware.com
2011-12-05 18:16:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-05 18:16:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-05 17:32:47 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-12-05 17:32:47 -------- d-----w- c:\program files\common files\PC Tools
2011-12-05 17:31:28 -------- d-----w- c:\users\joey\appdata\roaming\TestApp
2011-12-04 18:29:12 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-04 18:29:12 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-04 18:29:12 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-04 18:29:12 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-04 18:29:12 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-12-04 18:29:12 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-04 18:29:12 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-12-04 03:12:42 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-11-26 06:22:58 -------- d-----w- c:\users\joey\appdata\roaming\Systweak
2011-11-09 00:19:48 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 00:19:38 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 00:19:36 707584 ----a-w- c:\program files\common files\system\wab32.dll
.
==================== Find3M ====================
.
2011-11-23 08:00:26 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-23 07:58:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-15 08:53:00 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-15 08:53:00 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-15 08:53:00 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53:00 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-15 08:53:00 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53:00 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-15 08:53:00 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53:00 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-10-15 08:53:00 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53:00 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-09-25 17:40:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:29:09.09 ===============


Here is the 2nd one


.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2011 7:48:08 AM
System Uptime: 12/5/2011 7:04:48 PM (2 hours ago)
.
Motherboard: Dell Inc | | 0UW457
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2200/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 112.831 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 298 GiB total, 292.919 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: isatap.{7FF3E927-148B-43BE-BF2F-04EB991C1503}
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
RP202: 11/29/2011 4:16:51 AM - Scheduled Checkpoint
RP203: 11/30/2011 12:38:52 PM - Scheduled Checkpoint
RP204: 12/1/2011 1:59:06 PM - Scheduled Checkpoint
RP205: 12/2/2011 1:22:17 PM - Scheduled Checkpoint
RP206: 12/4/2011 1:29:38 PM - Device Driver Package Install: NVIDIA Display adapters
RP207: 12/4/2011 1:31:11 PM - Device Driver Package Install: NVIDIA Universal Serial Bus controllers
RP208: 12/5/2011 11:02:00 AM - avast! Free Antivirus Setup
RP209: 12/5/2011 11:13:33 AM - Removed Windows 7 Upgrade Advisor
RP210: 12/5/2011 2:07:40 PM - avast! Free Antivirus Setup
RP211: 12/5/2011 6:49:26 PM - Online Armor installation
RP212: 12/5/2011 6:51:29 PM - Device Driver Package Install: TLEM Network Service
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
att.net Internet Mail
avast! Free Antivirus
BufferChm
CCleaner
CDDRV_Installer
Copy
Coupon Printer for Windows
Destinations
DeviceDiscovery
DJ_AIO_05_F4400_Software_Min
erLT
F4400
Foxit Reader 5.1
Google Chrome
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
HP Imaging Device Functions 14.0
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
Java Auto Updater
Java(TM) 6 Update 29
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Drivers
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA Update 1.5.20
NVIDIA Update Components
Online Armor 5.1
OpenOffice.org 3.3
Scan
Seagate Manager Installer
Secunia PSI (2.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SmartWebPrinting
SolutionCenter
Status
SUPERAntiSpyware
System Requirements Lab
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
WebReg
Windows Media Player Firefox Plugin
WinPcap 4.1.1
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/5/2011 3:12:08 AM, Error: Service Control Manager [7034] - The Online Armor service terminated unexpectedly. It has done this 1 time(s).
12/5/2011 2:39:41 AM, Error: Service Control Manager [7000] - The Trend Micro RUBotted Service service failed to start due to the following error: The system cannot find the path specified.
12/5/2011 12:56:00 PM, Error: PCTCore [280] -
12/5/2011 11:09:11 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/5/2011 11:09:01 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/5/2011 11:08:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/5/2011 11:08:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/5/2011 11:08:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/5/2011 11:08:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/5/2011 11:08:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/5/2011 11:08:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/5/2011 11:08:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/30/2011 11:29:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC NetBIOS netbt nsiproxy OADevice oahlpXX OAmon PSched RasAcd rdbss Smb spldr tdx Wanarpv6
.
==== End Of File ===========================


Thanks
JOEY
dukwhunter
Active Member
 
Posts: 6
Joined: October 6th, 2009, 10:12 am

Re: Possible Infection , but Not Sure !!!

Unread postby troy3636 » December 9th, 2011, 9:10 am

Hi JOEY,
I apologize for the delayed response.

Have you noticed any changes in your computers behavior?

After reviewing your logs in detail, I don't see anything that leads me to suspect malware but, I would like you to run one more scan to be sure.

Step 1
Create a System Restore Point
  1. Click on Start ... Right-click on Computer ... select Properties.
  2. In the left pane click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.
If you do not see the message The Restore Point was created successfully DO NOT continue post back here to let me know.
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.

Step 2
ESET NOD32 Online Scan

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.

Right-click on the IE icon on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator"
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.

    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
**Remember to enable your Anti-virus protection... before continuing!


While analysing your logs, I noticed you have used Systweak in the past.
Re. Systweak
I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on reg cleaners.
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.
This post by Bill Castner is very informative: WhatTheTech Forum


Please include in your next reply
  • Any problems with the instructions above?
  • How is your computer behaving?
  • ESET - log.txt

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Possible Infection , but Not Sure !!!

Unread postby dukwhunter » December 10th, 2011, 4:44 am

Hi Troy ,

Just got home from work a little while . No problem with the instructions !

My computer seems to be doing pretty good . Yes i use to use WinASO (advanced windows optimizer) but i no longer do !

Haven't run it in a while . I only use ccleaner sparingly , but i guess i shouldn't really use it neither , correct ?

I created the system restore report as you requested & also ran the Eset Online Scanner

below is the log


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2fac17d2e7e12f4593b24f5684417747
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-10 08:31:48
# local_time=2011-12-10 03:31:49 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776638 100 100 21086836 160110173 0 0
# compatibility_mode=6401 16777213 66 100 0 2415813 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=112853
# found=0
# cleaned=0
# scan_time=3263

As i mentioned before i use Avast 6 Free Antivirus & Online Armor Free Firewall (also use Malwarebytes & Superantispyware) as on demand scanners . I seem to remember reading somewhere that i should turn off the web shield included in the Online armor Firewall as Avast already has one ! What do you think is it overkill to run both Web Shields ?

Thanks
JOEY
dukwhunter
Active Member
 
Posts: 6
Joined: October 6th, 2009, 10:12 am

Re: Possible Infection , but Not Sure !!!

Unread postby troy3636 » December 10th, 2011, 6:44 pm

Congratulations JOEY Your logs show no sign of Malware :)

JOEY wrote:I only use ccleaner sparingly , but i guess i shouldn't really use it neither , correct ?
Ccleaner is not "bad" as such and is a handy program for cleaning temporary files. Just do NOT use the registry cleaner part of the program.


JOEY wrote: I seem to remember reading somewhere that i should turn off the web shield included in the Online armor Firewall as Avast already has one ! What do you think is it overkill to run both Web Shields ?
Generally having two security applications both actively performing the same function at the same time is a bad idea. They use more resources and can interfere with each other.

Please follow these steps to tidy up and help keep you malware free.

Step 1
Please delete DDS from your desktop

Step 2
I noticed in you logs you have Coupon Printer for Windows installed.
It is not bad as such BUT it does like to collect data and send it home so it's classified as Adware.
If not used you should uninstall it, If it is used it is OK to keep.

A few tips to help you stay clean
If you want to stay malware free, you must keep your software up to date. Here are a couple of free programs that will help with that.
Make sure you keep Windows updated.
Make sure you keep the latest updates installed for Internet explorer. (This is important even if you typically use a different browser).

Some reccomended reading
Computer Security - a short guide to staying safer online
What to do if your Computer is running slowly

A little caution while surfing can go a long way toward staying clean. Stay away from dodgy web-sites and be carefull what you click on.

Please let me know if you have any questions. If not please acknowledge that you have read this and I will have this topic closed.

Happy Surfing, :)
Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Possible Infection , but Not Sure !!!

Unread postby dukwhunter » December 11th, 2011, 2:21 pm

Hi Troy ,

Thanks for your help & informative tips . I have possibly one more problem though ! I use Aol as my e-mail client and for a while have been getting numerous spam e-mail in my regular inbox . I have the spam setting on high , but it doesn't seem to make a difference !!! Wondering if i might have a browser hijacker . Would a hijackthis log help ? if so i can provide one Thanks for any help in this matter !


best regards
JOEY
dukwhunter
Active Member
 
Posts: 6
Joined: October 6th, 2009, 10:12 am

Re: Possible Infection , but Not Sure !!!

Unread postby troy3636 » December 12th, 2011, 9:43 am

Hi JOEY,

The symptoms you describe are not consistent with a browser hijacker. The DDS logs you posted earlier contain the same information and are more comprehensive than hijackthis logs.
These symptoms actually sound pretty normal for an AOL account.
The spam writers are getting pretty good at writing their e-mails in such a way as to make it difficult to distinguish spam from legitimate mail.
One of the best ways to reduce the amount of spam you receive is to be very carefull with your e-mail address. Don't use it to sign up for "promotional offers" or otherwise allow it to fall into the hands of anyone who collects and sells e-mail addresses. If any company or website asks for your e-mail address make sure you read the fine print in their privacy policy to make sure they are not sharing your information.

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Possible Infection , but Not Sure !!!

Unread postby dukwhunter » December 12th, 2011, 2:27 pm

Hi Troy ,

Thanks for the tips and advice on my e-mail . The reason i was asking about a hijackthis log is because i noticed a strange entry in one of the logs ! I ran the log thru this online analyzer http://hjt.networktechs.com/ (not sure if the analyzer is 100% correct though) and after it analyzed it was looking thru the list and when i can to this one O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui ( i put my cursor over it and it said it was added by the "Added by the SMALL.CZ TROJAN!" Do you think this may be a remnant of the Trojan i had a while back that Avast removed ?


Thanks
JOEY
dukwhunter
Active Member
 
Posts: 6
Joined: October 6th, 2009, 10:12 am

Re: Possible Infection , but Not Sure !!!

Unread postby troy3636 » December 13th, 2011, 8:30 am

Hi JOEY,

Auto-analysers are nototiously inacurate. The line you referenced from the HijackThis log does not indicate malware. I have carefully analysed every line in your DDS logs (which contain the same information as HijackThis logs plus a lot of additional info).
You can rest assured there is no indication of malware present.

As the computer is now clean I am asking for this topic to be closed.

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Possible Infection , but Not Sure !!!

Unread postby Cypher » December 13th, 2011, 11:08 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 407 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware