Win32:Trojan-Gen{other} + DEP

Hey

About two weeks ago, Avast started popping up randomly with warnings of files being infected with Win32:Trojan-Gen{other}, it was just 2 or 3 files occasionally so I thought I could just send them to the chest and delete the files and it would stop.

But it ddnt, and now whenever I boot up I get a Data Execution Prevention error from Windows that blocks explorer and earlier today when I ran the Avast memory test it found the same Win32:Trojan-Gen{other} in my memory and asked me 2 do a boot up scan…

Any help on how I could get rid of this completely ?

Have you run the boot time scan?

Could you run a HijackThis scan –

http://www.filehippo.com/download_hijackthis/

Reply post the HjT log here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:33 AM, on 6/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Route Sentry\RouteSentry.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.za/0SEENZA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.za/0SEENZA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.za/0SEENZA/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..\Run: [Launch LCDMon] “C:\Program Files\Logitech\G-series Software\LCDMon.exe”
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM..\Run: [OpwareSE2] “C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe”
O4 - HKLM..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM..\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”

O4 - HKLM..\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU..\Run: [NVIDIA nTune] “C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” clear
O4 - HKCU..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU..\Run: [BitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User ‘SYSTEM’)
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User ‘Default user’)
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra ‘Tools’ menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O9 - Extra button: Piggs Peak Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\3PiggsPokerMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-ZA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187722907484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244369822515
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip..{6CA35EF6-4D6C-431E-827C-967F3F274F5C}: NameServer = 196.25.255.34,196.25.255.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


End of file - 14591 bytes

Sorry 2 big for one post, Will do boot scan ASAP 2moro tho

Hi there Troops

Firstly you need to install service pack 3 since it has been released for more than a year now.
You need to be running all Windows updates, preferably automatic but at least manual.
You could run Win Defender with updating as well as Windows default firewall
You should also run a third party firewall like WinPatrol http://www.winpatrol.com/ or Online Armor http://www.tallemu.com/

This is especially so on a system like yours which is very congested but also with a relatively clean system.

You are running a lot of apps and programs, some of which are no longer used, plus seems protocol(s) that are now unused, and I could go on…probably part of your share system.

While it is okay to download and run all these internet programs, malware are known to ride with video and audio attached to these apps and programs, particularly in share scenarios, and leads to the kind of congestion that is shown in your log. Nonetheless someone on the forum may attempt the cleanup with you.

Firstly, however, I suggest you look to SP3 Windows updates and firewall issues, and attempt to clean as much of you system as you can of unwanted and unneeded files.

And you could start with Windows Add/Remove Progams in Control Panel. But work out your plan of attack - what is being deleted, which ones first, most important…any apps or programs easy to upload from disk or download from web can go and be replaced fresh…and dont forget associated files, e.g any saved from poker games, and the like…just some general housekeeping to make it easier for someone to come and help you.

Any suspect files in Chest or returned to screen - report suspect files–

  1. Upload the file to http://www.virustotal.com/

Go to virustotal ---->.Browse for file -----.>Upload and await report----->reply post here

  1. I assume from what you have said that you have moved file to the virus chest so it is visible ether in Infected files or User files.

If you go to chest and follow directions.

Right-click file----->choose email to Alwil software------follow directions

The file will be uploaded to avast on the next auto update or you can manual update

Or send a sample to virus@avast.com

  • classify file as undetected malware – add link to this topic in the forum
  • zip the message and password protect – secure password in the email body

Hi mkis,

Why do you ask for a HJT logfile and do not give the items that should be cleansed? e.g. the 02 BHO, the various poker entries for instance:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Also fix the party poker entries,

polonus

I did see that Polonus but I did not see much use fix that entry once I looked at what followed. I thought a larger job required sorting this out entries on this log. But perhaps not?

Maybee you can help??

Nortons 360 back up add on is slowing down my computer
and there support charges to remove a virus they are responsible for . ???

I’m sorry but usual only help with uninstall Norton in this forum.

Do you still have Norton subscription or has it lapsed?
If lapsed probably a good time to uninstall.

How can we give help on Norton usage? Most of us run away from Norton for years…

Minor correction

You should also run a third party firewall like WinPatrol http://www.winpatrol.com/

WinPatrol is a SECURITY MONITOR

WinPatrol Help:
http://www.winpatrol.com/features.html

Sun Java is down level and has security exposures.

Go to Add/Remove Programs and uninstall all Sun Java installs.

Install the latest Sun Java:
http://www.java.com/en/download/manual.jsp

You should install User Profile Hive Cleanup Service to help with slow log off and unreconciled profile problems:
http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

Run Secunia Online Software Inspector to scan for other vulnerable applications:
http://secunia.com/vulnerability_scanning/online


In addition to what has been posted above -

An analysis of your HJT log shows the following problems :

We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall.

Platform: Windows XP SP2 (WinNT 5.01.2600)
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft’s windowsupdate site to download the newest version of the service pack.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Belongs to Windows Messenger but is not active. This entry can be fixed.
http://www.spyandseek.com/Search.php?search_for=5C255C8A-E604-49b4-9D64-90988571CECB&search=SAS-Search

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
BAD entry that should be fixed.
http://www.spyandseek.com/Search.php?search_for=B7FE5D70-9AA2-40F1-9C6B-12A255F085E1&search=SAS-Search

O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
BAD entry that should be fixed.
http://www.spyandseek.com/Search.php?search_for=B7FE5D70-9AA2-40F1-9C6B-12A255F085E1&search=SAS-Search

O9 - Extra button: Piggs Peak Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\3PiggsPokerMPP\MPPoker.exe (HKCU)
BAD entry that should be fixed.
http://www.spyandseek.com/Search.php?search_for=00000000-0000-0000-0000-000000000000&search=SAS-Search

O17 - HKLM\System\CCS\Services\Tcpip..{6CA35EF6-4D6C-431E-827C-967F3F274F5C}: NameServer = 196.25.255.34’, 146);return false;">196.25.255.34,196.25.255.3
Questionable entry but is most likely your ISP. Do you know the IP or Domain ‘196.25.255.34,196.25.255.3’?

Overview of running tasks :

smss.exe
System task
Session Manager Subsystem

winlogon.exe
System task
Microsoft Windows Logon Process

services.exe
System task
Windows Service Controller

lsass.exe
System task
Local Security Authority Service

svchost.exe
System task
Microsoft Service Host Process

svchost.exe
System task
Microsoft Service Host Process

svchost.exe
System task
Microsoft Service Host Process

aswUpdSv.exe
Virusscan
Avast Anti-Virus Component

ashServ.exe
Virusscan
Avast

spoolsv.exe
System task
Microsoft Printer Spooler Service

LVPrcSrv.exe
Driver
Logitech QuickCam

AppleMobileDeviceService.exe
Backgroundtask
Apple Mobile Device Service

InCDsrv.exe
Backgroundtask
Ahead Nero InCD Service

LVComSer.exe
Backgroundtask
Onderdeel van Limewire.

mdm.exe
Application
Machine Debug Manager

NBService.exe
Backgroundtask
Nero BackItUp

NBService.exe
Backgroundtask
Nero BackItUp

LCDMon.exe
Backgroundtask
Logitech G-series LCD Monitor

PDVDServ.exe
Backgroundtask
PowerDVD Remote Control

OpwareSE2.exe
Backgroundtask
ScanSoft OmniPage Module

LCDPOP3.exe
Driver
G-series Software

jusched.exe
Backgroundtask
Sun Java Update Scheduler

LCDMedia.exe
Backgroundtask
Logitech G-series Media Display

LCDClock.exe
Driver
Logitech G-series LCD Clock

G15_TeamSpeak.exe
Unknown task (Logitech G15 keyboard addon for monitoring/controlling TeamSpeak voice comm software)
Unknown task http://www.file.net/process/g15_teamspeak.exe.html

NBHRegInCDSrv.exe
Backgroundtask
NBHRegInCDSrv.exe

svchost.exe
System task
Microsoft Service Host Process

nTuneService.exe
Driver
NVIDIA Access Manager

nvsvc32.exe
Application
NVIDIA Driver Helper Service

svchost.exe
System task
Microsoft Service Host Process

PnkBstrA.exe
Suspicious task (we all know what this is for, right?)
pnkbstra.exe

RichVideo.exe
Backgroundtask
Cyberlink Power Director Video Module

RichVideo.exe
Backgroundtask
Cyberlink Power Director Video Module

svchost.exe
System task
Microsoft Service Host Process

ULCDRSvr.exe
Application
Ulead DVD workshop Server

ashDisp.exe
Virusscan
Avast AntiVirus

iTunesHelper.exe
Application
Apple Itunes

NBHGui.exe
Backgroundtask
NBH

InCD.exe
Backgroundtask
InCD Packet Writing Software

Communications_Helper.exe
Backgroundtask
Communications Manager

Quickcam.exe
Driver
Logitech Storage Drivers

GrooveMonitor.exe
Backgroundtask
GrooveMonitor Utility

RunDll32.exe
System task
Microsoft Rundll32

RUNDLL32.EXE
System task
Microsoft Rundll32

msnmsgr.exe
Application
MSN Messenger

msnmsgr.exe
Application
Messenger

ctfmon.exe
System task
Alternative User Input Services

fumoei.exe
Unknown task (belongs to the software Free Download Manager)
Unknown task http://www.file.net/process/fumoei.exe.html

NMIndexStoreSvr.exe
Backgroundtask
Nero Home

btdna.exe
Suspicious task (this program may cause excessive network usage)
Bittorrend DNA http://www.pcpitstop.com/libraries/process/i/btdna.exe.html

SetPoint.exe
Backgroundtask
Logitech SetPoint Event Manager

xfire.exe
Backgroundtask
Xfire Gaming Client/Utility

KHALMNPR.EXE
Backgroundtask
Logitech Mouse Utility

COCIManager.exe
Driver
Camera Controller

wlcomm.exe
Backgroundtask
wlcomm.exe

ashMaiSv.exe
Virusscan
Avast Anti-Virus Component

ashWebSv.exe
Virusscan
avast! Web Scanner

NMIndexingService.exe
Backgroundtask
Nero Home

LVComSer.exe
Backgroundtask
Onderdeel van Limewire.

iPodService.exe
Backgroundtask
Apple iTunes

explorer.exe
System task
Microsoft Windows Explorer

RouteSentry.exe
Unknown task (use of 2 ADSL accounts on the same PC at the same time)
Unknown task http://www.softpedia.com/progDownload/Route-Sentry-Download-66065.html

iTunes.exe
Application
Apple iTunes

PnkBstrB.exe
Backgroundtask
PunkBuster Software Process

firefox.exe
Application
Mozilla Firefox

HijackThis.exe
Application
Merijn Hijackthis


You should also run a third party firewall like WinPatrol http://www.winpatrol.com/
WinPatrol is a SECURITY MONITOR

WinPatrol Help:
http://www.winpatrol.com/features.html

Thanks YoKenny. I wondered why WinPatrol worked so well with my OA firewall. The help file is a good link. I wasn’t having much luck with help from within my WinPatrol package when I had a problem with it on one computer. I had the setup folder in C:\ with my cleaning apps and mvps but installed the program in C:\Program Files. I finally found to keep all WinPatrol in the same folder so everything together in the Program Files now and all good. Seems to really matter with WinPatrol.

Hi mkis,

Why do you ask for a HJT logfile and do not give the items that should be cleansed? e.g. the 02 BHO, the various poker entries for instance:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Also fix the party poker entries,

Hi Polonus. Thanks for pointing out. I’m not big on HjT except for the obvious. I ask for log usual for the experts to follow up. But I will keep things briefer from now on. Sometimes think posts are people in the workshop with me, and I have been stuck into cleaning some horror PCs lately. I was thinking at the time an ounce of prevention saves a pound of cure. But prob more the case with work I’m doing at home. Regards.

I find that messing with where applications want to install causes the application to become confused sometimes and me too because I can’t remember why I didn’t use the default location and want to update to the latest version of the application and do not want to have the old version hanging around.

WinPatrol has its own support forum topic:
http://forum.securitycadets.com/index.php?showforum=57

I have been using WinPatrol since it came out and have the PLUS update that is well worth the money and I have the 1 GB USB wristband that I keep updated with the latest version that I take with me when I need to look at someone’s system:
http://winpatrol.stores.yahoo.net/winpatrol-usb-flash-wristband.html

Which reminds me that my Scotty Golf shirt has worn out and I need to order a new one:
http://winpatrol.stores.yahoo.net/wispsh.html

I do not run a third party firewall as it slows down browsing and is un-necessary with the active protection I have and due to the opinion I learned by watching the interview with Bruce Harrison who is a developer at Malwarebytes:
http://www.besttechie.net/2008/08/20/malwarebytes-developer-interview <== software firewall discussion starts at 8 minutes into the video

Both videos are well worth watching.

hi
i’m really need help for my problem
i use windows xp
when Win32:Trojan-gen {other} attack my *doc file,
everything with microsoft word (*doc) became size 638 k.bit
when i use avast, it recommendly to move to chest. it succesfull but the original *doc file become missing/hidden
but the file always right there just i cannot find.
can some one help my problem??? Pleaseeeee
p/s sorry, my english language are poor.
thank.

Please, do not post 4 times the same :stuck_out_tongue:
Just make harder the effort of help.
Follow http://forum.avast.com/index.php?topic=3353.0