Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown suspected Infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 CT_one

CT_one

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 12 April 2009 - 09:21 AM

I first noticed this a less than week ago when no most would respond on any IE webpage. This is an older laptop that is mainly used for e-mail and office functions.
The page for ZoneAlarm(8.059.0) virus scanning function windows are blank(left menu options seem funtional) and when a scan is started it seems to be funtioning with no indicators of progress. Other ZA windows seem OK.

I removed/reloaded ZA with same result.
I cannot access user accounts - I get a "script?" error(opens window over UA with blank indicators of info) with no way to close the window unless I logout.
Followed the steps I saw on one of the ZA boards.
i.e. turn off "system restore" and run ZA and still unable to manipulate scanning. I ran MBAM clean - superantispyware found a few things - but they were low level in a mozilla related file that has long been uninstalled.
Free DrWeb found nothing. I am currently trying the A squared - it found some "malware" - further investigation showed that this may have been rlated to a free quickbooks trial SW(removed) I loaded for my wife months ago.
I have only created a file from Hijack this in safe mode so far and it seems not to show anything unusual - i suspect it is prefered to see this data under a normal condition. I will be doing that when this is complete.
I was then made aware of your site and advised to post here.
Am I on the right track here? maybe I have a true SW glitch here - but it is very suspicous.

I am running win XP home on a home net w/ another computer(XP home) a shared 7210HP printer and a DSL connection. We did have file sharing active. I am running this laptop with minimal network connection at this time.

Notes on the other computer - ZA found a virus over a week ago relating to a Trojan-Downloader.Win32.Agent.bqmj and 3-4 days later Trojan.JS.Agent.xl

I tried to attach the "attach" file but the link will not function. It is copied after the DDS entry.

Any FB would be appriciated.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Terri at 15:57:40.42 on Sat 04/11/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.175 [GMT -7:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

E:\WINDOWS\system32\ibmpmsvc.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\WINDOWS\system32\SearchIndexer.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\tp4mon.exe
E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\Program Files\Ahead\InCD\InCD.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
F:\Program Files\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\RunDLL32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\Windows Desktop Search\WindowsSearch.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
F:\PROGRA~1\ZONEAL~1\MAILFR~1\mantispm.exe
E:\WINDOWS\system32\HPZipm12.exe
F:\Temp\dds.scr
E:\WINDOWS\system32\HPZinw12.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - e:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\googletoolbar2.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\googletoolbar2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [OfotoNow USB Detection] e:\windows\system32\rundll32.exe e:\progra~1\ofoto\ofotonow\OFUSBS.DLL,WatchForConnection OfotoNow
uRun: [NBJ] "e:\program files\ahead\nero backitup\NBJ.exe"
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [swg] e:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [TrackPointSrv] tp4mon.exe
mRun: [RemoteControl] "e:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [InCD] e:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] e:\windows\system32\NeroCheck.exe
mRun: [LGODDFU] "e:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [Acrobat Assistant 8.0] "e:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ZoneAlarm Client] "f:\program files\zonealarm\zlclient.exe"
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - e:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - e:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - e:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - e:\program files\windows desktop search\WindowsSearch.exe
IE: Append to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.update
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - e:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;e:\windows\system32\drivers\klif.sys [2009-4-5 150544]
R1 vsdatant;vsdatant;e:\windows\system32\vsdatant.sys [2009-4-5 353672]
R2 vsmon;TrueVector Internet Monitor;e:\windows\system32\zonelabs\vsmon.exe -service --> e:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 ICDUSB2;Sony IC Recorder (P);e:\windows\system32\drivers\IcdUsb2.sys [2006-10-2 39048]

=============== Created Last 30 ================

2009-04-11 11:32 <DIR> --d----- e:\windows\Intuit
2009-04-08 16:57 <DIR> --d----- e:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-08 16:57 <DIR> --d----- e:\docume~1\terri\applic~1\SUPERAntiSpyware.com
2009-04-06 20:22 <DIR> --d----- e:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-05 19:20 <DIR> --d----- e:\docume~1\terri\applic~1\MailFrontier
2009-04-05 19:17 60,094,752 a--sh--- e:\windows\system32\drivers\fidbox.dat
2009-04-05 19:17 804,272 a--sh--- e:\windows\system32\drivers\fidbox.idx
2009-04-05 19:10 72,584 a------- e:\windows\zllsputility.exe
2009-04-05 19:09 1,221,512 a------- e:\windows\system32\zpeng25.dll
2009-04-05 19:09 <DIR> --d----- e:\windows\system32\ZoneLabs
2009-04-05 19:09 351,219 a------- e:\windows\system32\vsconfig.xml
2009-03-30 03:51 1,089,593 -c------ e:\windows\system32\dllcache\ntprint.cat
2009-03-29 09:38 <DIR> --d----- e:\windows\system32\XPSViewer
2009-03-29 09:35 89,088 -c------ e:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-29 09:35 117,760 -------- e:\windows\system32\prntvpt.dll
2009-03-29 09:35 597,504 -c------ e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-29 09:35 575,488 -c------ e:\windows\system32\dllcache\xpsshhdr.dll
2009-03-29 09:35 575,488 -------- e:\windows\system32\xpsshhdr.dll
2009-03-29 09:35 1,676,288 -c------ e:\windows\system32\dllcache\xpssvcs.dll
2009-03-29 09:35 1,676,288 -------- e:\windows\system32\xpssvcs.dll
2009-03-29 09:34 <DIR> --d----- e:\windows\SxsCaPendDel

==================== Find3M ====================

2009-04-11 06:18 4,212 a---h--- e:\windows\system32\zllictbl.dat
2009-02-09 04:13 1,846,784 a------- e:\windows\system32\win32k.sys
2008-03-04 19:47 1,024 a------- e:\docume~1\alluse~1\applic~1\imgpdf2.dll
2007-11-16 19:19 1,024 a------- e:\docume~1\alluse~1\applic~1\imgppt2.dll
2004-10-01 15:00 40,960 a------- e:\program files\Uninstall_CDS.exe
2008-08-31 23:00 32,768 a--sh--- e:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 15:59:48.44 ===============





Attach file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2006 2:08:43 PM
System Uptime: 4/11/2009 12:58:49 PM (3 hours ago)

Motherboard: IBM | | 26478EU
Processor: Intel Pentium III processor | None | 896/100mhz

==== Disk Partitions =========================

D: is CDROM ()
E: is FIXED (NTFS) - 27 GiB total, 7.652 GiB free.
F: is FIXED (NTFS) - 11 GiB total, 8.459 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
7200
7200_Help
7200Trb
Adobe Acrobat 8 Professional - English, Franšais, Deutsch
Adobe Acrobat 8.1.3 Professional
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
AiO_Scan
AiOSoftware
Avery Wizard 3.1
BufferChm
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
Director
DocProc
DocumentViewer
DVD Solution
Fax
Free PS Convert driver 8.15
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Driver Diagnostics
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
IBM ThinkPad Power Management Driver
InCD
InstantShare
iriver plus 3 (remove only)
Java™ 6 Update 11
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
LG ODD Auto Firmware Update
LightScribe 1.4.74.1
LP_Flash
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Studio 2005 Tools for Office Runtime
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Multimedia Launcher
Nero OEM
Non Driver CIO Components
OfotoNow
PanoStandAlone
PhotoGallery
PowerDVD
PowerProducer
ProductContext
QFolder
Readme
RegCure 1.5.0.1
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SkinsHP1
SupportSoft Assisted Service
TrayApp
Unload
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP
WebReg
Windows Desktop Search 3.01
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
ZoneAlarm Security Suite

==== Event Viewer Messages From Past Week ========

4/7/2009 5:16:35 PM, error: E100B [4] - Adapter Intel® PRO/100 SP Mobile Combo Adapter: Adapter Link Down
4/7/2009 5:14:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/7/2009 5:08:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips KLIF P3
4/6/2009 9:10:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/8/2009 5:20:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips KLIF P3 SASDIFSV SASKUTIL
4/9/2009 4:18:21 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HOMEPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C18DBFA1-B65D-4F8A-8F. The master browser is stopping or an election is being forced.
4/11/2009 6:43:42 AM, error: Print [6161] - The document Microsoft Office Outlook - Memo Style owned by Terri failed to print on printer HP Officejet 7200 series (2). Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 2. Client machine: \\THINKPAD. Win32 error code returned by the print processor: 67 (0x43).
4/11/2009 6:45:52 AM, error: Print [6161] - The document Microsoft Office Outlook - Memo Style owned by Terri failed to print on printer HP Officejet 7200 series (2). Data type: NT EMF 1.008. Size of the spool file in bytes: 166620. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 2. Client machine: \\THINKPAD. Win32 error code returned by the print processor: 67 (0x43).
4/11/2009 6:48:17 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer HOMEPC using any of the configured protocols.
4/11/2009 6:48:59 AM, error: Print [6161] - The document Test Page owned by Terri failed to print on printer HP Officejet 7200 series (2). Data type: NT EMF 1.008. Size of the spool file in bytes: 78836. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 2. Client machine: \\THINKPAD. Win32 error code returned by the print processor: 67 (0x43).
4/11/2009 11:32:46 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.

==== End Of File ===========================

Edited by CT_one, 12 April 2009 - 09:30 AM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:59 AM

Posted 26 April 2009 - 11:53 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 CT_one

CT_one
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 29 April 2009 - 08:41 PM

I thank you for your response - as I would have liked to isolate this problem - I seemed to be missing that tool that would get me back in full control. I needed to get this system back and could put in no more time on it as I was into week 2. I have punted - I reloaded a clean OS and eliminated the need to find the problem. It has been just fine for 2 weeks now with most of the apps that were installed. A few more still to come as needed.
It would have been nice to find out more about this as I threw a lot of artillary at this. I even threw some reliable boot disk based virus SW at it that found nothing. I decided to just let it go.
thanks again

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:59 AM

Posted 01 May 2009 - 10:28 AM

Thank you for letting us know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users