Am I clean?

[drrobotnik]

Hello,
As it is always good to check with other opinions, I am seeing if my machine is safe. I am good with computers, so do not be afraid to be technical. I follow safe computing habits, like not using M$ IE, having a firewall on, testing software in VPC, Installing updates ETC.   I would like a second opinion tho! Thanks, and below is a Hijack This Log:

Scan saved at 4:18:06 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Eric Fox\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175443652390
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


--
End of file - 4855 bytes

[Lisandro]

I'm not an expert on HijackThis... But you can check the automatic analysis of your HijackThis log here.

You can find more info in the links of the last column of this table.
That info could guide you on the cleaning process.
Anyway, if you have doubts, just post here.
Also, take a careful look at the first column of the table:

1. If you don't recognize a legit program in one of the items marked as FIX IF UNKNOWN, please post it back here and maybe we can help you. Or, if you're sure it's a malware item, you can remove it as posted bellow.

2. If you agree with the automatic classification of the infected items marked as FIX (CHECK NOTES!), you can turn back to HijackThis program, check the box of this item and then remove it using the button 'Fix checked'. In your case, that items seems ok.

Hope it helps.

To be sure you're clean, I suggest:

1) Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

2) It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

3) After you're clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

[mauserme]

I don't see any malware in your log, but that Bonjour Service could be slowing you down.  Here's a link to a recent discussion about it

http://forum.avast.com/index.php?topic=28158.msg230687#msg230687

Also, this verges on spyware and could be removed

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

RealAlternative is worth considering as a replacement for real player

http://fileforum.betanews.com/detail/1054136293/1

[drrobotnik]

I removed RealPlayer, and installed windows defender. Is it any good?

[Lisandro]

I removed RealPlayer, and installed windows defender. Is it any good?

Well... it's good to have Windows Defender.
You can choose other player if you want.
But, both programs aren't related one with the other. You can use both, you can live without both...

[Spiritsongs]

   Hi Drrobotnik :

      It is not wise to have installed the newly released Ad-Aware 2007; it
      would be wise to read OUR Topic about it at
      http://forum.avast.com/index.php?topic=28744.0  .

      And the 2 Best antiSPYWARE/antiTROJAN programs, according to many
      Malware-fighting Experts on many Online Support Forums are :
      1) SUPERAntiSpyware from www.superantispyware.com ( I use the FREE
       version ) AND 2) AVG Antispyware, most easily downloaded from
       www.ewido.net .

      And IF you uninstall the no longer top antiSPYWARE program Spybot,
      it would be wise to use the Good & FREE SpywareBlaster from
      www.javacoolsoftware.com .

      When I had "Windows Defender" on my computer, I uninstalled it after
      several days because of the problems I was experiencing .

      AND it is better NOT to use the "Beta" ver of HijackThis .

[Lisandro]

It is not wise to have installed the newly released Ad-Aware 2007

Why not?
Is there any problem with this new version?

[DavidR]

I think the link given by Spiritsongs (after your selective quote) casts doubts on its readiness for general release. However they are responding to issues, personally I'm sticking with the earlier version until adaware 2007 matures some more.

[FreewheelinFrank]

    It is not wise to have installed the newly released Ad-Aware 2007; it
      would be wise to read OUR Topic about it at
      http://forum.avast.com/index.php?topic=28744.0  .

      And the 2 Best antiSPYWARE/antiTROJAN programs, according to many
      Malware-fighting Experts on many Online Support Forums are :
      1) SUPERAntiSpyware from www.superantispyware.com ( I use the FREE
       version ) AND 2) AVG Antispyware, most easily downloaded from
       www.ewido.net .

If you read my comments in that topic, you will see that I compare the new service in Ad-Aware to the existing service in SUPERAntiSpyware.

It is totally hypocritical to suggest that users not install Ad-Aware and then in the same post recommend users install SUPERAntiSpyware: both leave a service installed. Please apply the same standards to both programs.

 

[Rafel]

If you don't run Superantispyware with windows there is not service installed.
You must check it.
Ad-Aware, AVG free of A2 free have a prcocess installed always.

[rdmaloyjr]

It is totally hypocritical to suggest that users not install Ad-Aware and then in the same post recommend users install SUPERAntiSpyware: both leave a service installed. Please apply the same standards to both programs.

If you uncheck "Show SUPERAntiSpyware icon in system tray" in SUPERAntiSpyware preferences, there won't be anything running in memory for SUPERAntiSpyware when it's not running.   

[FreewheelinFrank]

Sorry. It's been a while since I tried SAS and it definitely left a process running when I tired it. 

I'll have to have another look.

[FreewheelinFrank]

It is totally hypocritical to suggest that users not install Ad-Aware and then in the same post recommend users install SUPERAntiSpyware: both leave a service installed. Please apply the same standards to both programs.

Yes, you're right. The latest version doesn't leave anything running. The last time I tried SAS it left a process running permanently, but that was some time ago now. My apologies to Spiritsongs.