Jump to content

WinButler. Help,please?

Ryan

By Ryan
in Resolved Malware Removal Logs

 Share

Recommended Posts

JeanInMontana

JeanInMontana

Posted
Posted

Well good news about the Panda scan, but the 020 is still there. Run HJT again and put a check next to these below (if you did remove Spycatcher)

O4 - HKLM\..\Run: [spyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder

O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe

O20 - AppInit_DLLs: secuload.dll

Now let's also do this:

1. Download this file :

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall

Post that log and a new HJT.

Link to post
Share on other sites
Ryan

Ryan

Posted
  • Author
Posted

Hi,

OK, here they are and I haven't any idea how to read the combo scan, sure glad you do.

ComboFix 07-11-19.3 - Kat 2007-11-24 16:22:45.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.146 [GMT -6:00]

Running from: C:\Documents and Settings\Kat\My Documents\downloaded\ComboFix(2).exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))

.

2007-11-23 01:43 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys

2007-11-23 01:32 8,944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys

2007-11-22 11:42 <DIR> d-------- C:\Documents and Settings\grandchildren\Application Data\Grisoft

2007-11-21 05:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-11-21 00:31 <DIR> d-------- C:\Program Files\RogueRemover FREE

2007-11-20 19:13 <DIR> d-------- C:\Program Files\Common Files\Adobe

2007-11-20 04:22 <DIR> d-------- C:\Documents and Settings\Kat\Application Data\MailFrontier

2007-11-20 03:59 2,243,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-11-20 03:59 30,884 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2007-11-20 03:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2007-11-20 03:52 75,248 --a------ C:\WINDOWS\zllsputility.exe

2007-11-20 03:52 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-11-20 03:51 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

2007-11-20 03:51 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll

2007-11-20 03:51 353,247 --a------ C:\WINDOWS\system32\vsconfig.xml

2007-11-20 03:50 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-11-18 11:38 <DIR> d-------- C:\Program Files\EasyBiorhythmCalculator

2007-11-18 11:23 <DIR> d-------- C:\Program Files\Advanced Biorhythms

2007-11-18 11:23 12 --a------ C:\WINDOWS\lang_e86.dll

2007-11-18 06:46 C:\WINDOWS\(2) C:\ComboFix\winstart.bat

2007-11-18 05:21 140,288 --a------ C:\WINDOWS\system32\Comdlg32.ocx

2007-11-14 20:35 2,688 --a------ C:\WINDOWS\system32\tmp.reg

2007-11-14 20:35 0 --a------ C:\WINDOWS\system32\tmp.txt

2007-11-14 20:33 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-11-14 10:25 <DIR> d-------- C:\Program Files\Lavasoft

2007-11-14 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-11-13 04:27 <DIR> d-------- C:\Documents and Settings\Kat\Application Data\ieSpell

2007-11-13 04:26 <DIR> d-------- C:\Program Files\ieSpell

2007-11-12 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft

2007-11-12 08:36 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-11-12 08:36 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-11-12 08:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2007-11-12 08:36 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-11-12 08:36 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-11-12 08:36 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-11-12 08:36 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-11-12 08:36 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-11-12 08:36 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-11-12 08:30 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

2007-11-12 04:34 <DIR> d-------- C:\Program Files\Dell

2007-11-12 04:34 53,248 --a------ C:\WINDOWS\system32\DellSys.dll

2007-11-12 04:34 17,153 --a------ C:\WINDOWS\system32\drivers\omci.sys

2007-11-12 03:33 <DIR> d-------- C:\Program Files\Intel Corporation

2007-11-12 03:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan

2007-11-11 19:30 <DIR> d-------- C:\WINDOWS\Sun

2007-11-10 15:38 0 --a------ C:\WINDOWS\system32\asfiles.txt

2007-11-10 13:23 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2007-11-09 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm

2007-11-09 22:58 <DIR> d-------- C:\Program Files\Siber Systems

2007-11-09 03:24 <DIR> d-------- C:\Program Files\Trend Micro

2007-11-04 20:16 <DIR> d-------- C:\Documents and Settings\Kat\Application Data\Move Networks

2007-11-02 13:12 152,064 --a------ C:\WINDOWS\snap.dat

2007-11-02 13:01 <DIR> d-------- C:\WINDOWS\Setup2K

2007-11-02 13:01 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys

2007-11-02 13:01 118,784 --a------ C:\WINDOWS\ShowBmp.exe

2007-11-02 13:01 53,248 --a------ C:\WINDOWS\ap561.exe

2007-11-02 13:01 14,336 --a------ C:\WINDOWS\system32\dshow508.ax

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-24 03:31 --------- d-----w C:\Program Files\Glary Utilities

2007-11-24 03:26 --------- d-----w C:\Program Files\ClocX

2007-11-23 18:21 --------- d-----w C:\Program Files\SpywareBlaster

2007-11-23 07:43 22,528 ----a-w C:\WINDOWS\system32\Partizan.exe

2007-11-22 01:44 --------- d-----w C:\Program Files\Common Files\Real

2007-11-21 23:27 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-18 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tenebril

2007-11-16 22:27 --------- d-----w C:\Program Files\BearShare

2007-11-14 16:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-11-11 23:42 --------- d-----w C:\Documents and Settings\Kat\Application Data\GlarySoft

2007-11-08 21:30 10 ----a-w C:\Program Files\.autoreg

2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-10-24 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-10-23 21:19 --------- d-----w C:\Program Files\IncrediMail

2007-10-22 19:08 --------- d-----w C:\Program Files\Corel

2007-10-22 18:46 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2007-10-22 02:13 --------- d-----w C:\Program Files\STOPzilla!

2007-10-22 02:13 --------- d-----w C:\Program Files\Say the Time

2007-10-22 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!

2007-10-21 18:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-10-21 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools

2007-10-21 05:14 --------- d-----w C:\Documents and Settings\Kat\Application Data\Uniblue

2007-10-19 18:10 --------- d-----w C:\Documents and Settings\Kat\Application Data\Grisoft

2007-10-19 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2007-10-19 04:26 --------- d-----w C:\Documents and Settings\Kat\Application Data\Jasc

2007-10-19 00:29 --------- d-----w C:\Program Files\Common Files\Desktop Weather Authority

2007-10-19 00:28 61,440 ----a-w C:\WINDOWS\wnUninstall.exe

2007-10-18 22:46 --------- d-----w C:\Program Files\Apple Software Update

2007-10-18 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2007-10-18 05:29 --------- d-----w C:\Documents and Settings\Kat\Application Data\Lavasoft

2007-10-18 05:27 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-10-15 22:26 --------- d-----w C:\Program Files\Java

2007-10-15 22:24 --------- d-----w C:\Program Files\Common Files\Java

2007-10-13 22:31 --------- d-----w C:\Program Files\BearShare Applications

2007-10-10 21:26 --------- d-----w C:\Program Files\Real

2007-10-10 06:13 --------- d-----w C:\Program Files\Essentials Codec Pack

2007-10-09 03:16 --------- d-----w C:\Program Files\FxFoto

2007-10-08 04:05 --------- d-----w C:\Documents and Settings\Kat\Application Data\FxFotoDB

2007-10-08 01:11 --------- d-----w C:\Program Files\7-Zip

2007-10-07 20:02 --------- d-----w C:\Program Files\Qnext

2007-10-06 17:51 --------- d-----w C:\Documents and Settings\Kat\Application Data\Apple Computer

2007-10-04 05:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe

2007-10-03 16:47 --------- d-----w C:\Documents and Settings\Kat\Application Data\Corel

2007-10-03 16:42 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-10-01 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel

2007-09-30 04:56 --------- d-----w C:\Program Files\Intel

2007-09-30 04:22 --------- d-----w C:\Documents and Settings\Kat\Application Data\Yahoo!

2007-09-28 17:33 --------- d-----w C:\Program Files\3Com

2007-09-28 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Citrix

2007-09-28 14:31 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-09-27 09:59 --------- d-----w C:\Program Files\AusLogics Registry Defrag

2007-09-27 04:19 --------- d-----w C:\Program Files\TechSmith

2007-09-27 00:51 --------- d-----w C:\Program Files\Jasc Software Inc

2007-09-26 23:56 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc

2007-09-26 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield

2007-09-26 23:55 --------- d-----w C:\Documents and Settings\Kat\Application Data\Jasc Software Inc

2007-09-26 18:05 --------- d-----w C:\Program Files\Pando Networks

2007-09-26 16:44 --------- d-----w C:\Program Files\ASTRA32

2007-09-25 03:15 --------- d-----w C:\Documents and Settings\Kat\Application Data\Tenebril

2003-08-05 16:41 53,248 ----a-w C:\WINDOWS\inf\ap561.exe

2002-11-26 21:24 32,768 ----a-w C:\WINDOWS\inf\Remove561.exe

2002-11-22 20:56 118,784 ----a-w C:\WINDOWS\inf\ShowBmp.exe

2002-10-29 23:07 36,864 ----a-w C:\WINDOWS\inf\Setup8a.exe

2002-10-01 19:43 119,798 ----a-w C:\WINDOWS\inf\spca561.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 15:43]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-11-20 05:27]

"Glary Memory Optimizer"="C:\Program Files\Glary Utilities\memdefrag.exe" [2007-11-13 17:12]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

"UnHackMe Monitor"="C:\Program Files\UnHackMe\hackmon.exe" [2007-09-17 16:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"1A:Stardock TrayMonitor"="" []

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 10:20]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-10-19 06:59]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-10-19 06:59]

"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 10:44]

"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2004-04-13 08:12]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"1A:Stardock TrayMonitor"="" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Notification Packages"= :\WINDOWS\syste

R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\C:\Program Files\ASTRA32\ASTRA32.sys

R2 tcaicchg;tcaicchg;\??\C:\WINDOWS\System32\tcaicchg.sys

R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys

S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys

.

Contents of the 'Scheduled Tasks' folder

"2007-11-22 04:02:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-11-24 15:00:00 C:\WINDOWS\Tasks\glaryoneclickoptimizer.job"

- C:\Program Files\Glary Utilities\oneclickoptimizer.exe

"2007-11-24 12:00:02 C:\WINDOWS\Tasks\glaryupdate.job"

- C:\Program Files\Glary Utilities\webupdate.exe

"2007-11-24 17:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"

- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

"2007-11-20 05:27:15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2007-10-21 04:27:55 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-24 16:25:18

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-24 16:26:43

C:\ComboFix2.txt ... 2007-11-12 23:33

.

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:29:59 PM, on 11/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\ClocX\ClocX.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Glary Utilities\memdefrag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\UnHackMe\hackmon.exe

C:\PROGRA~1\INCRED~1\bin\ImApp.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Kat\My Documents\Hi Jack This all\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.stopzilla.com/director/?type=AP...&topic=5055

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190430738906

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6023 bytes

Link to post
Share on other sites
Ryan

Ryan

Posted
  • Author
Posted

Hi Jean,

As much as I've enjoyed meeting you I will be glad to get this cleared up so what you said is great news.

Here's the log and I think I'm doing ok? lol On that 020, it was from Spycatcher, I uninstalled it again a couple of days ago and the 020 disappeared again. I've still got some bug issues but think I've got them all quarantined, I'd found 3 that said " not-a-virus:" then it was but got them put away. I had to uninstall ZoneAlarm, I'd done it wrong to begin so I'll try it again tomorrow and read the instructions first! Ya think? lol Thanks again, Ryan

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:05:21 PM, on 11/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Kat\My Documents\Hi Jack This all\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.stopzilla.com/director/?type=AP...&topic=5055

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190430738906

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196135036484

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

--

End of file - 4772 bytes

Link to post
Share on other sites
Ryan

Ryan

Posted
  • Author
Posted

Hi Jean,

How do you do this everyday? I can't see straight and after this is over never want to see another scan log again! B)

I've gone though my scan logs since we started this on the 9th of this month and can't find what I'm looking for, it's all a blur after awhile, but I believe 2 of them showed up in ZoneAlarm which I deleted before I uninstalled and one in Spycatcher which I did the same to before uninstalling, just can't find the log I saw them in originally. I didn't think to mention them at the time they showed up as I thought it was the way the prgm was telling me they weren't a virus.

Anyway, here's my HJT log, normal mode, sure hope it's alright, don't you? lol

Take care and thanks,

Ryan

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:02:20 AM, on 11/28/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\ClocX\ClocX.exe

C:\Program Files\Glary Utilities\memdefrag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\PROGRA~1\INCRED~1\bin\ImApp.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Kat\My Documents\Hi Jack This all\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.stopzilla.com/director/?type=AP...&topic=5055

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190430738906

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196135036484

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

--

End of file - 7289 bytes

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

My eyes do cross...they are older eyes and need bifocals. B) I miss stuff too, I'm not perfect. I give it my best shot because I truly believe we all should try to make the world a better place and ridding PC's of infection is one way I can contribute, for no out of pocket expense.

I'm not seeing anything in your log other than some general clean up.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.stopzilla.com/director/?type=AP...&topic=5055 <<<<< Do you really want that as your homepage? If not put a check in HJT and click fix.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) <<<<<< Just clean up.

If your feeling we have finally whipped this......

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

For an excellent list of reliable free firewalls and antivirus programs see here .

Link to post
Share on other sites
Ryan

Ryan

Posted
  • Author
Posted

HI Jean,

There's something I've been wanting to tell you for days but it never seemed like the right time until now. Ryan is my son, I'm Kat, 55 and disabled, Mom to 4 grown ( thank you, God! lol) kids and NaNa to 13 grandkids. I live alone which I actually love, when I put something down (and I can remember where I put it), it's there when I get back. I'm still amazed at this! lol I've gotten the impression from a few things you've said here and in other post I've read that you too are maybe home bound some and I want you to know how much I respect what you do here. It's such a commitment and you must get so tired sometimes but you stick with it and I want you to know you make a huge difference in the lives you touch here. I sat down 3 1/2 years ago and decided it was time to learn how to conquer this monster ( computer) that I'd been starring at for 3 years and have been on one of the most interesting roads ever since. I've taught myself everything I know and now it turns out I'm now the geek of the family.lol Also turns out I'm pretty good at teaching others over the phone and now the friends I've helped are having others call me for help. Who'da thunk it? lol

Posting here was a first for me and I know I could never do what you do, row after row, scan after scan, day after day just for myself has been exhausting, the eye strain and brain strain is too much for me but it's taught me a lot too. First and foremost that I know soooo little about how these thing really work, but also about the dedication it takes to make the commitment you do each time you say hello and never give up. I want to thank you from the bottom of my heart for myself and all the others you've helped. And for making all of this, the last two and a half weeks, bearable and giving hope.

Ok, enough emotions here. lol I'll get to work on the HJT and then the restore point, but I want you to take good care of yourself. Rest when you need to, don't push yourself beyond what is good for you. , promise?

A very grateful student, Kat

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Wow, that actually brought a tear to my eye. I don't think in three plus years of this forum work, anyone has been so sincere and totally touching. I also could see from the logs that the true PC owner was Kat, but people choose all sorts of names for forums. You are very perceptive.

Am I right then that we have whipped your demon? Or you think we have?

I would like to invite you to my personal forum too. It is not all PC security we have fun too. There is a link in my signature to MontanaMenagerie.

Link to post
Share on other sites
Ryan

Ryan

Posted
  • Author
Posted

HI Lady,

Yes, I think you have done it! I'll post my HJT and you can take a look,ok? Do you have any advice on a free, simple (??) firewall? ZoneAlarm kicked my bum and brain too. B) Thanks for the invite to your other site, I'd love to join. I'll be in under Katb or Katbee depending on what's open and I'm looking forward to it. I hated saying goodbye to you so this is much better. :) Take good care and I'll see ya soon, Kat

HI, Me again,

I have Comcast cable internet, phone and tv and it comes with McAfee which I've heard nothing good about but decided to download the firewall as I'm feeling pretty punchy after all of this. So far I haven't been bombarded by all the popups like with ZA so I don't feel so overwhelmed but I want to know your opinion about it if you don't mind? I know it's better than nothing but how much better might be a bit important. lol

Jean, one more time, thanks:)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:42:02 PM, on 11/19/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\ClocX\ClocX.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Glary Utilities\memdefrag.exe

C:\Program Files\SpyCatcher\Protector.exe

C:\Program Files\SpyCatcher\Scheduler daemon.exe

C:\PROGRA~1\INCRED~1\bin\ImApp.exe

C:\Documents and Settings\Kat\My Documents\Hi Jack This all\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.stopzilla.com/director/?type=AP...&topic=5055

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe

O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

O4 - HKLM\..\Run: [spyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe

O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190430738906

O20 - AppInit_DLLs: secuload.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--

End of file - 6407 bytes

i1lsmile.gifi1lsmile.gif

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

I took a couple of days to make some money and just take a break. I thought you got rid of SpyCatcher? IMO it is crapware and not worth the resources it's using up. That's just my opinion. But I see it back in full force and this 020 line needs to go. Use Kill box and post another log.

secuload.dll

Author: Option^Explicit Download Location

License: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exe

Operating System: Windows

File Description:

Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them.

Usage Information:

Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

Link to post
Share on other sites
Ryan

Ryan

Posted
  • Author
Posted

Hi Jean,

Good for you, you need to take time more often, I'll bet'ca. By the way I did join the group, Katb, and have been reading. You do a much better meandering than I've ever done. B)

You're right, I did uninstall the Spycatcher days ago, didn't even bother to look for the 020 file thing as it was gone on the last one before this. Anyway, got it gone, I hope? Turns out it hadn't deleted the install exe. Hope that was all that was left, I've done a deep scan for anything else and it looks good. Do you think we've finally got this !@#@# gone?? lol Thanks, Kat

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:50:31 PM, on 12/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\ClocX\ClocX.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Glary Utilities\memdefrag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\UnHackMe\hackmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\INCRED~1\bin\ImApp.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\PROGRA~1\INCRED~1\bin\IncMail.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kat\My Documents\Hi Jack This all\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190430738906

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196135036484

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--

End of file - 6686 bytes

Link to post
Share on other sites
Ryan

Ryan

Posted
  • Author
Posted

Hi Jean, it's me again,

Would you have any ideas about something called " C:\windows\winstart.bat" and what would cause it to not be able to be scanned by Avast? It said unable to be scanned, then "Failed:" and the first letter of a word, that's all. I've been googling it but all I'm getting is questions about it and that it can have a trojan. Besides this one thing it said all was fine, no viruses. You are the only person I knew to ask and I realize it might be off the orginal topic we've been working on but it does have me concerned as I don't want to get my nice shiny clean computer all dirty again.

Thanks again, Kat

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

I can't find anything for sure about it. Get it scanned at Virustotal.com and post the results here. I don't know how I have not been seeing this either

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

Proof I needed to step back. Get rid of the P2P stuff. It is going to be trouble eventually.

Link to post
Share on other sites
Ryan

Ryan

Posted
  • Author
Posted

HI Jean,

Sorry it's taken me so long to post again, I've been hit with some bug I've picked up from the grandkids. I did get rid of of that one you wanted me too, I had uninstalled the program but it left a lot behind so I went in and got rid of them manually.

Here's my newest HJT, is this what you want me to send in that other site? I think we've done it though. I still can't get to those sites I originally mentioned but I don't even want to go there anymore. Turns out the are hosting sites for selling things and I'm broke already so I'll just figure it's for my own good and leave it at that. B) Take care and I'll talk with you soon, Kat

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:34:25 PM, on 12/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\ClocX\ClocX.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Glary Utilities\memdefrag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\UnHackMe\hackmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\INCRED~1\bin\ImApp.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Bee Icons\BeeIcons.exe

C:\Program Files\Glary Utilities\Integrator.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kat\My Documents\Hi Jack This all\HijackThis.exe

C:\Program Files\UnHackMe\UnHackMe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190430738906

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196135036484

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--

End of file - 6647 bytes

Link to post
Share on other sites
Ryan

Ryan

Posted
  • Author
Posted

Hi Jean,

Sorry, I can't find the file itself and I've done every kind of deep search I know of. It just showed that it couldn't be scanned when I did a deep scan with my anti-virus, Avast. It's in the 'chest' so it can't do damage. I do think we've got it though, I'm not having any problems. If you think things are alright lets close the darn thing out and I'm meet you at your group. It will be much more interesting! B)

Just know how much I appreciate you for all you do here, OK? See ya soon, Kat

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.