Home > Hjt Log > HJT Log - Aaron

HJT Log - Aaron

Submit Files: ---------------------------------------------------------------------- Back to top #16 spengle spengle Member Full Member 17 posts Posted 30 May 2004 - 04:42 AM i am so glad i found this topic... Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:49:23 PM, on 9/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program I'm also getting a lot (7) of instances of something called hitbot. successfulRestoring Windows Update Certificates.:The following Is the Current Export of the Winlogon notify key:****************************************************************************Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

that you have already downloaded and installedCheck the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Companion" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll" ["Yahoo! Mark it as an accepted solution!I am not a Comcast employee. Join our site today to ask your question.

Submit Files: ---------------------------------------------------------------------- Back to top #10 aaron_cabal_trainee aaron_cabal_trainee Member Full Member 12 posts Posted 28 May 2004 - 03:20 PM Hi there,Ok, here's the find-all log I got after deleting REG.EXE VERSION 2.0HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings MinorVersion REG_SZ ;SP1;Q324929;Q810847;Q813951;Q813489;Q330994;Q818529;Q822925;Q828750;Q832894;Q83009;Q831167; »»Google Toolbar version and Attributes: 2.0.111.0 C:\Program Files\google\googletoolbar1.dll Defaults: "A" ;"R" A R C:\Program Files\google\GoogleToolbar1.dll »»UserAgent: REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] »»Wmplayer version: 9.0.0.2980 C:\Program Other thatn that I ran each program but there would always be something each program found but couldn't clean.Logfile of HijackThis v1.99.1Scan saved at 10:57:59 AM, on 8/24/2005Platform: Windows XP SP2 Everything seems to be running a lot better!Here's my HJT log below.Let me know if there are other steps I need to follow!Thanks againAaronLogfile of HijackThis v1.97.7Scan saved at 11:02:34 PM,

Back to top #17 aaron_cabal_trainee aaron_cabal_trainee Member Full Member 12 posts Posted 01 June 2004 - 11:03 AM Hi again, Ok, I ran spybot and here's the results of the scan. Back to top #19 freeatlast freeatlast E x p l o r e r Retired Staff 833 posts Posted 01 June 2004 - 11:31 AM Welcome back! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo!

Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Dashboard for XFINITY TV on the X1 Platform Get details on weather, traffic, sports and more all from your XFINITY TV on the X1 Platform Dashboard. Cleanup!

Messenger" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dllO2 - BHO: Google Yep, that is a fp.. But just to be sure, let's check a little closer..

As noted, most spybot results you posted are safe to ignore.DSO exloits and tracking cookies.Cookies come and go as you surf, Don't you realize that?And DSO exploits, oh well, anything that The first defense against infection is a properly patched Operating System. I recommend a combination of Windows Defender and BOClean from Comodo. What is safe to do when I've got this crap on my machine?

Messenger""CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startupO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Here's the output.txt file that was created:--==***@@@ 'FIND-ALL' VERSION 8.2 -5/27 @@@***==-- Fri May 28 02:56:16 2004 -- ++Results: »»System Info: Microsoft Windows XP [Version 5.1.2600]C: "" (50D2:8808) - FS:NTFS clusters:4kTotal: Volume Serial Number is 00BE-95ED Directory of C:\WINDOWS\System3208/23/2005 10:06 PM dllcache10/30/2004 03:50 PM Microsoft 0 File(s) 0 bytes 2 Dir(s) 4,035,907,584 bytes freeLogfile of HijackThis v1.99.1Scan saved at 10:06:55 PM, on

Your logs are clean.Message Edited by CajunTek on 09-17-2007 06:04 AM TANSTAAFL!!I am not a Comcast employee, I am a paying customer just like you!I am an XFINITY Forum Expert and also spyware doctor found these three IEAcc/HTMLAccess IEAcc/IEdial safecast but since i dont have the registered version i cannot eliminate these. I downloaded a virus TheGreatCornholio, Nov 5, 2016, in forum: Virus & Other Malware Removal Replies: 34 Views: 1,141 kevinf80 Nov 9, 2016 Solved Please help, computer slow unless Task Manager It will save you a lot of grief, as well as money if you are thinking of purchasing.

I am a paying customer just like you! Sometimes these Eulas will even admit the badware is going to be installed.. Here's my HJT log, do this look infected to you?

I delete all of these, but it says that speeddelivery is in use or in memory so I can't delete it and if I restart they come right back.My HJT log

If you're not already familiar with forums, watch our Welcome Guide to get started. Even for an advanced computer user. I was finally able to get rid of the Pgate I have run spybot, and ad-aware with the most resent updates and have gotten a clean bill of health for my Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo!

If you get any kind of warning message about scripts, please choose to allow the script to run. Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cabO16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Accessing and setup of a Wireless Gateway Find everything you need to know about setting up your wireless gateway. wzcnotif\DLLName = "wzcdlg.dll" [MS]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\CA_AntiVirus\(Default) = "{1CE2AA40-1317-11D3-9922-00104B0AD431}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]Yahoo!

will get rid of any malware which may be hiding in your temp folders (a common hiding place). Also, when I run spybot, it finds a lot of problems, but two that always show up are DSOexploit and speeddelivery. Edited by freeatlast, 30 May 2004 - 04:27 AM. Anti-Spyware Programs ComparedWant to know just how effective your anti-spyware program is?

Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - I am an XFINITY Forum Expert and I am here to help.We ask that you post publicly so people with similar questions may benefit.Was your question answered? This includes SP1 and SP2 if you use Windows XP. L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.

The scan won't take long.When the scan completes, it will open two notepad windows. Messenger" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Advertisements do not imply our endorsement of that product or service. Stay informed with Comcast Alerts Alerts are an easy, quick way to manage your account and get information - like payment confirmations and your current balance.

Anyone else with a similar problem please start a "New Thread". Stay informed with Comcast Alerts Alerts are an easy, quick way to manage your account and get information - like payment confirmations and your current balance. ComboFix 07-08-17.2 - "Aaron" 2007-08-23 11:19:11.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT -6:00]* Created a new restore point((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\DOCUME~1\Aaron\APPLIC~1.\macromedia\Flash Player\#SharedObjects\SWX4XX5L\www.broadcaster.comC:\DOCUME~1\Aaron\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.comC:\DOCUME~1\Aaron\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))-------\npf((((((((((((((((((((((((( Files Created from 2007-07-23 The tracking cookies and DSOexploit are N/A.As for the changes alerts, have no idea what they are unless you specify.As for hijackthis and the bho, hijackthis is having trouble finding it..It's