Author Topic: not sure If I am spyware free  (Read 12742 times)

0 Members and 1 Guest are viewing this topic.

gersom

  • Guest
not sure If I am spyware free
« on: January 01, 2006, 03:57:08 PM »
Logfile of HijackThis v1.99.1
Scan saved at 15:54:49, on 1-1-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\Apache.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\PROGRA~1\DATAAP~1\BEYOND~1\BRServer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\xampp\mysql\bin\mysqld-nt.exe
D:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\xampp\apache\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microangelo\muamgr.exe
C:\Program Files\Block Checker\block-checker.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Foxmail\Foxmail.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Bureaublad\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\System32\hlwin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Foxmail] "C:\Program Files\Foxmail\Foxmail.exe" -min
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect1.gravity.co.kr/nprotect/nPKeyCrypt/npkcx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5E56B3A-F4DB-41AC-85DB-E0486460721D}: NameServer = 192.168.5.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Apache2 - Unknown owner - C:\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Beyond Remote Server - Data Apples Corporation - D:\PROGRA~1\DATAAP~1\BEYOND~1\BRServer.exe
O23 - Service: dev4_423 - Unknown owner - C:\phpdev\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\xampp-win32-1.4.13\xampp\FileZillaFTP\FileZilla Server.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - D:\PROGRA~1\Serv-U\ServUDaemon.exe

this is my hijackthislog.. SO can someone check this plz.. Because I had a ugly spyware on my pc.. And I don't know if I am free of it..

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: not sure If I am spyware free
« Reply #1 on: January 01, 2006, 04:22:37 PM »
Well the first thing you should do is Update Windows XP to SP2 and the latest updates after that, keeping your OS up to date is the first step in closing vulnerabilities.

Updating to XP SP2 will also allow you to Update IE6 to SP2 also, closing further exploits and making your browser a little more secure.

Here is an on-line analysis of your log http://hijackthis.de/logfiles/f09451dad3deb73eef1c8ed11f204730.html check out the Nasty and or Unknown entries using google or the file scan upload function on in the on-line analysis.

These look the most suspicious unless you know or onstalled them.
D:\PROGRA~1\DATAAP~1\BEYOND~1\BRServer.exe
C:\Program Files\Microangelo\muamgr.exe

O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\System32\hlwin.dll
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gersom

  • Guest
Re: not sure If I am spyware free
« Reply #2 on: January 01, 2006, 05:28:19 PM »
I am having some problems with installing sp2 XD... I had it on my computer once. (long long time ago.. at least 7 months.) I unitstalled it because I found it quite annoying... But when I want to install it again (I tried it in the last 5 days) after installing the files it gives an error.. "Acces denied.." So I am still looking how to install sp2.\

edit:
There... I think I removed all suspecious spyware

Logfile of HijackThis v1.99.1
Scan saved at 17:37:58, on 1-1-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\Apache.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\PROGRA~1\DATAAP~1\BEYOND~1\BRServer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\xampp\apache\bin\Apache.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microangelo\muamgr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Foxmail\Foxmail.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Bureaublad\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\System32\hlwin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Foxmail] "C:\Program Files\Foxmail\Foxmail.exe" -min
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5E56B3A-F4DB-41AC-85DB-E0486460721D}: NameServer = 192.168.5.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Apache2 - Unknown owner - C:\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Beyond Remote Server - Data Apples Corporation - D:\PROGRA~1\DATAAP~1\BEYOND~1\BRServer.exe (program that I use to acces my pc from somewhere else. (password protected)
O23 - Service: dev4_423 - Unknown owner - C:\phpdev\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\xampp-win32-1.4.13\xampp\FileZillaFTP\FileZilla Server.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - D:\PROGRA~1\Serv-U\ServUDaemon.exe
« Last Edit: January 01, 2006, 05:41:19 PM by gersom »

Spiritsongs

  • Guest
Re: not sure If I am spyware free
« Reply #3 on: January 01, 2006, 06:55:28 PM »
 :) Gersom :

    You missed the most serious piece of spyware on your
    computer, namely "Messenger Plus", which is known as
    the Lop spyware on antiSPYWARE forums. So much for
    the accuracy of DavidR's "on-line analysis" Tool of your HJT
    log. Therefore, I encourage you to seek help on the forums
    of your antiSPYWARE provider or www.landzdown.com .
    NEVER install XP SP2 UNLESS an antiSPYWARE Expert
    declares you to be spyware-free .
« Last Edit: January 01, 2006, 07:52:06 PM by Spiritsongs »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: not sure If I am spyware free
« Reply #4 on: January 01, 2006, 07:20:01 PM »
The on-line analysis is just a tool to assist and like many automated things isn't perfect but it does tend to catch most things. The human eye and brain of an expert is likely to be better than an automated solution.

However, using an automated analysis tool will remove much of the dross making it easier, less time consuming for human analysis.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: not sure If I am spyware free
« Reply #5 on: January 01, 2006, 07:28:04 PM »
It is possible to install MessengerPlus! without the spyware:

Quote
"MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that ""sponsor program""!"

http://startup.networktechs.com/srch-MessengerPlus.html?search=MessengerPlus

Gersom,

Have you done scans with Ad-Aware, Spybot Search & Destroy, Microsoft Anti-Spyware and X-Cleaner? These are your first line of attack in removing spyware. Webroot is also very good- I think you have had this and removed it. If the free version has expired and you don't want to pay for it, the above programs are all free.

SP2 is much more secure and is an essential upgrade.

It will not install correctly if spyware is present. Running scans with the above programs should get your system clean enough to install it.

     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

gersom

  • Guest
Re: not sure If I am spyware free
« Reply #6 on: January 01, 2006, 08:13:32 PM »
I did and here where 11 critical objects with ad-aware(all where removed), none with spybot.. I even scanned with avast (scheduled on startup) then I found nothing... I still have strange file in windows map "tools4.exe"

Msn plus:
I know that U can install it without sponser..

In most cases I can tell when a computer is spyware/virus clean. I even stop blasterworm :D... It tried to shutdown a pc (I was at a customer during my training period)

I am going to contact microsoft about my service pack 2 problem :)

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: not sure If I am spyware free
« Reply #7 on: January 01, 2006, 08:31:00 PM »
No need to contact MS (could be expensive) about it google it looking for "Access denied" on XP SP2 install and see what that turns up:
http://www.google.co.uk/search?q=%22Access+denied%22+on+XP+SP2+install
http://support.microsoft.com/kb/873148.

Quote
I still have strange file in windows map "tools4.exe"
You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CharleyO

  • Guest
Re: not sure If I am spyware free
« Reply #8 on: January 01, 2006, 09:25:31 PM »
***

A google search for tool4.exe produced this:

http://search.earthlink.net/search?q=tools4.exe&area=earthlink-ws&FD=0&channel=narrowband

Only one result and clicking on that led me here:

http://cd.textfiles.com/silvercollection/disc4/ORGANISE/

Clicking on the parent directory link leds to this:

http://cd.textfiles.com/silvercollection/disc4/

Which also has another parent directory link:

http://cd.textfiles.com/silvercollection/

Which has still another parent directory link that takes you to this webpage:

http://cd.textfiles.com/

Once entering that website, there is a long list of cd products.

Perhaps you have ... or have had ... one or more of these products on this computer at some time?


***

gersom

  • Guest
Re: not sure If I am spyware free
« Reply #9 on: January 01, 2006, 10:05:05 PM »
it's seems that ad-aware found a data miner.. does anyone knows what that does?

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: not sure If I am spyware free
« Reply #10 on: January 02, 2006, 12:12:26 AM »
A data miner collects information about you to send to whoever put it on your computer.

It is a form of spyware.

http://www.geocities.com/dontsurfinthenude/spyware.htm
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

doc_esb

  • Guest
Re: not sure If I am spyware free
« Reply #11 on: January 02, 2006, 08:35:30 AM »
Hello gersom, Happy New Year.  I have reviewed your HijackThis log and have a few recommendations.

First of all, you have "fixed" a legitimate file.  I would advise opening up HijackThis.exe, click on the "Open the Misc Tools section" button, then click the "Backups" button at the top, and put a check before the following line:

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Then hit the "Restore" button on the right-hand side of the window.

Here is the reference:
http://www.bleepingcomputer.com/startups/rpcapd.exe-7147.html

You will want to print the following instructions or copy them to Notepad as some of the actions are done from Safe Mode and  you will not have internet access from there.

First, unless you or your administrator has installed the ServUDaemon program intentionally, I would suggest getting rid of it.  Here's how to do it:

Click "Start" > "Run" and type "Services.msc" (without quotes) then hit "Ok".
Click the "Extended" tab.
Scroll down and find the service called Serv-U FTP Server (Serv-U) - Cat Soft - D:\PROGRA~1\Serv-U\ServUDaemon.exe

Click once on the service to highlight it.
Click "Stop".
Right-click on the service.
Click on "Properties".
Select the "General" tab.
Click the Arrow-down tab on the right-hand side on the "Start-up Type" box.
From the drop-down menu, click on "Disabled".
Click "Apply", then "OK".

Now you will want to delete the service:

Open HijackThis.
Click on the "Open Misc. tools section" button.
Click on the "Delete an NT service" button.
Type Serve-U in the space provided and click OK.
The program will ask you to reboot.  Accept.

Boot into Safe Mode.  (If you're not sure how to do this, click this link):
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Now set Windows to show all files:

To enable the viewing of Hidden files follow these steps:

   1. Close all programs so that you are at your desktop.
   2. Double-click on the "My Computer" icon.
   3. Select the "Tools" menu and click "Folder Options".
   4. After the new window appears select the "View" tab.
   5. Put a checkmark in the checkbox labeled "Display the contents of system folders".
   6. Under the Hidden files and folders section select the radio button labeled "Show hidden files and folders".
   7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
   8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
   9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
  10. Now your computer is configured to show all hidden files.

Because XP will not always show you hidden files and folders by default,
Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"


Now, run HijackThis again and when it finishes, put a check before the following lines:

O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\System32\hlwin.dll

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect1.gravity.co.kr/nprotect/nPKeyCrypt/npkcx.cab

O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - D:\PROGRA~1\Serv-U\ServUDaemon.exe


Then, make sure ALL windows except HijackThis are closed and hit the "Fix Checked" button.


Next, navigate to and delete the following files listed in bold below if they are found to exist:  Delete ONLY the part in bold.

C:\WINDOWS\System32\hlwin.dll

C:\WINDOWS\System32\Downloaded Program Files\NPKCX

While you're in the Downloaded Program Files folder, you may as well delete the Symantec RuFSI Utility Class file since, I assume, you fixed the HJT entry.


Now, find and delete the following folders:  (bold only)

C:\Program Files\Block Checker

D:\Program Files 1\Serv-U  (If that file path isn't exactly correct, just search for the folder and delete it.)


Empty the Recycle Bin

Reboot into normal mode, run HijackThis, and post the new log back to this thread.  I will be glad to check it for you.


BTW, you can safely delete anything that Ad-Aware finds.  A data miner is a tracking cookie.  You can get rid of it.  If you delete a legitimate cookie, it will be reinstalled the next time you visit the responsible site.


doc

gersom

  • Guest
Re: not sure If I am spyware free
« Reply #12 on: January 02, 2006, 01:10:22 PM »
thank you :)...

this is my log.. I removed most things.. But some I better leave it on my pc... like the server-U (ftp)


Logfile of HijackThis v1.99.1
Scan saved at 13:00:57, on 2-1-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\Apache.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\PROGRA~1\DATAAP~1\BEYOND~1\BRServer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\xampp\apache\bin\Apache.exe
D:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microangelo\muamgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Foxmail\Foxmail.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Bureaublad\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\System32\hlwin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Foxmail] "C:\Program Files\Foxmail\Foxmail.exe" -min
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5E56B3A-F4DB-41AC-85DB-E0486460721D}: NameServer = 192.168.5.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Apache2 - Unknown owner - C:\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Beyond Remote Server - Data Apples Corporation - D:\PROGRA~1\DATAAP~1\BEYOND~1\BRServer.exe (I can control my computer from somewhere else "WITH PASSWORD ;)"
O23 - Service: dev4_423 - Unknown owner - C:\phpdev\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\xampp-win32-1.4.13\xampp\FileZillaFTP\FileZilla Server.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - D:\PROGRA~1\Serv-U\ServUDaemon.exe
(this is my ft server "WITH PASSWORD ;)" Because I work on a website "php supported")

doc_esb

  • Guest
Re: not sure If I am spyware free
« Reply #13 on: January 02, 2006, 06:24:02 PM »
Okay, looking better.
ServUDaemon is fine as long as you are the one controlling the pc.  I just wanted to make sure.
I take it you do not wish to use the Remote Packet Capture Protocol v.0 as I don't see it restored?
So, the only thing left to deal with is the LinkTracker Class BHO.  This is a piece of crapware.

Please print out these instructions again:

Let's download a couple of tools first to assure a thorough clean up.

Please download Ewido Anti-Malware from here
(Note: As this is a trial version, after the 14 day trial period has expired Ewido will lose some functionality with it.  Ewido will then work as an On-Demand program, make sure to check for updates regularly).
  • Install ewido security suite
  • When installing the program, under "Additional Options" UNCHECK...
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should now be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files:
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful")
  • Close Ewido Anti-Malware
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates
 

Download Cleanup from Here

    * A window will open and choose SAVE, then DESKTOP as the destination.
    * On your Desktop, click on Cleanup icon.
    * Then, click RUN and place a checkmark beside "I Agree"
    * Then click NEXT followed by START and OK.
    * A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    * Click OK
    * DO NOT RUN IT YET!

Now boot into Safe Mode.

Once in Safe Mode start Ewido Anti-Malware
  • Click on scanner. (Note: Do not start any programs or open any windows while Ewido is scanning)
  • Click on Complete System Scan, the scan will now begin.
  • While the scan is in progress you will be prompted to clean files, click OK.
  • When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
  • Once the scan has completed, there will be a button located at the bottom of the screen named Save Report.
  • Click Save Report.
  • Now save the report .txt file to your desktop.
  • Close Ewido Anti-Malware
Now run HijackThis again and check the following entry if it shows:

O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\System32\hlwin.dll

Then close ALL windows except HijackThis and hit the "Fixed Checked" button.

Then find and delete hlwin.dll from the C:\WINDOWS\System32 folder.


Run CleanUp!:

Double-click the CleanUp! icon
Click the "CleanUp!" button
After a moment, when you see that the scan is done, hit the "Close" button.
It is a very simple and fast program.


Reboot to Normal Mode, run HijackThis again, post that HJT log and the log with the results of the ewido scan.



doc

doc_esb

  • Guest
Re: not sure If I am spyware free
« Reply #14 on: January 02, 2006, 07:07:12 PM »
Could you also locate Tools4.exe, right-click on it, choose "Properties", and tell me the size of the file?


doc