| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 81795 | 2007-08-07 13:43:00 | Trojans and COMODO BOClean | meg_h_nz (6960) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 577829 | 2007-08-07 13:43:00 | Hi all I suppose it had to happen sooner or later but after years of virus free computing I got a Trojan (or a few Trojans it seems) :help: I have always run Antivirus (CA Antivirus updated at least once a day) I have Zone Alarm, I regularly do scans with SpyBot S&D and Ad-Aware (and I keep them updated) and I recently installed COMODO BOClean. (Thank you Speedy G as I saw this as a link on your sig and went and checked it out & then installed it) This evening when I logged on I got COMOBO warning boxes flash up (6 in a row) with various Trojan information listed. I can’t quite remember the exact wording but I had the choice to take action or leave it, so I chose the take action option. So what do I do now? Has COMODO BOClean saved me from disaster? How come my antivirus didn’t pick it up? (I do a scan once a week or so and having it running in real time too). When I did a complete system scan with CA after the COMODO warnings it detected 4 infections but didn’t quarantine them and I have the option ticked? Was it because they were already quarantined by COMODO? What sort of damage will be happening to my computer, if any?:help: Thanks in advance Meg |
meg_h_nz (6960) | ||
| 577830 | 2007-08-07 14:33:00 | As for the question of why your other AV scanners didn't pick it up, is because they didn't have an update to detect these trojans. Glad to hear that Comodo got them though. The chances are they havn't done too much damage, though can't say for sure. My suggestions are that you do a full system scan with Comodo and NOD32 (http://www.eset.com/) and that should root out any thing that is left. Just make sure you do an update before you do the scan. Not all trojans are really harmful, but you can never be too sure - so it may have saved you, can't tell unless you get them again and let them run! :stare: |
Bozo (8540) | ||
| 577831 | 2007-08-07 21:47:00 | Boclean is like a realtime scanner. It monitors / scans the background constantly/continuously. Most AV programs dont do this. I dont think BC quarantines trojans/whatever, it kills whatever the trojan has put on your system (from the registry / startup, wherever it is). As soon as it detects something it alerts you, if u take action, it removes whatever files the trojan has put on your system. I would say you're safe. There's nothing to worry about. If you look at the icon on the taskbar, if it turns red, this is telling you that it has detected / picked up something nasty / a trojan. Altho it will also turn red, if you go into its config. And go back to normal when you close the config window. I've heard/read Boclean can pick up legit/valid files (Mirc is one of them). As a trojan. As well. Two mates I chat to in Mirc, found out last week lol. They were in Mirc, a window popped up in Boclean saying Mirc was detected as a trojan, and shut it down, while they were in / using it. Take note of what Boclean is saying. If you KNOW for sure the file / program isnt a trojan, you HAVE to add it to the excluded files in Boclean (So, I've read). I'm not using Boclean atm,but I have it on the hdd. Comodo do have a forum (http://forums.comodo.com/) So, if you do have any probs, the answer is usually here. If the answer isnt here, you can post a ? (you have to register first), and someone will usually answer within a day. |
Speedy Gonzales (78) | ||
| 577832 | 2007-08-08 04:39:00 | I ran Hijackthis and got the following. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:58:11 p.m., on 8/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe C:\Program Files\Powerware\LanSafe\bin\httpserver.exe C:\Program Files\Powerware\LanSafe\bin\status_glance.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\Comodo\CBOClean\BOC424.exe C:\Program Files\PaperQuote\PQ.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Megan\My Documents\My Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [BOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PaperQuote '01] C:\Program Files\PaperQuote\PQ.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - javadl-esd.sun.com O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - drmlicense.one.microsoft.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8498 bytes Can some one tell me what I should be removing if anything? Many thanks |
meg_h_nz (6960) | ||
| 577833 | 2007-08-08 04:53:00 | Does CA Internet security include a firewall? If it does it shouldnt be running alongside Zonealarm, they'll conflict. You can tick these entries, then tick fix checked. Put HJT in its own folder then run it first. Close browser/s. Safe O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Uninstall all versions of Sun Java. Latest is in my sig. |
Speedy Gonzales (78) | ||
| 577834 | 2007-08-08 04:59:00 | Does CA Internet security include a firewall? If it does it shouldnt be running alongside Zonealarm, they'll conflict . I only have CA Anti virus without firewall . (I was told it is better to have a standalone firewall????) How do I put HJT in its own folder and run first? |
meg_h_nz (6960) | ||
| 577835 | 2007-08-08 05:08:00 | Create a folder called HJT and put the HJT file you downloaded in it. Then run it. It doesnt really matter if the AV and firewall are in the one program, or separate. I use Comodo and Avast myself, which are separate programs. I thought CA may have had a firewall. Since most programs with the word Internet Security in it, usually include a firewall. Altho, I dont think CA is that good for an AV program. |
Speedy Gonzales (78) | ||
| 577836 | 2007-08-08 05:22:00 | Here is the new log with HJT run from its own folder and browsers closed. I have also uninstalled Java and run CCleaner. What Antivirus would you recommend? CA does have options that include Firewall, Anti-Spyware, personal firewall and Anti Spam but I only ever purchased the AV component. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:36:29 p.m., on 8/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe C:\Program Files\Powerware\LanSafe\bin\httpserver.exe C:\Program Files\Powerware\LanSafe\bin\status_glance.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\Comodo\CBOClean\BOC424.exe C:\Program Files\PaperQuote\PQ.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\CA\CA Internet Security Suite\casecuritycenter.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe C:\Documents and Settings\Megan\My Documents\My Downloads\Hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [BOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PaperQuote '01] C:\Program Files\PaperQuote\PQ.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - drmlicense.one.microsoft.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8009 bytes |
meg_h_nz (6960) | ||
| 577837 | 2007-08-08 05:30:00 | Umm this C:\Documents and Settings\Megan\My Documents\My Downloads\Hijackthis\HiJackThis.exe Should be the folder you've run HJT in, not in Documents. It shouldnt matter as long as you dont back anything up. Just tick the entries I mentioned previously,then tick fix checked. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Did u pay for CA?? Nod32 would most probably be better for a paid AV, or AVG free or Avast Home, (which are free, but dont have as many options in them, as the paid for versions), or Pro (If you want to pay for Pro). Oops and dont forget to install the latest version of Java. |
Speedy Gonzales (78) | ||
| 577838 | 2007-08-08 05:48:00 | This time I hope I got it right:blush: I havent removed anything yet as I wanted to double check . In the first email you have "Safe" in bold before these three lines: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\ . . \Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE . EXE /AUTORUN O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" Are these the ones I should tick? Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 5:04:23 p . m . , on 8/08/2007 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\ZoneLabs\vsmon . exe C:\WINDOWS\system32\brsvc01a . exe C:\WINDOWS\system32\brss01a . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\Program Files\Comodo\CBOClean\BOCORE . exe C:\WINDOWS\system32\Brmfrmps . exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe . exe C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg . exe C:\Program Files\Powerware\LanSafe\bin\xyntservice . exe C:\Program Files\Powerware\LanSafe\bin\httpserver . exe C:\Program Files\Powerware\LanSafe\bin\status_glance . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\system32\ctfmon . exe C:\WINDOWS\system32\RunDll32 . exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray . exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID . exe C:\Program Files\Microsoft IntelliType Pro\itype . exe C:\Program Files\Microsoft IntelliPoint\ipoint . exe C:\Program Files\iTunes\iTunesHelper . exe C:\WINDOWS\system32\LVCOMSX . EXE C:\Program Files\Logitech\Video\LogiTray . exe C:\PROGRA~1\Comodo\CBOClean\BOC424 . exe C:\Program Files\PaperQuote\PQ . exe C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\MOM . EXE C:\Program Files\Logitech\Video\FxSvr2 . exe C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\ccc . exe C:\Program Files\iPod\bin\iPodService . exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp . exe C:\Program Files\CA\CA Internet Security Suite\casecuritycenter . exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan . exe C:\Hijackthis\HiJackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . stuff . co . nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = * . local;localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper . dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1 . DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\ . . \Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut . exe O4 - HKLM\ . . \Run: [Cmaudio] RunDll32 cmicnfg . cpl,CMICtrlWnd O4 - HKLM\ . . \Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe" O4 - HKLM\ . . \Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray . exe" O4 - HKLM\ . . \Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID . exe" O4 - HKLM\ . . \Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype . exe" O4 - HKLM\ . . \Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint . exe" O4 - HKLM\ . . \Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt . exe O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe" O4 - HKLM\ . . \Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE . EXE /AUTORUN O4 - HKLM\ . . \Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX . EXE O4 - HKLM\ . . \Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart . exe O4 - HKLM\ . . \Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray . exe O4 - HKLM\ . . \Run: [StartCCC] C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\CLIStart . exe O4 - HKLM\ . . \Run: [BOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424 . exe O4 - HKLM\ . . \Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan . exe O4 - HKCU\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [PaperQuote '01] C:\Program Files\PaperQuote\PQ . exe O4 - HKUS\S-1-5-19\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL . EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR . DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - . one . microsoft . com/crlupdate/en/crlocx . ocx" target="_blank">drmlicense . one . microsoft . com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1 . DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe O23 - Service: Apple Mobile Device - Apple, Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc . - C:\WINDOWS\system32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE . exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd . - C:\WINDOWS\system32\Brmfrmps . exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a . exe O23 - Service: CaCCProvSP - CA, Inc . - C:\Program Files\CA\CA Internet Security Suite\ccprovsp . exe O23 - Service: CAISafe - Computer Associates International, Inc . - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor . exe O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice . exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc . - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg . exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon . exe -- End of file - 7921 bytes |
meg_h_nz (6960) | ||
| 1 2 | |||||