Jump to content


Please analyze log

Started by TeeJay3800, Sep 13 2006 05:26 PM

  • You cannot reply to this topic
3 replies to this topic

#1 OFFLINE   TeeJay3800

    Power Member

  • Members
  • PipPipPipPip
  • 675 posts
  • Gender:Male
  • Location:Metro Detroit

Posted 13 September 2006 - 05:26 PM

Here it is, thanks in advance! I'm especially wondering about "SpywareBlock Class."

Logfile of HijackThis v1.99.1
Scan saved at 1:18:12 PM, on 9/13/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\SygatePro\SPF\smc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\WxEx\WxEx.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HiJackThis\HijackThis.exe

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE~1\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Startup: TransIcon.lnk = C:\Program Files\TransIcon\TransIcon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155235365105
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINNT\system32\OOD2000.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\SygatePro\SPF\smc.exe
Dell Latitude D600
Windows 7 Ultimate 32-bit SP1

Posted Image

#2 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.

Posted 14 September 2006 - 07:30 PM

Hi TeeJay3800

The log looks fine,

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)

Belongs to SpyCatcher:

http://www.tenebril..../spycatcher.php

It's missing it's file so if its already been removed from your PC the line can be fixed by running HijackThis and choosing Do A System Scan then place a check next to this entry

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)

Close all open browser and other windows except for Hijack This and press the Fix Checked button

If its still on the PC then it should be reinstalled with it having a file missing,

Andy

#3 OFFLINE   TeeJay3800

    Power Member

  • Members
  • PipPipPipPip
  • 675 posts
  • Gender:Male
  • Location:Metro Detroit

Posted 14 September 2006 - 09:23 PM

Thanks a lot for the help! I'm worried about SpyCatcher because my HD was recently formatted and I've never installed that program. It's kind of a mystery why there is an entry for it, but I'll go ahead and remove it and see what happens.
Dell Latitude D600
Windows 7 Ultimate 32-bit SP1

Posted Image

#4 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.

Posted 15 September 2006 - 04:13 PM

Hi TeeJay

You can see the entry listed in the CastleCops database here

http://www.castlecop...eBlock_dll.html

And this is how it should look when the file isnt missing:

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll

The program is genuine so Im not sure how it could get there without your consent but if you felt there might be other malware issues its probably worth running a scan with Kaspersky

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
If any infected items are found, please post back the contents of the kavscan.txt file

Cheers

Andy
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell