View Full Version : Spybot was changed on install
Okay, I'm calm. I'm out of my league here.
FIRST: WIN2K, Firefox browser
Second: My Avast was altered, so we ran a scan, machine went to BSOD, rebooted, changes took effect. :mad:
I came here, so far upgraded spybot from 1.3 to 1.4. Spybot alerted me that it was changed on the first run. It SAID we were clean, but I don't trust any of the software anymore.
now usb keyboard is wonky.
Runnign Housecall right now - it will be a while.
Let me knwo what you want tosee.
Logfile of HijackThis v1.99.1
Scan saved at 1:35:04 PM, on 11/15/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hidserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Kerio\Personal Firewall
4\kpf4ss.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall
4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall
4\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\avgas.exe
C:\Program Files\802.11 Wireless LAN\802.11b
Wireless CardBus & PCI Adapter HW.11
V1.10\WlanCU.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and
Settings\administrator\Desktop\HijackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.freerepublic.com/focus/f-news/browse
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page_bak = about:blank
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) -
{A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
/minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program
Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
-reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Wireless Configuration
Utility.lnk = C:\Program Files\802.11 Wireless
LAN\802.11b Wireless CardBus & PCI Adapter HW.11
V1.10\WlanCU.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk
= C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Microsoft AntiSpyware helper -
{F631F9FF-F0BC-465F-9D57-205BAA630739} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware
helper - {F631F9FF-F0BC-465F-9D57-205BAA630739} -
(no file)
O12 - Plugin for .spop:
C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
(PCPitstop Utility) -
http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98}
(Measurement Services Client v.3.11) -
http://gameadvisor.futuremark.com/global/msc311.cab
O23 - Service: avast! iAVS4 Control Service
(aswUpdSv) - Unknown owner - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner -
C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner -
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"
/service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner -
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"
/service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware
Development a.s. - C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative
Service (dmadmin) - VERITAS Software Corp. -
C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG -
C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) -
Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) -
Kerio Technologies - C:\Program Files\Kerio\Personal
Firewall 4\kpf4ss.exe
Okay, trend micro never finished, it hung up. It did show a greyware item (analogxproxy, IIRC) Tried another scan site, then got the blue screen again. *sigh*
The infected one is my husband's machine, and he's ready to fdisk it. Maybe we ought to.
Sorry if I posted this in the wrong place... :oops: Please forgive, I've been trying to figure this out since yesterday, and it just keeps getting worse.
What a week I'm having! :laugh:
md usa spybot fan
2006-11-15, 21:25
NaeMo:
I'm sorry but HijackThis log are not analyzed in the forum. See:
Please do NOT post hjt logs in the Spybot forum, see here for link to malware removal
http://forums.spybot.info/showthread.php?t=1266
But before you post there or this thread moved to that forum, please bear with me for a minute.
I don't quite understand gist of your original post. Are you getting a message similar to the following when you attempt to run Spybot?
This application has been changed since it was created.
Since Spybot-S&D does not change itself, we recommend you check your system for malware and viruses instantly!
If so, that message has been caused in the past by failing memory (RAM) and I suggest that you consider running a memory diagnostic program. If your system didn't come with diagnostic routines including a memory test there is one here:
http://www.memtest.org/
If not, could you restate the problem that you are having running Spybot-S&D, including the sequence of events and the exact content of any messages that you are receiving.
On the other hand, if you truly that think that malware is the cause of the problem you are having, please read the following instructions for running preliminary scans, producing logs and posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D http://forums.spybot.info/showthread.php?t=288
This application has been changed since it was created.
Since Spybot-S&D does not change itself, we recommend you check your system for malware and viruses instantly!
That is exactly what it said. Thank you. It goes to blue screen often, dumping phys. memory. I'll check the memory.
Totally, utterly, and completely failed the memtest! Is it silly to feel happy about that? LOL
Thanks for pointing me in the right direction, md usa spybot fan.
md usa spybot fan
2006-11-15, 23:48
Your welcome, but now the real diagnosis problem begins. Although it is most likely just a failing memory chip/board, it could be contact problem with the socket on the mother board or even a PSU (Power Supply Unit) problem.
Good luck in isolating and fixing the problem.
Best wishes,
md usa spybot fan
I just want to say 'thanks' for this thread.:wub: I installed and updated SpyBot SD tonight and that message window popped up. Scared me a little thinking that some wretched beast of a virus had commandeered a rescue tool and again robbed me of my right to a clean computer. Once I'd read through the whole thread I was able to relax again. If all the problem is is a simple memory burnout, well, at least that much I can fix on my own. :beerbeerb:
Cheers