Hi,

yesterday my avast notice that I have a virus on my computer. The pop-up said it is win32 trojan-gen {Other}. I did some research on my own, than I deleted some files in safe mode, check the hijackthis! again and there are still some bad files, but I do not know if they are harmless. Until now I am not getting any avast pop-ups any more.

Can someone please check my hijackthis.log and tell me if I am clean now.

Thank you.

Regards, Luka

Logfile of HijackThis v1.99.1
Scan saved at 14:53:35, on 6.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\CbEvtSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\windows\Explorer.EXE
C:\windows\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\D\PRINTER HP\HP SOFTWARE UPDATE\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\Uporabnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Uporabnik\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Uporabnik\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM..\Run: [HP Software Update] C:\D\PRINTER HP\HP SOFTWARE UPDATE\HPWuSchd2.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKCU..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU..\Run: [Google Update] “C:\Documents and Settings\Uporabnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Printer HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.iobcina.si/MGSetup/MgAxCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134944399840
O16 - DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} (ESignDoc2 Object) - https://edavki.durs.si/PersonalPortal/[92375]/Controls/ESignDocControls/hslESignDoc2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\windows\System32\CbEvtSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Welcome to the forums, Luka.

You have used an old version of HJT which might give incorrect or missing information.

Please download HijackThis from the link below. Do not download HJT to the desktop but instead download it into it’s own folder on the hard drive.

Run the program but do not make any fixes and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted.

OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box. Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/

Hello Luka,

Would like to see the hjt logfile.txt also from a newer version of hjt. Let us contemplate the active system tasks you have running there:
Survey of active tasks
smss.exe

System task

Session Manager Subsystem
winlogon.exe

System task

Microsoft Windows Logon Process
services.exe

System task

Windows Service Controller
lsass.exe

System task

Local Security Authority Service
Ati2evxx.exe

Driver

ATI Display Adapter Assistant
svchost.exe

System task

Microsoft Service Host Process
svchost.exe

System task

Microsoft Service Host Process
aswUpdSv.exe

Virusscan

Avast Anti-Virus Component
ashServ.exe

Virusscan

Avast
spoolsv.exe

System task

Microsoft Printer Spooler Service
AppleMobileDeviceService.exe

Background task

Apple Mobile Device Service
BTNtService.exe

Background task

IVT Corporation BlueSoleil Module
mDNSResponder.exe

Background task

Bonjour for Windows Component

CbEvtSvc.exe This is reported as Trojan: http://www.threatexpert.com/report.aspx?md5=7bbedbd5e8ab73812303c89d681a3bdb
Deleting the file CbEvtSvc.exe will not help in removing the threat
http://spywarefiles.prevx.com/RRHGJG44332719/CBEVTSVC.EXE.html
Unknown task

Unknown task
PDAgent.exe

Background task

Perfect Disk Agent
HPZipm12.exe

Driver

HP Taskbar Utility
SMAgent.exe

Background task

Analog Devices magent
svchost.exe

System task

Microsoft Service Host Process
ashMaiSv.exe

Virusscan

Avast Anti-Virus Component
ashWebSv.exe

Virusscan

avast! Web Scanner
PDEngine.exe

Background task

PerfectDisk from Raxco
Explorer.EXE

System task

Microsoft Windows Explorer
AGRSMMSG.exe

System task

IBM AMR modem driver
ashDisp.exe

Virusscan

Avast AntiVirus
HPWuSchd2.exe

Background task

Hewlett Packard Software Update Scheduler
jusched.exe

Background task

Sun Java Update Scheduler
iTunesHelper.exe

Application

Apple Itunes
issch.exe

Application

InstallShield Update Service
GoogleUpdate.exe

Background task

GoogleUpdate.exe
GoogleUpdate.exe

Background task

Google Updater

GoogleCalendarSync.exe

OUnknown task

Unknown task
iPodService.exe

Background task

Apple iTunes
SpybotSD.exe

Anti Add/Spyware software

Spybot - Search & Destroy
firefox.exe

Application

Mozilla Firefox
ashSimpl.exe

Virusscan

Virus scanner
googletalkplugin.exe

Background task

Google Talk
HijackThis.exe

Application

Hijackthis

Infection found:
Upon execution, this trojan copies itself into the %System32% folder as “CbEvtSvc.exe”

It then launches the new executable as a new system service.

Files Added

%system32%\CbEvtSvc.exe

Registry entries added

* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc
* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc\Enum
* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc\Security
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC "NextInstance"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000 "Class"
   Data: LegacyDriver
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000 "ClassGUID"
   Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000 "ConfigFlags"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000 "DeviceDesc"
   Data: CbEvtSvc
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000 "Legacy"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000 "Service" Data: CbEvtSvc
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000\Control "*NewlyCreated*"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000\Control "ActiveService"
   Data: CbEvtSvc
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc "DisplayName"
   Data: CbEvtSvc
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc "ErrorControl"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc "ImagePath"
   Data: %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc "ObjectName"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc "Opt"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc "Start"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc "Type"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum "0"
   Data: Root\LEGACY_CBEVTSVC\0000
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum "Count"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum "NextInstance"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Security "Security"

After a long duration (~30 mins), this trojan downloads additional malware programs form different websites.

* htxp://digitaltreath.info/a[REMOVED].exe
* htxp://207.10.234.217/ldrctl/user/2[REMOVED].exe
* htxp://digitaltreath.info/d[REMOVED].exe

polonus

This is all I get by the new Hijack. Should be more? What do I have to do to get the list longer?

Tanks

Luka

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:35, on 6.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\CbEvtSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\windows\Explorer.EXE
C:\windows\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\D\PRINTER HP\HP SOFTWARE UPDATE\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\Uporabnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Uporabnik\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM..\Run: [HP Software Update] C:\D\PRINTER HP\HP SOFTWARE UPDATE\HPWuSchd2.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKCU..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU..\Run: [Google Update] “C:\Documents and Settings\Uporabnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Printer HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.iobcina.si/MGSetup/MgAxCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134944399840
O16 - DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} (ESignDoc2 Object) - https://edavki.durs.si/PersonalPortal/[92375]/Controls/ESignDocControls/hslESignDoc2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\windows\System32\CbEvtSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

–
End of file - 8760 bytes

This is Ok,

Fix O23 - Service: CbEvtSvc - Unknown owner - C:\windows\System32\CbEvtSvc.exe

To manually remove a Trojan-Downloader:W32/Exchanger infection, perform the following steps:

1. Open the Windows Task Manager by pressing the Ctrl + Alt + Delete keys and click the Task Manager button.
2. From the list of running processes, find CbEvtSvc.exe and then click the End Process button.
3. You may close the Task Manager once the malicious process is terminated.
4. From the Windows Start Menu, select Run, type regedit into the “Open:” field and then click OK.

see attached picture!

5. From the Registry Editor, locate and delete the following keys if present:

   • HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc
   • HKLM\SYSTEM\ControlSet001\Services\CbEvtSvc
   • HKLM\SYSTEM\ControlSet002\Services\CbEvtSvc

Note: HKLM equals HKEY_LOCAL_MACHINE
6. Delete the file called CbEvtSvc.exe located in the C:\WINDOWS\system32\ folder,

polonus

Why do you think the HJT log should be longer?

This one is very bad :

C:\windows\System32\CbEvtSvc.exe

Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words ‘dialer’, ‘casino’, ‘free plugin’ etc, it should be fixed! If you know the site then it might be ok.

O16 - DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} (ESignDoc2 Object) - https://edavki.durs.si/PersonalPortal/[92375]/Controls/ESignDocControls/hslESign Doc2.cab

This one is also very bad :

O23 - Service: CbEvtSvc - Unknown owner - C:\windows\System32\CbEvtSvc.exe

EDIT - Polonus posted while I was writing. Please follow his suggestions.

Hi again,

I did that: [i]To manually remove a Trojan-Downloader:W32/Exchanger infection, perform the following steps:

1. Open the Windows Task Manager by pressing the Ctrl + Alt + Delete keys and click the Task Manager button.
2. From the list of running processes, find CbEvtSvc.exe and then click the End Process button.
3. You may close the Task Manager once the malicious process is terminated.
4. From the Windows Start Menu, select Run, type regedit into the “Open:” field and then click OK.

see attached picture!

5. From the Registry Editor, locate and delete the following keys if present:

   • HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc
   • HKLM\SYSTEM\ControlSet001\Services\CbEvtSvc - here was no CbEvtSvc file
   • HKLM\SYSTEM\ControlSet002\Services\CbEvtSvc

Note: HKLM equals HKEY_LOCAL_MACHINE
6. Delete the file called CbEvtSvc.exe located in the C:\WINDOWS\system32\ folder,[/i]

than I reboot the comp, but before the windows started there was an autorun fom avast scanning my files I bypass it.

I run the Hijack again, but there was still some bad files:

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

so I fix them in Hijack and reboot again.

I hope I am clean now. I thank to you both very, very much for you help.

Below is my new hijacklog, I suppose this is ok now. Can you just confirm that.

Oh Charley, this page: https://edavki.durs.si/PersonalPortal/ is secure.

Thanks again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:17, on 6.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\windows\Explorer.EXE
C:\windows\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\D\PRINTER HP\HP SOFTWARE UPDATE\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\Uporabnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM..\Run: [HP Software Update] C:\D\PRINTER HP\HP SOFTWARE UPDATE\HPWuSchd2.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKCU..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU..\Run: [Google Update] “C:\Documents and Settings\Uporabnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Printer HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.iobcina.si/MGSetup/MgAxCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134944399840
O16 - DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} (ESignDoc2 Object) - https://edavki.durs.si/PersonalPortal/[92375]/Controls/ESignDocControls/hslESignDoc2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

–
End of file - 8118 bytes

In avast! Virus Chest I still have those files:

1003821337.exe as virus Win32:Trojan-gen (other)
1003821337.exe as virus Win32:Trojan-gen (other)
1164787577.exe as virus Win32:Rootkit-gen (Rtk)

for all this files original location is in C:\Documents and settings\LocalService\Application Data

All files are marked with scull and located in Infected files category

I hope there is nothing wrong by having them there or?

I al so thank for that answer.

Regards,

Luka

Hi Luka,

This looks indeed more like it, just one remark, apparently you have no active software firewall running at your computer. If you connect via a router there will be a hardware firewall there, and you do not need one.
A constant check-up on and securing against intruders for your outgoing network traffic can only be accomplished with an additional software firewall - Microsoft firewalls are only for securing incoming network traffic. Also check for your third party software to have the latest versions and patches: Secunia PSI: http://secunia.com/PSISetup.exe
The files in the chest are secure and can do no further harm, like a person in prison. Leave them there for a fortnight and then delete them, as your system apparently no longer needs them.

pozdravi,

polonus

My windows firewall is active and almost all the time I am connected to internet via router. I will check for some other firewall. I do not know what is this secunia PSI for?

Thank you for all your help once again.

Luka

Luka,

PSI is a tool that runs silently in the background, and now and then you can perform a scan to see if you have updated all vulnerable third party software, important is for instance to have the latest Sun Java version (against infections), your Media Player has the latest version and no holes, and all the patches, PSI looks after all this, and you do not have to update all this manually all the time. They have found only a small percentage of users have a secure bundle of Software on their boxes, PSI at my computer looks that I am protected 100% against software vulnerabilities (theoretically that is),

Damian aka polonus

But is it ok that Secunia PSI and avast run at the same time?

Hi Luka,

Yes, my friend, that is perfectly all right, I have this configuration also for half a year since it became PSI 1.0, and no problem whatsoever, just like with one resident scanner and various non-resident (on demand) scanners, so I have avast together with MBAM and SAS anti-spyware non-resident, sometimes I download the latest version of launch.exe = DrWeb’s CureIt scanner and scan with it, while avast is normally running along.
Two resident scanners on a PC is asking for trouble, because these two resident scanners can find each others signatures up and you get false positives or worse trouble, just like two dogs that should guard your house but start to fight among each other (not good for security). Also Panda on demand and avast seem not to be on friendly terms (because of the signatures of Panda’s). That you ask these questions, means that you have a good understanding and feel for security, welcome to the forums, come here more often and learn to help others,

polonus

Hi,

I already install Secunia Psi and updated 4 programs that needed upgrade. I have now avast, spybot and psi. You think I should have any other non-resident scanner?

Thank you for your informations.

Luka

Hi Iesel,

You can download SuperAntiSpyware from here: http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
SUPERAntiSpyware Free Edition is 100% Free and will detect and remove thousands of Spyware, Adware, Malware, Trojans, KeyLoggers, Dialers, Hi-Jackers, and Worms. SUPERAntiSpyware features many unique and powerful technologies and removes spyware threats that other applications fail to remove.
I keep it updated with “Check for Updates” - and do an occasional “Quick Scan”, and you are best advised to do a “Full Scan” the first time after downloading and updating, and then every other month, once every 30 days,

Then you can also download DrWebsCureIt from here: ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe
I have put that on a usb stick or as you call it a pen drive, and then scan my computer with it, for a new scan after a day or two you should download the most recent version, delete the old launch.exe and replace it with this more recent launch.exe.
I think in that way you have a very good protection, and it will not weigh too heavy on your old CPU,

polonus

Hi Iesel :

One point about Java ; for security purposes, should ONLY have 1 version,
the latest, on a computer at any moment in time . Installing the latest does
NOT uninstall or remove all the “other” version(s) of this program, so unless
you are sure you do NOT have any other “version(s)/update(s)” of this
program on your computer, it is recommended to run the FREE “JavaRa”
from http://raproducts.org .

Hello.

I can use SUPERAntiSpyware safely, when avast is running? SUPERAntiSpyware is a non-resident scanner?

I downloaded SUPERAntiSpyware and I am now running the full scan. I also downloaded the JavaRa and remove all the old versions of java. Thanks Spiritsongs!

I have one question more Polonus. You`re saying that I run SUPERAntiSpyware once a month and do the scan? Or should I have SUPERAntiSpyware running all the time in my system tray?

Thanks again!

Luka

Hi Luka,

Have it there, the free version is non-resident, all the time in your system tray, that will alert you ONLY if the program needs upgrading, the latest signatures have to be manually downloaded , click Check for Updates, do a full scan (takes some time) after downloading and once a month, for the rest you can do an “on demand” quick scan. I have it there all the time, welcome to the forums again,

pol

Hi :

We usually recommend NOT having SUPERAntiSpyware running at StartUp ;
IF you would like to do likewise, on the main GUI, click “Preferences” & when
the “General and StartUp” menu appears, “uncheck” the Settings
“Start SUPERAntispyware when Windows starts” and/or “Show
SUPERAntispyware icon in system tray” .

P.S. In addition, you have the unnecessary “Bonjour\mDNSResponder” and should
consider the Info at www.raymond.cc/blog/archives/2008/02/10/how-to-uninstall-or-remove-bonjour-mdnsresponderexe/ and seriously consider
uninstalling it by using the “Removal Instructions” there .