IAmSad

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

michaudl

Thread Starter
Joined
Sep 13, 2003
Messages
6
Hi,

My Zone Alarm first inform me that the above program is trying to connect to internet. I refused the connection.

Since Then, my ad-watch program is telling me about a registry modification every 30 seconds.

What can I do?

thank you for your help.

Luc
Montréal, canada
 

michaudl

Thread Starter
Joined
Sep 13, 2003
Messages
6
I remove it. The ZA ask me again if i want the program to connect to internet. I stil deny this access.

Ad-watch still continue to advise me of a registry modification detected every 30 seconds.
 
Joined
Mar 9, 2003
Messages
4,699
Go to http://tomcoyote.org/hjt/ and download HiJackThis. Use Winzip to unzip it, then install and run it. To run, click the “Scan” button. When it's done the "Scan" button changes to "Save Log". Save the log file it creates (it should open in Notepad at that point). Copy and paste the results in your next post. IF you happen to be using a proxy server, please mention it in your post. Most of what it finds is harmless, so do not do anything yet. Someone will be glad to help you sort out any of the baddies that may be in there.
 
Joined
Mar 9, 2003
Messages
4,699
HiJack This shows browser home and search page hijacks, hence it's name. But it goes on to show BHO's toolbars that have spyware or adware attached to them.

It also lists all the programs that run at start up. Since much bloteware and spyware, virus, trojans and so on all want to be running when you first start your PC, it becomes a powerful tool in helping us spot anything in the way of spyware, virii and so on, on your computer.
 
Joined
Mar 9, 2003
Messages
4,699
Look over in the security forum and you will see a lot of HJT logs posted.

BTW, what part of Chicago?
 

michaudl

Thread Starter
Joined
Sep 13, 2003
Messages
6
Logfile of HijackThis v1.97.2
Scan saved at 07:47:11, on 2003-09-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\IAMSAD.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Internet Call Manager\Icm.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Stealther\stealth27.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\cracks3\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14000
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\Avg6\avgcc32.exe /startup
O4 - HKLM\..\Run: [NAV Auto Update] IAMSAD.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - Startup: zonealarm pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
O4 - Startup: Internet Call Manager.LNK = C:\Program Files\Internet Call Manager\ICM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: AVG Control Center.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Startup: Stealther.lnk = C:\Program Files\Stealther\stealth27.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{90329B32-1797-4851-8206-2D94C4F36EC9}: NameServer = 142.169.1.16 199.84.242.22
 

michaudl

Thread Starter
Joined
Sep 13, 2003
Messages
6
Hi normmork,

This is the scan you ask. I simply put one file under my ignore list in aa6 because if i removed it, my Kazaa doesn't work. Thank you for your help (that's include NiteHawk) because this problem is getting on my nerve and I hope than i will get out of this with less arm than Beamer_nm.

Lavasoft Ad-aware Professional Build 6.181
Logfile created on :14 septembre, 2003 17:12:15
Using reference-file :01R218 13.09.2003
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R218 13.09.2003
Internal build : 108
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 580291 Bytes
Signature data size : 569084 Bytes
Reference data size : 11143 Bytes
Signatures total : 13086
Target categories : 10
Target families : 271

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:54 %
Total physical memory:523808 kb
Available physical memory:279620 kb
Total page file size:1278340 kb
Available on page file:620120 kb
Total virtual memory:2097024 kb
Available virtual memory:2047712 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Move deleted files to recycle bin
Set : Safe mode (always request confirmation)
Set : Skip non executable files
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include info about ignored objects in logfile, if detected in scan
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Include used command line parameters in logfile
Set : Automatically mark all objects in result list
Set : Automatically try to unregister objects prior to deletion
Set : XP/2000: Allow unloading explorer to unload shell extensions prior deletion)
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block Popups and banned sites
Set : Automatically save event log on close
Set : Log Ad-aware events
Set : Show splash screen
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


2003-09-14 17:12:15 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 2003-09-14 21:02:42
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 2003-09-14 21:02:47
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 2003-09-14 21:02:49
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contr
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Syst
Created on : 2001-08-28 16:00:00
Last accessed : 2003-09-14 04:00:00
Last modified : 2001-08-28 16:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 2003-09-14 21:02:49
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 2001-08-28 16:00:00
Last accessed : 2003-09-14 04:00:00
Last modified : 2002-08-29 18:45:10

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 2003-09-14 21:02:51
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 2001-08-28 16:00:00
Last accessed : 2003-09-14 04:00:00
Last modified : 2001-08-28 16:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 2003-09-14 21:02:51
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 2001-08-28 16:00:00
Last accessed : 2003-09-14 04:00:00
Last modified : 2001-08-28 16:00:00

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 2003-09-14 21:02:55
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 2001-08-28 16:00:00
Last accessed : 2003-09-14 04:00:00
Last modified : 2001-08-28 16:00:00

#:8 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ThreadCreationTime : 2003-09-14 21:02:55
BasePriority : Normal
FileSize : 187 KB
FileVersion : 7,0,0,175
ProductVersion : 7.0.0.175
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
OriginalFilename : avgamsvr.EXE
ProductName : AVG Anti-Virus System
Created on : 2003-09-11 23:20:14
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-09-11 23:20:16

#:9 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ThreadCreationTime : 2003-09-14 21:02:55
BasePriority : Normal
FileSize : 22 KB
FileVersion : 7,0,0,132
ProductVersion : 7.0.0.132
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
OriginalFilename : avgupdsvc.EXE
ProductName : AVG 7.0 Anti-Virus System
Created on : 2003-09-09 01:59:12
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-09-09 01:59:14

#:10 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 2003-09-14 21:02:55
BasePriority : Normal
FileSize : 43 KB
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
Copyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
OriginalFilename : CTsvcCDA.EXE
ProductName : Creative Service for CDROM Access
Created on : 2002-09-27 10:56:12
Last accessed : 2003-09-14 04:00:00
Last modified : 1999-12-13 05:01:00

#:11 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 2003-09-14 21:02:55
BasePriority : Normal
FileSize : 60 KB
FileVersion : 6.13.10.3082
ProductVersion : 6.13.10.3082
Copyright : (c) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 30.82
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 30.82
Created on : 2002-11-13 22:40:43
Last accessed : 2003-09-14 04:00:00
Last modified : 2002-07-16 16:16:00

#:12 [tcpsvcs.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 2003-09-14 21:02:56
BasePriority : Normal
FileSize : 19 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
OriginalFilename : TCPSVCS.EXE
ProductName : Microsoft
Created on : 2001-08-28 16:00:00
Last accessed : 2003-09-14 04:00:00
Last modified : 2001-08-28 16:00:00

#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 2003-09-14 21:02:56
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 2001-08-28 16:00:00
Last accessed : 2003-09-14 04:00:00
Last modified : 2001-08-28 16:00:00

#:14 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 2003-09-14 21:02:56
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
OriginalFilename : MSPMSPSV.EXE
ProductName : Microsoft (R) DRM
Created on : 2000-06-26 11:44:20
Last accessed : 2003-09-14 04:00:00
Last modified : 2000-06-26 11:44:20

#:15 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 2003-09-14 21:03:09
BasePriority : Normal
FileSize : 25 KB
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 22
Copyright : Copyright
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
OriginalFilename : DevLdr32.exe
ProductName : Creative Ring3 NT Inteface
Created on : 2002-09-24 04:12:51
Last accessed : 2003-09-14 04:00:00
Last modified : 2001-08-31 05:44:30

#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 2003-09-14 21:03:13
BasePriority : Normal
FileSize : 977 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Syst
Created on : 2003-05-29 15:49:48
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-05-29 15:49:48

#:17 [dap.exe]
FilePath : C:\PROGRA~1\DAP\
ThreadCreationTime : 2003-09-14 21:03:20
BasePriority : Normal
FileSize : 1412 KB
FileVersion : 5, 3, 9, 6
ProductVersion : 5, 3, 9, 6
Copyright : Copyright (C) 1999 - 2003 SpeedBit Ltd
CompanyName : SpeedBit Ltd.
FileDescription : Download Accelerator Plus
InternalName : DAP
OriginalFilename : DAP.EXE
ProductName : Download Accelerator Plus
Created on : 2002-12-29 12:15:09
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-08-25 00:52:44

#:18 [ad-watch.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 2003-09-14 21:03:21
BasePriority : Normal
FileSize : 383 KB
FileVersion : 3.1.2.17
ProductVersion : 3.0
Copyright : 2001-2003 Team Lavasoft
CompanyName : Lavasoft Sweden
FileDescription : Ad-watch Monitor
InternalName : Ad-watch.exe
OriginalFilename : Ad-watch.exe
ProductName : Ad-aware 6
Created on : 2003-09-12 02:07:27
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-02-13 02:04:42

#:19 [iamsad.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 2003-09-14 21:03:21
BasePriority : Normal
FileSize : 52 KB
Created on : 2003-09-12 22:23:48
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-09-12 22:07:18

#:20 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 2003-09-14 21:03:21
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 2002-09-24 01:11:55
Last accessed : 2003-09-14 04:00:00
Last modified : 2002-08-29 18:45:10

#:21 [popfilter.exe]
FilePath : C:\Program Files\Meaya\Popup Ad Filter\
ThreadCreationTime : 2003-09-14 21:03:21
BasePriority : Normal
FileSize : 262 KB
Created on : 2001-05-21 06:32:05
Last accessed : 2003-09-14 04:00:00
Last modified : 2001-05-21 06:32:06

#:22 [cursorxp.exe]
FilePath : C:\Program Files\CursorXP\
ThreadCreationTime : 2003-09-14 21:03:21
BasePriority : High
FileSize : 77 KB
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
Copyright : Copyright
FileDescription : CursorXP
InternalName : CursorXP
OriginalFilename : CursorEx.exe
ProductName : Stardock CursorXP
Created on : 2003-03-23 16:31:19
Last accessed : 2003-09-14 04:00:00
Last modified : 2002-06-19 02:52:00

#:23 [zapro.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ThreadCreationTime : 2003-09-14 21:03:23
BasePriority : Normal
FileSize : 413 KB
FileVersion : 4.0.123.012
ProductVersion : 4.0.123.012
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : ZoneAlarm Pro
InternalName : zapro
OriginalFilename : zapro.exe
ProductName : ZoneAlarm Pro
Created on : 2003-04-06 16:38:53
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-06-10 04:02:44

#:24 [icm.exe]
FilePath : C:\Program Files\Internet Call Manager\
ThreadCreationTime : 2003-09-14 21:03:24
BasePriority : Normal
FileSize : 1600 KB
FileVersion : 8, 1, 0, 21
ProductVersion : 8, 1, 0, 21
Copyright : Copyright (C) 1996-2002
CompanyName : InfoInterActive Corp.
FileDescription : ICM Client Application
InternalName : ICM Client
OriginalFilename : ICM.EXE
ProductName : Internet Call Manager
Created on : 2002-09-16 23:35:30
Last accessed : 2003-09-14 04:00:00
Last modified : 2002-09-23 17:10:38

#:25 [spamkiller.exe]
FilePath : C:\Program Files\McAfee.com\SpamKiller\
ThreadCreationTime : 2003-09-14 21:03:25
BasePriority : Normal
FileSize : 2353 KB
FileVersion : 4.0.40.0
ProductVersion : 4.0
Copyright : Copyright
CompanyName : McAfee.com
FileDescription : SpamKiller
InternalName : SpamKiller
OriginalFilename : SPAMKILLER.EXE
ProductName : SpamKiller
Created on : 2003-06-18 00:03:14
Last accessed : 2003-09-14 04:00:00
Last modified : 2002-08-31 01:48:56

#:26 [avgcc.exe]
FilePath : C:\Program Files\Grisoft\AVG7\
ThreadCreationTime : 2003-09-14 21:03:26
BasePriority : Normal
FileSize : 277 KB
FileVersion : 7,0,0,174
ProductVersion : 7.0.0.174
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
OriginalFilename : AvgCC.EXE
ProductName : AVG Anti-Virus System
Created on : 2003-09-11 23:20:14
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-09-11 23:20:16

#:27 [stealth27.exe]
FilePath : C:\Program Files\Stealther\
ThreadCreationTime : 2003-09-14 21:03:27
BasePriority : Normal
FileSize : 1145 KB
FileVersion : 2.7.0.0
ProductVersion : 2.6
Copyright : 2000 Thorsten Schmidt
CompanyName : Photono Software
FileDescription : Saves your privacy by using the Super Stealth Technology
InternalName : sa
ProductName : Stealther
Created on : 2003-09-13 19:03:52
Last accessed : 2003-09-14 04:00:00
Last modified : 2001-10-27 04:04:20

#:28 [vsmon.exe]
FilePath : C:\WINDOWS\SYSTEM32\ZONELABS\
ThreadCreationTime : 2003-09-14 21:03:30
BasePriority : Normal
FileSize : 873 KB
FileVersion : 4.0.123.012
ProductVersion : 4.0.123.012
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
OriginalFilename : vsmon.exe
ProductName : TrueVector Service
Created on : 2003-01-18 18:24:45
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-06-10 04:02:12

#:29 [avgemc.exe]
FilePath : C:\Program Files\Grisoft\AVG7\
ThreadCreationTime : 2003-09-14 21:03:40
BasePriority : Normal
FileSize : 170 KB
FileVersion : 7,0,0,159
ProductVersion : 7.0.0.159
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
OriginalFilename : avgemc.exe
ProductName : AVG Anti-Virus System
Created on : 2003-09-09 03:29:24
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-09-09 03:29:26

#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 2003-09-14 21:05:28
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Syst
Created on : 2002-09-24 01:23:15
Last accessed : 2003-09-14 04:00:00
Last modified : 2002-08-29 18:45:10

#:31 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 2003-09-14 21:07:49
BasePriority : Normal
FileSize : 724 KB
FileVersion : 6.0.1.183
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 2003-09-12 02:07:28
Last accessed : 2003-09-14 04:00:00
Last modified : 2003-07-13 02:01:58

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

TopSearch Object recognized but ignored
Type : File
Data : topsearch.dll
Category : Data Miner
Comment :
Object : C:\Program Files\KaZaA\topsearch.dll


Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Deep scanning and examining files (D:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 0



17:15:16 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:03:01:63
Objects scanned :89238
Objects identified :0
Objects ignored :1
New objects :0
 
Joined
Nov 10, 2002
Messages
1,344
Fix with HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [NAV Auto Update] IAMSAD.EXE

Terminate IAMSAD.EXE in Task Manager and delete C:\WINDOWS\System32\IAMSAD.EXE file.
 

michaudl

Thread Starter
Joined
Sep 13, 2003
Messages
6
Thanks Top Banana.

I just dit that. I scan with Spyboot and there were no problems spotted.
I reboot.

Run Hijackthis Again and IAmSad.exe is still there. This is the last log from HijackThis:

Logfile of HijackThis v1.97.2
Scan saved at 18:40:46, on 2003-09-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\IAMSAD.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Internet Call Manager\Icm.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Stealther\stealth27.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\cracks3\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14000
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\Avg6\avgcc32.exe /startup
O4 - HKLM\..\Run: [NAV Auto Update] IAMSAD.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - Startup: zonealarm pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
O4 - Startup: Internet Call Manager.LNK = C:\Program Files\Internet Call Manager\ICM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: AVG Control Center.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Startup: Stealther.lnk = C:\Program Files\Stealther\stealth27.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37878.6042592593
 
Joined
Nov 10, 2002
Messages
1,344
Scan with HijackThis, put a checkmark at and "Fix checked" the following entries.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [NAV Auto Update] IAMSAD.EXE

Terminate IAMSAD.EXE in Task Manager and delete C:\WINDOWS\System32\IAMSAD.EXE file.
 

michaudl

Thread Starter
Joined
Sep 13, 2003
Messages
6
Sorry Top Banana,

I taugh I did everything the first time but i forgot to delete the system32/IAMSAD.EXE

So, I do it again but this time deleting the IAMSAD.exe file and everything is now ok.

Thanks to you and to all

But, can you tell me how did you select the good line in the hijackthis program?

Were this IAMSAD.exe came from?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top