question

[DaRkGogi]

um....this is not really on the topic of hack but seems that avast picked up a keylogger on either tradescam/ hero editor (dunno which one w/ keylogger). just to make sure there are not any other malwares on my pc, can anyone give me link to any free av? ty

[Shift]

http://www.grisoft.com

[wm_hunter]

You may have trouble finding AVG Free in there..

http:\\free.grisoft.com

You can also try online scanners such as TrendMicro Housecall or Panda Activescan

Finally, if you want me to see if your computer has any hijack attempts, hackers or malware on it, pm me or post a HiJackThis log.

Open the Zip file, extract the file to its own folder and then open it. Do a system scan AND save a log file. You can then copy and paste the log file into a forum post or PM me it.

Good luck in the computer cleaning!

Additional Comment:
DO NOT TOUCH ANY ITEMS FOUND IN THE HIJACKTHIS SCAN

It displays things that are often good items but things that viruses or hackers will alter and add onto your system. Post it to me or use a site such as GeeksToGo and have them look at it (I am a member on GeeksToGo, very very helpfull people)

[DaRkGogi]

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: The Proxomitron.lnk = C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {A5F3B5CF-A05F-479E-B684-13AA512A7B93} (YGLauncher Control) - http://kr.pubbase.yahoo.com/gamesetup/YGLauncher.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe



um yea...thats what it picked up

[wm_hunter]

Thats normal, give me a few minutes to look it over for you ok?

*Mods please do not lock this post until I am done fixing up his problem - thanks*

Additional Comment:
Congrats... your good. You keep your computer well, very rare there are no bad enteries. I included my "tips" from GeeksToGo on how to stay clean.

CONGRATULATIONS, your HiJackThis log is now CLEAN

------------------------------------------------

To prevent spyware and virus files from infecting your computer again, I suggest the following free utilities and upgrades.

1. SpyBot Search and Destroy - SpyBot search and destroy is a utility used to remove spyware from your computer. It also has tools that can be used to remove things such as start up entries and BHOs. Includes an Immunize function that protects your computer from bad products and future spyware.

2. Ad-Aware SE Personal - Powerful utility to remove spyware from a computer

SpyBot Search and Destroy and Ad-Aware work very well together to remove spyware badies from your computer

3.SpywareBlaster - Utility to "immunize" your internet explorer and firefox from bad links and programs. Very effective at protecting system from Spyware ever even entering your computer, and it does not need to be run in the background to protect. Recommend at least weekly updates for updated protection.

3. AVG Free Edition- Offers powerful anti-virus protection and a shield to prevent spyware from entering your computer. Very effective free anti-virus.

4.ZoneAlarm Free Firewall - The free version of the ZoneAlarm firewall offers protection from hacker attacks and from bad programs trying to access the internet. One of the strongest free firewalls on the market

5. Clean Up! - Good program to clear your online traces and clean up space through easy removal of files such as internet history, program logs, most recently opened documents, etc.

It is also VERY IMPORTANT to keep your windows up to date. You can set your computer for automatic updates or you can update online. And for the love of god, if you have XP, SP2 is your friend!

[DaRkGogi]

ty very much

[FrogMan]

question answered

~closed