So I thought i cleaned out this spyLocked ware thing! Well upon one of a few reboots today, the last of which would not let the normal startup process occur. I once again saw pctf.exe thingy, stopped the process, but i'm sure there is something i missed! Could you help me on this fellow XS members?
Attachment 77
I attempted the HJ reader but it would not let me paste the log?????

Attached Files

hijackthis-log.txt (7.8 KB, 5 views)

__________________
[SIGPIC][/SIGPIC]

I don't see anything too suspicious in the log. HJT is a very overrated app imo. It usually isn't going to identify any malware. It's more a snapshot of your PC health, extraneous processess, unecessary BHO's and what not.

I see minor things like: O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Those don't need to run at boot. PG is really user preference, it's a bit buggy, and there's no real point in running it at boot, but that's your call. I always run it before downing.

This is a bit of a red flag:

O3 - Toolbar: (no name) - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - (no file)

Either it's renmants of malware, a toolbar you uninstalled, or an error in the way HJT processes the info. Sometimes common entries will appear as file missing, just a bug with HJT. My original recommendation stands. Go nuts with scanning. Clean out your PC with AVG Anti-Spyware, CounterSpy, Webroot SpySweeper, Spyware Doctor, Ad-Aware SE, and Spybot S&D. If you're still running IE, switch to FireFox. FireFox with the no script and ad-block plugins is pretty secure, much morese than IE. I recommend running 1.5, it's much more stable and proven than FF 2.0. I don't really need to state my opinion on Norton, I think most people know where I stand on that. If none of those anti-spy apps turns up anything, try a more heavy duty AV like Kapersky, BitDefender, or Nod32. Chances are a barrage of those apps with flush out the baddies.

__________________

Thank-you LS, I'm still working on it, and am using the ewido quick scanner atm. Just flushed out some Downloader.Zlob.bti\ Trojan.BHO.a ! \Downloader.Agent.bkd...
Got the Malware cleaning disc ver.8, lotsa prog's!
Do you have a knowledge of how to safely delete those 04's and the 03 BHO? Which I'm also sure is a browser leftover from the spyLocked.
Ok got to the 04 through the regedit doono about the 03BHO?
Problem's's's's solved i believe! Thnx LS!

__________________
[SIGPIC][/SIGPIC]

Most of those BHO's looked legit to me, just XP net diaglog, FlashFXP, Windows Messenger, etc. Most of the anti-spy apps will remove BHO's for ya. Hell Spybot S&D is freeware, and it will monitor and remove BHO's. In the advanced mode-->tools-->BHO's, it provides several options for dealing with them. It also allows you to manage system startup, lock your homepage in IE, etc.

__________________

All seems to be as it was just a few short day's ago +\- some frustration.
I think I'll make another HJT log though!
Damn I thought i had some prob.s a few weeks ago when my USB thumb-drive got spammed by a internet shops own 6977.com, blah blah blah page. Jumps to the computer you plug into and has a 32k .exe and autorun .inf that just wouldn't go away. Took a few day's to clean that one too. Ah well, live and learn right. Peace ttyl!

__________________
[SIGPIC][/SIGPIC]