What the Tech logo
Welcome! Register for a free account (or login) > How does it work?
  1. Quickly register. It will only take 60 seconds.
  2. Start a new topic. Ask your question. Wait for an email reply.
  3. Is your system infected? Begin reading the malware removal guide.
 register button
Closed TopicStart new topic
> [Closed]Please help w/incredimail_install.exe
Robzombuy1
post Jan 23 2008, 08:09 PM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 22
Joined: 7-May 05
From: VA
Member No.: 31,907
Operating System: Windows XP
This is my father-in-laws HJT log. He picked up something weird today(O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail) in particular. How can I get rid of this? Any help is always appreciated!!






Logfile of HijackThis v1.99.1
Scan saved at 9:05:50 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Dana's Documents\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hamptonroads.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
Go to the top of the page
 
+Quote Post

Posts in this topic
- Robzombuy1   [Closed]Please help w/incredimail_install.exe   Jan 23 2008, 08:09 PM
- - EnigmaChick   Welcome to What the Tech You don't seem to be...   Jan 30 2008, 06:08 AM
- - Robzombuy1   This computer does use Microsoft's Firewall an...   Jan 31 2008, 12:59 AM
- - EnigmaChick   Your HijackThis log looks clean and AVG Anti-Spywa...   Jan 31 2008, 06:54 AM
- - Robzombuy1   Big speed issues. I cannot figure out what is slow...   Jan 31 2008, 05:27 PM
- - EnigmaChick   I'll try and help you with the slowness of you...   Jan 31 2008, 11:39 PM
- - Robzombuy1   Ran Killbox Rebooted Ran HJT, file is still in t...   Feb 2 2008, 07:54 PM
- - EnigmaChick   Just because the entry is still there doesn't ...   Feb 2 2008, 11:00 PM
- - Robzombuy1   Thank you very much for all the help!!   Feb 3 2008, 12:33 PM
- - EnigmaChick   Open up HijackThis, do a System Scan and select th...   Feb 5 2008, 04:19 AM
- - EnigmaChick   If you still need help and haven't already fol...   Feb 8 2008, 04:51 AM
- - Robzombuy1   Here is the log. Kept the Iomega program because t...   Feb 8 2008, 03:45 PM
- - EnigmaChick   So how is the speed of the computer now?   Feb 8 2008, 10:46 PM
- - Robzombuy1   It is a little better. Thank you for all your help...   Feb 9 2008, 02:49 PM
- - EnigmaChick   So currently would you say that you are still havi...   Feb 10 2008, 03:37 AM
- - EnigmaChick   If you still require assistance, please answer the...   Feb 14 2008, 08:22 PM
- - EnigmaChick   Due to inactivity this topic will be closed. If yo...   Feb 15 2008, 04:24 PM

« Next Oldest · Infections Removal · Next Newest »
 

Closed TopicStart new topic

 

Collapse

> Similar Topics

    Topic Title Replies Topic Starter Views Last Action
No New Posts   3 harliequin 113 Yesterday, 03:30 AM
Last post by: oldman960
No New Posts   2 ArtemusGordon 71 16th March 2010 - 09:41 AM
Last post by: LDTate
No New Posts   5 livewiredrinker 92 16th March 2010 - 09:23 AM
Last post by: SweetTech
No New Posts   2 jskamm 433 15th March 2010 - 02:53 PM
Last post by: LDTate

RSS Time is now: 18th March 2010 - 12:45 AM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2010  IPS, Inc.