Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92290 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Spybot problems


  • This topic is locked This topic is locked
11 replies to this topic

#1 PetyMonster

PetyMonster

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 15 November 2005 - 08:38 AM

Help me if you can. 1. Is there a way for me to mark an issue I have started so that I can log in and go straight to that topic/issue without running through the entire list. An easy tracking of just my posting and replies. 2. SpyBot gives me an message every time I try to update the defenition files. It runs for a short time then pops up and says "BAD CHECKSUM" it never puts the green check mark and sayas definitions updated. Do I have a problem?

    Advertisements

Register to Remove


#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 15 November 2005 - 08:54 AM

Click this link http://forums.tomcoy...topic=49926&hl=

Then book mark it. But it looks like you have started more than one thread B)

Are you still needing help?

#3 PetyMonster

PetyMonster

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 15 November 2005 - 09:19 AM

Little eagle, I cannot find my other postings but as of last friday I never recieved replies to the logs I posted. I posted log files twice I believe about two weeks apart.

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 15 November 2005 - 09:24 AM

Book mark this thread http://forums.tomcoy...st&f=27&t=51239

Post your log here and I'll take a look at your log. :D

You other threads were deleted :P

#5 PetyMonster

PetyMonster

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 15 November 2005 - 10:38 AM

My current log:
Logfile of HijackThis v1.99.1
Scan saved at 10:42:25 AM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Real\RealOne Player\RealPlay.exe
C:\WINDOWS\system32\cidaemon.exe
F:\MAS90\HOME\PVXWIN32.EXE
F:\MAS90\launcher\launch32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {19621EBE-ECD9-49FB-A315-A3636EE0F77F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {19621EBE-ECD9-49FB-A315-A3636EE0F77F} - (no file) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupd...ontent/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121290043564
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130788941391
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tristateinsulation.com
O17 - HKLM\Software\..\Telephony: DomainName = tristateinsulation.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tristateinsulation.com
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Command Service (cmdService) - CMD Technology, Inc. - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 15 November 2005 - 10:57 AM

Please download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Reboot in safe mode
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

#7 PetyMonster

PetyMonster

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 16 November 2005 - 11:41 AM

This was the report you suggested I save to my desktop. Is this the end of the process? Will Ewido catch future items before they get to my system? I appreciate all the help but still would like to know if there are some programs that are messing with me that I should avoid. In particular do you know if BearShare Pro is a problem even though they told me the pro version did NOT contain spyware and adware? Thank you again for your help. Kevin ewido security suite - Scan report --------------------------------------------------------- + Created on: 11:42:13 AM, 11/16/2005 + Report-Checksum: F80AAECB + Scan result: HKLM\SOFTWARE\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\\ -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msjava.dll\\{05CE4481-8015-11D3-9811-C4DA9F000000} -> Spyware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup C:\Documents and Settings\dwaddell\Cookies\dwaddell@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\dwaddell\Cookies\dwaddell@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\285C0B18-9775-442C-9DB3-EF7E84\768351AE-9F0A-4FD7-96DE-3EDBB9 -> TrojanDownloader.Qoologic.ak : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\42A8F85F-EDA4-48DD-8CA8-054E68\0003A02F-10B5-430C-A605-35B1B6 -> TrojanDownloader.Small : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F0ABED98-0BE7-4E91-8DE8-99D01D\127B6B71-3DED-498A-BF20-3E0CF5 -> TrojanDownloader.Small : Cleaned with backup C:\Program Files\Mozilla Firefox\plugins\npzango.dll.tcf -> Spyware.WinAD : Cleaned with backup C:\WINDOWS\SYSTEM32\jsdksjd.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\WINDOWS\SYSTEM32\medgs1.exe -> Spyware.Hijacker.Generic : Cleaned with backup C:\WINDOWS\SYSTEM32\nakoj.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\WINDOWS\SYSTEM32\naqrbnc.exe -> Trojan.Pakes : Cleaned with backup C:\WINDOWS\SYSTEM32\naqrbnc.exe.tcf -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\WINDOWS\SYSTEM32\NNSCAA638.EXE -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\SYSTEM32\rcntirk.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup C:\WINDOWS\SYSTEM32\testit.exe.tcf -> TrojanDownloader.IstBar.is : Cleaned with backup C:\WINDOWS\SYSTEM32\venturaa_installer.exe -> Spyware.BookedSpace : Cleaned with backup C:\WINDOWS\SYSTEM32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup C:\WINDOWS\SYSTEM32\w031319.Stub.exe.tcf -> TrojanDownloader.Delmed.a : Cleaned with backup C:\WINDOWS\Temp\Cookies\kpeterson@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\WINDOWS\Temp\Cookies\kpeterson@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\WINDOWS\Temp\Cookies\kpeterson@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup ::Report End

#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 16 November 2005 - 05:33 PM

Can you post another hijackthis log please. As soon as we get you PC clean we will. then we will get to securing your PC. ;) To do it know will slow the fixes to add programs that will keep you from making changes. As far as P2P programs I'll have to check and see.

#9 PetyMonster

PetyMonster

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 17 November 2005 - 10:57 AM

Here is the HIJACKTHIS LOG. This was created after running AWIDO and doing a full scan with Adaware. Thank you so much for this help. PLease, again, any suggestions on what to stay away from so that I can avoid problems in the future. Most of my non business stops involve Yahoo mail and some use of RAPIDSHARE.

Logfile of HijackThis v1.99.1
Scan saved at 10:56:24 AM, on 11/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\ewido\security suite\SecuritySuite.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\TEMP\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {19621EBE-ECD9-49FB-A315-A3636EE0F77F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {19621EBE-ECD9-49FB-A315-A3636EE0F77F} - (no file) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupd...ontent/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121290043564
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130788941391
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tristateinsulation.com
O17 - HKLM\Software\..\Telephony: DomainName = tristateinsulation.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tristateinsulation.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

#10 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 17 November 2005 - 06:25 PM

You are running HJT from a temporary file or desktop we will be cleaning out all of you temp. files latter you will need to make a new folder for HijackThis. Instructions can be found here.

Close all programs leaving only HijackThis running. Place a check against each of the following,

O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {19621EBE-ECD9-49FB-A315-A3636EE0F77F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {19621EBE-ECD9-49FB-A315-A3636EE0F77F} - (no file) (HKCU)


Click on Fix Checked when finished and exit HijackThis.

Please follow a few tips to remain malware free:

Make sure you keep your Windows OS current by visiting Windows update
occasionaly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

Also download, install and keep updated- Antivirus Software (and use only one):
Free for home users:
avast! 4 Home Edition Download
AVG free version 7.0 AVG free version v6.0 updates ended 12/31/04
AntiVir Personal Edition

Adjust your browser settings: Change your(active x) settings in IE. With IE open go to tools, internet options, security tab. Click on the internet globe, then custom level. Set the first option "download signed active x controls" to prompt, the next two to disable. Read more:
Internet Explorer Privacy & Security Settings
Working with Internet Explorer 6 Security
Many exploits are directed at Internet Explorer, you dont have to use it. Try a different browser:
Like Firefox,
And Thunderbird for controling spam in your e-mail.

Install a firewall. A firewall will control what comes in from the internet and what leaves your computer to the internet. A firewall will also alert you when a application trys to connect to the internet from your computer, this is a good way to catch crapware or trojans, trying to connect out bound from your computer- whats that and why does it need a internet connection? You can deny it access it until more investigation is done. Zone Alarm is a free and easy to use firewall, that will provide in and outbound protection. Microsoft XP firewall only provides inbound protection, but is not as robust as third party firewalls, Be sure to run only >one< firewall.If you use another, be sure to disable XP's built in firewall.A inexpensive NAT hardware router with SPI (firewall)would be even better,along with a software firewall.
Zone Alarm
Kerio Personal Firewall
Outpost Firewall

Download, install and update before using:(if these are constantly finding malware, then you need to make some changes)
Ad-Aware SE Personal edition
Spybot Search and destroy
Becarful with spyware "removers and scanners"-- there are many "rogue/suspect" programs that "claim to remove" spyware.

Other programs to consider:
SpywareBlaster
IE-SPYAD
AntiTrojan software to fill in the gap:
a2 free
Ewido Security Suite
Trojan Hunter (30 day trial version)

Learn More:
Tony's article So how did I get infected in the first place?
How to Secure (and Keep Secure) My (New) Computer(s)
Home Computer Security
Wilders Security Advisors

Watch what you download, and where you download it from.
Many programs come bundled with "extra" crapware you may not want. Make sure you know what it is you will be downloading and installing. Visit the makers website, learn more about the program, Does the program you want come bundled with other "3rd party" programs? What do the 3rd party programs do? Will they deliver ads? Track your surfing habits?.You may be installing more than you think, Read the EULA agreement, you know that paragraph of stuff you "agree to" before the software installs? Stay away from warez and crack sites. Becarful what you download from file sharing networks.If you are not sure, scan it with your Antivirus app. A small file (in KB) is probably not what you think it is. Some p2p clients also install 3rd party stuff you probably dont want.

One of the best features of Windows ME or XP is the System Restore option.
However after what has been cleaned out viruses and hackers you will want to reset your restore points.

For (win XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


Please read of these
http://www.spywarein...ives/0903/3.php
http://www.winmx.com :: WinMX seb site insted of kazaa.

http://www.spywarein...m/articles/p2p/
http://www.spywarein...articles/kazaa/
http://www.spywarein...showtopic=36546


If you have anymore questions please post back.

#11 PetyMonster

PetyMonster

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 18 November 2005 - 09:21 AM

Thank you so much for all your help. I will contact our tech people for help with the firewall. I think that either our router or the Internet Service provided by Time Warner our Cable provider has a firewall. Actually BearShare the file sharing software I mentioned tells me that some of my performance issues with them are that they are being blocked by my firewall. I appreciate all your time and help more than you know. Ionly wish we could find some way to destroy all malware, spyware and the vermin who create and distribute them. Kevin

#12 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 18 November 2005 - 05:25 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users