| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 57263 | 2005-04-28 02:21:00 | spyware adware removal | NZHawk (4093) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 349590 | 2005-04-28 02:21:00 | 1. Why is it that I have to run several spyware removal programs to get rid of spyware (The programs I have run have been MS Anti-Spyware, Spy Sweeper, Spybot)? 2. Even after running the programs I don't feel confident that I have removed all the spyware. 3. Is there anyway short of reformatting that will 100% remove all spyware? |
NZHawk (4093) | ||
| 349591 | 2005-04-28 02:39:00 | Well some programs arent as good as others . Do what everyone has done and post a HJT log . So we can see what shouldnt be there . |
Speedy Gonzales (78) | ||
| 349592 | 2005-04-28 02:39:00 | Here is my strategy to kill and prevent spyware Keep Ms antispyware on real time protection If you firewall alerts you to a intruder delete it Download javacools spyware blaster Frequently scan your pc for spyware Read The Bug Watch Collum in Pc world maganzine |
techiekid (7219) | ||
| 349593 | 2005-04-28 02:40:00 | Lets start a petition against spyare | techiekid (7219) | ||
| 349594 | 2005-04-28 02:50:00 | Techiekid - I think the 50 Million downloads (rough estimate) of anti-spyware software is enough of a petition against the scourge. | Aurealis_ (7897) | ||
| 349595 | 2005-04-28 03:07:00 | per Speedy's request - oh and thank you! Logfile of HijackThis v1.99.1 Scan saved at 1:58:45 p.m., on 28/04/05 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Microsoft Works\WksSb.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Inoculator\inoc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\hphmon05.exe C:\windows\system32\elgesbee.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\INTERN~2\iw.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Documents and Settings\Wayne Bacon\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Inoculator] C:\Program Files\Inoculator\inoc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ELGESBEE] c:\windows\system32\elgesbee.exe /install O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='sexmaxx.com O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=iehomepage&c=3C01&lc=1409 O16 - DPF: Yahoo! Pool 2 - download.games.yahoo.com O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - www.thepaymentcentre.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - 64.156.188.99 O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - www.gocyberlink.com O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - us.dl1.yimg.com O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - games-dl.real.com O16 - DPF: {D6862A22-1DD6-11D3-BB7C-444553540000} - www.portalsearching.com O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - fdl.msn.com O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
NZHawk (4093) | ||
| 349596 | 2005-04-28 03:53:00 | I would remove these C:\windows\system32\elgesbee . exe - Dont think this is a windows file . O4 - HKLM\ . . \Run: [EvtHtm] c:\windows\system32\evthtm . exe /nocomm According to Google, this file is part of an Adult porn dialer . And also a trojan . TrojanDownloader . Win32 . Agent . ej aka Troj/Dluca-EJ O4 - HKLM\ . . \Run: [ELGESBEE] c:\windows\system32\elgesbee . exe /install This maybe part of that dialer . O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document . location=' . com/freegalleries . htm';}" target="_blank">sexmaxx . com The rest look alright . What version of CD Creator/DirectCD is installed? 5 and ALL the updates?? 5 alone isn't compatible with XP or SP2 . |
Speedy Gonzales (78) | ||
| 349597 | 2005-04-28 03:58:00 | I suggest also fixing these entries: O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com O16 - DPF: {D6862A22-1DD6-11D3-BB7C-444553540000} - www.portalsearching.com You also have Kodak Software Updater running which is not required and can be removed. Would recommend that be removed manually by following the instructions on this page (www.iamnotageek.com). After removal you can check for updates as required yourself. |
FoxyMX (5) | ||
| 349598 | 2005-04-28 04:02:00 | Thank you to everyone on this I will remove the recommended strings. But, then I am going to call it quites and let them see what happens with the preventive programs I have installed. Over and out and thanks again. |
NZHawk (4093) | ||
| 349599 | 2005-04-28 04:05:00 | I would get rid of that dialer if ur on 56k, unless u want a big phone bill! | Speedy Gonzales (78) | ||
| 1 2 | |||||