Solved

My computer has been hijacked by spyware and none of the automated removers can help!

Posted on 2004-09-21
6
732 Views
Last Modified: 2013-12-04
Attached is my HijackThis log.  I have run the following programs to try to cure my problems to no avail.  adaware, spybot, spysweeper, spywareblaster, cwshredder, and stinger.  In addition, I have Norton antivirus and a firewall by Mcafee.  Everything I do to try to get my computer running smoothly again seems to do no good.  Although it appeared that I removed quite a few programs, my computers efficiency has not improved.  

I have aol and if I boot up my computer and try to get onto the internet, I get a message that I have reached the open window limit and I must close some programs in order continue.  In order to get onto the internet, I practically have to close every process running using the task manager.  

If I use internet explorer, it doesn't seem to use as much memory, but then I get hijacked by a trojan that is apparently blocked when I use aol.  I tried to use a solution I found on this website to remove the trojan, but I was unable to find the files listed in the solution that I needed to delete.  At any rate, my computer takes as long as 15 minutes just to boot up and even then it sometimes locks up when spysweeper detects a new spyware program that has appeared in my registry.

I tried to restore my computer using instructions in my user manual, but the instructions did not work as listed.  I have windows millenium as my operating system and I would just reformat my drive and start again except that I am afraid if I do that, I will not have any operating system and no way to restore it.

After reviewing my hijackthis log could someone please advise me on my next move.

Thanks so much

Matt  




Logfile of HijackThis v1.97.7
Scan saved at 9:55:48 PM, on 9/18/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MFCQF32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\CRNC.EXE
C:\WINDOWS\SYSTEM\SYSIW.EXE
C:\WINDOWS\NTOS.EXE
C:\WINDOWS\MFCSW.EXE
C:\WINDOWS\NTPN.EXE
C:\WINDOWS\SYSTEM\WINNB.EXE
C:\WINDOWS\SDKPI32.EXE
C:\WINDOWS\CRPQ.EXE
C:\WINDOWS\SYSTEM\MSKI.EXE
C:\WINDOWS\SYSTEM\CRGW32.EXE
C:\WINDOWS\IPKC32.EXE
C:\WINDOWS\SDKAJ.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\CRHU.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\SYSTEM\SYSBN32.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\IEBP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\JAVABO.EXE
C:\WINDOWS\SYSTEM\D3FZ.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\ATLPI.EXE
C:\WINDOWS\SYSTEM\SDKZC32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\IPSG32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\ATLRS.EXE
C:\WINDOWS\SYSTEM\IPYQ.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\IEUU.EXE
C:\WINDOWS\SYSTEM\WINTA32.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SDKLZ.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\MFCSP32.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\CRVT32.EXE
C:\WINDOWS\ATLLK.EXE
C:\WINDOWS\ATLFP.EXE
C:\WINDOWS\SYSTEM\WINNF32.EXE
C:\WINDOWS\CRYN32.EXE
C:\WINDOWS\SYSTEM\ADDXB.EXE
C:\WINDOWS\SYSTEM\WINGQ32.EXE
C:\WINDOWS\SYSTEM\IPUU.EXE
C:\WINDOWS\MFCUN.EXE
C:\WINDOWS\SYSTEM\SYSND32.EXE
C:\WINDOWS\SYSTEM\NTFJ32.EXE
C:\WINDOWS\SYSTEM\ADDRV.EXE
C:\WINDOWS\D3BT.EXE
C:\WINDOWS\SYSTEM\SYSCJ.EXE
C:\WINDOWS\NTUP32.EXE
C:\WINDOWS\CRRJ32.EXE
C:\WINDOWS\SDKAK32.EXE
C:\WINDOWS\MSFO.EXE
C:\WINDOWS\WINCB32.EXE
C:\WINDOWS\CRES32.EXE
C:\WINDOWS\WINRI.EXE
C:\WINDOWS\NTDK32.EXE
C:\WINDOWS\SYSTEM\SDKCM.EXE
C:\WINDOWS\SYSTEM\MSBH32.EXE
C:\WINDOWS\D3IE.EXE
C:\WINDOWS\MFCZE.EXE
C:\WINDOWS\NTGY.EXE
C:\WINDOWS\SYSTEM\WINQS32.EXE
C:\WINDOWS\SYSTEM\CRCG.EXE
C:\WINDOWS\SYSTEM\ATLUY32.EXE
C:\WINDOWS\SYSTEM\SDKBC32.EXE
C:\WINDOWS\SYSTEM\APIPI.EXE
C:\MY DOCUMENTS\MATT'S DOCUMENTS\GENEALOGY\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ahszu.dll/sp.html#22776
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ahszu.dll/index.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ahszu.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ahszu.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ahszu.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\ahszu.dll/sp.html#22776
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EC5F4B05-E9D7-4907-A0CD-DD260CADFBF6} - C:\WINDOWS\SYSTEM\D3NM.DLL
O2 - BHO: (no name) - {388C35E4-4B37-F24C-BB6E-80FD25B9D6EA} - C:\WINDOWS\SYSTEM\IEFF.DLL
O2 - BHO: (no name) - {938EDA73-B848-25BB-A986-A3DCA507169A} - C:\WINDOWS\SYSTEM\IEDK32.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IPYQ.EXE] C:\WINDOWS\SYSTEM\IPYQ.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [SDKJD.EXE] C:\WINDOWS\SYSTEM\SDKJD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [MFCQF32.EXE] C:\WINDOWS\SYSTEM\MFCQF32.EXE
O4 - HKLM\..\RunServices: [SYSIW.EXE] C:\WINDOWS\SYSTEM\SYSIW.EXE
O4 - HKLM\..\RunServices: [CRNC.EXE] C:\WINDOWS\CRNC.EXE
O4 - HKLM\..\RunServices: [NTOS.EXE] C:\WINDOWS\NTOS.EXE
O4 - HKLM\..\RunServices: [MFCSW.EXE] C:\WINDOWS\MFCSW.EXE
O4 - HKLM\..\RunServices: [NTPN.EXE] C:\WINDOWS\NTPN.EXE
O4 - HKLM\..\RunServices: [WINNB.EXE] C:\WINDOWS\SYSTEM\WINNB.EXE
O4 - HKLM\..\RunServices: [SDKPI32.EXE] C:\WINDOWS\SDKPI32.EXE
O4 - HKLM\..\RunServices: [CRPQ.EXE] C:\WINDOWS\CRPQ.EXE
O4 - HKLM\..\RunServices: [MSKI.EXE] C:\WINDOWS\SYSTEM\MSKI.EXE
O4 - HKLM\..\RunServices: [CRGW32.EXE] C:\WINDOWS\SYSTEM\CRGW32.EXE
O4 - HKLM\..\RunServices: [IPKC32.EXE] C:\WINDOWS\IPKC32.EXE
O4 - HKLM\..\RunServices: [SDKAJ.EXE] C:\WINDOWS\SDKAJ.EXE
O4 - HKLM\..\RunServices: [CRHU.EXE] C:\WINDOWS\CRHU.EXE
O4 - HKLM\..\RunServices: [SYSBN32.EXE] C:\WINDOWS\SYSTEM\SYSBN32.EXE
O4 - HKLM\..\RunServices: [IEBP.EXE] C:\WINDOWS\IEBP.EXE
O4 - HKLM\..\RunServices: [D3FZ.EXE] C:\WINDOWS\SYSTEM\D3FZ.EXE
O4 - HKLM\..\RunServices: [JAVABO.EXE] C:\WINDOWS\JAVABO.EXE
O4 - HKLM\..\RunServices: [SDKZC32.EXE] C:\WINDOWS\SYSTEM\SDKZC32.EXE
O4 - HKLM\..\RunServices: [ATLPI.EXE] C:\WINDOWS\SYSTEM\ATLPI.EXE
O4 - HKLM\..\RunServices: [IPSG32.EXE] C:\WINDOWS\SYSTEM\IPSG32.EXE
O4 - HKLM\..\RunServices: [ATLRS.EXE] C:\WINDOWS\SYSTEM\ATLRS.EXE
O4 - HKLM\..\RunServices: [IEUU.EXE] C:\WINDOWS\IEUU.EXE
O4 - HKLM\..\RunServices: [WINTA32.EXE] C:\WINDOWS\SYSTEM\WINTA32.EXE
O4 - HKLM\..\RunServices: [SDKLZ.EXE] C:\WINDOWS\SDKLZ.EXE
O4 - HKLM\..\RunServices: [MFCSP32.EXE] C:\WINDOWS\MFCSP32.EXE
O4 - HKLM\..\RunServices: [CRVT32.EXE] C:\WINDOWS\SYSTEM\CRVT32.EXE
O4 - HKLM\..\RunServices: [ATLLK.EXE] C:\WINDOWS\ATLLK.EXE
O4 - HKLM\..\RunServices: [ATLFP.EXE] C:\WINDOWS\ATLFP.EXE
O4 - HKLM\..\RunServices: [WINNF32.EXE] C:\WINDOWS\SYSTEM\WINNF32.EXE
O4 - HKLM\..\RunServices: [WINGQ32.EXE] C:\WINDOWS\SYSTEM\WINGQ32.EXE
O4 - HKLM\..\RunServices: [CRYN32.EXE] C:\WINDOWS\CRYN32.EXE
O4 - HKLM\..\RunServices: [ADDXB.EXE] C:\WINDOWS\SYSTEM\ADDXB.EXE
O4 - HKLM\..\RunServices: [MFCUN.EXE] C:\WINDOWS\MFCUN.EXE
O4 - HKLM\..\RunServices: [IPUU.EXE] C:\WINDOWS\SYSTEM\IPUU.EXE
O4 - HKLM\..\RunServices: [SYSND32.EXE] C:\WINDOWS\SYSTEM\SYSND32.EXE
O4 - HKLM\..\RunServices: [ADDRV.EXE] C:\WINDOWS\SYSTEM\ADDRV.EXE
O4 - HKLM\..\RunServices: [NTFJ32.EXE] C:\WINDOWS\SYSTEM\NTFJ32.EXE
O4 - HKLM\..\RunServices: [D3BT.EXE] C:\WINDOWS\D3BT.EXE
O4 - HKLM\..\RunServices: [NTUP32.EXE] C:\WINDOWS\NTUP32.EXE
O4 - HKLM\..\RunServices: [SYSCJ.EXE] C:\WINDOWS\SYSTEM\SYSCJ.EXE
O4 - HKLM\..\RunServices: [CRRJ32.EXE] C:\WINDOWS\CRRJ32.EXE
O4 - HKLM\..\RunServices: [SDKAK32.EXE] C:\WINDOWS\SDKAK32.EXE
O4 - HKLM\..\RunServices: [MSFO.EXE] C:\WINDOWS\MSFO.EXE
O4 - HKLM\..\RunServices: [WINCB32.EXE] C:\WINDOWS\WINCB32.EXE
O4 - HKLM\..\RunServices: [CRES32.EXE] C:\WINDOWS\CRES32.EXE
O4 - HKLM\..\RunServices: [WINRI.EXE] C:\WINDOWS\WINRI.EXE
O4 - HKLM\..\RunServices: [D3IE.EXE] C:\WINDOWS\D3IE.EXE
O4 - HKLM\..\RunServices: [NTDK32.EXE] C:\WINDOWS\NTDK32.EXE
O4 - HKLM\..\RunServices: [SDKCM.EXE] C:\WINDOWS\SYSTEM\SDKCM.EXE
O4 - HKLM\..\RunServices: [MSBH32.EXE] C:\WINDOWS\SYSTEM\MSBH32.EXE
O4 - HKLM\..\RunServices: [MFCZE.EXE] C:\WINDOWS\MFCZE.EXE
O4 - HKLM\..\RunServices: [NTGY.EXE] C:\WINDOWS\NTGY.EXE
O4 - HKLM\..\RunServices: [CRCG.EXE] C:\WINDOWS\SYSTEM\CRCG.EXE
O4 - HKLM\..\RunServices: [WINQS32.EXE] C:\WINDOWS\SYSTEM\WINQS32.EXE
O4 - HKLM\..\RunServices: [ATLUY32.EXE] C:\WINDOWS\SYSTEM\ATLUY32.EXE
O4 - HKLM\..\RunServices: [SDKBC32.EXE] C:\WINDOWS\SYSTEM\SDKBC32.EXE
O4 - HKLM\..\RunServices: [APIPI.EXE] C:\WINDOWS\SYSTEM\APIPI.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38208.8492708333
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab

0
Comment
Question by:Matthewerb
6 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 12119014
ufffffff..... look at ur log man,,,, its nothing but just JUNKS !!  =(
Do u think that even after cleaning ur system, it will not get reinfected,,,, hmmmmmm we can try but there is no guarantee that ur system will be as clean as it was !!

So here is the procedure which u can try before a Fresh install..... First thin, Disable ur system restore >> http://support.microsoft.com/default.aspx?kbid=264887

Then u are using old verison of hijackthis, get a new version >> http://tools.radiosplace.com/HijackThis.exe
Run it, hit scan, and then save the Log File !!

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
to Fix, check the lines and click on Fix Checked !!

Then go here, and follow each step to get rid of that res:// hijacker >> http://www.pchell.com/support/onlythebest.shtml
Now u have to Boot into safemode, and have to run all those spyware Removal Tools, Stinger and ur AV scan to delete everything they detect !!

Then u have to delete those running files now which was reported as Unknown by Analyse site.....
e.g, some are these ones,

C:\WINDOWS\SYSTEM\MFCQF32.EXE
C:\WINDOWS\CRNC.EXE
C:\WINDOWS\SYSTEM\SYSIW.EXE
C:\WINDOWS\NTOS.EXE
C:\WINDOWS\MFCSW.EXE
C:\WINDOWS\NTPN.EXE
C:\WINDOWS\SYSTEM\WINNB.EXE
and so on......

delete all those which Analyse site reported UNKNOWN running process !!
and then delete ur Temp Internet Files and Cookies of IE...
empty C:\Windows\TEMP folder !!

reboot back in normal mode and check if any progress here or we are back at square one ??  =|
0
 
LVL 3

Expert Comment

by:4ceReconSniper
ID: 12119505
i recommend you download avast antivirus www.avast.com its powerful free customizable and uses low resources, also look for spybot 1.3 at download.com or anywhere you wish to. These programs protect my pc and im veryu satisfied with the results
0
 
LVL 2

Expert Comment

by:Shattuc
ID: 12150003
Lavasoft Ad-Aware http://www.lavasoftusa.com/software/adaware/
Spybot S&D http://www.safer-networking.org/en/download/index.html
AVG Free  http://free.grisoft.com/freeweb.php/doc/2/
Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html
Spyware Guard http://www.javacoolsoftware.com/spywareguard.html

These are all programs that can be used by the average computer user

without difficulty, and without undesired results.

Lavasoft Ad-Aware will clean up alot of spyware infections.
Spybot S&D will clean up alot of spyware infections.
between these two programs, most of the nasties can be safely removed

without damaging other programs.

AVG Free Antivirus is an Excellent Antivirus, especially since it is

free. (found a nasty trojan that was giving me Fits for a week)

Spyware Blaster is a program that you only have to run weekly, the

settings and changes it makes are static, and you don't need to keep it

running for it's protection to work.
It has a large database of Identified, and known spyware/malware/activeX

controls. It instructs windows and IE, Firefox, and mozilla browsers not

to install or run any of these nasties.

Spyware Guard is like your Antivirus, but for spyware, it is a resident

and is always running, if it encounters something that should not be

downloaded, by default it will popup a dialog box and ask for

instruction.

these last two, will help keep your system running smoothly.

lastly, make sure you do not run TWO antivirus programs at the same time.

it can result in conflicts, and leaving your system wide open to attack

and infection. (Spyware Guard is not an Anti-Virus and can be run side by

side with anti-virus without conflicts)

also in Spybot S&D there is a resident program called tea-timer. it

monitors your registry entries and notifies you of changes made to your

registry.

If all else fails and you do have an infection, then get a copy of Hijack

This. HiJack this is an Advanced Diagnostic tool. not everything it finds

should be fixed. if you fix the wrong entry, it can make your system

unstable, and even cause some programs to not function. if you must

resort to using Hijack This, be sure to consult an expert about your log

before you fix anything.
you can find it here.

http://www.bleepingcomputer.com/files/hijackthis.php

I personally recommend the folks at Tom Coyote Forums found here,

http://www.tomcoyote.com
but there are many forums where volunteers help you get control of your

system back.

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Expert Comment

by:futurelogix
ID: 12154057
all the software which i liked u  to install to prevent spyware  are quoted above  by shuttuc ....

above said things will prevent ur system machine from getting affected ....but still to have more knowledge about what, why and how .....


www.security-forums.com/forum/
www.wilderssecurity.com/index.php
forums.spywareinfo.com
www.spywarewarrior.com/index.php
www.doxdesk.com
0
 

Author Comment

by:Matthewerb
ID: 12156171
Here is my updated Hijack this log after accepting the advice from SheharyaarSaahil.  Most of the problems have been fixed however, I have two stubborn files which I cannot get rid of.  Please let me know if these are dangerous and if there is a simple way to get rid of them.

C:\windows\system\pelmiced.exe
c:\IBMtools\APTEZBTN\APTEZBP.exe

Logfile of HijackThis v1.98.2
Scan saved at 4:55:44 PM, on 9/26/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\MATT'S DOCUMENTS\GENEALOGY\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12157826
NO, those are not dangerous processes, they are related to ur IBM system :)
C:\windows\system\pelmiced.exe >> http://www.liutilities.com/products/wintaskspro/processlibrary/pelmiced/

ur LOG is also looking clean now,,,,, still having any other problem ?? :)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now