mamaleah
asked on
8 security systems, bugs always come back. Please help!
Hi everyone,
Running Win XP home (SP2 at home) &XP Pro at work. I am always updated on latest sercurity.
I have installed 8 different security check systems. I run them everyday. They locate adware, reg. problems, etc., each time, remove them, and then on the next run they are all back again. Am I wasting my time? I have Norton Internet Security 2004. Earthlink, Spywareblocker, Spyware Dr., AVG., NoAdware 2.01,Ad-ware SE 1.05, Spybot S&D 1.3, Spyware blaster, Reg/Priv. Mechanic. The following are what always comes back.
(I did make the mistake of using Kazaa, and I always get the waring of Altnet since that time)
Zango Reg.SC.
TwainTech.
MRU list (23 entries)
V DSO Exploit (5 entries) always shows up after removing
HKEY_Users\Software\MS\Win \Current Ver\Int.settings\Reg changes
istbar.4.G
I am told to run AVG for windows all the time but when I run the AVG program after this alert it says that there is nothing to delete.
Let me add this, my computer IS RUNNING FINE !
I am just confused why I keep getting all these warnings when I run my checks.
I have spent a lot of money and time to keep myself safe.
Am I missing something? Or am I OK with my security.
Thanks,
mamaleah
Running Win XP home (SP2 at home) &XP Pro at work. I am always updated on latest sercurity.
I have installed 8 different security check systems. I run them everyday. They locate adware, reg. problems, etc., each time, remove them, and then on the next run they are all back again. Am I wasting my time? I have Norton Internet Security 2004. Earthlink, Spywareblocker, Spyware Dr., AVG., NoAdware 2.01,Ad-ware SE 1.05, Spybot S&D 1.3, Spyware blaster, Reg/Priv. Mechanic. The following are what always comes back.
(I did make the mistake of using Kazaa, and I always get the waring of Altnet since that time)
Zango Reg.SC.
TwainTech.
MRU list (23 entries)
V DSO Exploit (5 entries) always shows up after removing
HKEY_Users\Software\MS\Win
istbar.4.G
I am told to run AVG for windows all the time but when I run the AVG program after this alert it says that there is nothing to delete.
Let me add this, my computer IS RUNNING FINE !
I am just confused why I keep getting all these warnings when I run my checks.
I have spent a lot of money and time to keep myself safe.
Am I missing something? Or am I OK with my security.
Thanks,
mamaleah
ASKER
I have hijack this, please remind me how to post (cut & paste) the results here.
Thanks Leah
Thanks Leah
Open HiJack, run a scan and then click save log.
It will create a log file in your my documents folder, which is just a text document. Open it with notepad or similar.
Then just paste it here like this:
Logfile of HijackThis v1.98.2
Scan saved at 04:41:54, on 01/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.e xe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\j2re1.4.2_05\bi n\jusched. exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Apache Group\Apache2\bin\Apache.e xe
C:\Program Files\Apache Group\Apache2\bin\ApacheMo nitor.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e
C:\WINDOWS\system32\ZoneLa bs\vsmon.e xe
C:\WINDOWS\System32\ZoneLa bs\isafe.e xe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Avant Browser\avant.exe
F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EX E
C:\Program Files\Azureus\Azureus.exe
C:\Borland\JBuilder2005\jd k1.4\jre\b in\javaw.e xe
F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EX E
C:\WINDOWS\explorer.exe
C:\hijack\HijackThis.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d ll
It will create a log file in your my documents folder, which is just a text document. Open it with notepad or similar.
Then just paste it here like this:
Logfile of HijackThis v1.98.2
Scan saved at 04:41:54, on 01/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Apache Group\Apache2\bin\Apache.e
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\j2re1.4.2_05\bi
C:\WINDOWS\system32\ctfmon
C:\Program Files\Apache Group\Apache2\bin\Apache.e
C:\Program Files\Apache Group\Apache2\bin\ApacheMo
C:\WINDOWS\System32\svchos
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
C:\WINDOWS\system32\ZoneLa
C:\WINDOWS\System32\ZoneLa
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Avant Browser\avant.exe
F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EX
C:\Program Files\Azureus\Azureus.exe
C:\Borland\JBuilder2005\jd
F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EX
C:\WINDOWS\explorer.exe
C:\hijack\HijackThis.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d
ASKER
Logfile of HijackThis v1.98.2
Scan saved at 10:48:26 PM, on 9/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools v.exe
C:\PROGRA~1\Grisoft\AVG6\a vgserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\WINDOWS\System32\MsPMSP Sv.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb03.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG6\a vgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QB Update\qbu pdate.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPCli ent.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\El inkAcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\EarthLink TotalAccess\MailClnt.exe
C:\Documents and Settings\Windows XP\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://start.earthlink.net/channel/start
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.start.earthlink.net
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D 914BD9DCBB 3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-0 0C04FD6449 7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH elper.ocx
O2 - BHO: IEProxyHelperObj Class - {43DF16FD-D9ED-4c9e-B14A-F 3236A12C64 9} - C:\Program Files\MusicNow\IEProxyHelp er.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B 2026E4C7ED F} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-2 98DDF1699E 1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A 37C9A5676A 7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B 2697FA7D77 E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb03.exe
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbaut oupdate.ex e"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\a vgcc32.exe /STARTUP
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo n.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB Update\qbu pdate.exe
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\p ac-page.ht ml
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\p ac-image.h tml
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0 0105AA9B6A E} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E 099162EEEC 5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0 0105AA9B6A E} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{1 8B6532E-C7 08-4FFC-82 C0-0BAD6B9 8049E}: NameServer = 207.69.188.185 207.69.188.186
O17 - HKLM\System\CS1\Services\T cpip\..\{1 8B6532E-C7 08-4FFC-82 C0-0BAD6B9 8049E}: NameServer = 207.69.188.185 207.69.188.186
Scan saved at 10:48:26 PM, on 9/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\PROGRA~1\Grisoft\AVG6\a
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\System32\MsPMSP
C:\WINDOWS\system32\svchos
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG6\a
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QB
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPCli
C:\Program Files\EarthLink TotalAccess\Accelerator\El
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\EarthLink TotalAccess\MailClnt.exe
C:\Documents and Settings\Windows XP\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: IEProxyHelperObj Class - {43DF16FD-D9ED-4c9e-B14A-F
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbaut
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\a
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\p
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\p
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
ASKER
It's late I will check back in the morning.
Thanks so much!
Leah
Thanks so much!
Leah
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Rich,
This site never lets me down! You guys are amazing.
Leah
This site never lets me down! You guys are amazing.
Leah
Well done Rich was wondering what it was myself, since I don't use System Restore either, so I switch it off at birth. Forgot about that one!
I should make it part of my signature I use that one so much (system restore off) ;)
-rich
-rich
I use it all the time to check if any dodgy sites have installed something and if so zap them out.