15 replies to this topic

[wannabgeek]

Hi Hope you can ps help me by putting my mind at rest!
On my XP pc i have Norton AV, Kerio FW (Free) and numerous spy/Adaware progs such as; Adawre se,Spybot,MSantispy,A2,CWshrdr,Spyblstr and last but not least the Great CClnr! I also have a new DG834 wired Router. Anyway i noticed Firefox given me 'http://1.1' error which i've never seen before so i ran all my progs and the only one to come up with something was A2 squared from what i remember it was; Logitech Net worm from what i gather to be from my qck cam (wbcam) so i deleted it and got rid of start up entry/s via spybot. So then i rebooted and get a MSantispy telling me something about a new LSP, which i dont know nothing about ! Could it be to do with the worm or would it be something to do with me changing my mouses USB to a PS2 plug which i was in the middle of doing before the problem arised? Anyway here is my HJT log! SORRY FOR LONG POST!
Logfile of HijackThis v1.99.1
Scan saved at 16:27:03, on 27-12-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mandmsports.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = real spyblstr
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - (disabled by BHODemon)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://cgi5.ebay.co.uk
O15 - Trusted Zone: http://my.ebay.co.uk
O15 - Trusted Zone: http://www.ebay.co.uk
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/s...utodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121391368531
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...on/uploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C2245C4-7499-4735-87E7-C1A57D3F298E}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[rridgely]

Hello sorry for the slow reply. Please open notepad and go to format and uncheck word wrap. Then make a new log and poste it.

Get rid of Asquared, that program is giving off too many false positives. Instead download ewido. Ewido makes a squared look like a joke.
http://www.ewido.net/en/download/

[JAGO]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mandmsports.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = real spyblstr
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - (disabled by BHODemon)

Just noting that you have way too many processes running at the same time - I would use CCleaner's startup removal tool and clean some of those out. Also, Kerio was bought recently by Sunbelt, and I'd be willing to put five bucks down and say it's going commercial. Try either Zone Alarm or better, Tiny Personal Firewall. If you're willing to pay for Norton, I guess it can't be that bad, but another five bucks says if you got rid of it all and got something sensible like ClamWin or eTrust's AV, you would have a huge improvement in boot time. Also, why do you have TeaTimer and MSAS Active running at the same time? I'd drop TeaTimer. (Hell, if you're paying for Norton, drop MSAS too and get Sunbelt's Counterspy. It's based off of GIANT's antispyware program as well, but it's a helluva lot better.)

You're not so much infected as I can tell as you are bloated. AOL and MSN messengers are going to kill you. Uninstall them both and get something like Trillian personal or GAIM. Run your antispyware programs (Spybot / Adaware / Ewido / MSAS / Norton), defragment, set your PC to check for bad sectors and reboot one last time.

My heart is pounding.

Edit:
If you're on a router, don't you have the hardware firewall, which is a lot better than the software firewall?

Also, use Trend Micro's Housecall (and Panda's ActiveScan).

[rridgely]

JAGO, on Dec 23 2005, 02:22 AM, said:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mandmsports.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = real spyblstr
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - (disabled by BHODemon)

Just noting that you have way too many processes running at the same time - I would use CCleaner's startup removal tool and clean some of those out.  Also, Kerio was bought recently by Sunbelt, and I'd be willing to put five bucks down and say it's going commercial.  Try either Zone Alarm or better, Tiny Personal Firewall.  If you're willing to pay for Norton, I guess it can't be that bad, but another five bucks says if you got rid of it all and got something sensible like ClamWin or eTrust's AV, you would have a huge improvement in boot time.  Also, why do you have TeaTimer and MSAS Active running at the same time?  I'd drop TeaTimer.  (Hell, if you're paying for Norton, drop MSAS too and get Sunbelt's Counterspy.  It's based off of GIANT's antispyware program as well, but it's a helluva lot better.)

You're not so much infected as I can tell as you are bloated.  AOL and MSN messengers are going to kill you.  Uninstall them both and get something like Trillian personal or GAIM.  Run your antispyware programs (Spybot / Adaware / Ewido / MSAS / Norton), defragment, set your PC to check for bad sectors and reboot one last time. 

My heart is pounding.

Edit:
If you're on a router, don't you have the hardware firewall, which is a lot better than the software firewall?

Also, use Trend Micro's Housecall (and Panda's ActiveScan).

Why post in a topic that hasent been active in 3 days? The user obviously either didnt want help or went somewhere else. I told them to upload better log so that it would be easier for me to look through.

[wannabgeek]

rridgely, on Dec 23 2005, 07:31 AM, said:

Why post in a topic that hasent been active in 3 days? The user obviously either didnt want help or went somewhere else. I told them to upload better log so that it would be easier for me to look through.

Hi Sorry for the late reply!
I have updated the new HJT log (unwrapped)
Re the AIM i have to use this as i have a webcam and speak to my family who to are on AOL.
Thanks for the advice on the other progs, i have since purchased webroots spysweeper so would i be able to switch off teatimer and MSantispy?
As for the Firewall the version i have is the old free 4. I do have a hardware FW on my Netgear Router but i have not fwd any ports as yet i have only changed the password!( I did get webroots Firewall inc in the spysweeper box as an extra is that any good?)
Re Norton AV- That actually came with my PC "oem" and i dont why i am still getting the updates after 3 yrs probally to do with 'clean installs of XP' So now i have spysweeper what do you recommend i get rid of? Cheers for the help!

[rridgely]

Since you bought webroot you can go ahead and uninstall MS Antispy and disable tea timer. You mentioned a router right? I think you would be fine to get rid of your software firewall and just use the router and the webroot one.(since you have it)
If you want to test your security I would use the tests on this site.
https://www.grc.com/x/ne.dll?bh0bkyd2

Get rid of norton since you didnt pay for it. That program is trash.(hog and dosent catch as much as it should.) Instead fill out this offer for a free year of etrust.
http://www.my-etrust.com/SubscriptCenter/M...gistration.aspx

Your log looks good for the most part but do the following. Open Hijack this and choose scan only. Then check this entry and press fixed checked.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -


Lastly you should get and periodically use ewido. The free version dosent run real time so you wont be running multiple spyware programs. But it has the best scanner out of all the programs I have used. Just remember to update it.
http://www.ewido.net/en/download/

You had a lot of questions. If I missed any just let me know.


Give a new log next time so I can see what you end up running and I might be able to help free up resources.

[wannabgeek]

Thanks for the prompt reply!

I will get rid of my Norton AV as your right it is very cpu intensive. But will i need to do a clean install as i've heared Norton tends to hid in deep in the Registry and is very hard to get rid of. And would this also apply to the software FW? Also i have uninstalled A2 and got rid of the Tea timer as you said so will i need to BUY the Ewido software or are you saying its ok to use the Free version, as i have spysweeper that will do the same job as the paid version? Thanks for the help & sorry for all the Qs
I must say this is a Great Forum

[rridgely]

When your ready to uninstall norton use this to get rid of it all.
http://www.softpedia.com/get/Tweak/Uninsta...oval-Tool.shtml

If your firewall is from norton than that tool should remove it as well. If that FW isnt from norton than it should be removed by the control panel.

You will be perfectly fine just using the free version of ewido.

[wannabgeek]

rridgely, on Dec 28 2005, 05:27 PM, said:

You will be perfectly fine just using the free version of ewido.

Hi Ridg cheers for the help!

I am going to do a clean install when i get the time so i will leave the AV and FW untill then! Something strange happened after i ran ewido (which by the way picked up 1 thing 'Firefox profile rxsso cookie') anyway what i mean by strange is that i could not connect to these forums. Got a 'refused connection' via Firefox! Any idea? This is not a bad site is it Also i've tried to get rid of the M&M home page in ie but cannot i've tried unticking the protection in all relevent progs but no joy at all. Any clues? I also removed Ewido from running in the background,so no icon in taskbar but every time i scan i get a pop telling me it aint running! "Is that correct"?... Great prog with good interface by the way"

Ps here's the updated HJT log

Logfile of HijackThis v1.99.1
Scan saved at 21:11:33, on 28-12-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mandmsports.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = real spyblstr
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - (disabled by BHODemon)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://cgi5.ebay.co.uk
O15 - Trusted Zone: http://my.ebay.co.uk
O15 - Trusted Zone: http://www.ebay.co.uk
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/s...utodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121391368531
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...on/uploader.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[wannabgeek]

....Sorry mate one more thing! Did i have to uninstall MSantispy or just remove the Guard from startin up!

[rridgely]

This site went down for a little while today. I'm not sure what happened.

Remove these with hijack this:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mandmsports.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = real spyblstr

I do not recommend the use of trusted zones. I would remove these but it seems you added them.(Since you have firefox make sure you use it.)
O15 - Trusted Zone: http://cgi5.ebay.co.uk
O15 - Trusted Zone: http://my.ebay.co.uk
O15 - Trusted Zone: http://www.ebay.co.uk
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com

After a couple days ewido will loose its ability to run full time. It will be like adaware just a real time scanner. Make sure you keep it because it truely is a great program.

[rridgely]

wannabgeek, on Dec 28 2005, 04:36 PM, said:

....Sorry mate one more thing! Did i have to uninstall MSantispy or just remove the Guard from startin up!

You could do either. I would just get rid of it though since you have so many programs already.

[wannabgeek]

Hi Really appreciate this help Ridg!
Yes i did give ebay & MS access to the trusted zone as i changed all the default ie security settings from a guide on dozleng.com. If i did not give them full access i could not use the sites,do you recommend another way? I do use Firefox all the time but as i cannot get used to 'Html' on the ebay selling i tend to use ie for ebay...Hence the Trusted ebay! Any ideas?

Re; ie Homepage (M&M) I am having trouble removing it! I think its because of the confusion with too many progs!

Thanks for the help & Happy New Year !
Edit since removed M&M homepage but seem to be getting conflicts with spyblaster and spy sweeper i would like to keep them both any clues?

[wannabgeek]

That ez AV you recommended well i installed it and now spybots winsock LSP section is telling me 4 of the ez AntiVirus LSP's (CA isafe) are dodgy ie no green tick beside them. And 'Rootkitreveal' is also coming up with missmatches! So do you think i've got the exploit virus as i can no longer access my security settings, eg sec center/ win updates ? Any ideas?

[JAGO]

wannabgeek, on Jan 3 2006, 02:01 PM, said:

That ez AV you recommended well i installed it and now spybots winsock LSP section is telling me 4 of the ez AntiVirus LSP's (CA isafe) are dodgy ie no green tick beside them. And 'Rootkitreveal' is also coming up with missmatches! So do you think i've got the exploit virus as i can no longer access my security settings, eg sec center/ win updates ? Any ideas?

Go to Start -> Control Panel, switch to classic view -> Security Center

I have Spybot and CA eTrust, and have never noticed this.

If you're concerned, you can try other antiviruses, BitDefender, NOD32, ClamWin, etc.

[wannabgeek]

JAGO, on Jan 8 2006, 02:40 AM, said:

Go to Start -> Control Panel, switch to classic view -> Security Center

I have Spybot and CA eTrust, and have never noticed this.

If you're concerned, you can try other antiviruses, BitDefender, NOD32, ClamWin, etc.

Cheers! I have since uninstalled it and Reformated my HD as i was getting all sorts of probs! Strange why i should have it and you dont! Ridgely couldnt have gave me a bad link could he w/out knowing it? Anyway gone back to Norton "Better the Devil you know"