Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This log thoughts


  • Please log in to reply
6 replies to this topic

#1 mrsh2os

mrsh2os

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 16 February 2005 - 09:35 PM

Hi there. I have norton running and finding 4 problems while pandaware is finding 9. Spy Sweeper has found 26 errors/spyware today and some x-spyware thing found 2. I was wondering how my log looks. I'm trying to keep up on cleaning my computer but it seems each program finds different things. Thanks so much!

Liz

Logfile of HijackThis v1.99.1
Scan saved at 8:27:51 PM, on 2/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\NORTON~1\navw32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.neopets.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 mrsh2os

mrsh2os
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 16 February 2005 - 09:48 PM

I have these files show up in a norton scan and cannot delete them. It always says "delete failed." How in the world can I get rid of this bleep?

1: (this one is in here twice)
Adware

Name: ISTsvc.exe

Publisher: Integrated Search Technologies/CDT Inc
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


Removal: Low
Damage: Low


2:
Type: Spyware

Name: Comet Cursor Plus
Version: 4.3.333.22
Publisher: Comet Systems
Systems Affected: Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, EPOC, Linux, Macintosh, Macintosh OS X, Novell Netware, OS/2, UNIX

Removal: Low
Damage: Low


3:
YSBactivex.dll

this one is listed with the same description in norton as #1 is.

i have no idea what to do next to get this stuff to stay gone.

#3 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:03:14 AM

Posted 16 February 2005 - 10:06 PM

There is a will, and there is a way to get rid of this
without creating any big problems.

I have merged the two posts into one thread.
Next I'll study/research the log and build
a step-by-step for you to follow.

I'll post that for review by experts
and when approved, it will be posted here
as a reply. click "track this topic" before you
leave, and you'll get an email notification
as soon as the reply is posted.

Relax, it'll be OK. :thumbsup:

Please download HJT again,
using the installer. HJT installer and next time you use HJT use it from
the location it automatically installs to by default when
you click to open the zip folder on your desktop.

present location is in a temp folder & we will delete
all files in that location when we clean up the PC>

The present one will cause you no harm.

Thanks. :flowers:

Edited by phawgg, 16 February 2005 - 10:18 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#4 mrsh2os

mrsh2os
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 17 February 2005 - 10:40 PM

I redid what you said to do. I'll be watching for another post.

Thanks!!

Liz

:-)

#5 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:03:14 AM

Posted 18 February 2005 - 12:56 PM

Hi, liz

I'm trying to keep up on cleaning my computer but it seems each program finds different things.


Good for you, and it's not unusual for one to find things another doesn't.
In fact that is the reason you'd be better off using more than one.
Each application updates the spyware definitions on a different schedule
and using somewhat different criteria, so to stay on top of it, use several.

False positives also exist, meaning sometimes in order that problems
of a certain kind are found, in the process of doing that, files that are
not really problems may be reported.
Generally, the error(s) are fixed.
Sometimes companies use the
false positives to goad you
into purchasing.

These two specific files you mentioned,
yet I do not see them in your HJT report.
ISTsvc.exe
YSBactivex.dll

When searching for files in the procedure below,
you may include them in your search.
If found, delete them. They are no good.

One more thing.
Realtek Audio.
One of those files (ALCMTR.EXE) is considered spyware,
though not the worst kind.
Info to help YOU decide
Another (ALCWZRD.EXE) is considered unnecessary to be running.
Deleting ALCMTR.EXE should not any cause any problems.


Please perform the steps in exact order for best results.
Read through them carefully first to avoid confusion.

Print out, Copy/paste these instructions to a notepad/wordpad
or choose file-->save page as: HJT instructions.

Set your PC to: show hidden files. Additional information here.

Open your C:\HJT folder and double-click the icon.
Close everything except HijackThis, nothing else on your desktop.

Run Hijackthis:
click Scan, and put a checkmark next to each of the following objects:

O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Click the Fix button, when you're sure that files marked for deletion are correct.
If you decided not to include any of the ones above indicating a choice,
do not delete the .exe files listed below that correspond to them.

Reboot into Safe Mode by tapping F8 until
the DOS screen appears. press "Yes". Use the up arrow to choose safe mode. Hit enter. "OK" the choice.


Search for, locate and delete files or folders
To find them use: Start-->Search-->select "all files & folders"-->select "more advanced options"-->
check search "system folders", "hidden files & folders" & "sub-folders".
You may also navigate to the appropriate folder, right-click-->delete individual files.
(They may not exist, the previous steps may have eliminated them. We're double-checking some of these)
Do not delete main folders like C:\WINDOWS or C:\Program Files
.

Delete manually:

C:\ShowWnd.exe
C:\ALCMTR.EXE

Delete Temp Files
To clean out your temp files use:
Start-->Run-->type in: %temp% and press the ok button.
This should open up the temp directory that your machine uses.
Please delete all files and folders found in the temp folder.
If you get an error when deleting a file, skip that file and delete all the others.
Doing this in Safe Mode you should be able to delete all the files.


Reboot your computer to go back to normal mode.

Delete Temporary Internet Files use:
Start Button-->Internet Explorer-->Tools-->Internet Options-->General tab-->Delete Files button
Put a checkmark in Delete offline content.
Press the OK button. This may take quite a while, but when it is done your Temporary Internet Files will be deleted.


Empty the recycle bin.

Run HijackThis again and post the new log as a reply to this post.
(Include comments regarding any problems you might have had,
and let us know if its working better. Some additional options may exist)

patiently patrolling, plenty of persisant pests n' problems ...

#6 mrsh2os

mrsh2os
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 18 February 2005 - 01:24 PM

Thank you. I followed the instructions, but I've come to the conclusion that I use my computer entirely too much and will always have to deal with getting rid of stuff. It's only been a couple of days, and my log looks longer than it was before. lol

Ho hum. As long as it's nothing bad, I'll be happy, but take a look anyway.

Thanks,
Liz
:thumbsup:


Logfile of HijackThis v1.99.1
Scan saved at 12:20:32 PM, on 2/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.neopets.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#7 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:03:14 AM

Posted 18 February 2005 - 09:14 PM

Alrightee, Liz! Clean log. :thumbsup: Good job.

You should disable & re-enable your System Restore to set a new restore point.
This insures that there are no infected files found in a restore point left over from what we have just cleaned.
Additional information & instructions are here.


The recommendations below are "generic" to a degree.
You already know many of them.
I have used Norton & it worked.
IMHO AVG is better and free, but I'm only one guy.
I've used Spy Sweeper & I liked it. I'd keep that & add the other anti-spyware programs.
In fact I also use Microsoft Anti-spyware Beta 1 with everything else I've mentioned.
I've had no problems in 20 scans or so.
I do not use it's auto-updating fully, nor it's auto-protect.
I generally do all my scans & updates once a week.

Some other steps to be taken are:

1. Use secure Internet Explorer settings
  • Open IE and check tools-->internet options-->security-->click internet icon-->(default is medium).
  • Click custom and check that these settings are:
  • Download unsigned ActiveX controls - prompt
  • Initialize and script ActiveX controls not marked as safe - disable
  • Installation of desktop items - prompt
  • Launching programs and files in IFRAME - prompt
  • Navigate sub-frames across different domains - prompt
2. Use AntiVirus Software & Update Frequently. It's best to use only one.
  • An excellent free program is AVG, if you need an option.
  • This program can be set to automatically scan & either auto-update or
  • you may choose to do that yourself.
  • Virus definition updates with this program occur frequently, which is very good.
3. Use a Firewall, but use only one. If you install your own, disable the built-in winXP firewall.
  • Excellent free programs available include:
  • Sygate
  • Kerio
  • (others are also available)
  • Choose one (if you do not already use a firewall). Keep your Firewall up & monitor it's configurations
  • (fully understanding it's operation may require some thought & a little practice,
  • but it helps greatly to have it installed and functioning)
4. Use Microsoft Windows Updates Frequently
  • SP2 is the most recent Service Pack available.
  • More updates have already been to it, so remain current in regards to security issues in particular.
5. Use Spybot S&D & Update
  • Install and use this program with its TeaTimer option. (Advanced Mode-->Tools-->Resident)
  • It provides realtime spyware & hijacker protection alongside your virus protection.
  • Scan with this program on a regular basis, just as you would an antivirus software.
  • Check for updates when you do. Use the help menu, and a tutorial is available.
6. Use SpywareBlaster & Update
  • Install and use this program
  • Adding a large list of sites/programs into your Browser settings, it protects you from
  • running or downloading known malicious programs.
  • You may customize it if required to accomodate your individual needs,
  • and updates are also frequently issued with new definitions added
  • Make it a habit to run and update on a regular basis.
7. Use Ad-Aware & Update
  • Install, configure and use this program with the others.
  • It is very well thought of in it's effectiveness, it complements the actions of the others.
  • It provides for additional plug-in specialty tools as well as an upgrade if you choose them.
  • Updates are frequent, so I suggest that you do both that and run the program regularly.
8. Use an alternative Browser Frequently. You may use several if you like.
  • Consider using Firefox as an alternative to IE
    for fundamental security reasons.
  • You can have both easily. Doing so will provide you with several benefits and options.
  • Other alternative browsers are also available at no charge
  • They do not have inherent vulnerabilities to the extent that IE does.
  • They are not subject to the same attention by malware creators as IE, which is much more commonly used.
  • All of these recommendations will provide a valuable service to you,
  • and no conflicts exist when operating them together on your PC & winXP OS.
  • Please enact them for your own sake at that of the Internet itself.
9. Use BleepingComputer Tutorials & Resources Frequently. "and check for updates...:flowers:"
  • While cleaning your PC important tutorials were offered to explain what was being done.
  • Urgency to accomplish the task may have compromised your full understanding of what all was involved.
  • There is always room for improvement when using a personal computer.
  • Resources are available here and improving all the time.
  • Some that deal with these recommendations & other topics include:
Tutorials available for more in-depth considerations.
Switching from Internet Explorer to Firefox
Four Simple Steps for removing Spyware, Hijackers, Viruses, and other Malware
Simple and easy ways to keep your computer safe and secure on the Internet
Using Spybot - Search & Destroy to remove Spyware from Your Computer
Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
Guide to Windows XP Recovery Features
Steps to take when connecting a new computer to the Internet
Microsoft Anti-spyware Beta 1 "let's see screenshots"

For your information.
Additional modifications can be made to your PC.
Optional running processes & the registry entries that make them run are not malware,
but can effect your boot initialization & other characteristics of how your PC operates.
You can enter the running process filenames into any of these online databases to learn more about them.
Bleepincomputer Startup Database.
ATW Task List.
Windows Startup Online.
ProcessLibrary
There are also other sites.
Since only you know how you use your programs, it's fair to say you might benefit
by knowing more about each of the ones that appear in your log.


Questions about them will best be answered after you've had a chance to
check some of them out first, as your PC is now technically clean.


As a case in point, research will show that these are unnecessarily running at startup on yout PC:

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe (N)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (N)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE (N)
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE (N)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe (N)

(N) being the code used at bleepingcomputers.com's very own Startup Database
available by clicking the top of the main page.
patiently patrolling, plenty of persisant pests n' problems ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users