I've been working on my grandfather's computer for two straight weekends. The OS is WinXP SP2. I believe that I have a browser hijacker but nothing I do seems to rid the system of it. It connects to the internet and will send and receive from Outlook Express. However, in Internet Explorer 6 it automatically redirects the original address and then shows that the web page is displayed as "www.www.blahblah.com.org". I've taken the following steps and I'm still unable to establish a connection with a website whether it's for an update or other.
I initially installed System Mechanic 6 Pro (without Kaspersky Lab due to Norton being present and current). Then I proceeded by checking for drive and system problems and everything was ok. I did a system clean up, internet cleanup and privacy tool, repaired and cleaned registry, defragged and recovered RAM, defragged memory 5 times.
Then I attempted the following but was still unable to connect to the internet for updates. Please note: The use of capital letters at parts isn't meant to be animated. It's just to separate commentary. Thanks.
MICROSOFT SUGGESTIONS....NOTE: THEY WEREN'T HELPFUL AT ALL WHEN THIS DIDN'T WORK.
Step I:
1. Download smitRem.exe from the following link and save the file to
your desktop:
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Double click on the file to extract it to it`s own folder on the
desktop.
2. Next, please reboot your computer in Safe Mode by doing the
following:
a) Restart your computer.
b) After hearing your computer beep once during startup, but before the
Windows icon appears, press F8.
c) Instead of Windows loading as normal, a menu should appear.
d) Select the first option, to run Windows in Safe Mode.
Step II:
1. Now scan with HJT and place a checkmark next to this entry and click
"Fix checked":
Note: HJT is a tool called Hijack This, and it is available free of
cost in the following link :
http://www.bleepingcomputer.com/files/hijackthis.php
Please download the file by clicking the link "Hijack This Download
Link", and continue the troubleshooting steps.
2. When running "Hijack This" in safe mode, in the entry
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} -
C:\WINDOWS\system32\hp8879.tmp
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} -
C:\WINDOWS\system32\hp8879 is not present there, you may see somewhat similar
entries like hp4D6E.tmp, hp849D.tmp
Please delete that.
3. Open the smitRem folder, and then double click the RunThis.bat file
to start the tool. Follow the prompts on screen. Your desktop and icons
will disappear and then reappear again. This is normal.
4. Wait for the tool to complete and Disk Cleanup to finish, this may
take a while.
Step III: Run Ad-aware and perform a full scan. Remove everything
found.
1. You may download Ad-Aware from the following website link:
http://www.lavasoftusa.com/support/download/
2. After downloading, installing and updating it, please do the
following:
a. Under Ad-aware 6 -> Settings -> Tweaks -> Scanning Engine:
Check: "Unload recognized processes during scanning."
b. Under Ad-aware 6 -> Settings -> Tweaks -> Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
3. Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition, which is usually C:
4. Now, press "Next" to let Ad-aware scan your drives. It may find a
number of "bad" files and registry keys.
5. Right-click in that pane and choose "select all".
6. Now press "Next" again.
7. It will ask you whether you`d like to remove all checked items.
Click OK.
8. Finally, close Ad-Aware, and reboot.
Step IV:
1. While still in Safe Mode, run Ewido Security Suite downloaded from
the following link:
http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html
2. Next go to Start -> Control Panel, click Display -> Desktop ->
Customize Desktop -> Web -> Uncheck "Security Info" if present.
3. Delete these files if still present, end process first:(might no
longer present)
C:\WINDOWS\system32\1024\ld3F80.tmp
C:\WINDOWS\system32\1024\ldFAD4.tmp
C:\WINDOWS\system32\nvctrl.exe
C:\Windows\System32\svchosts.dll
4. Restart your computer in normal mode.
5. Run the Panda online virus scan at
http://www.pandasoftware.com/products/activescan.htm
AT THIS POINT, I STILL COULDN'T CONNECT SO I WENT TO GEEKS TO GO & FOLLOWED THESE INSTRUCTIONS TWICE TO A "T".
Preparation
If your having trouble connecting to the Internet try running the WinSockFix utility to repair your connection:
WinsockXPFix for Windows XP/2000/NT
Winsock2Fix for Windows 98/98SE/ME
CleanUp! - Download - Home Page
NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it!
Open CleanUp! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files (if present)
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
Let it do it's thing. At the end, it may ask you to reboot/log-off, click Yes.
Close CleanUp.
If you have anything disabled by MSConfig or any other startup manager, please re-enable them before running any scans, or posting a Hijack This log.
Step One: Scan for Spyware/Adware
Ad-aware SE - Download - Home Page
1) Download and install.
2) Run the Webupdate feature. (Click on the Globe icon, Click connect, Click OK, Click Finish.)
3) Set up the Configurations (Gear wheel at the top) as follows:
General Button > Safety & Settings: Check (Green) all three.
Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
4) To start the scan, Click > "Scan Now"
Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
Select "Search for low-risk threats"
Select "Perform full system scan"
Click Next
5) When the scan has completed, select Next.
In the Scanning Results window, select the "Scan Summary" tab.
Check all objects found in the Critical Objects tab that you wish to remove
Click Next, Click OK.
CWShreder - Download - Homepage
Downlad CWShredder to your desktop. To run:
Reboot into Safe mode
Double click on CWShredder.exe to open it.
Click "I agree" then click "Fix" then click "Next"
when it is finished, close the program and reboot the computer normally
Spybot S&D - Download - Homepage
Install Spybot and the DSO Exploit Fix. Start Spybot and select Update, Search For Updates, check the box next to each update and then select Download Updates. Next, select Search and Destroy, Check for problems and after scanning is complete, Fix selected problems. Finally, select Immunize and then the Immunize button to block common Spyware programs from installing.
No single program removes every threat. A multi-prong approach is best.
Rogue/Suspect Anti-Spyware Products & Web Sites. Unfortunately, many companies have chosen to exploit the spyware problem by releasing questionable software. These programs may be ripoffs of existing free programs, produce false positives to entice you to buy the full version, leave actual Spyware installed, or at the very worst even install Spyware. Use the link above to see if you have installed any of these programs on your system. Uninstall any found.
Step Two: Viruses/Trojans
Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and trojans is getting blurred. You can never be too careful with these, we recommend at least one online scan.
Ewido Anti-Malware (for Windows 2000 and XP ONLY) - Download Free Version (30 day trial) - Homepage
Ewido has been very effective at helping remove some of the more difficult infections.
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close ewido and reboot your system back into Normal Mode.
If needed, please then paste the contents of the text file, and post it with your HijackThis log.
Trend Housecall - Homepage
Even if you do have antivirus software it can be compromised and corrupted by many forms of malware, so an online scan is a good idea.
Run the free online virus scan (tick the "Auto Clean" checkbox).
Here's another free online scan: Panda Activescan.
AVG - Download - Homepage
If you don't have any antivirus software on your system, or if your subscription to definition updates has lapsed, install AVG's very good free version of antivirus. This comprehensive package includes real-time protection, scheduled scans, automatic definition updates, and email scanning. More free antivirus tools here.
NOTE: DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more.
AT THIS POINT, I USED NORTON INSTEAD OF AVG WHICH WAS ALREADY INSTALLED EXCEPT UPDATES WERE 38 DAYS BEHIND.
TrojanHunter - Download Free Version (30 day trial) - Homepage
TrojanHunter is the most powerful trojan scanner on the market. Featuring an intuitive user interface and a scanner capable of thoroughly examining your files, system registry, open ports and running processes it gives you all-round protection against trojans.
Step Three: Windows Updates
Windows Update - Homepage - Download SP1a
An unprotected, unpatched Windows XP installation will get infected within minutes of connecting to the Internet. Because of this, we'll require you to do install critical updates before providing assistance in our forums. If not, we're both just wasting our time.
SP2 NOTE: Windows XP Service Pack 2 (SP2) has terrific security features, and we highly recommend everyone install it, however it should not be installed until your system is free from malware. Installing SP2 with malware present can cause many compatibility problems, or even prevent your computer from restarting. If your system has a malware infection, or if you're unsure, use the SP1a download link above.
Step Four: Reboot - Test
The tools above will completely clear malware from the majority of systems. Test your system to see how it's working.
If you're still having problems, continue to the next step. Otherwise, check out this article on how to prevent future Spyware/Hijack attacks.
Step Five: Posting a Hijack This Log
Hijack This - Download - Homepage
Automated tools are not always successful at removing malware from your system. Some infections may generate random files names, are too new, or use other tricks to avoid detection.
HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins.
This section is designed to help you produce a log, post the log into the Forum and finally remove the items as directed by the Member helping you. This involves no analysis of the list contents by you. That will be done by the Geeks to Go Staff.
If you have run and fixed anything with Spybot Search and Destroy, Ad-Aware, or any spyware program please reboot before scanning.
Save HijackThis in its own folder (i.e. C:\HJT). DO NOT run it from within a zip manager (Winzip), as no backups will be saved.
AT NO TIME WAS I ABLE TO UPDATE ANY OF THE SOFTWARE THAT I USED. IN FACT, SPYBOT WOULDN'T EVEN LET ME USE IT WITHOUT AN UPDATE SO IT WAS WORTHLESS IN THE PROCESS.
AT THIS POINT, I CAME TO 2-SPYWARE.COM AND USED THE "HIJACK THIS LOG ANALYZER BETA 1 TO ANALYZE MY HIJACK THIS RESULTS BY USING OUTLOOK EXPRESS ON MY GRANDFATHER'S COMPUTER TO SEND THE RESULTS TO MY YAHOO EMAIL ACCOUNT. I THEN USED MY COMPUTER TO ANALYZE THE FILE, PRINTED THE RESULTS AND REMOVED THE NECESSARY FILES FROM HIS COMPUTER.
THIS IS A COPY OF THE HIJACK THIS LOG....
Logfile of HijackThis v1.99.1
Scan saved at 4:08:47 PM, on 6/25/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\System32\cidaemon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [SMSystemAnalyzer] C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: AdsGone - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing)
O9 - Extra 'Tools' menuitem: &AdsGone Settings - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eznsearch.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
THESE ARE THE HIJACK THIS ANALYZER RESULTS WHICH I FOLLOWED....
Legitimate items 63 70%
Not necessary items 16 18%
79 88%
File and registry entries that can be both dangerous or safe
Questionable items 2 2%
Unknown items 9 10%
11 12%
Files and registry entries considered to be DANGEROUS. Fix immediately!
Dangerous items 0 0%
Line: Status: Comments: Actions:
C:\WINDOWS\System32\smss.exe
More info about file smss.exe Legitimate Process found in system process library Change status
C:\WINDOWS\system32\csrss.exe
More info about file csrss.exe Legitimate Process found in system process library Change status
C:\WINDOWS\system32\winlogon.exe
More info about file winlogon.exe Legitimate Process found in system process library Change status
C:\WINDOWS\system32\services.exe
More info about file services.exe Legitimate In most of cases it is legitimate system process, only sometimes can be used by malicious software Change status
C:\WINDOWS\system32\lsass.exe
More info about file lsass.exe Legitimate Process found in system process library Change status
C:\WINDOWS\system32\svchost.exe
More info about file svchost.exe Legitimate Process found in system process library Change status
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe Legitimate Process found in system process library Change status
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe Legitimate Process found in system process library Change status
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe Legitimate Process found in system process library Change status
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
More info about file ccsetmgr.exe Legitimate Item found in 2-spyware.com library
An essential component of security-related Symantec software such as Norton AntiVirus and Norton... Change status
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
More info about file sndsrvc.exe Legitimate Item found in 2-spyware.com library
This is a part of Norton Internet Security and Norton Personal Firewall applications. It runs... Change status
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
More info about file spbbcsvc.exe Legitimate Item found in 2-spyware.com library
Essential component of Symantec's Norton Internet Security suite. Change status
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
More info about file ccevtmgr.exe Legitimate Item found in 2-spyware.com library
ccEvtMgr.exe is an event logging application and runs at startup. It monitors virus alerts, virus... Change status
C:\WINDOWS\Explorer.EXE
More info about file explorer.exe Legitimate Process found in system process library Change status
C:\WINDOWS\system32\spoolsv.exe
More info about file spoolsv.exe Legitimate Process found in system process library Change status
C:\WINDOWS\System32\alg.exe
More info about file alg.exe Legitimate Process found in system process library Change status
C:\WINDOWS\System32\cisvc.exe
More info about file cisvc.exe Legitimate Process found in system process library Change status
C:\Program Files\ewido anti-spyware 4.0\guard.exe Unknown No exact entries found Insert file into database
C:\Program Files\Norton AntiVirus\navapsvc.exe
More info about file navapsvc.exe Legitimate Item found in 2-spyware.com library
Norton AntiVirus application that provides auto-protection of the system. NAVAPSVC.EXE runs on... Change status
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
More info about file npfmntor.exe Legitimate Item found in 2-spyware.com library
Related to Norton Antivirus program. Change status
C:\Program Files\Spyware Doctor\sdhelp.exe
More info about file sdhelp.exe Legitimate Item found in 2-spyware.com library
A part of Spyware Doctor, a popular legitimate anti-spyware program. Change status
C:\WINDOWS\System32\svchost.exe
More info about file svchost.exe Legitimate Process found in system process library Change status
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
More info about file symlcsvc.exe Legitimate Item found in 2-spyware.com library
An essential component of security-related Symantec software such as Norton AntiVirus and Norton... Change status
C:\Program Files\TrojanHunter 4.5\THGuard.exe
More info about file thguard.exe Legitimate Item found in 2-spyware.com library
TrojanGuard is a legitimate anti-trojan program. Change status
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe Unknown No exact entries found Insert file into database
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
More info about file ccapp.exe Legitimate Item found in 2-spyware.com library
From Symantec: "ccApp.exe is the common hosting application that is used for both NAV and NIS.... Change status
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
More info about file ewido.exe Legitimate Item found in 2-spyware.com library
ewido anti-malware component. Change status
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe Unknown No exact entries found Insert file into database
C:\Program Files\Messenger\msmsgs.exe
More info about file msmsgs.exe Legitimate Item found in 2-spyware.com library
Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use... Change status
C:\Program Files\Spyware Doctor\swdoctor.exe
More info about file swdoctor.exe Legitimate Item found in 2-spyware.com library
Main component of Spyware Doctor, a popular anti-spyware program. Change status
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe Unknown No exact entries found Insert file into database
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
More info about file hpotdd01.exe Legitimate Item found in 2-spyware.com library
This file is a standard part of Hewlett-Packard software, which is used to manipulate digital... Change status
C:\Program Files\AdsGone\adsgone.exe Unknown No exact entries found Insert file into database
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
More info about file hpoevm08.exe Legitimate Item found in 2-spyware.com library
File hpoevm08.exe is an essential component of HP Image Editor program, which comes with the... Change status
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
More info about file hposts08.exe Legitimate Item found in 2-spyware.com library
Executable hposts08.exe runs the legitimate and useful program, designed to monitor and provide... Change status
C:\HijackThis\HijackThis.exe
More info about file hijackthis.exe Legitimate Item found in 2-spyware.com library
This is the main component of HijackThis security application, designed to perform system scans and... Change status
C:\WINDOWS\System32\cidaemon.exe
More info about file cidaemon.exe Legitimate Item found in 2-spyware.com library
This file is related to Microsoft Indexing Service - it is a complex system utility, which indexes... Change status
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ Not necessary http://www.yahoo.com/ is your start page.
If you do not like this fact, fix this item. Change status
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll Legitimate legitimate bho toolbar, related to Yahoo Companion! Change status
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
More info about file acroiehelper.dll Legitimate Application program item according to inner database
File related to Adobe Acrobat Reader program. Change status
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll Legitimate legitimate bho toolbar, related to PCTools Spyware Doctor Change status
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
More info about file googletoolbar2.dll Legitimate Application program item according to inner database
Google Toolbar for Internet Explorer. Change status
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll Legitimate legitimate bho toolbar, related to PCTools Spyware Doctor Change status
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
More info about file navshext.dll Legitimate Application program item according to inner database
Component of Norton Anti-virus. Located in "C:\Program Files\Norton AntiVirus\". Uses... Change status
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll Legitimate legitimate bho toolbar, related to Microsoft Money Change status
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
More info about file navshext.dll Legitimate Application program item according to inner database
Component of Norton Anti-virus. Located in "C:\Program Files\Norton AntiVirus\". Uses... Change status
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
More info about file navshext.dll Legitimate legitimate bho toolbar, related to Yahoo Companion! Change status
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
More info about file thguard.exe Legitimate Application program item according to inner database
TrojanGuard is a legitimate anti-trojan program. Change status
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe Unknown No exact entries found Insert file into database
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
More info about file usrprmpt.exe Legitimate Application program item according to inner database
This is a part of Norton Internet Security and Norton Antivirus applications. It runs critical... Change status
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
More info about file ccapp.exe Legitimate System item according to inner database
From Symantec: <i>"ccApp.exe is the common hosting application that is used for both NAV and NIS.... Change status
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
More info about file ewido.exe Legitimate System item according to inner database
ewido anti-malware component. Change status
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
More info about file sndmon.exe Legitimate Application program item according to inner database
This is the main part of LiveUpdate tool, published by Symantec. It is required to update all... Change status
O4 - HKCU\..\Run: [SMSystemAnalyzer] C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe Unknown No exact entries found Insert file into database
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
More info about file msmsgs.exe Legitimate System item according to inner database
Windows Messenger from Microsoft. Located in "C:\Program Files\Messenger\". If you don't use... Change status
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
More info about file swdoctor.exe Legitimate Application program item according to inner database
Main component of Spyware Doctor, a popular anti-spyware program. Change status
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe Unknown No exact entries found Insert file into database
O4 - Global Startup: hp psc 1000 series.lnk = ? Not necessary Fix this item because it points to nowhere Change status
O4 - Global Startup: hpoddt01.exe.lnk = ? Not necessary Fix this item because it points to nowhere Change status
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html Not necessary Do you want item 'Backward Links' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. Change status
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html Not necessary Do you want item 'Cached Snapshot of Page' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. Change status
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html Not necessary Do you want item 'Similar Pages' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. Change status
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html Not necessary Do you want item 'Translate Page into English' to appear in your internet explorer context menu when you do the right click? If you don't, fix this item. Change status
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll Not necessary This item represents extra button in your IE toolbar with a name 'Spyware Doctor' and points to file 'C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll'. If you do not want it to be there, fix this item. Change status
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll Not necessary This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll'. If you do not want it to be there, fix this item. Change status
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll Not necessary This item represents extra menu item in your Tools menu in IE with a name 'Yahoo! Messenger' and points to file 'C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll'. If you do not want it to be there, fix this item. Change status
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) Not necessary Fix this item. It represents extra button in your IE toolbar and points to file that doesn't exist. Change status
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll Not necessary This item represents extra button in your IE toolbar with a name 'MoneySide' and points to file 'C:\Program Files\Microsoft Money\System\mnyviewer.dll'. If you do not want it to be there, fix this item. Change status
O9 - Extra button: AdsGone - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing) Not necessary This item represents extra button in your IE toolbar with a name 'AdsGone' and points to file 'C:\Program Files\AdsGone\adsgone (file missing)'. If you do not want it to be there, fix this item. Change status
O9 - Extra 'Tools' menuitem: &AdsGone Settings - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing) Not necessary This item represents extra menu item in your Tools menu in IE with a name '&AdsGone Settings' and points to file 'C:\Program Files\AdsGone\adsgone (file missing)'. If you do not want it to be there, fix this item. Change status
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE Not necessary This item represents extra button in your IE toolbar with a name 'Messenger' and points to file 'C:\Program Files\Messenger\MSMSGS.EXE'. If you do not want it to be there, fix this item. Change status
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE Not necessary This item represents extra menu item in your Tools menu in IE with a name 'Windows Messenger' and points to file 'C:\Program Files\Messenger\MSMSGS.EXE'. If you do not want it to be there, fix this item. Change status
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll Legitimate This item represents a plugin added to Internet Explorer to work with '.spop' files. Seems to be safe, unless you know that it is malicious. Change status
O14 - IERESET.INF: START_PAGE_URL=http://www.eznsearch.com Questionable This item changes your "default" Start page in IE. It will appear if you Restore default web settings. If you are an administrator and you do not recognize address "", fix this item. Change status
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab Questionable Are you using an ActiveX object with a name 'YInstStarter Class' located in 'http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab'? If not, fix this item. Change status
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
More info about file ccevtmgr.exe Legitimate Item found in 2-spyware.com database.
ccEvtMgr.exe is an event logging application and runs at startup. It monitors virus alerts, virus... Change status
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe Legitimate Related to Norton/Symantec AntiVirus. Change status
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
More info about file ccsetmgr.exe Legitimate Item found in 2-spyware.com database.
An essential component of security-related Symantec software such as Norton AntiVirus and Norton... Change status
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe Unknown No exact entries found Insert file into database
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
More info about file navapsvc.exe Legitimate Item found in 2-spyware.com database.
Norton AntiVirus application that provides auto-protection of the system. NAVAPSVC.EXE runs on... Change status
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
More info about file npfmntor.exe Legitimate Item found in 2-spyware.com database.
Related to Norton Antivirus... Change status
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
More info about file hpzipm12.exe Legitimate Item found in 2-spyware.com database.
This is a standard component of Hewlett-Packard device drivers. The presence of this file means,... Change status
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
More info about file savscan.exe Legitimate Item found in 2-spyware.com database.
This executable file is a standard part of antivirus and security-related software, published by... Change status
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
More info about file sbserv.exe Legitimate Item found in 2-spyware.com database.
Part of Norton Anti-virus. SBServ.exe is located in "C:\Program Files\Common Files\Symantec... Change status
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
More info about file sdhelp.exe Legitimate Item found in 2-spyware.com database.
A part of Spyware Doctor, a popular legitimate anti-spyware... Change status
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
More info about file sndsrvc.exe Legitimate Item found in 2-spyware.com database.
This is a part of Norton Internet Security and Norton Personal Firewall applications. It runs... Change status
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
More info about file spbbcsvc.exe Legitimate Item found in 2-spyware.com database.
Essential component of Symantec's Norton Internet Security... Change status
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
More info about file symlcsvc.exe Legitimate Item found in 2-spyware.com database.
An essential component of security-related Symantec software such as Norton AntiVirus and Norton... Change status
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
More info about file symwsc.exe Legitimate Item found in 2-spyware.com database.
File symwsc.exe is included in Norton Antivirus program. It runs background process, which... Change status
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
More info about file vsmon.exe Legitimate Item found in 2-spyware.com database.
Related to the ZoneAlarm firewall from ZoneLabs. Located in...
STILL, IT'S DOING THE SAME THING. CAN YOU HELP ME PLEASE? I'M AT THE END OF MY ROPE WITH THIS. IT HAS BEEN VERY FRUSTRATING TO SAY THE LEAST. I APOLOGIZE FOR THE LENGTH OF THIS POST BUT I WANTED TO BE THOROUGH.
YOUR TIME AND CONSIDERATION IS APPRECIATED |
(91/100)
(89/100)
(85/100)
(80/100)
(75/100)
.
