would appreciate some help with spyware problem

C

countrygirllyndafox

Joined
May 21, 2006
Messages
20
Reaction score
0
I am running Windows XP SP2, using Internet Explorer 6, Outlook Express and Yahoo for email with Outlook Express as the main email program. I am not at all knowledgeable about removing things that might be spyware. I have a dial up modem for my connection. I have run the following Spyware free Spyware programs: Adaware 6, Spybot 1.4 and Xosoft (that will not remove anything without a purchase. I removed what I could that I understood was okay and would really appreciate you looking at my Hijack log for me that I am sending. Thanks in advance.Logfile of HijackThis v1.99.1
Scan saved at 3:03:08 PM, on 5/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUpKiller.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tnets.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.alltheweb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnets.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.alltheweb.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnets.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mw-proxy:80
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUpKiller.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/04c241de522875f13921/netzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135301558562
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F621C77F-126F-4CA5-BC8B-2F64189E93A5} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAB8C1CC-6C6B-4D1D-AE99-BE00A8DDB567}: NameServer = 207.65.4.25 216.153.94.101
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
This may help

Hi countrygirllyndafox & welcome to pcreview
happywave.gif


Suggest you look at this thread as it may help you out.:thumb:
https://www.pcreview.co.uk/forums/thread-2544261.php

If it does help please let us know as it's good to get feedback.
 
Last edited:
Hello countrygirllyndafox ... phew, bit of a mouthfull there. ;)

Could I ask you to un-install "Defender Pro Anti Spam & Xosoft" software ... it is confusing your HJT log.

Once done, could you then re-post a new HJT log file here. :thumb:


You can go ahed and "fix" these ...

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/...bin/actxcab.cab
O16 - DPF: {F621C77F-126F-4CA5-BC8B-2F64189E93A5} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAB8C1CC-6C6B-4D1D-AE99-BE00A8DDB567}: NameServer = 207.65.4.25 216.153.94.101

:)
 
Thanks so much for your prompt reply. I have unistalled Defender Pro Spam and Xosoft Software, but I would appreciate instructions as to how to remove the other unwanted entries you said I could go ahead and remove. I am sorry that I do not know how to do this, don't have any experience in the registry if that is where I have to go. I am sending you another Hijack This file to see if you can help me further. I may have to get someone to help me remove the things I need to , because of my lack of experience, but sLogfile of HijackThis v1.99.1
Scan saved at 5:40:43 PM, on 5/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUpKiller.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tnets.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.alltheweb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnets.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.alltheweb.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnets.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mw-proxy:80
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUpKiller.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/04c241de522875f13921/netzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135301558562
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F621C77F-126F-4CA5-BC8B-2F64189E93A5} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAB8C1CC-6C6B-4D1D-AE99-BE00A8DDB567}: NameServer = 207.65.4.25 216.153.94.101
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWure appreciate your help in this matter.
 
Thats the beauty of HJT, you do not need to use the registry editor, HJT does it for you. ;)


Open HijackThis and choose "Do a system scan only" then check/Tick the box in front of these line items:

C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/04c241de522875...etzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/...bin/actxcab.cab
O16 - DPF: {F621C77F-126F-4CA5-BC8B-2F64189E93A5} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAB8C1CC-6C6B-4D1D-AE99-BE00A8DDB567}: NameServer = 207.65.4.25 216.153.94.101
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWure appreciate your help in this matter


Download CCleaner, install it, be carefull NOT to install the Yahoo Toolbar, simply un-tick its box ... update the program and run it ... defrag the PC after this is done.

Download & install SpywareBlaster, you can get that from our Sister Site SpywarePoint ... :thumb:

Repost a new HJT log when done ... :thumb:
 
countrygirllyndafox

Hi again, muckshifter,
You have been so kind to help me and I appreciate it so much. I wanted to explain that I only removed the Anti Spam part of Defender Pro as that was the way I understoodit at the time becauseI am using it for an anti-virus, anti spy, and also a Firewall. Will any of this removals affect that? And some of the HJT items you suggested for removal showed up in blue print on the post from you, but you did mean for me to remove all of the items in the complete list you sent, didn't you. I must have a pretty bad mess on here. I am going to follow your advice when I am completely straight but didn't want to mess it up any more. Also when I am through removing everything, did you mean that I would have to completely remove Yahoo and go for a new sign in with them . I hope I can get by without that. Thanks again for you kind attention to my problem.
 
would appreciate some help with this spyware problem

Hi again, muckshifter,
I hope you don't mind but I forgot to mention that I am also having problems with this about blank thing. Also I would appreciate it if you would explain to me what is going on with that. Thanks to you in advance.
 
Your log is pretty clean ... no need to follow any of my instructions, that is entirely upto you. ;)

I have had no dealings with Defender Pro ... but I have done some reading. I'm afraid I don't need to shell out $29 on something I can get for nothing, is more reliable, and does the job we need it to do.

I have never, in 20 years computing, come across an "all-in-one" security program that actually does what it says on the tin ... it would be far too complicated to achieve, although some AVs, such as KAV come close.

In this Windows World we need several dedicated program to 'help' relieve the problem ... non are 100% ... not even my tools. Well, except one, but Linux is not an easy OS to learn. ;)

HJT is a 'tool' that allows you to see what is where and if it should be there ... it is only a guide, although it is pretty damn accurate when you do have some nasties that have infected your system, and will help to eliminate them, we still need other tools that HJT need as a compliment.

My advice may not suite everybody ... and I'm sorry to say, I don't really care if you take it or leave it, there is nothing wrong with my PCs ... but I try and educate those who'll listen. :)


countrygirl,

We 'need' a Firewall ... MS will do, but there are better AND Free alternatives and if you have a Router, you are even better protected.

We 'need' an Antivirus program ... again, the Free offerings, such as Anti-Viri are very good. If you need something a little stonger get KAV, it ain't free, but is one of the best.

We 'need' Anti-Spyware programs ... and unfortunately not just one but at least two should be employed ... again, Free is good and again there are several damn good free anti-spyware programs on offer. Hell, MSs own Anti-Spyware, MS Defender is one of the best and should be installed on all Windows PCs ... along with SpywareBlaster and either Ad-Aware and or SBS&D

Then there is what I would call a "sundry" program such as CCleaner ... it really does Clean the Crap off your system ... anoying to say that we recommend you do NOT install the Yahoo toolbar that is now being bundled with CC, unless you want it, as Google's ToolBar is far more secure, we have no need for two Toolbars doing the same job. ;)

Then there is Firefox ... an alternative to Internet Explore, with out the holes. :D


There you go ... up to you. :thumb:
 
countrygirllyndafox said:
Hi again, muckshifter,
I hope you don't mind but I forgot to mention that I am also having problems with this about blank thing. Also I would appreciate it if you would explain to me what is going on with that. Thanks to you in advance.
Click to expand...
Well that just proves to me that this "Defender Pro" is not doing its job.

;)
 
would appreciate some help with this spyware problem

Hi again,
It's me again, and I hope I didn't seem rude, I sure didn't mean too. A lack of knowledge on my part is frustrating to you I am sure. I sure appreciate all that you have done to help me and I will use the things you have told me to help me in the future. Maybe with a lot of study, I can learn to be better at some of this. I hope you will be willing to help me in the future as I try to sort some of these things out.
Thanks to you again
countrygirllyndafox
 
oh no, you were not rude in anyway ... I'm the one who usually steps out of line. I'm better in person at teaching. :D


I'll admit here and now that I was wrong about your Defender Pro, not sure about its other "tools", but the AV side is actually a licenced version of KAV ... :o

My initial research led me to conclude it was just another 'run-of-the-mill' list of programs we see come and go. On further investigations I found a better source and was quite surprised.

I'm still not convinced it is the right tool for the job though ... I have been proven wrong before. :D

I will also stand by my list of recommendations, they are tried and tested and in my humble opinion, are the better tools for the job.

:thumb:
 
would appreciate your help with this spyware

Hi to you again muchshifter
I am glad to know that I did not aggravate you. I value the information that you are so kind to give for free.You have tried to help me in every way possible, its just that I don't always understand as well as you are able to advise. Like I said before, I am grateful for such fine advice. One more thing though, if you don't mind, should HJT be able to remove the about blank thing also. Thanks to you in advance for being honest and so helpful.
countrygirllyndafox
 
would appreciate some help with this spyware problem

I apologize to you for the (muchshifter error) I know that it is muckshifter, apparently I can't type either. Please accept my apologies.
countrygirllyndafox
 
Last edited:
LoL ... never noticed, I've typed muchshifter many a time too. :D

I forgot about that "about blank" ... no, HJT won't 'fix' that ... but, it should help find the little nastie that caused it.

I see nothing in your log that indicates any browser interference ... however, I strongly recommend you "fix" what I have already pointed out to you ... with the exception of Defender Pro references, they should be fine.

Especially "fix" ...
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/...bin/actxcab.cab
O16 - DPF: {F621C77F-126F-4CA5-BC8B-2F64189E93A5} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O17 - HKLMSystemCCSServicesTcpip..{DAB8C1CC-6C6B-4D1D-AE99-BE00A8DDB567}: NameServer = 207.65.4.25 216.153.94.101
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWure

:thumb:

Also download CWS and run it ... it is spacificly aimed at detecting these particular 'about blank' nasties.

I also forgot about this excelent program ... ewido anti-malware try it also.

You see where this is all going ... Windows, who wants it.
wallbash.gif
laughingsmiley.gif
 
would appreciate some help on the spyware problem

Good evening muckshifter,
I have done all the things you suggested except the Defrag., will get to that too. I just ran another HJT and it fixed everything but the last entry which is the O23, the Symantec Corporation thing, is that anything to worry about? I want to again thank you very much, I have learned some valuable things from you.
Thanks again.
countrygirllyndafox
 
Are you saying HJT could not fix the Symantec entry, or you did not let it?

We don't like Norton/Symantec around here much, as it is only one entry I would say you had a Norton product at one time or another ... uninstalling Norton does not remove everything ... you have to use their 'special' tool do do that.

:)
 
would like some help with this spyware problem

Hi again,
countrygirllyndafox sure appreciates the help you are willing give. I am sorry that I was not clear about the Norton/Symantec entry. You are correct, I had Norton a few years ago. The HJT was checked to fix it, but it did not, or if it did it was back as soon as I ran the next HJT log to see what had happened. I would appreciate having it completely removed if you would be kind enough to explain how. Also I have this stupid Yahoo toolbar that I would like to be rid of. Any help would be appreciated. Again thanks to you.
countrygirllyndafox
 
would appreciate some help with this spyware problem

Hi muckshifter,
Thanks again for the help. Still battling the about blank problem. Looks like it is here to stay, but will keep trying. Thanks again.
countrygirllyndafox
 
Hmmm, did you use CWS from my other post? see the ".zip" attachment

Try this for me ... select Run from the Start menu and in the Open: box type:

regsvr32 /s urlmon.dll


 

Attachments

Back
Top