What's a good free anti-spyware program?

Post by **DTS** » Sun Nov 26, 2006 6:43 pm

What's a good free anti-spyware program?
Ad-Aware isn't finding any spyware and there's something interferring with link clicking, especially on Google. It loads another site instead, different sites each time, sometimes the same site, though.

Post by **SoM** » Sun Nov 26, 2006 6:59 pm

windows defender

make sure your XP is legit tho

Post by **Captain** » Sun Nov 26, 2006 7:03 pm

Get Defender and you won't have anymore spyware problems. Stops everything dead in its tracks.

Post by **+JuggerNaut+** » Sun Nov 26, 2006 7:30 pm

DTS wrote:What's a good free anti-spyware program?
Ad-Aware isn't finding any spyware and there's something interferring with link clicking, especially on Google. It loads another site instead, different sites each time, sometimes the same site, though.

since you're not legit, i would suggest hijackthis along with spybot.

Post by **SoM** » Sun Nov 26, 2006 7:48 pm

he'll just be finding shit on his PC everyday not being legit..

hugs Wdefender, never a single spyware on my PC

Post by **+JuggerNaut+** » Sun Nov 26, 2006 8:34 pm

you've come full circle :lub:

Post by **SoM** » Sun Nov 26, 2006 8:39 pm

:lub:

Post by **DTS** » Mon Nov 27, 2006 4:55 pm

+JuggerNaut+ wrote:
DTS wrote:What's a good free anti-spyware program?
Ad-Aware isn't finding any spyware and there's something interferring with link clicking, especially on Google. It loads another site instead, different sites each time, sometimes the same site, though.
since you're not legit, i would suggest hijackthis along with spybot.

HijackThis says to show "knowledgable folks" the log and ask them which things to delete. So here it is.

Logfile of HijackThis v1.99.1
Scan saved at 16:49:24, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Downloaded zip files\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D352B9-DAF6-4BAE-A98C-BCE6C1BE05B9}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Post by **+JuggerNaut+** » Mon Nov 27, 2006 7:00 pm

DTS wrote: O17 - HKLM\System\CCS\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D352B9-DAF6-4BAE-A98C-BCE6C1BE05B9}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169

from what i gather from that list, the above should be "checked off" and fixed. Tormentius or someone else could verify.

Post by **Captain** » Mon Nov 27, 2006 7:47 pm

What exactly are those? Third-party connections to your computer?

Post by **+JuggerNaut+** » Mon Nov 27, 2006 8:04 pm

DTS, go to a command prompt and type:

netstat -b

take a look at any .exe's that are calling out to the net that you DON'T recognize. google them and see what's up.

Post by **Tormentius** » Mon Nov 27, 2006 8:47 pm

Those HKLM registry entries might be a problem but I don't know offhand. The rest of the report looks fine.

Post by **DTS** » Tue Nov 28, 2006 3:59 pm

+JuggerNaut+ wrote:DTS, go to a command prompt and type:

netstat -b

take a look at any .exe's that are calling out to the net that you DON'T recognize. google them and see what's up.

Nothing.

Tormentius wrote:Those HKLM registry entries might be a problem but I don't know offhand. The rest of the report looks fine.

If I delete them could there be a problem? (I mean if I "fix" them with HijackThis.)

Post by **obsidian** » Tue Nov 28, 2006 4:32 pm

Open regedit, select and export those keys first. Then delete them. If there are any problems, you can restore them by double clicking on the exported .reg file.

Post by **DTS** » Tue Nov 28, 2006 5:00 pm

obsidian wrote:Open regedit, select and export those keys first. Then delete them. If there are any problems, you can restore them by double clicking on the exported .reg file.

It's alright, I found that HijackThis does a backup when one deletes things from it so it's alright.

Post by **Grenader** » Tue Nov 28, 2006 5:07 pm

Adaware is the best one

What's a good free anti-spyware program?

What's a good free anti-spyware program?

Re: What's a good free anti-spyware program?

Re: What's a good free anti-spyware program?

Re: What's a good free anti-spyware program?