Page 1 of 1
What's a good free anti-spyware program?
Posted: Sun Nov 26, 2006 6:43 pm
by DTS
What's a good free anti-spyware program?
Ad-Aware isn't finding any spyware and there's something interferring with link clicking, especially on Google. It loads another site instead, different sites each time, sometimes the same site, though.
Posted: Sun Nov 26, 2006 6:59 pm
by SoM
windows defender
make sure your XP is legit tho
Posted: Sun Nov 26, 2006 7:03 pm
by Captain
Get Defender and you won't have anymore spyware problems. Stops everything dead in its tracks.
Re: What's a good free anti-spyware program?
Posted: Sun Nov 26, 2006 7:30 pm
by +JuggerNaut+
DTS wrote:What's a good free anti-spyware program?
Ad-Aware isn't finding any spyware and there's something interferring with link clicking, especially on Google. It loads another site instead, different sites each time, sometimes the same site, though.
since you're not legit, i would suggest hijackthis along with spybot.
Posted: Sun Nov 26, 2006 7:48 pm
by SoM
he'll just be finding shit on his PC everyday not being legit..
hugs Wdefender, never a single spyware on my PC
Posted: Sun Nov 26, 2006 8:34 pm
by +JuggerNaut+
you've come full circle :lub:
Posted: Sun Nov 26, 2006 8:39 pm
by SoM
:lub:
Re: What's a good free anti-spyware program?
Posted: Mon Nov 27, 2006 4:55 pm
by DTS
+JuggerNaut+ wrote:DTS wrote:What's a good free anti-spyware program?
Ad-Aware isn't finding any spyware and there's something interferring with link clicking, especially on Google. It loads another site instead, different sites each time, sometimes the same site, though.
since you're not legit, i would suggest hijackthis along with spybot.
HijackThis says to show "knowledgable folks" the log and ask them which things to delete. So here it is.
Logfile of HijackThis v1.99.1
Scan saved at 16:49:24, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Downloaded zip files\hijackthis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D352B9-DAF6-4BAE-A98C-BCE6C1BE05B9}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Re: What's a good free anti-spyware program?
Posted: Mon Nov 27, 2006 7:00 pm
by +JuggerNaut+
DTS wrote:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D352B9-DAF6-4BAE-A98C-BCE6C1BE05B9}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EDBE882-CD65-4C61-811C-B8CB93D30EA2}: NameServer = 85.255.116.100,85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.169
from what i gather from that list, the above should be "checked off" and fixed. Tormentius or someone else could verify.
Posted: Mon Nov 27, 2006 7:47 pm
by Captain
What exactly are those? Third-party connections to your computer?
Posted: Mon Nov 27, 2006 8:04 pm
by +JuggerNaut+
DTS, go to a command prompt and type:
netstat -b
take a look at any .exe's that are calling out to the net that you DON'T recognize. google them and see what's up.
Posted: Mon Nov 27, 2006 8:47 pm
by Tormentius
Those HKLM registry entries might be a problem but I don't know offhand. The rest of the report looks fine.
Posted: Tue Nov 28, 2006 3:59 pm
by DTS
+JuggerNaut+ wrote:DTS, go to a command prompt and type:
netstat -b
take a look at any .exe's that are calling out to the net that you DON'T recognize. google them and see what's up.
Nothing.
Tormentius wrote:Those HKLM registry entries might be a problem but I don't know offhand. The rest of the report looks fine.
If I delete them could there be a problem? (I mean if I "fix" them with HijackThis.)
Posted: Tue Nov 28, 2006 4:32 pm
by obsidian
Open regedit, select and export those keys first. Then delete them. If there are any problems, you can restore them by double clicking on the exported .reg file.
Posted: Tue Nov 28, 2006 5:00 pm
by DTS
obsidian wrote:Open regedit, select and export those keys first. Then delete them. If there are any problems, you can restore them by double clicking on the exported .reg file.
It's alright, I found that HijackThis does a backup when one deletes things from it so it's alright.
Posted: Tue Nov 28, 2006 5:07 pm
by Grenader
Adaware is the best one
