speedbar spyware problem

[Chris]

i have had as problem with a spyware that wont get the
hint to leave. microsofts anti spyware finds it every
time my father uses his account . Ive done the safemode
and scan from administraters acout several times with 4
different programs and they dont find it and when they do
find something its labels as just toolbar spyware.I then
roemove what it finds including all cookies and clear the
temperary file folders and it keeps coming back.

just for thought is this a bug with microsofts anti
spyware because the other start up spyware scanners dont
detect it.

 

[AndyManchesta]

To double check for it try this:


Check add/remove screen for these and remove if found:

MYWAY SPEEDBAR
MY SEARCHBAR
MY WEB SEARCH BAR
FUN WEB PRODUCTS EASY INSTALLER
SEARCH BOX
SEARCH ASSISTANT
SMILEY CENTRAL
CURSOR MANIA
FUN BUDDY ICONS
HISTORY SWATTER
MY FUN CARDS
MY INFO
MY MAIL NOTIFIER
MY MAIL SIGNATURE
MY MAIL STAMP
MY MAIL STATIONERY
POPULAR SCREENSAVERS




reset your home page (Internet Options-General->Start
Page) if it has been changed, and search settings
(Internet Options->Programs->Reset web settings)



Although none of these products claim to be spyware, they
do slow your computer down. All of the products use
cookies to track usage, they claim not to use cookies to
track personally identifiable information. That being
said, I would still recommend uninstalling the toolbar
and other Fun Web Products. They are found by most
spyware removal tools such as

Spybot Search and Destroy

http://fileforum.betanews.com/download/Spybot_Search_and_D
estroy/1043809773/1

Lavasoft Ad-Aware

http://fileforum.betanews.com/download/Spybot_Search_and_D
estroy/1043809773/1

although they are deemed spyware safe by Aluria Software
who created a Spyware SAFE Certification ?




Reboot and check thats its gone after running the scanners


If its still being detected download Hijack This:

http://www.spywareinfo.com/~merijn/files/hijackthis.zip


Download Hijack this to its own folder(either desktop or
c/drive) Choose to run a scan and save the logfile.

The Myway entries if present will look like this:



R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-
5838F569A31D} - C:\Program
Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-
072E-44cf-8957-5838F569A31D} - C:\Program
Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-
170DE4475CCA} - C:\Program
Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-
170DE4475CCA} - C:\Program
Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1
\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1
\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program
Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk =
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZWYYYYYYYYUS

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyW
ebSearchInitialSetup1.0.0.8-2.cab

If found close all open widow except hijack this,check
each of the entries for fixing then press 'Fix Checked'


Next, open My Computer, Drive C, and double-click on the
Program Files folder

Right-click and delete the folders for:

FunWebProducts
MyWebSearch




Regards Andy

 

[AndyManc]

Just noticed i didnt put the link to Adaware

Adaware SE:

http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-
8022_4-10399602.html?tag=sptlt_s


And Ccleaner might help to clear all temp & unused files
on your system

http://download.ccleaner.com/download119bin.asp

Run it on all 3 settings (windows,apps & issues) and
clear anything found.


All the best


Andy

 

[Chris]

The only 2 or 3 uinstalations i was unsure about was a
program "ps2" "KBD"(just that no numbers after)
AND "python" i removed the first 2 and suspected the
third to be a game. could these cause problems??

 

[AndyManchesta]

Hi Chris ,

Ive not heard of any of these,were they found in the
program files folder or the add/remove screen ? Without
any filenames its hard to say what software or
applications these belong to.

If MS Antispy is detecting Speedbar on your fathers
account, you need to do all the checks and run the
removers in that account as they probably wouldnt show up
in your own account.

If you have already removed the 3 programs and nothing
has become unstable then they may not be needed but using
hijack this is a safer way, you can post the log and id
check all the entries for you and let you know what to
remove.If you did this though Hijack this would also have
to be run from your Fathers account.If its Myway Speedbar
in most cases removing it from the add/remove screen will
uninstall it

Theres some sites that can also analyse the Hijack this
log if you need to use it. paste it onto their site and
then it gives info on each entry and lets you know where
to start

http://www.hijackthis.de/en

http://hjt.iamnotageek.com/

http://www.help2go.com/modules.php?name=HJTDetective


But if its just a myway problem it may not be
needed ,double check things using your fathers account
and check if its still being detected before using hijack
this,


Andy

 

[Chris]

this is the log file. I wonder if microsoft spywares
getting confused with certain files. most of what
hijackthis .de said were confusions with files that I
know were installed with the computer when i got it. see
if any thing could be a red flag for that i dont see.

----------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:50:11 AM, on 6/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BitComet\BitComet.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft
AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft
AntiSpyware\GIANTAntiSpywareMain.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\HP_Owner\Local
Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=deskto
p
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desk
top
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=deskto
p
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desk
top
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desk
top
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-
4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-
05D28BCF79F5} - c:\Program Files\HP\Digital
Imaging\bin\HPDTLK02.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page
Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32
\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program
Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}
\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32
\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1
\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1
\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1
\MpfTray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program
Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program
Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program
Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1
\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program
Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Add To HP Organize... -
C:\PROGRA~1\HEWLET~1\HPORGA~1
\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32
\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.aim.com
O15 - Trusted Zone: www.cnet.com
O15 - Trusted Zone: http://www.fileplanet.com
O15 - Trusted Zone: http://www.freeservers.com
O15 - Trusted Zone: http://webmail.frontiernet.net
O15 - Trusted Zone: www.webmail.frontiernet.net
O15 - Trusted Zone: www.gamefly.com
O15 - Trusted Zone: www.gamespy.com
O15 - Trusted Zone: www.hotmail.com
O15 - Trusted Zone: http://www.hp.com
O15 - Trusted Zone: http://www.shopping.hp.com
O15 - Trusted Zone: www.icqphone.com
O15 - Trusted Zone: www.mcafee.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.microsoftgaminginsider.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: www.netcape.com
O15 - Trusted Zone: www.netscape.com
O15 - Trusted Zone: http://www.netscape.com
O15 - Trusted Zone: www.orbitz.com
O15 - Trusted Zone: http://www.shockwave.com
O15 - Trusted Zone: http://www.shutterfly.com
O15 - Trusted Zone: http://www.smoothwall.org
O15 - Trusted Zone: www.sprite.com
O15 - Trusted Zone: http://www.tigerdirect.com
O15 - Trusted Zone: http://www.ups.com
O15 - Trusted Zone: www.zone.com
O15 - Trusted Zone: http://www.zone.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
(FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.0.0.59.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
(ExentInf Class) -
http://us.games2.yimg.com/download.games.yahoo.com/games/p
lay/client/exentctl_0_0_0_1.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}
(Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-
JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32
\igfxsrvc.dll
O23 - Service: Brother Popup Suspend service for Resource
manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32
\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) -
brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple
Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling
Service (LightScribeService) - Unknown owner - c:\Program
Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown
owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime
Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service
(MpfService) - McAfee Corporation - C:\PROGRA~1
\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) -
McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) -
Webroot Software, Inc. - C:\Program Files\Webroot\Spy
Sweeper\WRSSSDK.exe

 

[Guest]

Go to msconfig in run folder.

Turn off restore function

reboot into safe mode.

Run MS Antispyware.

reboot and run msconfig

restart restore function

The persistence of the problem lies in the act that it's
resident in restore files. Turning off system restore
deletes these files. Running the antispyware will remove
any detectable instances. Turning rstore back on will then
create a clean restore point.

Pleas be sure your system is fully operable before truning
restore off as the resore points will all go by by.

EJ

-----Original Message-----
this is the log file. I wonder if microsoft spywares
getting confused with certain files. most of what
hijackthis .de said were confusions with files that I
know were installed with the computer when i got it. see
if any thing could be a red flag for that i dont see.

----------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:50:11 AM, on 6/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BitComet\BitComet.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft
AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft
AntiSpyware\GIANTAntiSpywareMain.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\HP_Owner\Local
Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=deskto
p
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desk
top
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=deskto
p
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desk
top
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desk
top
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-
4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-
05D28BCF79F5} - c:\Program Files\HP\Digital
Imaging\bin\HPDTLK02.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page
Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32
\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program
Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}
\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32
\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1
\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1
\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1
\MpfTray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program
Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program
Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program
Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1
\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program
Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Add To HP Organize... -
C:\PROGRA~1\HEWLET~1\HPORGA~1
\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32
\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.aim.com
O15 - Trusted Zone: www.cnet.com
O15 - Trusted Zone: http://www.fileplanet.com
O15 - Trusted Zone: http://www.freeservers.com
O15 - Trusted Zone: http://webmail.frontiernet.net
O15 - Trusted Zone: www.webmail.frontiernet.net
O15 - Trusted Zone: www.gamefly.com
O15 - Trusted Zone: www.gamespy.com
O15 - Trusted Zone: www.hotmail.com
O15 - Trusted Zone: http://www.hp.com
O15 - Trusted Zone: http://www.shopping.hp.com
O15 - Trusted Zone: www.icqphone.com
O15 - Trusted Zone: www.mcafee.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.microsoftgaminginsider.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: www.netcape.com
O15 - Trusted Zone: www.netscape.com
O15 - Trusted Zone: http://www.netscape.com
O15 - Trusted Zone: www.orbitz.com
O15 - Trusted Zone: http://www.shockwave.com
O15 - Trusted Zone: http://www.shutterfly.com
O15 - Trusted Zone: http://www.smoothwall.org
O15 - Trusted Zone: www.sprite.com
O15 - Trusted Zone: http://www.tigerdirect.com
O15 - Trusted Zone: http://www.ups.com
O15 - Trusted Zone: www.zone.com
O15 - Trusted Zone: http://www.zone.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
(FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.0.0.59.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
(ExentInf Class) -
http://us.games2.yimg.com/download.games.yahoo.com/games/p
lay/client/exentctl_0_0_0_1.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}
(Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-
JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32
\igfxsrvc.dll
O23 - Service: Brother Popup Suspend service for Resource
manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32
\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) -
brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple
Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling
Service (LightScribeService) - Unknown owner - c:\Program
Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown
owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime
Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1
\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service
(MpfService) - McAfee Corporation - C:\PROGRA~1
\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) -
McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) -
Webroot Software, Inc. - C:\Program Files\Webroot\Spy
Sweeper\WRSSSDK.exe

-----Original Message-----


Hi Chris ,

Ive not heard of any of these,were they found in the
program files folder or the add/remove screen ? Without
any filenames its hard to say what software or
applications these belong to.

If MS Antispy is detecting Speedbar on your fathers
account, you need to do all the checks and run the
removers in that account as they probably wouldnt show up
in your own account.

If you have already removed the 3 programs and nothing
has become unstable then they may not be needed but using
hijack this is a safer way, you can post the log and id
check all the entries for you and let you know what to
remove.If you did this though Hijack this would also have
to be run from your Fathers account.If its Myway Speedbar
in most cases removing it from the add/remove screen will
uninstall it

Theres some sites that can also analyse the Hijack this
log if you need to use it. paste it onto their site and
then it gives info on each entry and lets you know where
to start

http://www.hijackthis.de/en

http://hjt.iamnotageek.com/

http://www.help2go.com/modules.php?name=HJTDetective


But if its just a myway problem it may not be
needed ,double check things using your fathers account
and check if its still being detected before using hijack
this,


Andy
.

.

 

[chris]

Im going to try ej's thought.(thats not somthing I had
thought to try yet)

also brings me to the thought ui should find a sugestions
box to add that the antispyware should give you the
location of the suspected file before and after its been
cleaned so I could check for it being in these places.

I'll be sure to tell what happens.

-----Original Message-----

Hi Chris

You've not really got any problems showing at all,Theres
a couple of things that are needed but this wouldnt
relate to speedbar.Here's a couple of things you can
remove from the log if you want:


First move Hijack this out of a temp folder.Right click
desktop or c/drive and choose new then new folder name it
hijack this and press enter.Open C:\Documents and
Settings\HP_Owner\Local Settings \Temp folder and move
Hijack this from there into the new folder


Next can you have a file on your pc checked out at this
site:

http://virusscan.jotti.org/

When the site opens click browse and find the
bitcomet.exe file then press submit.

C:\Program Files\BitComet\BitComet.exe

Its probably genuine but the site uses 13 virus scanners
and will check it for malware, i just want to make sure
its clean.


There is alot of sites been added to the trusted
zone,Thats these entries:


O15 - Trusted Zone: www.aim.com
O15 - Trusted Zone: www.cnet.com
O15 - Trusted Zone: http://www.fileplanet.com
O15 - Trusted Zone: http://www.freeservers.com
O15 - Trusted Zone: http://webmail.frontiernet.net
O15 - Trusted Zone: www.webmail.frontiernet.net
O15 - Trusted Zone: www.gamefly.com
O15 - Trusted Zone: www.gamespy.com
O15 - Trusted Zone: www.hotmail.com
O15 - Trusted Zone: http://www.hp.com
O15 - Trusted Zone: http://www.shopping.hp.com
O15 - Trusted Zone: www.icqphone.com
O15 - Trusted Zone: www.mcafee.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.microsoftgaminginsider.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: www.netcape.com
O15 - Trusted Zone: www.netscape.com
O15 - Trusted Zone: http://www.netscape.com
O15 - Trusted Zone: www.orbitz.com
O15 - Trusted Zone: http://www.shockwave.com
O15 - Trusted Zone: http://www.shutterfly.com
O15 - Trusted Zone: http://www.smoothwall.org
O15 - Trusted Zone: www.sprite.com
O15 - Trusted Zone: http://www.tigerdirect.com
O15 - Trusted Zone: http://www.ups.com
O15 - Trusted Zone: www.zone.com
O15 - Trusted Zone: http://www.zone.com


If you want to keep them all in the trusted zone you wont
need this but to clear them download deldomains to reset
the security & trusted zones & then fix the entries using
hijack this

Download deldomains to reset the security & trusted zones:

http://andymanchesta.com/Downloads/DelDomains.inf

(Save it to desktop>right click and choose Install >The
dsktop icons will flash then its reset the zones)


The KBD folder you mentioned in a earlier post is
genuine,Now i can see the path its owned by HP for use
with logitech keyboards.ps2 again is connected to
Keyboards and HP computers,If deleted some keyboards
could stop working.



Run Hijack This,Check these entries for fixing Close all
open windows except hijack this then press 'Fix Checked'



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot

(This isnt malicious but isnt needed either,its not owned
by real player run each time you boot looking for updates)


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime

(Again,Not malicious but not needed at all to play
Quicktime files,Fix it to stop it loading on boot)


Download Adaware SE/Spybot S&D & Ccleaner

Adaware SE

http://www.download.com/3000-2144-10045910.html?
part=69274&subj=dlpage&tag=button


Spybot S&D

http://fileforum.betanews.com/download/Spybot_Search_and_ D
estroy/1043809773/1

Ccleaner

http://download.ccleaner.com/download119bin.asp



Run Adaware SE & Spybot,Update and run a full system scan
and remove anything found then run Ccleaner on all 3
settings (windows,apps & issues) and clear anything found




Reboot and Try MS Antispy again and see if its still
detecting any problems




Andy


.

 

[chris]

Well aparently cleaning restore stoped it from
resurecting. the only stupid part was that spysweeper
that i instructed to search restore folder did not find
it there and that none of the other fullfunction spywares
dont have an option to inform of this to be done. thank
you ej and andy for your help.

Chris

-----Original Message-----
Im going to try ej's thought.(thats not somthing I had
thought to try yet)

also brings me to the thought ui should find a sugestions
box to add that the antispyware should give you the
location of the suspected file before and after its been
cleaned so I could check for it being in these places.

I'll be sure to tell what happens.

-----Original Message-----

Hi Chris

You've not really got any problems showing at all,Theres
a couple of things that are needed but this wouldnt
relate to speedbar.Here's a couple of things you can
remove from the log if you want:


First move Hijack this out of a temp folder.Right click
desktop or c/drive and choose new then new folder name it
hijack this and press enter.Open C:\Documents and
Settings\HP_Owner\Local Settings \Temp folder and move
Hijack this from there into the new folder


Next can you have a file on your pc checked out at this
site:

http://virusscan.jotti.org/

When the site opens click browse and find the
bitcomet.exe file then press submit.

C:\Program Files\BitComet\BitComet.exe

Its probably genuine but the site uses 13 virus scanners
and will check it for malware, i just want to make sure
its clean.


There is alot of sites been added to the trusted
zone,Thats these entries:


O15 - Trusted Zone: www.aim.com
O15 - Trusted Zone: www.cnet.com
O15 - Trusted Zone: http://www.fileplanet.com
O15 - Trusted Zone: http://www.freeservers.com
O15 - Trusted Zone: http://webmail.frontiernet.net
O15 - Trusted Zone: www.webmail.frontiernet.net
O15 - Trusted Zone: www.gamefly.com
O15 - Trusted Zone: www.gamespy.com
O15 - Trusted Zone: www.hotmail.com
O15 - Trusted Zone: http://www.hp.com
O15 - Trusted Zone: http://www.shopping.hp.com
O15 - Trusted Zone: www.icqphone.com
O15 - Trusted Zone: www.mcafee.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.microsoftgaminginsider.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: www.netcape.com
O15 - Trusted Zone: www.netscape.com
O15 - Trusted Zone: http://www.netscape.com
O15 - Trusted Zone: www.orbitz.com
O15 - Trusted Zone: http://www.shockwave.com
O15 - Trusted Zone: http://www.shutterfly.com
O15 - Trusted Zone: http://www.smoothwall.org
O15 - Trusted Zone: www.sprite.com
O15 - Trusted Zone: http://www.tigerdirect.com
O15 - Trusted Zone: http://www.ups.com
O15 - Trusted Zone: www.zone.com
O15 - Trusted Zone: http://www.zone.com


If you want to keep them all in the trusted zone you wont
need this but to clear them download deldomains to reset
the security & trusted zones & then fix the entries using
hijack this

Download deldomains to reset the security & trusted zones:

http://andymanchesta.com/Downloads/DelDomains.inf

(Save it to desktop>right click and choose Install >The
dsktop icons will flash then its reset the zones)


The KBD folder you mentioned in a earlier post is
genuine,Now i can see the path its owned by HP for use
with logitech keyboards.ps2 again is connected to
Keyboards and HP computers,If deleted some keyboards
could stop working.



Run Hijack This,Check these entries for fixing Close all
open windows except hijack this then press 'Fix Checked'



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot

(This isnt malicious but isnt needed either,its not owned
by real player run each time you boot looking for updates)


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime

(Again,Not malicious but not needed at all to play
Quicktime files,Fix it to stop it loading on boot)


Download Adaware SE/Spybot S&D & Ccleaner

Adaware SE

http://www.download.com/3000-2144-10045910.html?
part=69274&subj=dlpage&tag=button


Spybot S&D

http://fileforum.betanews.com/download/Spybot_Search_and

_

D
estroy/1043809773/1

Ccleaner

http://download.ccleaner.com/download119bin.asp



Run Adaware SE & Spybot,Update and run a full system scan
and remove anything found then run Ccleaner on all 3
settings (windows,apps & issues) and clear anything found




Reboot and Try MS Antispy again and see if its still
detecting any problems




Andy


.

.

 

[AndyManchesta]

Nice to hear its cleared it for you ,Well Done EJ

At least you can now be sure your system is clean as you
have no malicious entries showing.The quicktime and
realplayer related ones are not needed but not malware
either.The bitcomet name is probably safe,I just remember
a worm that uses the same filename so thought its worth
checking but now your problems are solved that may not be
needed either.Im glad EJ thought of the restore because
with your log being clean i was relying on spybot or
adaware to find the problem




Regards

Andy Manc