Ok but what happens when you go to the update tab and look for updates? Does it download and install updates, or does it always say nothing is available? If the latter, then that's the problem I described. It hasn't had any definition updates in years. Yes, ZA can really slow things down. I haven't used it in a long time, but if it has any AV part to it, disable it (since it obviously doesn't work well either). I can't help you with AVG since I never used it. All I say is to go through ALL of its options, tools or settings, and make sure ALL files are scanned--not just exe files, the real-time active scanning or shield is on all the time for files and webpages, and any heuristics option is on and set to the max. I'm not familiar with the "System performance monitor", did you add that? What's it from, HP? It could be an IM part of Messenger which should be disabled if you don't use it. It could also be the infection you have. See this for possible info on it: http://www.itc.virginia.edu/desktop/docs/messagepopup/ http://forums.techguy.org/malware-removal-hijackthis-logs/494678-systray-virus-alert-your-computer.html http://forums.cnet.com/5208-6132_102-0.html?hhTest=1&forumID=32&threadID=201375&messageID=2159757 It may go away once your PC is clean. -Clint God Bless Clint Hamilton, Owner http://www.OrpheusComputing.com http://www.ComputersCustomBuilt.com ----- Original Message ----- From: "LarryB" I don't see anything that says I can get updates to Sygate. I did the immunization thing with SB and also with Spyware Blaster. I don't see where it scans anything so it must just stop spyware from getting in. My AV program might not be set correctly either. If not then I be back to get advice on what's good. I use to have Zone Alarm but it seemed with every update things got slower so I dumped it. Now I understand that ZA's firewall it in the top 10. I'm printing these emails out so if I lose the ability to reach the Internet I will still have these emails. I am getting a yellow triangle with System performance monitor warnings and don't know if it is the Trojan telling me or my legit system telling me. It suggests I click the balloon to download spyware so it is probably bad. Larry Browning K & L Electronics Anderson, SC Clint Hamilton-PCWorks Admin wrote: > SB is free, that's their only version. So can you get > updates > for Sygate? > > This is probably your problem: iebtm.exe & iebtmm.exe, these > are backdoor Trojans. > http://www.fileresearchcenter.com/I/IEBTM.EXE-13001.html > http://www.bleepingcomputer.com/startups/iebtm.exe-23379.html > http://www.greatis.com/appdata/d/i/iebtmm.exe.htm > http://www.bleepingcomputer.com/startups/iebtm.exe-23379.html > Do a search on them for more info and how to remove it. > Obviously AVG missed it and I would use another AV program. > > I wanted to post that now ASAP, I'll go over the rest next. > -Clint > > God Bless > Clint Hamilton, Owner > http://www.OrpheusComputing.com > http://www.ComputersCustomBuilt.com > > > ----- Original Message ----- > From: "LarryB" > > I may be going off the air as I am getting many warnings. > I will have to bring my computer from home to continue all I > can. > > I am using the free version of SB and Sygate. > > I am also using FF and did what you said in blocking thru > adblock in FF. > > I have tried to run a virus scan but it takes hours. (using > AVG) > > I'll download spyware blaster now also and run it. > > > > I have run HiJackthis and here is the print out. > > Logfile of Trend Micro HijackThis v2.0.2 > Scan saved at 10:53:40 AM, on 8/18/2008 > Platform: Windows XP SP3 (WinNT 5.01.2600) > MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) > Boot mode: Normal > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\Program Files\Sygate\SPF\smc.exe > C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe > C:\WINDOWS\system32\LEXBCES.EXE > C:\WINDOWS\system32\spoolsv.exe > C:\WINDOWS\Explorer.EXE > C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe > C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe > C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe > C:\PROGRA~1\Grisoft\AVG7\avgemc.exe > C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE > C:\WINDOWS\system32\nvsvc32.exe > C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe > C:\WINDOWS\system32\svchost.exe > C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe > C:\Program Files\Applications\iebtm.exe > C:\Program Files\Applications\iebtmm.exe > C:\PROGRA~1\Grisoft\AVG7\avgcc.exe > C:\Program > Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe > C:\WINDOWS\system32\ctfmon.exe > C:\Program Files\Logitech\MouseWare\system\em_exec.exe > C:\Program Files\WordWeb\wweb32.exe > C:\Program Files\Trend Micro\HijackThis\HijackThis.exe > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start > Page > = > about:blank > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local > Page > = > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet > Settings,ProxyOverride = localhost;<local> > R3 - Default URLSearchHook is missing > O2 - BHO: Adobe PDF Reader Link Helper - > {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) > O2 - BHO: (no name) - > {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - > C:\Program Files\Applications\iebt.dll > O2 - BHO: Spybot-S&D IE Protection - > {53707962-6F74-2D53-2644-206D7942484F} - C:\Program > Files\Spybot - > Search & Destroy\SDHelper.dll > O2 - BHO: SSVHelper Class - > {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - > C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll > O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - > C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll > O2 - BHO: SpyWarningBHO Class - > {F58FF278-2198-403b-9170-C95022A194C6} > - C:\Program Files\ASpyC\SpyWarning.dll (file missing) > O3 - Toolbar: PrintMe - > {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - > C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll > O3 - Toolbar: Internet Service - > {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program > Files\Applications\iebr.dll > O4 - HKLM\..\Run: [SmcService] > C:\PROGRA~1\Sygate\SPF\smc.exe -startgui > O4 - HKLM\..\Run: [AVG7_CC] > C:\PROGRA~1\Grisoft\AVG7\avgcc.exe > /STARTUP > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE > C:\WINDOWS\system32\NvCpl.dll,NvStartup > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install > O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE > C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit > O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe > O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program > Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe > /auto > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe > O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program > Files\Applications\wcs.exe > O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program > Files\Applications\iebtm.exe > O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] > C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL > SERVICE') > O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] > C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK > SERVICE') > O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] > C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') > O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] > C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default > user') > O4 - Startup: WordWeb Pro.lnk = C:\Program > Files\WordWeb\wweb32.exe > O8 - Extra context menu item: &WordWeb... - > res://C:\WINDOWS\wweb32.dll/lookup.html > O8 - Extra context menu item: E&xport to Microsoft Excel - > res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 > O9 - Extra button: (no name) - > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} > - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll > O9 - Extra 'Tools' menuitem: Sun Java Console - > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program > Files\Java\jre1.6.0_02\bin\ssv.dll > O9 - Extra button: (no name) - > {9034A523-D068-4BE8-A284-9DF278BE776E} > - http://www.iexplorerfiles.com/redirect.php (file missing) > O9 - Extra 'Tools' menuitem: IE Anti-Spyware - > {9034A523-D068-4BE8-A284-9DF278BE776E} - > http://www.iexplorerfiles.com/redirect.php (file missing) > O9 - Extra button: Research - > {92780B25-18CC-41C8-B9BE-3C9C571A8263} - > C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL > O9 - Extra button: (no name) - > {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} > - (no file) > O9 - Extra button: (no name) - > {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} > - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll > O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy > Configuration > - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program > Files\Spybot - > Search & Destroy\SDHelper.dll > O9 - Extra button: (no name) - > {e2e2dd38-d088-4134-82b7-f2ba38496583} > - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - > {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network > Diagnostic\xpnetdiag.exe > O9 - Extra button: Messenger - > {FB5F1910-F110-11d2-BB9E-00C04F795683} > - C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program > Files\Messenger\msmsgs.exe > O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} > (Support.com > Configuration Class) - > http://help.bellsouth.net/sdccommon/download/tgctlcm.cab > O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} > (ActiveDataInfo > Class) - > https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab > O16 - DPF: {4798E9EE-4524-4149-A852-2021309A579D} (WebCamX > Control) - > http://74.239.177.61/WebCamX.cab > O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - > http://sp.ask.com/docs/toolbar/download/askbar-inst.cab > O16 - DPF: {4BF2E7B7-69F4-4178-B669-257C7C8A4072} (WebCamX > Control) - > http://74.239.177.61/WebCamX.cab > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} > (WUWebControl > Class) > - > http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121684550851 > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} > (MUWebControl > Class) > - > http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201700846590 > O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} > (InstallShield > International Setup Player) - > http://www.broderbund.com/IFW/Cabs/isetup.cab > O16 - DPF: {9107A82A-248A-49E5-A7D2-4E12EAAD4DC2} (WebCamX > Control) - > http://69.15.111.218/WebCamX.cab > O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} > (TLIEFlashObj > Class) > - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB > O16 - DPF: {95A161E7-F130-4BB6-A4A1-4241FD68B9ED} (WebCamX > Control) - > http://74.239.177.61/WebCamX.cab > O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} > (SDCInstaller > Class) > - > http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.277069091796875&file=stamps.cab > O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader > Class) - > https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - > https://www-secure.symantec.com/techsupp/activedata/SymAData.dll > O20 - Winlogon Notify: avgwlntf - > C:\WINDOWS\SYSTEM32\avgwlntf.dll > O22 - SharedTaskScheduler: causes - > {0fe36c74-667b-454b-828e-75e4e72cbef8} - > C:\WINDOWS\system32\euwoeu.dll > O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - > GRISOFT, > s.r.o. > - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe > O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, > s.r.o. - > C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe > O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - > GRISOFT, > s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe > O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, > s.r.o. - > C:\PROGRA~1\Grisoft\AVG7\avgemc.exe > O23 - Service: C-DillaSrv - C-Dilla Ltd - > C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE > O23 - Service: InstallDriver Table Manager (IDriverT) - > Macrovision > Corporation - C:\Program Files\Common > Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe > O23 - Service: LexBce Server (LexBceS) - Lexmark > International, > Inc. - > C:\WINDOWS\system32\LEXBCES.EXE > O23 - Service: LiveUpdate - Logitech, Inc. - (no file) > O23 - Service: NBService - Nero AG - C:\Program > Files\Nero\Nero > 7\Nero > BackItUp\NBService.exe > O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA > Corporation - C:\WINDOWS\system32\nvsvc32.exe > O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc - > C:\Program > Files\Visioneer\OneTouch 4.0\OtService.exe > O23 - Service: Pml Driver HPZ12 - HP - > C:\WINDOWS\System32\HPZipm12.exe > O23 - Service: Sygate Personal Firewall Pro (SmcService) - > Sygate > Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe > > -- > End of file - 8917 bytes ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-