Re: [PCWorks] How do I get this out of my system tray?
- From: LarryB <larryb227@xxxxxxxxxxxxx>
- To: pcworks@xxxxxxxxxxxxx
- Date: Tue, 19 Aug 2008 15:30:36 -0400
added comments to this post.
===========================
LarryB
Have a great day
Clint Hamilton-PCWorks Admin wrote:
> Ok but what happens when you go to the update tab and look for
> updates? Does it download and install updates, or does it
> always say nothing is available? If the latter, then that's
> the problem I described. It hasn't had any definition updates
> in years. Yes, ZA can really slow things down. I haven't used
> it in a long time, but if it has any AV part to it, disable it
> (since it obviously doesn't work well either).
> Can't update as none are available.
=========================================================
> I can't help you with AVG since I never used it. All I say is
> to go through ALL of its options, tools or settings, and make
> sure ALL files are scanned--not just exe files, the real-time
> active scanning or shield is on all the time for files and
> webpages, and any heuristics option is on and set to the max.
I will check AVG and see if there any items I may have missed.
=================================================================
>
> I'm not familiar with the "System performance monitor", did you
> add that?
I did not add it. It just started to show up with this yellow triangle.
=========================================================================
What's it from, HP?
I really can't tell where it comes from.
========================================================================
It could be an IM part of
> Messenger which should be disabled if you don't use it. It
> could also be the infection you have. See this for possible
> info on it:
> http://www.itc.virginia.edu/desktop/docs/messagepopup/
> http://forums.techguy.org/malware-removal-hijackthis-logs/494678-systray-virus-alert-your-computer.html
> http://forums.cnet.com/5208-6132_102-0.html?hhTest=1&forumID=32&threadID=201375&messageID=2159757
> It may go away once your PC is clean.
> -Clint
>
> God Bless
> Clint Hamilton, Owner
> http://www.OrpheusComputing.com
> http://www.ComputersCustomBuilt.com
>
>
> ----- Original Message -----
> From: "LarryB"
>
>
> I don't see anything that says I can get updates to Sygate.
>
> I did the immunization thing with SB and also with Spyware
> Blaster.
> I don't see where it scans anything so it must just stop
> spyware from
> getting in.
>
> My AV program might not be set correctly either. If not then I
> be back
> to get advice on what's good.
>
> I use to have Zone Alarm but it seemed with every update things
> got
> slower so I dumped it.
>
> Now I understand that ZA's firewall it in the top 10.
>
> I'm printing these emails out so if I lose the ability to reach
> the
> Internet I will still have these emails.
>
> I am getting a yellow triangle with System performance monitor
> warnings and don't know if it is the Trojan telling me or my
> legit
> system telling me. It suggests I click the balloon to download
> spyware
> so it is probably bad.
>
>
> Larry Browning
> K & L Electronics
> Anderson, SC
>
>
>
> Clint Hamilton-PCWorks Admin wrote:
>
>>SB is free, that's their only version. So can you get
>>updates
>>for Sygate?
>>
>>This is probably your problem: iebtm.exe & iebtmm.exe, these
>>are backdoor Trojans.
>>http://www.fileresearchcenter.com/I/IEBTM.EXE-13001.html
>>http://www.bleepingcomputer.com/startups/iebtm.exe-23379.html
>>http://www.greatis.com/appdata/d/i/iebtmm.exe.htm
>>http://www.bleepingcomputer.com/startups/iebtm.exe-23379.html
>>Do a search on them for more info and how to remove it.
>>Obviously AVG missed it and I would use another AV program.
>>
>>I wanted to post that now ASAP, I'll go over the rest next.
>>-Clint
>>
>>God Bless
>>Clint Hamilton, Owner
>>http://www.OrpheusComputing.com
>>http://www.ComputersCustomBuilt.com
>>
>>
>>----- Original Message -----
>>From: "LarryB"
>>
>>I may be going off the air as I am getting many warnings.
>>I will have to bring my computer from home to continue all I
>>can.
>>
>>I am using the free version of SB and Sygate.
>>
>>I am also using FF and did what you said in blocking thru
>>adblock in FF.
>>
>>I have tried to run a virus scan but it takes hours. (using
>>AVG)
>>
>>I'll download spyware blaster now also and run it.
>>
>>
>>
>>I have run HiJackthis and here is the print out.
>>
>>Logfile of Trend Micro HijackThis v2.0.2
>>Scan saved at 10:53:40 AM, on 8/18/2008
>>Platform: Windows XP SP3 (WinNT 5.01.2600)
>>MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
>>Boot mode: Normal
>>
>>Running processes:
>>C:\WINDOWS\System32\smss.exe
>>C:\WINDOWS\system32\winlogon.exe
>>C:\WINDOWS\system32\services.exe
>>C:\WINDOWS\system32\lsass.exe
>>C:\WINDOWS\system32\svchost.exe
>>C:\WINDOWS\System32\svchost.exe
>>C:\Program Files\Sygate\SPF\smc.exe
>>C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
>>C:\WINDOWS\system32\LEXBCES.EXE
>>C:\WINDOWS\system32\spoolsv.exe
>>C:\WINDOWS\Explorer.EXE
>>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
>>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
>>C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
>>C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
>>C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
>>C:\WINDOWS\system32\nvsvc32.exe
>>C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
>>C:\WINDOWS\system32\svchost.exe
>>C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
>>C:\Program Files\Applications\iebtm.exe
>>C:\Program Files\Applications\iebtmm.exe
>>C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
>>C:\Program
>>Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
>>C:\WINDOWS\system32\ctfmon.exe
>>C:\Program Files\Logitech\MouseWare\system\em_exec.exe
>>C:\Program Files\WordWeb\wweb32.exe
>>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
>>
>>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
>>Page
>>=
>>about:blank
>>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
>>Page
>>=
>>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
>>Settings,ProxyOverride = localhost;<local>
>>R3 - Default URLSearchHook is missing
>>O2 - BHO: Adobe PDF Reader Link Helper -
>>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
>>O2 - BHO: (no name) -
>>{300CF5C9-F02D-4CB8-ABED-9C229DA56825} -
>>C:\Program Files\Applications\iebt.dll
>>O2 - BHO: Spybot-S&D IE Protection -
>>{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
>>Files\Spybot -
>>Search & Destroy\SDHelper.dll
>>O2 - BHO: SSVHelper Class -
>>{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
>>C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
>>O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} -
>>C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
>>O2 - BHO: SpyWarningBHO Class -
>>{F58FF278-2198-403b-9170-C95022A194C6}
>>- C:\Program Files\ASpyC\SpyWarning.dll (file missing)
>>O3 - Toolbar: PrintMe -
>>{97387E2B-B2FA-4E4A-A607-F3B5C134F71C} -
>>C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
>>O3 - Toolbar: Internet Service -
>>{254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program
>>Files\Applications\iebr.dll
>>O4 - HKLM\..\Run: [SmcService]
>>C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
>>O4 - HKLM\..\Run: [AVG7_CC]
>>C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
>>/STARTUP
>>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
>>C:\WINDOWS\system32\NvCpl.dll,NvStartup
>>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
>>O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
>>C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
>>O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
>>O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program
>>Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
>>/auto
>>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
>>O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program
>>Files\Applications\wcs.exe
>>O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program
>>Files\Applications\iebtm.exe
>>O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]
>>C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL
>>SERVICE')
>>O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]
>>C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK
>>SERVICE')
>>O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]
>>C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
>>O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]
>>C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default
>>user')
>>O4 - Startup: WordWeb Pro.lnk = C:\Program
>>Files\WordWeb\wweb32.exe
>>O8 - Extra context menu item: &WordWeb... -
>>res://C:\WINDOWS\wweb32.dll/lookup.html
>>O8 - Extra context menu item: E&xport to Microsoft Excel -
>>res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
>>O9 - Extra button: (no name) -
>>{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
>>- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
>>O9 - Extra 'Tools' menuitem: Sun Java Console -
>>{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
>>Files\Java\jre1.6.0_02\bin\ssv.dll
>>O9 - Extra button: (no name) -
>>{9034A523-D068-4BE8-A284-9DF278BE776E}
>>- http://www.iexplorerfiles.com/redirect.php (file missing)
>>O9 - Extra 'Tools' menuitem: IE Anti-Spyware -
>>{9034A523-D068-4BE8-A284-9DF278BE776E} -
>>http://www.iexplorerfiles.com/redirect.php (file missing)
>>O9 - Extra button: Research -
>>{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
>>C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
>>O9 - Extra button: (no name) -
>>{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
>>- (no file)
>>O9 - Extra button: (no name) -
>>{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
>>- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
>>O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy
>>Configuration
>>- {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program
>>Files\Spybot -
>>Search & Destroy\SDHelper.dll
>>O9 - Extra button: (no name) -
>>{e2e2dd38-d088-4134-82b7-f2ba38496583}
>>- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
>>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
>>{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
>>Diagnostic\xpnetdiag.exe
>>O9 - Extra button: Messenger -
>>{FB5F1910-F110-11d2-BB9E-00C04F795683}
>>- C:\Program Files\Messenger\msmsgs.exe
>>O9 - Extra 'Tools' menuitem: Windows Messenger -
>>{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>>Files\Messenger\msmsgs.exe
>>O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
>>(Support.com
>>Configuration Class) -
>>http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
>>O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8}
>>(ActiveDataInfo
>>Class) -
>>https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
>>O16 - DPF: {4798E9EE-4524-4149-A852-2021309A579D} (WebCamX
>>Control) -
>>http://74.239.177.61/WebCamX.cab
>>O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} -
>>http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
>>O16 - DPF: {4BF2E7B7-69F4-4178-B669-257C7C8A4072} (WebCamX
>>Control) -
>>http://74.239.177.61/WebCamX.cab
>>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
>>(WUWebControl
>>Class)
>>-
>>http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121684550851
>>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
>>(MUWebControl
>>Class)
>>-
>>http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201700846590
>>O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68}
>>(InstallShield
>>International Setup Player) -
>>http://www.broderbund.com/IFW/Cabs/isetup.cab
>>O16 - DPF: {9107A82A-248A-49E5-A7D2-4E12EAAD4DC2} (WebCamX
>>Control) -
>>http://69.15.111.218/WebCamX.cab
>>O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764}
>>(TLIEFlashObj
>>Class)
>>- https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
>>O16 - DPF: {95A161E7-F130-4BB6-A4A1-4241FD68B9ED} (WebCamX
>>Control) -
>>http://74.239.177.61/WebCamX.cab
>>O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A}
>>(SDCInstaller
>>Class)
>>-
>>http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.277069091796875&file=stamps.cab
>>O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader
>>Class) -
>>https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
>>O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
>>https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
>>O20 - Winlogon Notify: avgwlntf -
>>C:\WINDOWS\SYSTEM32\avgwlntf.dll
>>O22 - SharedTaskScheduler: causes -
>>{0fe36c74-667b-454b-828e-75e4e72cbef8} -
>>C:\WINDOWS\system32\euwoeu.dll
>>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
>>GRISOFT,
>>s.r.o.
>>- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
>>O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,
>>s.r.o. -
>>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
>>O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) -
>>GRISOFT,
>>s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
>>O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT,
>>s.r.o. -
>>C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
>>O23 - Service: C-DillaSrv - C-Dilla Ltd -
>>C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
>>O23 - Service: InstallDriver Table Manager (IDriverT) -
>>Macrovision
>>Corporation - C:\Program Files\Common
>>Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
>>O23 - Service: LexBce Server (LexBceS) - Lexmark
>>International,
>>Inc. -
>>C:\WINDOWS\system32\LEXBCES.EXE
>>O23 - Service: LiveUpdate - Logitech, Inc. - (no file)
>>O23 - Service: NBService - Nero AG - C:\Program
>>Files\Nero\Nero
>>7\Nero
>>BackItUp\NBService.exe
>>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
>>Corporation - C:\WINDOWS\system32\nvsvc32.exe
>>O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc -
>>C:\Program
>>Files\Visioneer\OneTouch 4.0\OtService.exe
>>O23 - Service: Pml Driver HPZ12 - HP -
>>C:\WINDOWS\System32\HPZipm12.exe
>>O23 - Service: Sygate Personal Firewall Pro (SmcService) -
>>Sygate
>>Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
