added comments to this post. =========================== LarryB Have a great day Clint Hamilton-PCWorks Admin wrote: > Ok but what happens when you go to the update tab and look for > updates? Does it download and install updates, or does it > always say nothing is available? If the latter, then that's > the problem I described. It hasn't had any definition updates > in years. Yes, ZA can really slow things down. I haven't used > it in a long time, but if it has any AV part to it, disable it > (since it obviously doesn't work well either). > Can't update as none are available. ========================================================= > I can't help you with AVG since I never used it. All I say is > to go through ALL of its options, tools or settings, and make > sure ALL files are scanned--not just exe files, the real-time > active scanning or shield is on all the time for files and > webpages, and any heuristics option is on and set to the max. I will check AVG and see if there any items I may have missed. ================================================================= > > I'm not familiar with the "System performance monitor", did you > add that? I did not add it. It just started to show up with this yellow triangle. ========================================================================= What's it from, HP? I really can't tell where it comes from. ======================================================================== It could be an IM part of > Messenger which should be disabled if you don't use it. It > could also be the infection you have. See this for possible > info on it: > http://www.itc.virginia.edu/desktop/docs/messagepopup/ > http://forums.techguy.org/malware-removal-hijackthis-logs/494678-systray-virus-alert-your-computer.html > http://forums.cnet.com/5208-6132_102-0.html?hhTest=1&forumID=32&threadID=201375&messageID=2159757 > It may go away once your PC is clean. > -Clint > > God Bless > Clint Hamilton, Owner > http://www.OrpheusComputing.com > http://www.ComputersCustomBuilt.com > > > ----- Original Message ----- > From: "LarryB" > > > I don't see anything that says I can get updates to Sygate. > > I did the immunization thing with SB and also with Spyware > Blaster. > I don't see where it scans anything so it must just stop > spyware from > getting in. > > My AV program might not be set correctly either. If not then I > be back > to get advice on what's good. > > I use to have Zone Alarm but it seemed with every update things > got > slower so I dumped it. > > Now I understand that ZA's firewall it in the top 10. > > I'm printing these emails out so if I lose the ability to reach > the > Internet I will still have these emails. > > I am getting a yellow triangle with System performance monitor > warnings and don't know if it is the Trojan telling me or my > legit > system telling me. It suggests I click the balloon to download > spyware > so it is probably bad. > > > Larry Browning > K & L Electronics > Anderson, SC > > > > Clint Hamilton-PCWorks Admin wrote: > >>SB is free, that's their only version. So can you get >>updates >>for Sygate? >> >>This is probably your problem: iebtm.exe & iebtmm.exe, these >>are backdoor Trojans. >>http://www.fileresearchcenter.com/I/IEBTM.EXE-13001.html >>http://www.bleepingcomputer.com/startups/iebtm.exe-23379.html >>http://www.greatis.com/appdata/d/i/iebtmm.exe.htm >>http://www.bleepingcomputer.com/startups/iebtm.exe-23379.html >>Do a search on them for more info and how to remove it. >>Obviously AVG missed it and I would use another AV program. >> >>I wanted to post that now ASAP, I'll go over the rest next. >>-Clint >> >>God Bless >>Clint Hamilton, Owner >>http://www.OrpheusComputing.com >>http://www.ComputersCustomBuilt.com >> >> >>----- Original Message ----- >>From: "LarryB" >> >>I may be going off the air as I am getting many warnings. >>I will have to bring my computer from home to continue all I >>can. >> >>I am using the free version of SB and Sygate. >> >>I am also using FF and did what you said in blocking thru >>adblock in FF. >> >>I have tried to run a virus scan but it takes hours. (using >>AVG) >> >>I'll download spyware blaster now also and run it. >> >> >> >>I have run HiJackthis and here is the print out. >> >>Logfile of Trend Micro HijackThis v2.0.2 >>Scan saved at 10:53:40 AM, on 8/18/2008 >>Platform: Windows XP SP3 (WinNT 5.01.2600) >>MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) >>Boot mode: Normal >> >>Running processes: >>C:\WINDOWS\System32\smss.exe >>C:\WINDOWS\system32\winlogon.exe >>C:\WINDOWS\system32\services.exe >>C:\WINDOWS\system32\lsass.exe >>C:\WINDOWS\system32\svchost.exe >>C:\WINDOWS\System32\svchost.exe >>C:\Program Files\Sygate\SPF\smc.exe >>C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe >>C:\WINDOWS\system32\LEXBCES.EXE >>C:\WINDOWS\system32\spoolsv.exe >>C:\WINDOWS\Explorer.EXE >>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe >>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe >>C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe >>C:\PROGRA~1\Grisoft\AVG7\avgemc.exe >>C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE >>C:\WINDOWS\system32\nvsvc32.exe >>C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe >>C:\WINDOWS\system32\svchost.exe >>C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe >>C:\Program Files\Applications\iebtm.exe >>C:\Program Files\Applications\iebtmm.exe >>C:\PROGRA~1\Grisoft\AVG7\avgcc.exe >>C:\Program >>Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe >>C:\WINDOWS\system32\ctfmon.exe >>C:\Program Files\Logitech\MouseWare\system\em_exec.exe >>C:\Program Files\WordWeb\wweb32.exe >>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe >> >>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start >>Page >>= >>about:blank >>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local >>Page >>= >>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet >>Settings,ProxyOverride = localhost;<local> >>R3 - Default URLSearchHook is missing >>O2 - BHO: Adobe PDF Reader Link Helper - >>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) >>O2 - BHO: (no name) - >>{300CF5C9-F02D-4CB8-ABED-9C229DA56825} - >>C:\Program Files\Applications\iebt.dll >>O2 - BHO: Spybot-S&D IE Protection - >>{53707962-6F74-2D53-2644-206D7942484F} - C:\Program >>Files\Spybot - >>Search & Destroy\SDHelper.dll >>O2 - BHO: SSVHelper Class - >>{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - >>C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll >>O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - >>C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll >>O2 - BHO: SpyWarningBHO Class - >>{F58FF278-2198-403b-9170-C95022A194C6} >>- C:\Program Files\ASpyC\SpyWarning.dll (file missing) >>O3 - Toolbar: PrintMe - >>{97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - >>C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll >>O3 - Toolbar: Internet Service - >>{254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program >>Files\Applications\iebr.dll >>O4 - HKLM\..\Run: [SmcService] >>C:\PROGRA~1\Sygate\SPF\smc.exe -startgui >>O4 - HKLM\..\Run: [AVG7_CC] >>C:\PROGRA~1\Grisoft\AVG7\avgcc.exe >>/STARTUP >>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE >>C:\WINDOWS\system32\NvCpl.dll,NvStartup >>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install >>O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE >>C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit >>O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe >>O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program >>Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe >>/auto >>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe >>O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program >>Files\Applications\wcs.exe >>O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program >>Files\Applications\iebtm.exe >>O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] >>C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL >>SERVICE') >>O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] >>C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK >>SERVICE') >>O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] >>C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') >>O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] >>C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default >>user') >>O4 - Startup: WordWeb Pro.lnk = C:\Program >>Files\WordWeb\wweb32.exe >>O8 - Extra context menu item: &WordWeb... - >>res://C:\WINDOWS\wweb32.dll/lookup.html >>O8 - Extra context menu item: E&xport to Microsoft Excel - >>res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 >>O9 - Extra button: (no name) - >>{08B0E5C0-4FCB-11CF-AAA5-00401C608501} >>- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll >>O9 - Extra 'Tools' menuitem: Sun Java Console - >>{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program >>Files\Java\jre1.6.0_02\bin\ssv.dll >>O9 - Extra button: (no name) - >>{9034A523-D068-4BE8-A284-9DF278BE776E} >>- http://www.iexplorerfiles.com/redirect.php (file missing) >>O9 - Extra 'Tools' menuitem: IE Anti-Spyware - >>{9034A523-D068-4BE8-A284-9DF278BE776E} - >>http://www.iexplorerfiles.com/redirect.php (file missing) >>O9 - Extra button: Research - >>{92780B25-18CC-41C8-B9BE-3C9C571A8263} - >>C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL >>O9 - Extra button: (no name) - >>{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} >>- (no file) >>O9 - Extra button: (no name) - >>{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} >>- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll >>O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy >>Configuration >>- {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program >>Files\Spybot - >>Search & Destroy\SDHelper.dll >>O9 - Extra button: (no name) - >>{e2e2dd38-d088-4134-82b7-f2ba38496583} >>- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe >>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - >>{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network >>Diagnostic\xpnetdiag.exe >>O9 - Extra button: Messenger - >>{FB5F1910-F110-11d2-BB9E-00C04F795683} >>- C:\Program Files\Messenger\msmsgs.exe >>O9 - Extra 'Tools' menuitem: Windows Messenger - >>{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program >>Files\Messenger\msmsgs.exe >>O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} >>(Support.com >>Configuration Class) - >>http://help.bellsouth.net/sdccommon/download/tgctlcm.cab >>O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} >>(ActiveDataInfo >>Class) - >>https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab >>O16 - DPF: {4798E9EE-4524-4149-A852-2021309A579D} (WebCamX >>Control) - >>http://74.239.177.61/WebCamX.cab >>O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - >>http://sp.ask.com/docs/toolbar/download/askbar-inst.cab >>O16 - DPF: {4BF2E7B7-69F4-4178-B669-257C7C8A4072} (WebCamX >>Control) - >>http://74.239.177.61/WebCamX.cab >>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} >>(WUWebControl >>Class) >>- >>http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121684550851 >>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} >>(MUWebControl >>Class) >>- >>http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201700846590 >>O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} >>(InstallShield >>International Setup Player) - >>http://www.broderbund.com/IFW/Cabs/isetup.cab >>O16 - DPF: {9107A82A-248A-49E5-A7D2-4E12EAAD4DC2} (WebCamX >>Control) - >>http://69.15.111.218/WebCamX.cab >>O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} >>(TLIEFlashObj >>Class) >>- https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB >>O16 - DPF: {95A161E7-F130-4BB6-A4A1-4241FD68B9ED} (WebCamX >>Control) - >>http://74.239.177.61/WebCamX.cab >>O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} >>(SDCInstaller >>Class) >>- >>http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.277069091796875&file=stamps.cab >>O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader >>Class) - >>https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab >>O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - >>https://www-secure.symantec.com/techsupp/activedata/SymAData.dll >>O20 - Winlogon Notify: avgwlntf - >>C:\WINDOWS\SYSTEM32\avgwlntf.dll >>O22 - SharedTaskScheduler: causes - >>{0fe36c74-667b-454b-828e-75e4e72cbef8} - >>C:\WINDOWS\system32\euwoeu.dll >>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - >>GRISOFT, >>s.r.o. >>- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe >>O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, >>s.r.o. - >>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe >>O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - >>GRISOFT, >>s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe >>O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, >>s.r.o. - >>C:\PROGRA~1\Grisoft\AVG7\avgemc.exe >>O23 - Service: C-DillaSrv - C-Dilla Ltd - >>C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE >>O23 - Service: InstallDriver Table Manager (IDriverT) - >>Macrovision >>Corporation - C:\Program Files\Common >>Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe >>O23 - Service: LexBce Server (LexBceS) - Lexmark >>International, >>Inc. - >>C:\WINDOWS\system32\LEXBCES.EXE >>O23 - Service: LiveUpdate - Logitech, Inc. - (no file) >>O23 - Service: NBService - Nero AG - C:\Program >>Files\Nero\Nero >>7\Nero >>BackItUp\NBService.exe >>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA >>Corporation - C:\WINDOWS\system32\nvsvc32.exe >>O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc - >>C:\Program >>Files\Visioneer\OneTouch 4.0\OtService.exe >>O23 - Service: Pml Driver HPZ12 - HP - >>C:\WINDOWS\System32\HPZipm12.exe >>O23 - Service: Sygate Personal Firewall Pro (SmcService) - >>Sygate >>Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-