I don't see anything that says I can get updates to Sygate. I did the immunization thing with SB and also with Spyware Blaster. I don't see where it scans anything so it must just stop spyware from getting in. My AV program might not be set correctly either. If not then I be back to get advice on what's good. I use to have Zone Alarm but it seemed with every update things got slower so I dumped it. Now I understand that ZA's firewall it in the top 10. I'm printing these emails out so if I lose the ability to reach the Internet I will still have these emails. I am getting a yellow triangle with System performance monitor warnings and don't know if it is the Trojan telling me or my legit system telling me. It suggests I click the balloon to download spyware so it is probably bad. Larry Browning K & L Electronics Anderson, SC Clint Hamilton-PCWorks Admin wrote: > SB is free, that's their only version. So can you get updates > for Sygate? > > This is probably your problem: iebtm.exe & iebtmm.exe, these > are backdoor Trojans. > http://www.fileresearchcenter.com/I/IEBTM.EXE-13001.html > http://www.bleepingcomputer.com/startups/iebtm.exe-23379.html > http://www.greatis.com/appdata/d/i/iebtmm.exe.htm > http://www.bleepingcomputer.com/startups/iebtm.exe-23379.html > Do a search on them for more info and how to remove it. > Obviously AVG missed it and I would use another AV program. > > I wanted to post that now ASAP, I'll go over the rest next. > -Clint > > God Bless > Clint Hamilton, Owner > http://www.OrpheusComputing.com > http://www.ComputersCustomBuilt.com > > > ----- Original Message ----- > From: "LarryB" > > I may be going off the air as I am getting many warnings. > I will have to bring my computer from home to continue all I > can. > > I am using the free version of SB and Sygate. > > I am also using FF and did what you said in blocking thru > adblock in FF. > > I have tried to run a virus scan but it takes hours. (using > AVG) > > I'll download spyware blaster now also and run it. > > > > I have run HiJackthis and here is the print out. > > Logfile of Trend Micro HijackThis v2.0.2 > Scan saved at 10:53:40 AM, on 8/18/2008 > Platform: Windows XP SP3 (WinNT 5.01.2600) > MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) > Boot mode: Normal > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\Program Files\Sygate\SPF\smc.exe > C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe > C:\WINDOWS\system32\LEXBCES.EXE > C:\WINDOWS\system32\spoolsv.exe > C:\WINDOWS\Explorer.EXE > C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe > C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe > C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe > C:\PROGRA~1\Grisoft\AVG7\avgemc.exe > C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE > C:\WINDOWS\system32\nvsvc32.exe > C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe > C:\WINDOWS\system32\svchost.exe > C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe > C:\Program Files\Applications\iebtm.exe > C:\Program Files\Applications\iebtmm.exe > C:\PROGRA~1\Grisoft\AVG7\avgcc.exe > C:\Program > Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe > C:\WINDOWS\system32\ctfmon.exe > C:\Program Files\Logitech\MouseWare\system\em_exec.exe > C:\Program Files\WordWeb\wweb32.exe > C:\Program Files\Trend Micro\HijackThis\HijackThis.exe > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page > = > about:blank > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page > = > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet > Settings,ProxyOverride = localhost;<local> > R3 - Default URLSearchHook is missing > O2 - BHO: Adobe PDF Reader Link Helper - > {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) > O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - > C:\Program Files\Applications\iebt.dll > O2 - BHO: Spybot-S&D IE Protection - > {53707962-6F74-2D53-2644-206D7942484F} - C:\Program > Files\Spybot - > Search & Destroy\SDHelper.dll > O2 - BHO: SSVHelper Class - > {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - > C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll > O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - > C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll > O2 - BHO: SpyWarningBHO Class - > {F58FF278-2198-403b-9170-C95022A194C6} > - C:\Program Files\ASpyC\SpyWarning.dll (file missing) > O3 - Toolbar: PrintMe - > {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - > C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll > O3 - Toolbar: Internet Service - > {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program > Files\Applications\iebr.dll > O4 - HKLM\..\Run: [SmcService] > C:\PROGRA~1\Sygate\SPF\smc.exe -startgui > O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe > /STARTUP > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE > C:\WINDOWS\system32\NvCpl.dll,NvStartup > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install > O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE > C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit > O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe > O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program > Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe > /auto > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe > O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program > Files\Applications\wcs.exe > O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program > Files\Applications\iebtm.exe > O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] > C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL > SERVICE') > O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] > C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK > SERVICE') > O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] > C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') > O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] > C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default > user') > O4 - Startup: WordWeb Pro.lnk = C:\Program > Files\WordWeb\wweb32.exe > O8 - Extra context menu item: &WordWeb... - > res://C:\WINDOWS\wweb32.dll/lookup.html > O8 - Extra context menu item: E&xport to Microsoft Excel - > res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 > O9 - Extra button: (no name) - > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} > - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll > O9 - Extra 'Tools' menuitem: Sun Java Console - > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program > Files\Java\jre1.6.0_02\bin\ssv.dll > O9 - Extra button: (no name) - > {9034A523-D068-4BE8-A284-9DF278BE776E} > - http://www.iexplorerfiles.com/redirect.php (file missing) > O9 - Extra 'Tools' menuitem: IE Anti-Spyware - > {9034A523-D068-4BE8-A284-9DF278BE776E} - > http://www.iexplorerfiles.com/redirect.php (file missing) > O9 - Extra button: Research - > {92780B25-18CC-41C8-B9BE-3C9C571A8263} - > C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL > O9 - Extra button: (no name) - > {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} > - (no file) > O9 - Extra button: (no name) - > {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} > - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll > O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy > Configuration > - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program > Files\Spybot - > Search & Destroy\SDHelper.dll > O9 - Extra button: (no name) - > {e2e2dd38-d088-4134-82b7-f2ba38496583} > - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - > {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network > Diagnostic\xpnetdiag.exe > O9 - Extra button: Messenger - > {FB5F1910-F110-11d2-BB9E-00C04F795683} > - C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program > Files\Messenger\msmsgs.exe > O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com > Configuration Class) - > http://help.bellsouth.net/sdccommon/download/tgctlcm.cab > O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} > (ActiveDataInfo > Class) - > https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab > O16 - DPF: {4798E9EE-4524-4149-A852-2021309A579D} (WebCamX > Control) - > http://74.239.177.61/WebCamX.cab > O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - > http://sp.ask.com/docs/toolbar/download/askbar-inst.cab > O16 - DPF: {4BF2E7B7-69F4-4178-B669-257C7C8A4072} (WebCamX > Control) - > http://74.239.177.61/WebCamX.cab > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl > Class) > - > http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121684550851 > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl > Class) > - > http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201700846590 > O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} > (InstallShield > International Setup Player) - > http://www.broderbund.com/IFW/Cabs/isetup.cab > O16 - DPF: {9107A82A-248A-49E5-A7D2-4E12EAAD4DC2} (WebCamX > Control) - > http://69.15.111.218/WebCamX.cab > O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj > Class) > - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB > O16 - DPF: {95A161E7-F130-4BB6-A4A1-4241FD68B9ED} (WebCamX > Control) - > http://74.239.177.61/WebCamX.cab > O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller > Class) > - > http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.277069091796875&file=stamps.cab > O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader > Class) - > https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - > https://www-secure.symantec.com/techsupp/activedata/SymAData.dll > O20 - Winlogon Notify: avgwlntf - > C:\WINDOWS\SYSTEM32\avgwlntf.dll > O22 - SharedTaskScheduler: causes - > {0fe36c74-667b-454b-828e-75e4e72cbef8} - > C:\WINDOWS\system32\euwoeu.dll > O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, > s.r.o. > - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe > O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, > s.r.o. - > C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe > O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - > GRISOFT, > s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe > O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - > C:\PROGRA~1\Grisoft\AVG7\avgemc.exe > O23 - Service: C-DillaSrv - C-Dilla Ltd - > C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE > O23 - Service: InstallDriver Table Manager (IDriverT) - > Macrovision > Corporation - C:\Program Files\Common > Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe > O23 - Service: LexBce Server (LexBceS) - Lexmark International, > Inc. - > C:\WINDOWS\system32\LEXBCES.EXE > O23 - Service: LiveUpdate - Logitech, Inc. - (no file) > O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero > 7\Nero > BackItUp\NBService.exe > O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA > Corporation - C:\WINDOWS\system32\nvsvc32.exe > O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc - > C:\Program > Files\Visioneer\OneTouch 4.0\OtService.exe > O23 - Service: Pml Driver HPZ12 - HP - > C:\WINDOWS\System32\HPZipm12.exe > O23 - Service: Sygate Personal Firewall Pro (SmcService) - > Sygate > Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe > > -- > End of file - 8917 bytes > > Larry Browning > K & L Electronics > Anderson, SC > > > > Clint Hamilton-PCWorks Admin wrote: >> Just post the HJT log here and I can look at it. >> >> Is it the pay version of Sygate or the free? The free >> version >> has not been able to update for years because they no longer >> have it. They were bought out by Symantec and they trashed >> the >> free version. So if it's a version that can still get >> updates, >> then it either is not set correctly, you allowed something >> you >> should have blocked, or it just plain missed it. >> >> When you let SB (SpyBot) do the "Immunize", it automatically >> puts sites in the Restricted Sites Zone for you. Spyware >> Blaster automatically does the same thing when you "Enable >> all >> protection". So you should do both of those, and if when >> going >> to that cyber-terrorist website you don't see "Restricted >> site" >> at the lower right area of the IE window, you need to add it >> yourself. Just go into IE Options, go to the Security tab, >> click "Restricted sites" then "Sites", paste the URL in the >> box. If antispycheck.com is the website, then paste it in >> the >> box as *antispycheck.com, www.antispycheck.com, and >> *.antispycheck.com, any of those ways that it allows it. >> >> Get a load of this, as I suspected, SB won't even let me go >> to >> that website! It blocks it, so you apparently don't have it >> setup correctly. So after you have it setup correctly, you >> should not even have to add it to the Restricted sites zone. >> But in the future for other bad websites, that's how you do >> it. >> (Check your Cookie folder every once in a while for strange >> Cookies you don't recognize. These are usually Cookies >> placed >> on your PC from sites you've never visited. These come from >> sites that embed 3rd-party trackware/adware/malware Cookies. >> Open them up and get the URL, paste it into your address bar >> and go to the site. Sometimes you may have to add the www >> prefix to get to the site if it's not in the Cookie. Once at >> the site, you'll notice it's usually some bad website devoted >> to "targeted advertising" and the like, or worse. Then you >> can >> add those types of URL's to the Restricted Sites zone and >> those >> Cookies will never get on your PC again. If you have any >> questions about any of this, just start a new thread on it >> and >> we can address it there). >> -Clint ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-