Solve : spyware killer pro? – InterviewSolution

InterviewSolution

1.	Solve : spyware killer pro?
Answer» Me and my Dad decided to take a free 30 day trial of spyware killer pro from cosmi. We are both running win xp pro, I.E, and both have avg, zone alarm, ewido, spybot and a2. My Dad downloaded spywarekiller pro first and it detected about 7 adware/dialers ETC. We were quite shocked as all scans from the other spyware removers showed pc to be clean. After installing it, his homepage had been changed to msn.com but we thought nothing of it. We then downloaded spywarekiller pro to my pc and it detected 47 dialers/adware/spyware etc. Also my homepage is now reset to msn. Something doesnt seem right to me. My ewido, spybot and a2 scans were all fine before i used it aswell. Could there really have been all that crap on my pc that was undetected by the other programs?? Would also really appreciate someone taking a look at my hjt log if they would be so kind. would i be able to post it here plz?shell27..... I would be a bit suspicous of that program , particularly if it rendered useless ...... Ewido , A Squared and SpyBot ...... And yes you can post the logfile here ....use more than one post if necessary. Do you have a log of what it was that this app removed? dl65 It is impossible to copy the scan results and there are too many to list so here are a few I have noted down: About blank from coolwebsearch. HKEY-CURRENT-USER: software\microsoft\windows\currentversion\internet settings\zone map\domains\clickspring.net About blank from coolwebsearch. HKEY-CURRENT-USER: software\microsoft\windows\currentversion\internet settings\zone map\domains\slotchbar.com VX2.Netpal. HKEY-LOCAL-MACHINE: software\microsoft\internet explorer\ ActiveXcompatibility\(6085fb5b-c28)-8e5d-d2792ea30d2f) Alexa. HKEY-USERS: s-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping. There is also Searchex, linkgrabber99, hightraffic, DyfuCA-internet explorer broser helper object,clearsearch, browser aid, ezsearching, lmlserver ie plugin, freescratchandwin, flyswat, iemonit, f—site, peoplepctoolbar, winfixer2005, aureate, dialer. It CLAIMS that most of these are in my registry, however pc has had no pop ups or other symptoms of spyware. Will post my hjt log next. Logfile of HijackThis v1.99.1 Scan saved at 18:49:03, on 07/01/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running PROCESSES: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exeC:\WINDOWS\System32\wfxsnt40.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Program Files\Symantec\WinFax\WFXMOD32.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SiteAdvisor\SiteAdv.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\SDScanner.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Directory 16 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL O2 - BHO: Windows LIVE Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeO4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.ukO16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (FrontdoorFD Profile Manager Class) - https://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/088ba1460d2d485a2f06/netzip/RdxIE601.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7B58503B-3CDE-443F-9EF1-7F6E40F3AAF4}: NameServer = 195.92.195.95 195.92.195.94 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE Decided to remove spyware killer from my pc through change and remove programs then searched for cosmi to make sure it had gone but another file was lurking there in the program files so i deleted that aswell, but while i was in change and remove programs, i noticed " Cxp plug-in". I have never noticed this there before. Any ideas? Also ran avg antispyware and it found a few cookies and Lookme adware. I will post my avg report below. Really annoyed about this because site advisor reckons cosmi is ok and spykiller pro has had some good reviews. C:\WINDOWS\Downloaded Program Files\pinstall.dll -> Adware.LookMe : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.Adbrite : Cleaned. C:\RECYCLER\NPROTECT\00036934.ZIP/{9F0F3568-57BE-4BC2-BB96-A6076FAFA2C7} -> TrackingCookie.Adtech : Cleaned. C:\RECYCLER\S-1-5-21-2000478354-1563985344-854245398-1003\Dc118 -> TrackingCookie.Adtech : Cleaned. C:\RECYCLER\S-1-5-21-2000478354-1563985344-854245398-1003\Dc155\SpyWare Killer Pro\scanner\Quarantine\{47E78F28-A675-47CA-BED0-FAD46F153A5A}.zip/{56C8F4F1-23C4-4971-95B1-CC47DAD2FA83} -> TrackingCookie.Adtech : Cleaned. C:\RECYCLER\S-1-5-21-2000478354-1563985344-854245398-1003\Dc48 -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.Overture : Cleaned. C:\RECYCLER\NPROTECT\00036934.ZIP/{A009A698-43D5-41B9-BD9C-5817F2C8D7E2} -> TrackingCookie.Overture : Cleaned. C:\RECYCLER\S-1-5-21-2000478354-1563985344-854245398-1003\Dc130 -> TrackingCookie.Overture : Cleaned. C:\RECYCLER\S-1-5-21-2000478354-1563985344-854245398-1003\Dc155\SpyWare Killer Pro\scanner\Quarantine\{47E78F28-A675-47CA-BED0-FAD46F153A5A}.zip/{7F06AB49-A258-4C3E-95FF-3C958EECD7E8} -> TrackingCookie.Overture : Cleaned. C:\RECYCLER\S-1-5-21-2000478354-1563985344-854245398-1003\Dc49 -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][2].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.Serving-sys : Cleaned. C:\RECYCLER\NPROTECT\00036934.ZIP/{E0FA0E10-A692-4893-9B8B-08544227D173} -> TrackingCookie.Serving-sys : Cleaned. C:\RECYCLER\S-1-5-21-2000478354-1563985344-854245398-1003\Dc54 -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Michelle\Cookies\[emailprotected][1].txt -> TrackingCookie.Valuead : Cleaned. shell27.....ok ....... Lets see ....... whoa ...... [highlight]Why dont you have SP2 installed ? [/highlight] Moving on ..... C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\SDScanner.exe ...... Kill this using the program manager ..... ( Didn't you say you had removed this program ? Mark for removal : O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL There are several others which you should check , if you know them then leave them as is . O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (FrontdoorFD Profile Manager Class) - https://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab [highlight] this looks like your online banking .[/highlight] O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab ...... [highlight]Is this something you know and trust ?[/highlight] O17 - HKLM\System\CCS\Services\Tcpip\..\{7B58503B-3CDE-443F-9EF1-7F6E40F3AAF4}: NameServer = 195.92.195.95 195.92.195.94 ...... [highlight]Is this your server ? if it is ok , if it's not , remove it .[/highlight] ok ....... remove the ones you selected and have a look at things . Let us know You should D/L and install Spybot again ......... and run it and fix anything it finds. ( make sure you get all the updates ) dl65 o.k, will send you im regarding sp2. The tcpip line is my server, and the others are ok. I posted the hjt log before i removed spykiller and my new hjt log shows no trace of it now. When i connected to internet this morning, my homepage has been switched to msn.com again despite me changing it in internet options. My new hjt log has the following item that wasn't there before: R3- default URL searchhook is missing Could this be the problem? Also, Do you have any idea what the cxp plug-in could be? Thanks for your help.shell26...... How about POSTING a new hijackthis logfile . Also please include which home page you use. dl65 PS ....... That CXP plugin is for Netscape , I think , do you have it loaded ?

Discussion

No Comment Found

Related InterviewSolutions