PDA

View Full Version : help posible spyware!



Sages8067
2005-12-25, 17:20
:mad: :trample: :trample:
Is My Way search assistant spyware?

I am wounding is My way search assistand spyware. It came with our computer from dell. I am wounding is this a browser High Jacker. The program comes from Myway.com, I also found a program call View Point Is this spy-ware it was detected by another companies program. Something is wrong with are computer I really need some help. I did some reasearch on my own, and found that My way search assistant is already listed as a different one in your program, It is in the PUPS Section. I remove parts of it, but I don't think I got it all, could this be cause me problems.

LonnyRJones
2005-12-26, 14:07
Hi Sages8067
In my opinion its borderline, not a program i would have on my pc's, Even the one that del includes.
Your choice wherther to fix or not
What version and when did you last update SpyBot ?

tashi
2005-12-29, 13:31
Due to lack of a response this topic will be archived.
If you need it re-opened please send a message to myself or Lonny with a link to this thread.

LonnyRJones
2005-12-29, 14:07
Re-opened on request
Lets get a closer look
Please go here and follow instructions.
Before you post a log
http://forums.spybot.info/showthread.php?t=288
Post the hjt log here in this thread.
Someone will then take a look at the system and advise you.

Sages8067
2005-12-29, 15:05
I was working on some things and noticed my computer acting wierd. so I starting look into stuff like spy-ware and virus.

I first tried Microsoft Anti- Spy it can back clean
I Tried Adaware it can back clean
I tried Spy-bot it came back clean
I tried Pest Patrol throught the net It came back clean
I tried XoftSpy IT found a program called View Point, Which I never Had heard of. So I Checked it out I Didn't know to do after I went to their site.

I tried Spy Bouncer it found 3 things One I had a question, I knew it was spy ware the other I knew it was clean. the One that I knew was spy was call My Way Search Assistant. Aka My way Web search. I tried to remove it my self.

I ran an anti virus.
I just re ran HiJack This. Most of the stuff It In I know is clean, Yes I will send you the file if you want.:confused:

Sages8067
2005-12-29, 15:10
I am now also trying RootKit Revealer, this is because I think it might be a root kit, that were looking for.:confused:

Sages8067
2005-12-29, 15:23
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\TEMP\Temporary Directory 1 for RootkitRevealer.zip\RootkitRevealer.exe
C:\WINDOWS\TEMP\JTURYMT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Steven Sagers\Desktop\HijackThis.exe

Sages8067
2005-12-29, 15:24
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

Sages8067
2005-12-29, 15:25
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: JTURYMT - Sysinternals - www.sysinternals.com - C:\WINDOWS\TEMP\JTURYMT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

LonnyRJones
2005-12-29, 15:41
Hi Sages8067
You should not be troubleshooting on your own and asking for assistance at the same time.

When your finished post a fresh hijackthis log, this time all of it, that ones missing the header (portion at the top) and put it in a folder, dont run it from the desktop.

PS : viewpoint and myway are minor things that shouldnt be cousing problems, i do suggest uninstalling them via the windows addremove programs though.

tashi
2006-01-07, 20:46
Due to lack of a response this topic will be archived.
If you need it re-opened please pm me or one of the forum mods.