1. Every time I have run Spybot I always get this problem: DSO Exploit 5 entries I have gotten it on my computer at work and home. I fix the selected problem then run Spybot again without opening a sinlge window and then it is still there. What is this? Is it safe? 2. I ran CWShredder and it told me I may have a file that is associated with CoolWebSearch. It gave me this file: C:\WINDOWS\conscorr.exe Is this a bad file? 3. Does anybody know of any good Spyware/Malware/Adware forums I can go to so I don't have to ask you all any more of these questions? Thanks for any and all help.
do a search for hijackthis.exe on google. scan your pc and post the log file here. Although I don't claim to be an expert I can look at the log and get a pretty good idea of what is not supposed to be there. Also I'm pretty sure Spybot detects and removes all variants of CWS Shredder.
Any question you can think of related to spyware, viruses, etc. is answered here... Lavasoft support forums
I am having a problem with AdClicker Webrebates This two things show up in my taskmanager, but if I end the tasks they just pop back up. Spybot, CWS, and Adaware can't do anything about it. Spybot and Ada find a few things they can't get rid of so they tell me to reboot to get rid of them and I do but they stilll can't delete the spyware....
I don't use IE anymore, but there is some kind of spyware on my pc that keeps loading my IE to a site called snotch.com It keeps changing the homepage to that. Pisses me off.
This and the adclicker/webrebates problem can be fixed with hijackthis. What I recommend: download hijackthis and run the scan; post the logfile on a knowledgeable forum (here would probably do), and just fix selected from inside hijackthis. After doing that, I searched my harddrive for programs (since webrebates installs itself as a program, IIRC) and deleted those that shouldn't be there.
Logfile of HijackThis v1.98.2 Scan saved at 3:57:02 PM, on 11/3/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\System32\CTsvcCDA.exe E:\Program Files\Network Associates\Common Framework\FrameworkService.exe E:\Program Files\Network Associates\VirusScan\Mcshield.exe E:\Program Files\Network Associates\VirusScan\VsTskMgr.exe E:\WINDOWS\System32\nvsvc32.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\System32\MsPMSPSv.exe E:\WINDOWS\System32\crsrs.exe E:\Program Files\Network Associates\VirusScan\SHSTAT.EXE E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe E:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe E:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe E:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\QuickTime\qttask.exe E:\WINDOWS\System32\systemload32.exe E:\Program Files\iPod\bin\iPodService.exe E:\Program Files\DIGStream\digstream.exe E:\windows\temp\fgZAv.exe E:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe E:\WINDOWS\System32\comcat47.exe E:\WINDOWS\System32\winser32.exe E:\Program Files\HP DLA\dlatray.exe E:\WINDOWS\system32\dla\tfswctrl.exe E:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe E:\WINDOWS\System32\vpc32.exe E:\WINDOWS\System32\NAVsys32.exe E:\Program Files\VVSN\VVSN.exe E:\WINDOWS\System32\tmmpwmfp.exe E:\Program Files\Windows AdTools\WinAdTools.exe E:\Program Files\ISTsvc\istsvc.exe E:\Program Files\Windows AdTools\WinRatchet.exe E:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Documents and Settings\Administrator\Application Data\srbe.exe E:\WINDOWS\System32\?hkdsk.exe E:\Program Files\Skype\Phone\Skype.exe E:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe E:\WINDOWS\System32\winser32.exe E:\WINDOWS\System32\NAVsys32.exe E:\Program Files\MSI\PC Alert 4\PCAlert4.exe E:\Program Files\V-Stream\TV878\C7XRCtl.exe E:\Program Files\Xfire\Xfire.exe E:\Program Files\Web_Rebates\WebRebates1.exe E:\Program Files\Web_Rebates\WebRebates0.exe E:\Program Files\WinRAR\WinRAR.exe E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.093\HijackThis.exe c:\wuactld.exe c:\windup.exe c:\explor.exe c:\msidrive.exe E:\WINDOWS\gx9fzj83m9.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=154445 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=154445 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clutchfans.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=154445 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.0&bm=ho_home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - E:\WINDOWS\nem220.dll O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - E:\WINDOWS\localNRD.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - E:\Program Files\SideFind\sfbho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - E:\WINDOWS\System32\msbe.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - E:\Program Files\ISTbar\istbar.dll O4 - HKLM\..\Run: [ShStatEXE] "E:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "E:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MSNMSGRE] C:\swef.bat O4 - HKLM\..\Run: [Auto updat] crsrs.exe O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSNMSGRR] C:\swin.bat O4 - HKLM\..\Run: [Microsoft Windows Update ] systemload32.exe O4 - HKLM\..\Run: [DIGStream] E:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [fgZAv] E:\windows\temp\fgZAv.exe O4 - HKLM\..\Run: [PVR Agent] E:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe O4 - HKLM\..\Run: [BS Mediaplayer] bsplyr.exe O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE O4 - HKLM\..\Run: [e4e43d5509a8] E:\WINDOWS\System32\comcat47.exe O4 - HKLM\..\Run: [Windows32 Serivces] winser32.exe O4 - HKLM\..\Run: [HP DLA] "E:\Program Files\HP DLA\dlatray.exe" /t O4 - HKLM\..\Run: [dla] E:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HP CD-DVD] E:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe O4 - HKLM\..\Run: [Norton AntiVirus Sys] NAVsys32.exe O4 - HKLM\..\Run: [VVSN] E:\Program Files\VVSN\VVSN.exe O4 - HKLM\..\Run: [vvdfkyamkditz] E:\WINDOWS\System32\tmmpwmfp.exe O4 - HKLM\..\Run: [Windows AdTools] E:\Program Files\Windows AdTools\WinAdTools.exe O4 - HKLM\..\RunServices: [Windows System Serivce] winserv.exe O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe O4 - HKLM\..\RunServices: [Microsoft Windows Update ] systemload32.exe O4 - HKLM\..\RunServices: [BS Mediaplayer] bsplyr.exe O4 - HKLM\..\RunServices: [Windows32 Serivces] winser32.exe O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe O4 - HKLM\..\RunServices: [Norton AntiVirus Sys] NAVsys32.exe O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe O4 - HKLM\..\RunOnce: [djtopr1150.exe] "E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\djtopr1150.exe" O4 - HKCU\..\Run: [Video Process] MS32x16.exe O4 - HKCU\..\Run: [Win32 USB2 Driver] syscfg32.exe O4 - HKCU\..\Run: [netservices] recall.exe O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe O4 - HKCU\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe O4 - HKCU\..\Run: [Aaih] E:\Documents and Settings\Administrator\Application Data\srbe.exe O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe O4 - HKCU\..\Run: [Auto updat] crsrs.exe O4 - HKCU\..\Run: [Microsoft Update Machine] winxpini.exe O4 - HKCU\..\Run: [systemidle] stemIdle.exe O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe O4 - HKCU\..\Run: [Jharypuv] E:\WINDOWS\System32\?hkdsk.exe O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Creative MediaSource Go] E:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe O4 - HKCU\..\Run: [Windows32 Serivces] winser32.exe O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe O4 - HKCU\..\Run: [Norton AntiVirus Sys] NAVsys32.exe O4 - HKCU\..\RunServices: [Video Process] MS32x16.exe O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe O4 - Global Startup: PC Alert 4.lnk = E:\Program Files\MSI\PC Alert 4\PCAlert4.exe O4 - Global Startup: TV Remote Control.lnk = E:\Program Files\V-Stream\TV878\C7XRCtl.exe O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm O8 - Extra context menu item: Similar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - E:\Program Files\SideFind\sidefind.dll O10 - Broken Internet access because of LSP provider 'xfire_lsp_9425.dll' missing O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3f8f13d69a89:eba680bc1be2e220a7ec58ff8178110e O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab Any idea on some of these? I don't want to delete something that is needed.
