0

Hi to all my family at DaniWeb !!!!
A friend asked me the other day " What's the BEST all around antispyware,antitrogan,anti malware, anti everything that money can buy ? I told him that Avast and Zone Alarm should do it and they are free, but he insists on buying the BEST.
So, what is the BEST that money can buy ?
All help is very much appreciated !
Thank you !

2
Contributors
12
Replies
13
Views
8 Years
Discussion Span
Last Post by jholland1964
0

The two you noted are excellent and an absolute MUST ADD is Malwarebytes' Anti-Malware
To quote from their website;

Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect.

This is absolutely true. It is a top of the line program and if you will go through most threads here it is definitely the ONE program we all have recommended. There is a paid version but the free version is truly just fine. It has frequent updates so it is always up to date with the current threats out there. You can't do better than MBA-M as far as I am concerned.

I would also recommend using another FREE program, SpywareBlaster. I would absolutely not run a computer without it.
To quote from their website;

Multi-Angle Protection

* Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.
* Block spying / tracking via cookies.
* Restrict the actions of potentially unwanted or dangerous web sites.

One truly does NOT need to pay for excellent protection, all of the above are FREE and all of the above are top of the line.
If one wants to pay then all of those do offer paid versions, with the exception of SpywareBlaster, but if you go with all the free versions a computer is well protected.
Judy

0

Thanks for the reply jholland1964 !!!!
This computer, a Emachine W3050, already has/had ZoneAlarm and Avast on it. It also had/has Spyware Blast on it.
I use Malwarebytes to clean with but I didn't know that I should leave it running ? Should I use it with Avast, or just run it every now and then ?
His surfing habbits stink !
I ran a program called " RootkitRevealer" on this computer and it found 10 items that it didn't like. The only problem is that I don't know what to do with those problems and the program doesn't do anything with them either ???? It "reveals", it just do anything after that ?!?!?!?!?!? Now what ?

0

Hi!
No, you don't leave MBA-M running. Just use it to scan and remove. If his surfing habits "stink" as you say then I would run it, at the very mimimum, weekly...maybe every three or four days even, always updating it first.
How about giving us some logs so we can maybe decide what might be "lurking" on the machine.
Run Avast, full system scan and let it remove whatever is found.
Then update MBA-M and also run it on a Full System scan and let it fix whatever is found.
Reboot the machine and then create a new folder on the desktop and name it HiJackThis.
Then download HiJackThis and save it to that new folder.
Then close all browsers, email programs, IM programs, music programs, etc., in other words everything unnecessary. Run a Full System scan with HJT and save the log.
Post back right here with the MBA-M log, the HJT log and, if you have it, the Rootkit Revealer log. Then we can maybe get a better idea of what is going on there.

Judy
P.S. Tell him just paying "big bucks" to hopefully protect a computer won't do a thing really if you don't watch where you surf. No security program is absolutely fool-proof, no matter how much you pay for it.....You know that old expression..."if you lie down with dogs you will get up with fleas" applies to computer usage too...;)
Of course it is folks like this that let ME play on the computer too!

0

Hi Judy,
Thanks for your reply !!!
I'm working on the logs now . I can't seem to figure out how to copy the Rootkit Revlealer log. If I can't get it copied, I'll type it all out. Please be patient with me cause I'm a very slow typer !!!

0

Hi again Judy !
Here are the logs you requested.
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3

11/8/2008 6:30:55 PM
mbam-log-2008-11-08 (18-30-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 135867
Time elapsed: 1 hour(s), 14 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP9\A0005132.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
-------------------------------------------------
------------------------------------------------
-----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:03, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZDHNGI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Penny\LOCALS~1\Temp\ZDHNGI.exe

--
End of file - 5329 bytes
------------------------------------------------
-------------------------------------------------
--------------------------------------------------
Rootkit Revealer log
HKU\.DEFAULT\Control Panel\International 11/8/2008 12:54 PM 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 11/8/2008 12:54 PM 0 bytes Security mismatch.
HKU\S-1-5-21-91371904-2387650626-3166037947-1007\Control Panel\International 11/8/2008 12:54 PM 0 bytes Security mismatch.
HKU\S-1-5-21-91371904-2387650626-3166037947-1007\Control Panel\International\Geo 11/8/2008 12:54 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International 11/8/2008 12:54 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 11/8/2008 12:54 PM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 8/26/2004 5:18 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/26/2004 5:18 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\webcal\URL Protocol 12/1/2005 11:55 AM 13 bytes Data mismatch between Windows API and raw hive data.
D: 0 bytes Error mounting volume

0

First thing, the entry found and removed by MBA-M was in the System Restore, so it was obviously removed sometime earlier and this is the back-up. It is gone. The item removed was the Rogue.VirusHeat. This rogue does what other rogue "removers" do - plants malware and then pretends to detect it. It generates false positives and then makes you pay to remove them. As I said, this had obviously been removed earlier and what was removed with this run was the back-up from System Restore.

Secondly, the HiJackThis scan was done in Safe Mode, it should be done in Normal Mode so if possible I would like to see one done in Normal Mode. so I can see what is actually running during a normal boot.
The HJT log also shows that the java is out of date. It shows version 6 which is the correct version but the current version is version 6 update 10. So this needs to be updated.

Third, I am not well versed in Registry issues but it looks to me like the entries from the Rootkit Revealer are citing something installed on 11/8/2008 at 12:54 PM. Do you know what this was? The registry key points to the International Subkey in the Control Panel which is the subkey which stores options that are selected in Regional and Language Options in Control Panel. These entries determine how the system and programs display dates, times, currency, and other locale-specific notation. It shows as being 0 bytes in size so I "think" it means there is nothing there...though as I said, I am not that familiar with reading registry items.
The other entries noted by Revealer were very old, two of them are more than 4 years old and the other is 3 years old. I don't believe they are anything to worry about either.
Judy

0

My bad Judy !
I didn't realize I was in SAFE MODE.......it's been a looooooooooooong day !
Here is the HijackThis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:48:55, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZDHNGI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Penny\LOCALS~1\Temp\ZDHNGI.exe

--
End of file - 6642 bytes

0

The log looks pretty good. Some unnecessary auto starts there many of which can be run manually when needed so as not to use up system resources by running all the time in the back ground.
There is a remainder of McAfee attempting to start from Services which can be fixed and I also am questioning this entry;
O23 - Service: ZDHNGI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Penny\LOCALS~1\Temp\ZDHNGI.exe
I can find no information on this file AND it is running from the Temp folder so I believe this also should be fixed.
To do these fixes run HJT again and place checkmarks next to the following;

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: ZDHNGI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Penny\LOCALS~1\Temp\ZDHNGI.exe
Once you have placed the check marks then click the Fix Checked button.
Exit HJT
Then navigate HERE;
C:\Documents and Settings\Penny\Local Settings\Temp and Empty that Temp folder.
Next do the following;
Go HERE
Download the OFFLINE INSTALL file for sunjava version 6 update 10. Save it to the desktop.
Then go to Start, Control Panel, Add/Remove and UNINSTALL ALL versions of Java that you find there.
After all the old versions are uninstalled then double click that java install icon you have placed on the desktop.
Once the new version is installed go back to that download page and on the right side of the page you will see Verify Now. Click that to go to the verification page to verify the new version is installed properly.
Judy

0

Hi again Judy !
O23 - Service: ZDHNGI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Penny\LOCALS~1\Temp\ZDHNGI.exe
belongs to Rootkit Revealer, that program that we were discussing earlier.
I can't find the "OFFLINE" install file for Java......do you have a link ?
I selected the 2 entries in HijackThis and fixed/removed them.

0

My bad, again !
I found the Java site and downloaded the Java 6-10 update. I went into Add/Remove programs and it said that I already had Java 6-10 update and no other Java was installed. I went ahead and removed it, thought maybe it was a bad download or something. I installed the offline version of 6-10, and then verified it !
You have been a great help and I thank you !
Anything else ?

0

Things look good to me. If you feel all is running well you can mark this thread solved.
Happy I have been of help.
Judy

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.