Ask MetaFilter questions tagged with spyware

Computer is melting down!

mammary16 — Sun, 27 Dec 2009 11:26:14 -0800

Overrun by malware / viruses. Anti-virus programs won't work, system restore is blocked, files are being damaged - I don't know what to do! Yesterday I returned to my computer and I saw a popup for "Malware Defense". I don't remember clicking anything on it (I believe I just closed it) but it's definitely a malicious fake program. At the same time I noticed porn shortcuts on my desktop and virus warnings coming from Windows Security on the bottom right.

Here's what happens:

I turn on the computer.
First message I see after Windows loads is:
Googleupdate.exe - Application error:
A breakpoint has been reached

Then it brings me to the fingerprint scanner, which is acting weird, making me scan twice as well as hit enter (usually I just scan once).

Then I receive error messages about Google Installer:
"Google Installer encountered a problem and needed to close."

As well as an error message for ViewMgr.

In the bottom right, there are virus messages for "Trojan-downloader.JS.Multi.ca"

I click "enable protection" and immediately a popup appears for Malware Defense, which I promptly close.

Here are other worms, trojans, etc. that have popped up, with frightening descriptions (keyloggers, password catchers, remote control, financial information, etc.):
email-worm.win32.netsky.q
trojan.win.agent.dcc
net-worm.win32.dipnet.d
win32.gpcode.ak
virus.win32.hala.a
Rootkit.Win32.Agent.pp
Backdoor.Win32.Kbot.al
Virus Chin09.win

I've attempted to use the following antivirus programs:
AVG
Antivir
Kaspersky (free version)

As well as tried to use Malware Bytes and Spyware doctor. All of these programs will not open. I rename the executables and try to use them and it still doesn't work. I also rename the extensions, and no luck.

When not in safe mode, I receive several popups that say:
"Security Warning: Application cannot be executed. The file rundll32.exe is infected. Do you want to activate your antivirus software now?"

I can't open most programs. Hijack This won't open, nor can I open the log file I created previously. What is more, I can't upload the Hijack This log to a throw-away email account I just created.

In safe mode, I am able to access all the programs (except blocked antivirus and anti-malware programs).

I try to use System Restore, and it brings me all the way to the screen right before you restore everything - and the Next button does nothing. I suspect it's being blocked by one of the many viruses on the system.

So, to sum up:

1. I'm overrun with viruses
2. Executables are being damaged when not in safe mode
3. Antivirus, anti-malware programs are being blocked
4. System restore is blocked

I've isolated the system, it is no longer online, I've avoided using any passwords on it or emailing anyone while on it.

I've looked around a bit online, and don't know where else to turn. I'd like to ask you, my smart and attractive online friends, for advice on the following:

1. What can I do to fix this situation? What immediate steps should I take?
2. What other forums are good places to ask this question?
3. How can I backup my critical work documents without carrying over the virus as well? Is it possible?

Much love. Any help would be greatly appreciated! If you need more information, just ask, and I'll post ASAP into this thread.

Tricky trojan?

mateuslee — Tue, 24 Nov 2009 05:50:17 -0800

Please help me get rid of this annoying virus/spyware infection on my laptop I'm abroad and, after letting a bunch of people at a conference copy my PPT to their USBs, I noticed that the computer was behaving a bit strangely, so now that I am online I tried to download McAfee stringer, but the site wouldn't open, the same goes for the other usual online-scanner programs, Kaparszky, Panda etc. None of the pages open.

As for now, trying to download the torrents, but this goes impossibly slow and in the meantime I need to work.

Does anyone have any suggestions short of going to an internet café and downloading it to a memory stick?I tried to get my girlfriend to send stinger over gmail, but it is too big even when zipped.

Running ClamWin now, but so far nothing.

I wonder if there are some mirror sites or some other solution to this problem.

Thanks a lot!

Deleting Doubleclick.net spyware

Postroad — Thu, 19 Nov 2009 08:20:59 -0800

removing spyware called Doubleclick.net I use a IMac, with Firefox. When I go to delete all cookies (under Preferences) all get deleted except one called "doubleclick.net"

I would like to delete this,but I have no tech skills. How can this be done without playing with the register?

nytimes spyware

leotrotsky — Sun, 13 Sep 2009 03:54:07 -0800

What's up with the NY Times trying to install spyware? ...and why is it still trying to this morning? You'd think that their tech folks woulda fixed it by last night.

What on earth did I do to my laptop?

nostrich — Thu, 20 Aug 2009 05:15:54 -0800

My laptop hasn't been the same since blitzing some particularly nasty malware. What on earth did I do? I like to think I know what I'm doing with computers, but this one has me stumped. And just to pre-empt the inevitable good advice of just reinstalling Windows: not an option. This thing's as old as the hills; no CD drive, it doesn't boot from USB, and I don't have the necessary hardware for a network install. I've just about given up all hope of fixing this being anything other than a wild goose chase, so you smart people are my last hope. Here's what happened.

A couple of weeks ago, I managed to infect my laptop -- which runs Windows XP -- with some nasty spyware. I forget the name, but I can dig into removal logs and find out, if it makes a difference. It was one of those that stops you running executables and the task manager, replaces the background with a warning about spyware (which I found deliciously ironic), and installs (if that's the right word) a fake spyware detector that encourages you to pay to remove all the infections it "finds" (none of which matched up to the real infections, naturally).

Trying to remove it was a hellish experience, but for once the age and terrible boot speed of this thing did me a favour, and I was able to launch Malwarebytes' Anti-Malware (adivce from MeFites in other questions lead me to that, by the way, so thanks!) before the exe-blocking stuff kicked in. I thought I'd managed to remove all trace of the nasties -- and even un-ticked some boxes in the boot options and got XP booting at a wonderfully fast speed. But then I noticed some odd behaviour with the Windows Classic theme.

This screenshot demonstrates it quite nicely. See how the titlebar has inherited the dark blue of the background behind it? That's what it does now. It inherits whatever is behind it, and that becomes the new titlebar background. Moving the window around just leaves whatever was there before. I think it's a symptom most XP users have seen before when trying to move windows around and finding the background moving with it, except this is permanent. That would be manageable, except a side-effect is that everything becomes awfully sluggish (and this laptop only has 256MB RAM, so it's sluggish enough to begin with). Changing the theme to the awful default XP theme fixes this, for the most part, but certain apps still cause everything to crawl to a halt -- Foobar2000 and Filezilla being two examples.

This stumped me for a few days, but I made some progress when I tried to play a game using Mame. It simply would not work! Something about a driver not being loaded. I assumed that to refer to either DirectDraw or Direct3D -- maybe they're the same thing? I don't know, my knowledge gets a little vague around here, forgive me if my explanations aren't up to par. So I fiddled with the config, disabling some graphic options and made no headway at all.

So I moved on to dxdiag, and tried running the tests. The first two DirectDraw tests go fine (the windowed ones), but the fullscreen ones do not; the bouncing box only manages to move a few pixels before the test ends -- extremely slow, basically. None of the Direct3D tests worked. So I reinstalled DirectX. Didn't fix a thing, except it now tells me gcdef.dll is not the latest version, which may cause some problems. Except it's certainly the latest version I can find.

And that's about as far as I've come in trying to figure this out. My best guess at the moment is that something relating to the onboard graphics card has become corrupt. I've reinstalled the display drivers (which were difficult to find), but that made absolutely no difference. It's a Trident Video Accelerator Cyber-XP4.

Until a resolution is found, I've completely disabled hardware acceleration in Windows. This, rather happily, allows the Classic theme to be used again without slowdown, and everything is actually rather hunky-dory, except for the fact that I can't play any games!

I recognise that the best course of action here is re-installing Windows, but as mentioned above, that's not an option. The only reason I even keep the thing around is for playing some games I really like that don't have OS X counterparts. (Big Jap shmup fan, none of those guys develop for Macs!) So not being able to do that makes it useless.

Here's one final thing that is probably irrelevant, but in the interest of presenting all the information, I'll include it. This happened after all of this -- the very next day, in fact. My life is truely a comedy of errors. I managed to spill a little tea on the upper-left of the keyboard -- literally, the tea only touched 3 keys in the upper left corner, but apparently spread much further once it got inside. It was fine at first, but after a while, started just persistently beeping, the way it does when to many keys are pressed at the same time. No amount of cleaning, blowing, and praying fixed it, and I eventually just disconnected it from the mothership and use an external keyboard instead now.

What do you think? Anything I can do? It's not the end of the world if I can't do anything about it; I was hoping I wouldn't have to resort to dual-booting Windows (or virtualizing it) on my Mac, but that's definitely an option -- it just seems a little overkill for three or four games I'm too addicted to go without and only play a couple of times a week. It also seems a waste to give up on an otherwise fine laptop.

Free/low-cost virus protection for Windows?

GilloD — Wed, 19 Aug 2009 22:58:59 -0800

I just got a raging beast of a new laptop. Runs Left 4 Dead like a dream. Problem: I've been in Mac-world for 7 years. Now that I'm back in Windows Land, I gotta be careful. What's the best free/low-cost/open-source spyware/malware/virus protection around? Running Vista Home Premium 64-bit. Suggestions?

How to withhold virus infections (of the computer variety) from the ones you love?

Napoleonic Terrier — Thu, 30 Jul 2009 21:39:59 -0800

Suggestions for cleaning a virus-infected Windows machine appearing in a non-administrator account without resort to (1) the administrator account or (2) a nuke and re-install? So my friend has a user account on her brother's Windows XP SP2 machine, with her brother set up as the password-protected administrator. She has picked up some viruses and/or spyware on her account.

I have booted the machine into safe mode and run some of the programs (such as ComboFix) recommended from prior MeFi posts. With access through safe mode, should I be able to get rid of all the nasties or do I need to run programs from the administrator account? Any other ideas?

She hopes to fix the problem without alerting her brother. So the best solution, a nuke and re-install, is currently off the table.
Thanks!

Botched Spyware install prevents removal by spyware tools

sleslie — Mon, 04 May 2009 16:34:27 -0800

Zejesago! Everytime I open a new program, I get an error window that reads "app.exe - Bad Image" with a dialog text of "The application or DLL C:\WINDOWS\system32\zejesago.dll" is not a valid window image. It started when I was on a streaming tv site combined with me forgetting that I temporarily disabled my firewall and my cpu load / disk drive monitors went crazy. I then canceled the weird processes that were running as the spyware was being installed, did spyware scans, and used startupcop to stop the programs from starting again. But one problem remains... every time I open a new program or a program opens a dll image for me, this dialog comes up. It's actually kind of neat, as I get to see what's doing what (i.e. GIMP is very dll happy). I think what happened is that I canceled the spyware from doing it's thing and prevented the zejesago.dll from being uploaded. Great, but it prevents the spyware tools from IDing the spyware.

Is it possible to get rid of this w/o reinstalling winXP? I hate doing that.

And yes, this is a case of knowing enough to be less than useless.

Virus-free or virus hiding: is my computer Conficked or just fine?

librarylis — Mon, 27 Apr 2009 11:44:38 -0800

On or around April 1, my computer caught something that caused havoc with my antivirus programs but now everything seems fine--this can't be correct? On April 1 (bad news, I know), my antivirus program (Avira) warned me that it had not been able to retrieve definition updates from the internet.

It has been a frustrating saga to figure out what might be wrong; if you're not into the saga, skip to the last paragraph for an executive summary.

I immediately had Avira run a full-system virus scan, which picked up what Avira called a Trojan (dropper?) in my Temp files that was promptly quarantined. Searching Google, the only info I found to get rid of Dropper was to install MalwareBytes and run a full scan. Well...

I checked MalwareBytes, which I already had installed eight months ago, to find that it also wasn't updating. MalwareBytes did not pick anything up in its full scan. I tried re-naming MB, but the problem was not accessing it but rather updating, and renaming did nothing.

At this point, I tried TrendMicro to see if a program that was not on my computer would pick anything up. It did not.

I then tried grabbing manual updates for Avira via a USB drive from an uninfected computer. The files fail to correctly integrate with Avira.

I also know that my Adobe, Flash, and Java programs were all nagging me to update, and I had not done so for at least five months (not my brightest move).

Several days later, I checked to see if Windows Update was working, which it wasn't. The internet, yes, Update, no.

I then downloaded Avast to see if that would pick anything up. The most up-to-date version available did not pick anything up in its full system scan. Once Avast was installed, it too was unable to update.

I deleted Avast, then restarted my computer. With restart, the desktop, start menu, and system tray failed to become visible, as did a program (Rocketdock) that I installed two years ago. Restarting again did nothing, but once I restarted in Safe Mode I was able to see the desktop, start menu, etc.

However, at that point, Firefox and IE both stopped connecting to the internet. I know it wasn't my ethernet cord, and I know it wasn't the network. The network has a kick-ass automatic quarantine that I know was functioning correctly at the time, as well as some species of firewall.

I did a system restore to a point shortly before April 1st.

At the exact same time, my power cord died. With the battery dead and no AC adapter, I unplugged the ethernet cable and let the computer sit in hibernation.

Fast forward three weeks, and I was finally able to acquire a power cord and I re-connected the ethernet cable. My computer wakes up, with Firefox open and the tabs all reloaded to current information (i.e. Slate had yesterdays's articles not those from three weeks ago). Well, great.

Avira automatically starts updating, and the update goes through. MalwareBytes updates. Windows Update updates. I immediately do a full system scan, using both MB and Avira. MB once again picks up nothing, while Avira picks up another two Trojans (different ones, this time) in my Temp files. I then deleted the named files. I updated Java, then Flash, but haven't gotten to Adobe yet.

Here is the problem: my system seems fine. Antivirus programs, Update, everything that was haywire, now seem good to go. This just doesn't seem possible when the only thing I did was disconnect the computer to the internet for three weeks, and the system restore (which didn't seem to solve the problem three weeks ago).

Executive summary: Antivirus programs, Windows Update and other critical programs failed to update around April 1, Avira antivirus sees nothing but Trojans in temp files while Malware Bytes sees nothing, power cord dies and is resurrected three weeks later at which point the computer miraculously updates all problem programs and all seems well. This surely can't be right?

Tech specs: I am running Win XP (Media) on a Dell E1405, typically using Firefox 3, with Avira Antivirus, MalwareBytes, and Spybot Search and Destroy all installed and regularly updated, Windows Firewall is on and the network also runs a firewall.

Eerie coincidence, or does bigfoot...er...OS X malware actually exist?

jferg — Tue, 31 Mar 2009 10:52:30 -0800

Fraudulent Skype transactions: eerie coincidence, malware, or something else? So, my mom had some real weirdness happen in the past couple of days with Skype and her credit card, and I'm wondering if there's some sort of new, bleeding-edge malware for OSX out there I'm not aware of, or if it's just a really crazy coincidence.

(Note: I'm an IT Security Guy, but mostly on the development and network side, so I'm not _as_ current on desktop security and I do almost nothing with Macs - but feel free to go technical on me.)

This is the timeline of the weirdness:
1. Last Thursday afternoon while visiting my mom, I downloaded Skype to her Mac (x86 iMac, OSX 10.5.4), and set her up with an account. The account didn't have the same username as any of her other online identities, but was tied to the gmail address she uses for most other stuff. Didn't give them any credit card info or anything else, because she's just going to be using it for Skype-to-Skype to talk to me. (And I don't have her credit card info anyway.). After testing it to make sure it works, we closed Skype and didn't touch it again before we left.

2. Saturday, shortly after we left, she gets a call from CitiBank saying her credit card has been used for 'high-risk' transactions, in the form of 3 charges from www.skype.com totalling $10. She calls me, I tell her what info I gave them, that her credit card info was not given to them, etc. She calls them back, tells them the transactions were fraudulent, and they cancel the card, refuse the charges, etc.

3. Sunday morning, she gets an e-mail to her gmail account from Skype telling her that the charges to [some other Skype username] were refused, etc.

So this means that within 48 hours of having downloaded and installed Skype on her computer, somebody else has used her credit card number and e-mail address to sign up for a Skype account. This is, in my mind, slightly beyond coincidental, but the only other thing I can come up with is that her machine is compromised, or her home network (cable modem, wireless, WPA2, average password quality, few neighbors) is comp'ed.

However, I also signed up for a Skype account from my machine on her network, as well as paid bills, logged into my online banking, etc, and my stuff (at last check) was fine, which suggests its not at the network level.

So...is anybody aware of Malware for OSX that's harvesting info for Skype fraud, or is this just a really bizarre coincidence? Or is there anything else you guys can think of that I'm missing? Does anyone have any suggestions (outside of the normal unixy methods of looking for running processes, open ports, etc) for detecting malware on here machine, if such a thing were out there? I don't have physical access to her machine now, as we've since driven back across 4 states to home, but can do a WebEx or VNC session with her if need be.

(Also, she's since had the card cancelled and is getting a new one issued, so that's a non-issue, but I want to make sure this doesn't happen again.)

While I appreciate the irony..

CRM114 — Thu, 26 Mar 2009 17:51:50 -0800

I've been attacked by some malware called "Spyware Protect 2009". Have you guys seen this before? Screenshot and symptoms inside - hoping someone can help me kill this thing. This is what it looks like in action.

Note than NONE of the balloons or popups you see are from any of the legitimate security software on my computer, they're all from the malware. The popups show up every minute or so, and there's even a system tray icon for this non-existent piece of software now.

It's also done something strange to Task Manager - the border around the center of the window is gone; I can't see or access the File menu, for example.

I'm running Spybot with the latest definitions, but that scan is going to take a while. Anybody got any experience dealing with this thing?

Comcast cable internet hacked?

rbf1138 — Tue, 24 Mar 2009 22:03:16 -0800

I'm asking this for a friend. He's been using Comcast cable internet for at least a year now, and as of tonight he cannot access any websites (on either his PC or ipod), and is redirected to the following URL: actsvr.comcastonline.com/nocache/realactsvr.html It wants him to install software, and he can click on either customer or technician. What is going on? Does this sound like a virus, spyware, etc. or some sort of issue with the cable itself? Maybe an attack on the router he's using? How can he solve/fix this mystery?

Blanking Applications

aspenbaloo — Thu, 05 Feb 2009 17:07:51 -0800

Basic applications on my computer seem to be temporarily "blanking out" on me. Especially noticeable when I'm typing. What might be causing it and how can I fix it? I'm typing along contentedly, I notice the windows border on the application dims, then re-brightens and I notice that the letters I typed while it was dim are missing. It usually lasts for less than a second, but with some applications it remains dim, the cursor disappears and I have to click on the page to begin typing again.

I recently had a spyware issue but I hope I cleared that up with Spybot and Hitman Pro.

Any ideas how to track this down - it's getting really annoying, but I'm more concerned that somethins f-ing with my computer in the background.

Digital Immunodeficiency Disorder?

Rhaomi — Sun, 25 Jan 2009 17:44:21 -0800

My laptop's been infected by something that is interfering with all the usual solutions. Please help! After the recent hacking attempt that brought down Mefi, I scanned my laptop for any problems it may have picked up from it. AVG detected one threat, a trojan, which it promptly deleted. But that wasn't quick enough, apparently.

Now, my Windows XP setup is exhibiting weird behavior all around, and everything I've tried to do to fix it has been blocked. Here are all the symptoms:

Firewall - was originally turned off; I'm not sure for how long. I've since turned it back on.

Security software - AVG isn't detecting anything, but there's obviously something still wrong. Attempting to update the virus database throws an error. Most troubling, I cannot install the newest version of AVG as its website is blocked. Ditto for all the other major antivirus vendors -- trying to access their websites results in a page error.

Tech support sites - Same as above. Something is blocking all attempts to connect to the major tech help sites. I knew enough to check my hosts file, but can see no problems there. At least AskMe still works...

Google search - Searching Google for solutions leads to a standard results page. But when I click on a result, instead of going to the relevant page, it opens up a new tab and goes to a random spam site. This happens on Yahoo and other search sites as well. I can still get to the page I want by copying the URL and pasting, but it's slowing me down. And of course any link that points to a support site won't work.

Other browsers - I'd been using Firefox 3 up to this point, so I tried the other browsers on my system on the off chance they'd work better. No luck -- Google Chrome refuses to connect to *any* website, and Internet Explorer crashes immediately after launching.

System Restore - fed up with all the problems, I tried to roll back my system to a point before the infection. But to my great surprise, all the old system restore points have been deleted.

So to sum up: AV software is borked, security and support sites are blocked, searching is hampered, and I can't go back to an older system configuration. Any ideas?

PS: I know you are not my tech support, but like I said, all the more dedicated help sites I'd normally consult have been disappeared. Thanks for your time and patience!

Make the adware stop.

flibbertigibbet — Sat, 10 Jan 2009 17:46:27 -0800

My google search results are redirecting me to certain sites (see 'more inside') due to adware/spyware that AdAware and Norton can't find. It's intermittent, and happening to both Firefox, IE, AND Chrome, although Chrome is choosing to simply not load the pages and gives me error messages. I can't google a solution because of the redirecting problem. Can you help? For example, if I google anything with the term 'marriage' in it, I get redirect to http://209.85.171.199/url?q=http://www.top100weddingsites.com/ or http://209.85.171.199/url?q=http://www.findstuff.com/, which then, in turn, redirect me to other websites (mandatory disclaimer: it might be a bad decision to copy those into your address bar).

It happens most often when I click the (legitimate, Google-provided link) for 'News results about...'

Any help?

Help me rid my computer of clutter for faster performance.

mintchip — Fri, 09 Jan 2009 21:20:22 -0800

Help me rid my computer of clutter for faster performance. My computer says it only has ~7MB free, 35 used. Lately the performance has been less than dazzling...it's quite slow, actually.

Over the past two years I've added a number of programs, but not THAT many. As far as I know I've got MS Office, Dreamweaver, Photoshop, several photo managing programs, printer software, a PDF maker, camera software and some miscellany. (It's annoying that every add-on and peripheral requires installation of another memory hog, but anyway I digress). In any case, I'm unsure of what has used up so much space. I had a lot of images on it but I've moved these to an external drive.

For troubleshooting, I've run two different spyware removal programs (Spybot is one of them) plus CC Cleaner. I've also tried to degfrag, but I haven't noticed any improvements.

How can I figure out what is cluttering up my computer, and then how can I remove it? What steps should I take to get the performance back up? I've tried to remove programs that I don't think I use, but there are several that I don't recognize and I'm afraid to screw something up.

FYI, its a Windows laptop running Vista.

How to get rid of computer viruses?

melgy — Sun, 16 Nov 2008 23:50:47 -0800

Infected computer needs help! I've checked a few previous questions here and tried some of the things suggested, but having very little luck getting my computer back in working order.

The symptoms:
At first google was re-directing me on searches. If I clicked any of the results, I was redirected to spyware looking sites. Then this little red circle with a white X on it appeared on my tool-bar. It says "Your Computer Has been Infected!" and recomends I download spyware software. This seems to be part of the spyware.
Any attempts I make to get to a site that will let me download real spyware detection stuff are somehow blocked. A "Page Load error" comes up. I can navigate around these sites fine, it is just whn I click on the actual dowload links that it gives me the error message.
I managed to get "Ewido", which was suggested on a previous question here. It cleaned up some things, but now I can not log on to my computer on my account, it loads, then freezes (I'm on the guest account right now).
When I use the "Search" option on my start menu, the computer resets.
And finally, I can not start in safe mode, for some reason.

I'm running Windows XP on an Acer Aspire 3610.

And because I'm only able to log in on the guest account now, I can't use any of the Windows anti virus stuff.

Any ideas? And if I can't do it myself does anyone know where I can take my computer in Toronto to get it fixed?
Thanks!

Pleas Please Me

gensubuser — Thu, 06 Nov 2008 20:24:21 -0800

I need security software that blocks specific programs from using the internet. ZoneAlarm does this well, but it does not do this completely. Help? I've had good luck with ZoneAlarm over the past 5 years--it does pretty much what I want. No, Word, you don't get to use the internet. Sorry, Adobe Update, no phoning home. Unfortunately, there are some scraps remaining:

The other day I caught a program using some Windows Help .exe to grab its html help files from the web. It sounded pretty innocuous, but could used to sinister ends. Then, there are the "Windows Generic Host processes" -- you can't really lock them down (with ZA) without paying a huge price, because nothing really works then.

So, I want software that runs programs inside a web-less sandbox. I may end up having to run a VM with file-only access, but I'd rather not--that's kinda slow, and not very seamless. If there were software that viciously scalpeled all web dlls from the offending program, that'd be okay too. But I need to know that this software isn't phoning home. I don't give IE permission to use the net until I have to use it, because I have a suspicion some programs show up as IE in ZA.

99% of the programs out there talk about "stopping spyware before it's even installed" or removing it once it's been identified. I don't want that--I'm paranoid, what are my options?

Which anti-spyware and anti-virus programs are best at detecting and removing spyware and viruses respectively and why?

Fluffy654 — Tue, 07 Oct 2008 04:59:58 -0800

Which anti-spyware and anti-virus programs are best at detecting and removing spyware and viruses respectively and why? Everyone seems to have a personal preference when it comes to anti-spyware and anti-virus programs. However, what I never see is any reasoning to back this up.

For the purposes of this question, I am not interested in things such as ease of use or extensive feature lists such as real time scanning. I am only interested in which anti-spyware and anti-virus programs are best at doing their respective jobs: detecting and removing spyware and viruses.

I also want to know why a particular program is better than the rest.

Webmail can get hosed too?

Iosephus — Mon, 18 Aug 2008 15:35:29 -0800

Is there a nastyware lurking in this computer? Strange Yahoo! Mail contact list kidnapping observed... A friend of mine suffered an odd incident on their Yahoo! Mail account, which they only use through their browser: a spam message from some consumer electronics company (that some googling reveals is a probable fraudster) was sent to all their contacts, and the contacts seem to have been deleted after that. They have changed the password and recovered the contact list, but since they are not really computer knowledgeable and I have no access to their machine (a typical Win XP system), not much else to be done there. Some more googling shows up another cases like theirs, but no identification of the nasty. Besides my willingness to help save their bacon, I'm curious about what kind of thing would this be and how it did its trick, able to sneak into a webmail access and spam around the contact list. I'm not linking to the fraudster so as not to give them traffic, but their site as mentioned also in the spam starts with an e, then a dash, then saloon dot com.

Badware (or why I can't get to Gmail.)

Arquimedez Pozo — Sun, 20 Jul 2008 09:33:41 -0800

I have some sort of malware on my Dell that constantly redirects me away from where I desire to go. Specifically, it seems to prevent Gmail from working. Also prevents any major search site from loading. Always redirects to some idiotic ad site. Which means I can't even search Metafilter to find out if this has been asked before. Life without Google is hard!
I'm running an updated Firefox with windows XP. I have used: Hijackthis, Adaware, McAfee (worse than useless), Spyware Doctor, Ewido, Everything in the Best Buy toolkit
(kind of like hitman pro), and Sophos. I can detect and delete a gobbledigook DLL running as an .exe when I use Hijackthis, but it respawns when Firefox restarts. I'm not an idiot, but have only enough knowledge of the processes involved to be dangerous. It also seems to disable Windows Automatic Update service. I've done an end run around my inability to use Gmail by using thunderbird.

Any suggestions? If the only answers left are reformat, reformat and buy a new machine I can accept that.

FYI: I was running as an admin, a mistake not to be repeated, but something has disabled those privileges, and that something wasn't me.

And yes, my next computer will be a Mac.

What is this mysterious process that hijacked my shortcut?

Optimus Chyme — Wed, 04 Jun 2008 10:11:20 -0800

What is this mysterious process that hijacked my shortcut? I was using Photoshop CS2 and entered the shortcut key for "Save for Web" (Alt+Shift+Ctrl+S) and instead of getting the Save for Web dialog, a very minimalist login box appeared. Intrigued, I brought up the Task manager, right-clicked on the "Login" entry in the list, and selected "Go To Process." The process turned out to be C:\WINDOWS\SYSTEM32\vidifker.exe. This is on Windows XP Pro 2002 SP2.

All web searches for vidifker turn up nothing; if this is a virus or trojan, it's probably trivial for it to generate different names for itself. But then why was it so easy to find? Is it a keylogger? Commercial monitoring software? Is anyone familiar with any of this?

What has hijacked Firefox?

NorthCoastCafe — Sun, 18 May 2008 17:14:23 -0800

My Dell Win XP laptop caught some kind of infection via Limewire which blocks Firefox from loading and produces contast popup ads via IE. I never use IE. I've removed Firefox and redownloaded it. Still doesn't load. I've run Ad-Aware, RegScrub, and every other spyware program I know about. What happened, and how do I fix it?

spyware is killing me.

likeapen — Sat, 17 May 2008 12:25:24 -0800

Spyware infected. Help! So my pc is infected with some spyware. I keep getting pop-up from my system tray and internet explorer window. And my desktop background changed, saying "warning spyware threat has been detected on your pc". I downloaded hijackthis to do the logfile and i'm trying to download ComboFix, but the links they have up to download combofix don't come up. Can anyone help me? Below is my hijackthis logfile...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:17 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\xwusuhzh.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\scvhost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmona.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\DOCUME~1\Penelope\LOCALS~1\Temp\AutoDetect.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=salrecio123&key=b3b4bd844209d892e645b93683ae30ec&ts=41dc097d&A=368498140004309&B=1104825600000&C=1104825600000&D=1099814400000&I=7.NH4&N=PLHS&O=I
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\RunOnce: [Ceedo Repair] C:\DOCUME~1\Penelope\LOCALS~1\Temp\AutoDetect.exe /repair /drive=G /name=Ceedo
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Sonic INSTALLit! Setup.lnk = C:\Documents and Settings\Penelope\Local Settings\Temp\VIES2786\Setup.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe

--
End of file - 15937 bytes

Someones Watching

Anonymous — Mon, 17 Mar 2008 09:10:59 -0800

I believe that my soon to be ex-wife has installed software on my laptop (Win XP) that allows her to remotely monitor my web activity. How can I find and disable this?