Anyone Know About any@web?

LouLou
LouLou Posts: 2,135 Forumite
Part of the Furniture 1,000 Posts Name Dropper
My Spy Sweeper found a "System Monitor" called any@web. I deleted it, as far as I know.

My MSN Messenger has been acting strange, eg. putting up search queries unprompted, and AVG doesn't work properly, though I reinstalled it.

I've tried Googling any@web and haven't had much success..though apparently you can buy a program of the same name to track people's internet activities.

Should I be concerned?

I've got Spybot, Spyware Guard, Spyware Blaster and Ad Aware on here as well :)
«1

Comments

  • Quincy_3
    Quincy_3 Posts: 2,204 Forumite
    What I would do is to download and run ccleaner and untick install Yahoo Toolbar.

    Then make sure AVG is upto date and then restart PC and do a scan in safe mode (keep tapping F8 on start up) then run the scan, then after scan restart PC and then run a scan with Spybot, then after that scan make sure system restore is on, Right click My Computer, Properties, Restore Tab.

    Just see how it goes.

    Also have a look at the syware removal guide at the top of the techie forum.
  • Browntoa
    Browntoa Posts: 49,591 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    I agree with you, that looks like

    http://www.anyatweb.com/Product.htm

    who would want to watch your activity ?? is this at home or work ??
    Ex forum ambassador

    Long term forum member
  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    I tried Spyware Doctor and it found Trojan.dropper.agent.adh, Maxifiles, Elitebar and other things.

    I'm at home, and a bit stumped as to where it's came from.
  • Browntoa
    Browntoa Posts: 49,591 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    run through the steps in posts 1 to 4 here

    http://forums.moneysavingexpert.com/showthread.html?t=133269

    to make sure the stuff gets removed properly
    Ex forum ambassador

    Long term forum member
  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Thanks for your replies everyone, I'm still getting AVG finding viruses.

    I'll have a look at that thread, Browntoa.
  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    I tried all those steps in the link.

    The only other files that have been found since then was a Spyware file (PC Cillin).

    I've tried the Microsoft Windows Defence, CC Cleaner and Spybot too, nothing was found. I can't do System Restore at all, don't know why!

    Is there any way I can find out if my PC is now clean? Someone mentioned Hijack This..though I'm not techie enough to use it.

    My CPU in Task Manager is running at 100%, even when idle. I think there's still something wrong!
  • Browntoa
    Browntoa Posts: 49,591 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    http://www.tomcoyote.org/hjt/

    Click the Save Log button to create a file named Hijackthis.log. A dialog box will pop up. Use it to select the location where you will save the log. Close the program. Return to the Forum and reply to your original post. Open the Log in Notepad. Highlight the entire contents. Copy and paste the contents of the HijackThis log into your post. Wait for help from me , Pchelpman or Alfonso.
    Ex forum ambassador

    Long term forum member
  • LouLou
    LouLou Posts: 2,135 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Okay, here's the log file (deep breath) :)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\PROGRA~1\BTVOYA~2\oamSender.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\wap\wap.exe
    C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Louise Kelly\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - !!4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - !!5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
    O4 - HKLM\..\Run: [Booster] C:\PROGRA~1\BTVOYA~2\oamSender.exe
    O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" /r
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [CreativeMouse ] "C:\Program Files\Creative\Mouse Optical\mouse_2k.exe"
    O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - Startup: BT Broadband.lnk = ?
    O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Winnow Anonymous Proxy.lnk = C:\Program Files\wap\wap.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Spyware Doctor - !!2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted IP range: http://212.41.185.227
    O16 - DPF: !!04B6182D-FB75-11D4-90D2-0000B4948C7C} (cre8tiv 3Di ATL Control (Internet)) - http://www.quick-step.com/distribution/cre8tiv3dix.cab
    O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: !!5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
    O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143587923390
    O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\!!4C92C520-1BF2-4571-850B-0886D87288D9}: NameServer = 62.6.40.178 194.72.9.38
    O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    Thanks for offering to help.
  • Browntoa
    Browntoa Posts: 49,591 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    to be absolutley sure need the missing top bit, looks like this

    Logfile of HijackThis v1.99.1
    Scan saved at 9:19:53 PM, on 15/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,591 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    found this only

    O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
    (Description: IExplore.exe in the startup registry key is typically a virus or trojan. Unless you have specifically set your PC to start a new Internet Explorer browser window every time Windows starts, remove this entry.)
    Ex forum ambassador

    Long term forum member
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.8K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.8K Work, Benefits & Business
  • 619.6K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.