InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : FOLDER BAR ON MY DESKTOP??? |
| Answer» <html><body><p>Part 4<br/>O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll<br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll<br/>O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll<br/>O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll<br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll<br/>O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd<br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime<br/>O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe<br/>O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe<br/>O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe<br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot<br/>O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW<br/>O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize<br/>O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe<br/>O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe<br/>O4 - HKLM\..\Run: [PrinTray] C:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe<br/>O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe<br/>O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"<br/>O4 - HKLM\..\Run: [ap9h4qmo] C:\windows\system32\ap9h4qmo.exe<br/>O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask<br/>O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br/>O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe<br/>O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe<br/>O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe<br/>O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s<br/>O4 - HKLM\..\Run: [salm] c:\temp\salm.exe<br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe<br/>O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c<br/>O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet<br/>O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray<br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background<br/>O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot<br/>O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe<br/>O4 - Global Startup: CFCN WORK.lnk = C:\Program Files\Common Files\CFCN WORK\TrueWeather.exe<br/>O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe<br/>O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEPart 5<br/>O8 - Extra context <a href="https://interviewquestions.tuteehub.com/tag/menu-246398" style="font-weight:bold;" target="_blank" title="Click to know more about MENU">MENU</a> item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm<br/>O8 - Extra context menu item: &Google <a href="https://interviewquestions.tuteehub.com/tag/search-11324" style="font-weight:bold;" target="_blank" title="Click to know more about SEARCH">SEARCH</a> - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html<br/>O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html<br/>O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm<br/>O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html<br/>O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html<br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000<br/>O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html<br/>O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html<br/>O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br/>O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm<br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll (file missing)<br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll (file missing)<br/>O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)<br/>O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\windows\System32\shdocvw.dll<br/>O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\windows\System32\shdocvw.dll<br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL<br/>O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe<br/>O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe<br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br/>Part 6<br/>O10 - Hijacked Internet access by New.Net<br/>O10 - Hijacked Internet access by New.Net<br/>O10 - Hijacked Internet access by New.Net<br/>O10 - Hijacked Internet access by New.Net<br/>O10 - Hijacked Internet access by New.Net<br/>O16 - DPF: WebControlDeploy - <a href="https://grouper.com/v1/GrouperSetup.cab">https://grouper.com/v1/GrouperSetup.cab</a><br/>O16 - DPF: Yahoo! Dominoes - <a href="http://download.games.yahoo.com/games/clients/y/dot8_x.cab">http://download.games.yahoo.com/games/clients/y/dot8_x.cab</a><br/>O16 - DPF: Yahoo! Pool 2 - <a href="http://download.games.yahoo.com/games/clients/y/pote_x.cab">http://download.games.yahoo.com/games/clients/y/pote_x.cab</a><br/>O16 - DPF: Yahoo! <a href="https://interviewquestions.tuteehub.com/tag/spades-1219946" style="font-weight:bold;" target="_blank" title="Click to know more about SPADES">SPADES</a> - <a href="http://download.games.yahoo.com/games/clients/y/st2_x.cab">http://download.games.yahoo.com/games/clients/y/st2_x.cab</a><br/>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll<br/>O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - <a href="https://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab">http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab</a><br/>O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - <a href="http://www.pandasoftware.com/activescan/as5/asinst.cab">http://www.pandasoftware.com/activescan/as5/asinst.cab</a><br/>O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - <a href="https://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,20/mcgdmgr.cab">http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,20/mcgdmgr.cab</a><br/>O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - <a href="http://ds1.downloadtech.net/cn1060/pcpowerscan.cab">http://ds1.downloadtech.net/cn1060/pcpowerscan.cab</a><br/>O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - <a href="http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab">http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab</a><br/>O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe<br/>O23 - Service: FSMA - F-Secure Corporation - (no file)<br/>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\windows\system32\LEXBCES.EXE<br/>O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br/>O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe<br/>O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - <a href="https://interviewquestions.tuteehub.com/tag/networks-243489" style="font-weight:bold;" target="_blank" title="Click to know more about NETWORKS">NETWORKS</a> Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br/>O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exeSo there is all of it! sorry its so long<br/>hope it helps<br/>thanks all!!!<br/>LeanneWhile you're waiting for responses you can check your logfile here <br/><a href="http://www.hijackthis.de/index.php?langselect=english">http://www.hijackthis.de/index.php?langselect=english</a><br/>then see what suggestions are made.<br/>Don't do anything rash unless you understand it. Are there any entries that you do not recognize? If yes, what are they? <br/><br/> Quote</p><blockquote> O10 - Hijacked Internet access by New.Net<br/>O10 - Hijacked Internet access by New.Net<br/>O10 - Hijacked Internet access by New.Net<br/>O10 - Hijacked Internet access by New.Net<br/>O10 - Hijacked Internet access by New.Net </blockquote> <br/><br/>This sounds, to say the least, <em>dubious</em>Leanne K..... Ok , here's what I suggest you do ......<br/><br/>First ......close everything up........<br/><a href="https://interviewquestions.tuteehub.com/tag/click-918865" style="font-weight:bold;" target="_blank" title="Click to know more about CLICK">CLICK</a> ...... Ctrl/Alt/Del ...and open up the task manager ....<br/>Click on the process tab ............<br/>Shut down the following processes if running .....<br/><br/>C:\Program Files\Common Files\WinTools\wtoolss.exe <br/>C:\PROGRA~1\COMMON~1\WinTools\wtoolsa.e<br/>C:\temp\salm.exe <br/>C:\Program Files\Common Files\WinTools\wsup.exe <br/>C:\PROGRA~1\INCRED~1\bin\IMApp.exe<br/><br/>Now open up hijackthis and run a scan ......<br/>click on the config button.......( lower right corner )<br/>when the new window opens ..........<br/>In the 4 URL boxes ...... type in ..... <a href="https://www.msn.com">http://www.msn.com</a><br/>( you can change this later ) now click back<br/><br/>Now mark for removal , the following .<br/><br/>All R0 entries<br/>All R1 entries<br/>All F2 entries<br/><br/>O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll <br/><br/>O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) <br/><br/>O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (file missing) <br/><br/>O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\wtoolsb.dll <br/><br/>O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe <br/><br/>O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\wtoolsa.exe <br/><br/>O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\newdot~2.dll,NewDotNetStartup -s <br/><br/>O4 - HKLM\..\Run: [salm] c:\temp\salm.exe <br/><br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll (file missing) <br/><br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll (file missing) <br/> <br/>O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) <br/><br/>O10 - Hijacked Internet access by New.Net <br/><br/>O10 - Hijacked Internet access by New.Net <br/><br/>O10 - Hijacked Internet access by New.Net <br/><br/>O10 - Hijacked Internet access by New.Net <br/><br/>O10 - Hijacked Internet access by New.Net <br/> <br/>O23 - Service: FSMA - F-Secure Corporation - (no file)<br/><br/>O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\wtoolss.exe <br/><br/>Ok ........now click fix marked ....... when done reboot and see how things are .<br/><br/>Let us know <br/><br/>dl65 <br/><br/><br/><br/>Thankyou, I will do this as soon as I can. I have a newborn and I am also babysitting my room mates children today but as soon as I get a chance, I will do it and get back to you<br/>thankyou<br/>[glb]Leanne[/glb]</body></html> | |