4832 + Interview Questions in Computer viruses and spyware in Software Page 13 InterviewSolution

601.	Solve : "Admin" Account Suddenly Has No Admin Powers?
Answer» OK, I have a Dell Inspiron 6000 laptop running Windows XP. I have Zonealarm and AVG antivirus - the registered version. But for some reason I still ended up with a virus on my system. I have no idea how it happened, but it coincided with my reinstalling Firefox 2 after Firefox 3 pissed me off by running at a snail's pace. I still have no idea what the virus was, but my dad and I spent an entire evening trying to figure out. He eventually tracked down a .dll FILE with a gibberish name we couldn't find anywhere on the internet. It was creating bogus files willy-nilly and was somehow protecting itself from being deleted, so we eventually resorted to using a different computer to hack into my harddrive and get rid of the piece of censored that way. Everything went back to normal after that, except I noticed I'd lost some data in the process; Windows updates had disappeared, and at least one of my programs refuses to run anymore. So I went to reinstall that program, and ran into a brick wall. While fighting the virus, we'd created a second user account on my computer, given it admin privelages and changed my own account to the limited version. After the fuss was over I got annoyed by having to switch between accounts all the time, so I changed my original account to admin again, and tried to delete the other one. The computer wouldn't let me, claiming I didn't have "permission". So I changed the other account to limited, and then tried to delete it. No dice. Then today, when I tried to uninstall a program while logged into my regular account, Windows suddenly started claiming that I didn't have admin powers. My User Accounts list claims that I do. Everything else says otherwise. I tried the other account, but, oops, it's now limited and can't do anything. My other (supposed admin account) won't let me change that setting again. End result: neither of my logins will let me install, uninstall, change account setting or, in fact, use any admin powers whatsoever. I'm LOCKED out of my own frigging computer. Please for the love of gods, does anyone have a suggestion that isn't "reinstall Windows and lose everything", or "hurl computer out the window"?If you open the Management Console (In the Run dialog box type "mmc" and press enter), and add the Local Users and Groups snap-in (file - add/remove snap in - "Add" button - find "Local Users and Groups" and double click - "Finish" button - "Close" button - "Ok" button), expand the drop down menu in the left hand pane, and select Users. Now, Double click "ADMINISTRATOR" in the right pane. That opens the properties box for the built in Admin account. Clear the "This account is disabled" box, and click "ok". Now right click on the admin account and set the password to something you'll remember. Now I'd reboot into Safe Mode (rapidly press f8 as your computer loads, just after the bios hands over the machine to Windows...where the screen goes black) and log in as the Administrator and you should be able to give your account it's privilages back. It might be worth running another virus check while in safe mode before rebooting and logging back in as your main profile. Also, you needn't move between a limited account and an admin account to do stuff as an admin, you can "Run as Admin". Normally, if you hold shift and right click something the option becomes avail. Just pop in the Admin credentials and you're away. Probably a good idea to adopt this approach instead of constantly running around as an admin for the 10mins when you need to install/config something. Might prevent future problems with viruses. Let us know how you get on. SidDear gods that is like the fastest reply EVER. Dude, you're the man. I don't care if this works or not; you're still the man. I'll give it a shot! Thanks a heap! OK, I've tried the first part of what you suggested but the thing told me something like "this snapin cannot be used with Windows Home Edition please use the User Accounts menu in the Control Panel". Should I go on and try the second part anyway? Quote from: Beak_Hookage on July 16, 2008, 07:35:50 AM OK, I've tried the first part of what you suggested but the thing told me something like "this snapin cannot be used with Windows Home Edition please use the User Accounts menu in the Control Panel". Should I go on and try the second part anyway? It might be worth seeing if you can get into the built in admin account in safe mode. It certainly won't hurt. censored windows "home"... I only replied so quickly cus I was online. But thanks for the props! I'll have a play with my XP Home install later on tonight and see what can be done....Well that's odd; all of my admin powers suddenly CAME back after I did a reboot and pressed ctrl-alt-del at the welcome screen. Someone else suggested that I might still have malware on my system, though, so I'm going to take some steps to get rid of it. Thanks a billion for your help!Your computer may be still infected... Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. PHYSICALLY DISCONNECT FROM THE INTERNET Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RECONNECT TO THE INTERNET RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in NOTEPAD. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log. DO NOT make any other changes to your computer (like installing programs, using another cleaning tools, etc.), until it's officially declared clean!!!

601.

Solve : "Admin" Account Suddenly Has No Admin Powers?

Answer»

OK, I have a Dell Inspiron 6000 laptop running Windows XP. I have Zonealarm and AVG antivirus - the registered version. But for some reason I still ended up with a virus on my system. I have no idea how it happened, but it coincided with my reinstalling Firefox 2 after Firefox 3 pissed me off by running at a snail's pace.
I still have no idea what the virus was, but my dad and I spent an entire evening trying to figure out. He eventually tracked down a .dll FILE with a gibberish name we couldn't find anywhere on the internet. It was creating bogus files willy-nilly and was somehow protecting itself from being deleted, so we eventually resorted to using a different computer to hack into my harddrive and get rid of the piece of *censored* that way.

Everything went back to normal after that, except I noticed I'd lost some data in the process; Windows updates had disappeared, and at least one of my programs refuses to run anymore.

So I went to reinstall that program, and ran into a brick wall.

While fighting the virus, we'd created a second user account on my computer, given it admin privelages and changed my own account to the limited version. After the fuss was over I got annoyed by having to switch between accounts all the time, so I changed my original account to admin again, and tried to delete the other one.

The computer wouldn't let me, claiming I didn't have "permission". So I changed the other account to limited, and then tried to delete it.

No dice.

Then today, when I tried to uninstall a program while logged into my regular account, Windows suddenly started claiming that I didn't have admin powers. My User Accounts list claims that I do. Everything else says otherwise.

I tried the other account, but, oops, it's now limited and can't do anything. My other (supposed admin account) won't let me change that setting again.

End result: neither of my logins will let me install, uninstall, change account setting or, in fact, use any admin powers whatsoever. I'm LOCKED out of my own frigging computer.

Please for the love of gods, does anyone have a suggestion that isn't "reinstall Windows and lose everything", or "hurl computer out the window"?If you open the Management Console (In the Run dialog box type "mmc" and press enter), and add the Local Users and Groups snap-in (file - add/remove snap in - "Add" button - find "Local Users and Groups" and double click - "Finish" button - "Close" button - "Ok" button), expand the drop down menu in the left hand pane, and select Users.

Now, Double click "ADMINISTRATOR" in the right pane. That opens the properties box for the built in Admin account. Clear the "This account is disabled" box, and click "ok". Now right click on the admin account and set the password to something you'll remember.

Now I'd reboot into Safe Mode (rapidly press f8 as your computer loads, just after the bios hands over the machine to Windows...where the screen goes black) and log in as the Administrator and you should be able to give your account it's privilages back. It might be worth running another virus check while in safe mode before rebooting and logging back in as your main profile.

Also, you needn't move between a limited account and an admin account to do stuff as an admin, you can "Run as Admin". Normally, if you hold shift and right click something the option becomes avail. Just pop in the Admin credentials and you're away. Probably a good idea to adopt this approach instead of constantly running around as an admin for the 10mins when you need to install/config something. Might prevent future problems with viruses.

Let us know how you get on.

SidDear gods that is like the fastest reply EVER.
Dude, you're the man. I don't care if this works or not; you're still the man.

I'll give it a shot! Thanks a heap! OK, I've tried the first part of what you suggested but the thing told me something like "this snapin cannot be used with Windows Home Edition please use the User Accounts menu in the Control Panel".

Should I go on and try the second part anyway? Quote from: Beak_Hookage on July 16, 2008, 07:35:50 AM

OK, I've tried the first part of what you suggested but the thing told me something like "this snapin cannot be used with Windows Home Edition please use the User Accounts menu in the Control Panel".

Should I go on and try the second part anyway?

It might be worth seeing if you can get into the built in admin account in safe mode.

It certainly won't hurt.

*censored* windows "home"...

I only replied so quickly cus I was online. But thanks for the props!

I'll have a play with my XP Home install later on tonight and see what can be done....Well that's odd; all of my admin powers suddenly CAME back after I did a reboot and pressed ctrl-alt-del at the welcome screen. Someone else suggested that I might still have malware on my system, though, so I'm going to take some steps to get rid of it.

Thanks a billion for your help!Your computer may be still infected...

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in NOTEPAD.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

DO NOT make any other changes to your computer (like installing programs, using another cleaning tools, etc.), until it's officially declared clean!!!

603.	Solve : Avast Resident Scanner Not Working??
Answer» I previously downloaded Avast Free Home Anti Virus software, and received about 5months of good use and no problems. But not to long ago when I booted the avast virus scanner, it wouldn't load and keep'd telling me that there was a problem with the skins or something. After I keep getting that problem I un-installed the program and rein-stalled it again. Hoping to get the virus scanner to work again. I did get the scanner to work, but another problem has arised. One of the most important services avast offers, which is real time virus protection (resident scanner) does not appear in the ICON tray. Therefore does not work for some reason? I'm not sure why ? Can you HELP me out, it seems that the program installed correctly etc, its just that the resident scanner doesn't work? System Specs, Op: Vista Home Ram:3G Intel MotherBoard and Components Regards Kieran Resident scanner is the most important part of antivirus program. It gives you real-time protection. Download HijackThis: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download Click on Download HijackThis Installer Post HijackTHis log.Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:57:21 PM, on 7/14/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\eLogsvc.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Windows\system32\svchost.exe C:\Program Files\avast1thegood\aswUpdSv.exe C:\Program Files\avast1thegood\ashServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Norman\Npm\bin\NJEEVES.EXE C:\Windows\system32\WUDFHost.exe C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\avast1thegood\ashMaiSv.exe C:\Program Files\avast1thegood\ashWebSv.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper CLASS - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-au.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast1thegood\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast1thegood\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast1thegood\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast1thegood\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 8573 bytes The log is clean, BUT you have TWO antivirus programs running: Norman Virus, and Avast. Big No, NO. One of them has to go.But the problem is, resident scanner isn't working. Its not appearing in the icon tray. And i cant access its interface?You HAVE TO uninstall one of antiviruses, and then we'll see.I will try that, but let me just say, i have bee running Avast and Norman perfectly fine before. The problem has only risen recently. But ill do wat ever you think is good.Running two antivirus programs is nothing more, then ASKING for problems, and I'm saying this for the very last time.I'm not saying this to be rude or a smart alec, but im accually not running two. I'm only running one, thats the problem. Avast isn't running, only norman is? so if i stop norman then i have no anti virus running?I'd download fresh copy of Avast, or Avira, disconnect from the Internet, uninstall BOTH, Avira, and Norman, then install one AV.I'll see how it goesSee'ya tomorrow...Excellent, works now. Must have just been a faulty copy or what not. Well thats great. thanksI told you so. You're not off the hook, yet. I'd like to see fresh HJT log.By the way im not running Norman, i uninstaled it. But it still comes up in the log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:57:21 PM, on 7/14/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\eLogsvc.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Windows\system32\svchost.exe C:\Program Files\avast1thegood\aswUpdSv.exe C:\Program Files\avast1thegood\ashServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Norman\Npm\bin\NJEEVES.EXE C:\Windows\system32\WUDFHost.exe C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\avast1thegood\ashMaiSv.exe C:\Program Files\avast1thegood\ashWebSv.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-au.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast1thegood\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast1thegood\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast1thegood\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast1thegood\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 8573 bytes

605.	Solve : Windows Script error message?
Answer» I am a self taught computer user and only know enough to get by...for some reason my AVG virus protector disappeared so I downloaded it again. Since then every time I turn on my computer I get the error MESSAGE: 'Can not find Script file "c:\windows\Systems32\KillVBS.vbs"' I haven't a clue what that means and I do not know how to get rid of this message. Thanks for your help...I have another question related to my digital camera I will post as well...thanks!Your computer is infected... Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. PHYSICALLY DISCONNECT FROM THE INTERNET Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are CHECKED (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * BACK on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the CURRENT dated log and PRESS View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RECONNECT TO THE INTERNET RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log. DO NOT make any other changes to your computer (like installing programs, using another cleaning tools, etc.), until it's officially declared clean!!!

606.	Solve : i have computer problems?
Answer» I have a compaq presario 6000, it runs off of windows XP. Yesterday I installed windows service pack3. I have no idea who used this computer after that but i turned it on today and it went through disk check and then when it was finished I booted it up and it came up with the icons and stuff but also it came up with the c-setup black box and then it closed by itself. Im really concerned so I ran hijack this and malwarebytes. I also ran super anti spyware but it didnt give me a log. So here is the log for hijack this. [recovering disk space -- attachment deleted by admin]Post Malwarebytes log, please. HJT log has to be from after running Malwarebytes.okay here is the malwarebytes log and the new hijack this log [recovering disk space -- attachment deleted by admin]I see only very minor issues... * You need to update Java: http://java.sun.com/javase/downloads/index.jsp Java Runtime Environment (JRE) 6 Update 7 Uninstall all previous versions of Java through Add\Remove. * Go Start>Control Panel>Add\Remove, and uninstall: - AskSBar * Download, and run CTFMON-Remover: http://www.gerhard-schlager.at/en/projects/ctfmonremover/ The CTFMON-Remover helps you removing the annoying CTFMON.EXE from your Windows operating system. The program is easy to use and displays whether the CTFMON.EXE is installed and running or not. If it was found then you can remove it within seconds. Just in CASE that you need the CTFMON sometime in the future there is also an option to restore the original one. Note:The CTFMON.EXE is among other THINGS responsible for changing the language schema of your keyboard (e.g. for switching between the German and English keyboard layout). So in case you are using this feature you shouldn't remove or disable the CTFMON.EXE! 1. Print this post out, since you won't have an access to it, at some point.** 2. Close all windows, except for HijackThis. 3. Put a checkmark NEXT to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases [marked with ], no actual program will be removed): - R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL - O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL - O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL - O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL - O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot - O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch - O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE - O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl - O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe - O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 4. Click on Fix checked button. 5. Restart computer in Safe Mode (keep tapping F8 KEY, when your computer starts, until menu appears) 6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders. 7. Delete following files/folders (if present): - AskSBar folder from C:\Program Files - ALCXMNTR.EXE file from C:\Windows 8. Restart in Normal Mode. 9. Post new HijackThis log.

607.	Solve : Virus alert in time bar?
Answer» Dear kind sirs I downloaded a virus I tried every thing from Norton AVG and one care but I still had the Virus alert next to my time in the bottom right of the computer. In addition I could not open the programs in the windows file nor FIND the icons that display my C and D drives. I have completed the initial scans as explained in the "Read this before requesting malware removal help" and EVERYTHING seems to be normal now. Please could you go through my logs to see if any more help is required thankyou. PS Im not very computer savy so I will need a lot of explaining when it comes to remedies thanks. [recovering disk space -- attachment deleted by admin]* Download, and run CTFMON-Remover: http://www.gerhard-schlager.at/en/projects/ctfmonremover/ The CTFMON-Remover helps you removing the annoying CTFMON.EXE from your Windows operating system. The program is easy to use and displays whether the CTFMON.EXE is installed and running or not. If it was found then you can remove it within seconds. Just in case that you need the CTFMON sometime in the future there is also an option to restore the original one. Note:The CTFMON.EXE is among other things responsible for changing the language schema of your keyboard (e.g. for switching between the German and English keyboard layout). So in case you are using this feature you shouldn't remove or disable the CTFMON.EXE! * Download, and run QuickTime Killer: http://www.softpedia.com/get/System/Launchers-Shutdown-Tools/QuickTime-Killer.shtml QuickTime Killer will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime * Did you install Win-Spy? 1. Print this post out, since you won't have an access to it, at some point.** 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases [marked with ], no actual program will be removed): - O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - (no file) - O2 - BHO: (no name) - {51664F3E-54BC-4EF7-ADF9-98F6FDDBCE70} - (no file) - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) - O3 - Toolbar: (no name) - {80123684-A222-4009-8220-A867294D6DE8} - (no file) - O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE - O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe - O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe - O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup - O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime - O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k - O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe - O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background - O4 - HKCU\..\Run: [SUPERANTISPYWARE] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present (to be fixed if not done intentionally) - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - O20 - Winlogon Notify: awtqnkhe - awtqnkhe.dll (file missing) 4. Click on Fix checked* button. 5. Restart computer. 6. Post new HijackThis log.here is my new hijack this log (i did as you requested) [recovering disk space -- attachment deleted by admin]Your computer is clean 1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. Download, and install McAfee SiteAdvisor: http://www.siteadvisor.com/download/ff.html. It'll warn you (in most cases) about dangerous web sites. 6. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program 7. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html 8. Let me know, how your computer is doing. Thanks alot for your time and effort your a star. Just one last question I paid for Norton 2 months ago how come this didnt pick up the viruses? 1. There is no PERFECT antivirus program. 2. Norton is pretty lame antivirus application.hi guys... have the same problem virus alert in taskbar, can't see c drive in my computer, can't open task manager and various thigs in my tart menu are no longer available... have ran hijack this and checked the boxes you instrutced roughbernie and after fixing them everything is still on the computer.... any idea's?? thanksungerey You need to start your own topic.

610.	Solve : I need help with NIS?
Answer» A new threat to protect against. But every time I click "protect me" I still get this: I clicked on it again and again - I still can't get rid of this message! What can I do? I was INSTRUCTED to do this: Click Protect Me Now Click Ok Click Finished I did all that. Why doesn't it work?I'd check the symantec web site or e-mail them for assistance. Can you run the free virus scanner at www.trendmicro.com and see if that clears up the problem?Ah, too late to delete. I had just installed the thing, and forgot to restart. A dumb mistake: As soon as I rebooted, everything worked fine. Or, as Merlin would say: Delete! Ah, too late to do so!>>>>Did you REBOOT, yes...... are you on 98...... should be....... no problems! OH, darn, he MISSED the upgrade. Anyways... never mind, basically. Glad all is well. HAPPY New Year!

611.	Solve : Adware on (older) Mac?
Answer» I made a big boo-boo at work and HOPE you can help me out. I OPENED an EMAIL on their older Mac graphite and got an ad from lowermybills.com that perpetually opens IE and displays the ad. The Mac is RUNNING OS9.2. Where can I get help for this? The boss is PO'd Thanks all, STry posting in the Apple SECTION.

614.	Solve : Mcafee Virus scan?
Answer» I have Mcafee VirusScan Enterprise 8.0.0 Installed on my computer. When I first start up my computer for the first time during a day I have to manually enable on access scan.Sometimes, It shows It being on, most of the time It appears off. I have tried settings but no luck, Any Ideas?.http://www.tcd.ie/iss/security/virusscan_8.php To configure a customised scan: 1. Click Start, Programs, Network Associates, VirusScan Console. 2. Click on Task and ‘New On Demand Scan Task’ 3. The new task appears in the task list where you are prompted to give it a name. Type in a descriptive name and hit return or double click on the new task to configure it 4. On the ‘Where’ tab highlight the ‘All Local Drives’ item and click on the edit button 5. From the drop down ‘item to scan’ list choose ‘Drive or Folder’ and browse to the location you WISH to scan. It will appear in the location field. Click OK 6. On the ‘Where’ tab under scan options ensure that ‘Include Subfolders’ is ticked 7. On the ‘Detection’ tab ensure that ‘All Files’ and ‘Scan inside archives (for example Zips) are SELECTED 8. If you wish to SCHEDULE the task click on the ‘Schedule’ button 9. On the Task tab tick the ‘Enable’ button 10. On the Schedule tab configure the schedule as required 11. Click on apply, ok and ok 12. To run the scan right-click on it in the VirusScan console window and click on start

617.	Solve : a lots of problem?
Answer» hi is thr anyone to help me... i have got lots of problem in my PC:- 1. folder OPTION from tools menu has gone 2. all the folders of my pc showing size 180kb but contains all my files. 3. when i TRIED to open my any folder it fails to open 4. msconfig id not working pls anyone help me getting my pc ok please please please You're ALREADY being helped, awyes. Please don't make new threads when it isn't necessary. Have patience and we will try to help you sort your problem out.Topic Closed. Please see your other thread for replies.

618.	Solve : is this overkill?
Answer» I have xp sp2 I have threatfire, COMODO avg, and windows defender on my pc just wondering if it too MUCH. I don't have any PROBLEMS REALLY I'm just curious thanksNot overkill. I would ALSO install Spywareblasterokay great thanks Evil.No problem

619.	Solve : Msn, Based Virus,?
Answer» Hello, i have seen this quite alot. But is it a virus or WHATNOT, when someone sends you a FILE of the NET and its says like 'do i LOOK dumb in this pic?' and with an attached file. This happens in msn live? any thoughts on what type of software COULD be running it etc. its really annoying. I opened one on my virtual pc, its bad, some pritty bad stuff it sends you.http://www.msnvirusremoval.com/

639.	Solve : Can a Computer Virus infect the BIOS??
Answer» I've been learning C++ for the past couple of months and I've learned how to create simple programs that BASICALLY annoy the crap out of people. They're nowhere near ACTUAL viruses due to the fact that all they do is DISCONNECT your mouse and keyboard, display, unpin everything from the task bar, change language settings, make the mouse go crazy etc.. However it raised the question in my mind: is it possible for a virus to not only infect the BIOS but also alter it's settings? If it is possible would a virus be able to once in the BIOS, overclock a stock cooled CPU to the point were it fries? That SORT of thing?Based on the content in your post, we're not interested in assisting you. Thread LOCKED.

621.	Solve : I NEED HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?
Answer» Well if you can't positivly fix the problem really the only OPTION you have, is to reinstall windows, which would WIPE your hard drive clean. The positives here are also that your COMPUTER, after being wiped, would run as FAST as when it was bought KieranHe doesn't have any disks.I'm quite aware of that, but im saying he might NEED to purchase them in a sense, its probably the only option.

622.	Solve : malewarebytes blocking MPC video player?
Answer» so for some reason malwarebytes is treating MPC as a MALICIOUS program. Ive been using it forever then all the SUDDEN when i go to click on a video it gives pop up "ransom.filelocker" see attached any idea why it suddenly decides to do this? I redownloaded it and CLICKED on another video and same thing, then MPC program gets ERASED from default video player and cannot be found or opened again. I just uninstalled. [attachment deleted by admin to conserve space]False Positive. https://forums.malwarebytes.org/index.php?/topic/176926-media-player-classic-x64-ransom-file-locker/ Looks like a database update is available already that FIXES it.

625.	Solve : Tricky Malware??
Answer» I got a notification from Windows Defender SAYING that it detected malware. Malwarebytes didnt find anything. I ALSO RAN Malwarebytes anti root kit and it found nothing. Any suggestions would be appreciated. Does Defender not GIVE any indication of the specific FILE(s) in question?

626.	Solve : Anti virus-McAfeeSetup?
Answer» Your COMMENT has been removed. Please do not post MALWARE advice, or post here in the malware forum, UNLESS you NEED help.Superdave.

627.	Solve : Ransomware... My husband let them in his computer!?
Answer» My husband answered the phone yesterday to a man who said his computer had been hacked. He said he could find the hacker and fix it for him. So he turned on the computer and typed in what the man told him to...then the man took control of the computer saying he was searching for the hacker. When I walked in the room I overheard my husband say I don't have that much money right now...and I ASKED him who he was talking to...I seen the cursor moving around his computer and I told him that's a scam HANG up. But it was too late....now he can not get his computer to come on... Any help would be appreciated The phone number is deleted by allan the people that called.1) I deleted the phone number from your post 2) If your system wasn't backed up you will almost certainly lose all data. You can either PAY the ransom or format and reinstall. You should wait for Super Dave to confirm, but I think you're out of luck The phone number was the ransom people's... not mine He has it backed up...but how do we get the computer to boot up...it won't come on?? Thanks for the fast response Quote from: SheIsMe on November 18, 2015, 11:24:53 AM ... He has it backed up...but how do we get the computer to boot up...it won't come on?? ... Which backup program did you use? Backup software has some way of rebooting your computer. See the instruction manual. You may need another computer to CREATE the 'boot media' needed to restart your computer.I think I got it...it says it is resetting the computer. Will let you know if it works

628.	Solve : Suspicious IP's in Wireshark?
Answer» Bought a laptop which had preinstalled malware in it. Wiped it clean and installed Windows 7 from scratch. No signs of malware anymore, but I'm thinking the UEFI might be flashed with malicious software. I just have started experimenting with Wireshark to see if I have browsers closed and so on, will the system connect anywhere. It seems to connect to Amazon IP in the US (I'm located in Europe), and therefore I'm really concerned about the security of this system. I have booted it in Windows 7 compatibility mode, have ran Avast, MBAM and MBAR, MBAR in compatibility mode too. In the startup it says it has found a possibly rootkit activity; appinit_dlls -folder. I found in regedit that there are a few of them there, other is in win.ini -subfolder and other seems to be an nVidia file. I have tried to get some clue about the wireshark, but it seems like I'm too much of a newbie to find anything out without help. There are lots of UDP protocol based connections, a few TCP, ARP, SSDP and a few HTTP's as well. Also NBNS and IGMPv2. Is there any possible way of really finding out if my system is still infected? I thought that if I use CCleaner to clean up the system of any cookies or so, I woudl see better if they have anything to do with connecting randomly to some IP but don't even know if that's possible. I'm willing to find out and can do things as directed, so any help is appreciated.I doubt there is anything to worry about, its totally normal to see network connections going out from a PC, it's most likely things checking for updates, weather apps updating, software checking its activation status and so on. Loads of companies rent space on Amazon's servers through Amazon Web Services so it's common to see connections to Amazon IP addresses from software doing as I described above. Also bear in mind that wireshark SHOWS every packet going in and out of the system, so while you may be seeing data flying by when you do a capture, it probably isn't as much data as it looks. One update for a piece of software running in the background could result in hundreds of packets appearing in Wireshark.I had to make another account as I forgot the password and used an anonymous email which had similar password and forgot that too... Anyhow. How about finding out if the UEFI is secure? I really wouldn't want to have my personal info and/or files (especially credit card info) to be available to someone who could have infected the system. How can I check the security of UEFI and the system, that there is only tiny tiny tiny chance of it having anything infected?"but I'm thinking the UEFI might be flashed with malicious software." It isn't. You know enough to poke around in REGISTRY editor and snoop with wireshark, but not enough- by your own admission - to know what you are looking at.For a laugh I just ran Wireshark on a Windows 7 machine of my own. This machine is a laptop that I use exclusively as a radio receiver and it therefore has very little software installed on it, nothing apart from Windows and the Antivirus (Microsoft Security Essentials) runs in the background. To be clear this laptop is a ThinkPad T400 from 2008 and therefore has nothing that remotely resembles a UEFI. As soon as I started the capture, just like you found, there was hundreds of packets being captured. These ranged from TCP connections to Microsoft and AKAMAI IPs which appeared to be serving Windows updates, a bunch of IPv6 addresses I couldn't be bothered to look up, SSDP packets coming from another Windows 10 PC on my network, ICMP packets coming from my router and ARP packets coming from my Samsung Smart TV. I agree with BC, your UEFI is almost certainly fine - To attack a UEFI you would effectively need to build a virus to attack every specific model of laptop, they would all need to be treated differently, this is totally impractical. While UEFI attacks are certainly possible, I have never heard of any of them being discovered in the wild, it's a classic case of something that can be done, but isn't easy or useful enough for someone to have any reason to do it.It's fundamentally the same as "BIOS Viruses". It's something that can be done but for which it simply isn't worth doing. Even if you infect the system at that level- both the BIOS and UEFI stop having any control over the system after the boot, so any "infection" that takes place would be effectively the use of the low-level infection to infect the higher level OS. The problem, then, is that there simply isn't room for it- the "malware" would need to effectively replace significant portions of the BIOS firmware as a data storage location for OS-targeted malware, in addition to the NEW logic to try to detect what is on the HDD to infect it properly. It would be difficult to keep the system functioning after stripping out that much, let alone make it look and function similarly during boot. it's simply not worth the trouble when you can send a spam e-mail with a download link and infect a significant number of systems.Thank you both for quick and relieving answers. I'm quite COMFORTED now as what comes to the probability of the malicious file, so I think I'll just keep the censored thing. Hopefully this ain't the wrong decision. All further info towards this matter is still welcome though.

633.	Solve : windows vista hanging up on boot up. crcdisk.sys?
Answer» Hi guys. So I'm using a TOSHIBA satellite a200-28p. It can't boot further than loading files screen where it hangs on the crcdisk.sys. I have TRIED booting in all the safe modes but I just end up on the same screen. I have also tried to run a xp RECOVERY disc but again I can't get a response... anyone got any idea what to do please help!!Is this the XP OS disk that you RECEIVED with your laptop or is this a recovery disk you made yourself? You will need to change the BIOS to boot from the disk. If you do not know how to set your computer to boot from CD follow the steps here

634.	Solve : Hijack Software and FBI Warning on my iPad.?
Answer» Never had problems with a Apple product with VIRUS or Hijacking. I KNOW a LOT about Windows based product, but not a thing about Apple problems. Please help me get RID of this locked up Safari problem on my iPad.Sorry, I can't help with Apple products. You might try the Apple forum on this site.

635.	Solve : Can't Install Norton AntiVirus or any AntiVirus Software?
Answer» Same thing happens when I use Chrome.Please go to Kaspersky website and perform an online antivirus SCAN. 1. READ through the requirements and privacy statement and click on Accept button. 2. It will start downloading and installing the scanner and VIRUS definitions. You will be prompted to install an application from Kaspersky. Click Run. 3. When the downloads have finished, click on Settings. 4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives 5. Click on My Computer under Scan. 6. Once the scan is complete, it will display the RESULTS. Click on View Scan Report. 7. You will see a list of infected items there. Click on Save Report As.... 8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. 9. Please post this log in your next reply.

640.	Solve : Police-Report virus/ransomware?
Answer» At this point I feel that you should re-install XP but save your important data first then boot with the OS disk in and follow the directions.Thanks for your help. Darn A-holes....why do they do this? No, there's no need to answer that. I wish people like that didn't EXIST. People who make VIRUSES and malware make me sick. Thank you for trying to help me with the computer, but I guess they win this time. Don't FORGET to put a good AV on your computer when you get it repaired. Remember to only install one antivirus! 1) Avast! Home Edition 2) AVG Free Edition 3) AVIRA AntiVir Personal 4) MicroSoft Security Essentials All versions and all languages. 5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false VIRUS alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.I have the same issue. I did get the OTL.txt file and attached it. have no clue what to do now. [attachment deleted by admin to conserve space]newatthis, don't hijack someone else's thread. Please start a new thread of your own and I'll help you as best I can.

Explore topic-wise InterviewSolutions in .

Solve : "Admin" Account Suddenly Has No Admin Powers?

Solve : rootkit reaverler?

Solve : Avast Resident Scanner Not Working??

Solve : Trojan Need Some Help!?

Solve : Windows Script error message?

Solve : i have computer problems?

Solve : Virus alert in time bar?

Solve : I cannot get my hidden folder?

Solve : I have a question concerning ShowDeskFix?

Solve : I need help with NIS?

Solve : Adware on (older) Mac?

Solve : Blackworm Virus?

Solve : Upgrade MS Anti Spy to MS Defender??

Solve : Mcafee Virus scan?

Solve : java highway?

Solve : All .exe extensions changed to *exe.vir. and quarantined. Pleeeeas Help!!?

Solve : a lots of problem?

Solve : is this overkill?

Solve : Msn, Based Virus,?

Solve : need help removing a program!!!!?

Solve : I NEED HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?

Solve : malewarebytes blocking MPC video player?

Solve : I seem to have a browser redirect issue which is not being detected?

Solve : Some questions about Tails?

Solve : Tricky Malware??

Solve : Anti virus-McAfeeSetup?

Solve : Ransomware... My husband let them in his computer!?

Solve : Suspicious IP's in Wireshark?

Solve : Which is the best antivirus KasperSky or Norton??

Solve : Internet activity accessed by flatmates- how??

Solve : Quick Question - Data Recovery on infected system?

Solve : Can my mouse have a virus?

Solve : windows vista hanging up on boot up. crcdisk.sys?

Solve : Hijack Software and FBI Warning on my iPad.?

Solve : Can't Install Norton AntiVirus or any AntiVirus Software?

Solve : Cleanup after attempted scam?

Solve : Malware Removal Logs?

Solve : Windows 10 asks "How do you want to open this file" upon boot?

Solve : Can a Computer Virus infect the BIOS??

Solve : Police-Report virus/ransomware?

Solve : TOTAL BEDLAM?

Solve : Need Scan Log Help?!!?

Solve : Hacked contacts. Would really appreciate advice.?

Solve : Bing came uninvited and refuses to leave??

Solve : Problem with "ads by name" in Firefox?

Solve : ''Help, SuperDave-Genius!''?

Solve : Malware error 895-system 32.exe?

Solve : SUPERSpyware hiccup?

Solve : Norton Security download question?

Solve : Unauthorized Remote Control?

641.	Solve : TOTAL BEDLAM?
Answer» I TRIED that, no change. SUGGESTIONS?What happens in SAFE Mode?

643.	Solve : Hacked contacts. Would really appreciate advice.?
Answer» Hi Guys, Really looking for some expert advice. I have received an email that APPEARED to be from me. On CLOSER inspection the email address was my name but some bogus account at fluiddata. The problem however was that in the CC line were a number of my contacts from address book. So although emails are not being sent from my account, somehow this spammer has harvested my address book and is SENDING emails that 'appear to be from me'. Any thoughts about has happened and what I should do would be appreciated. Can't work it out. Really APPRECIATE any help thanks DomYour account has been hacked. Give me more information about your account. What type is it; gmail, hotmail etc?

645.	Solve : Problem with "ads by name" in Firefox?
Answer» Hi, yesterday popup ads started showing up not BLOCKED by adblocker. This problem only occurs in Firefox not on the other browsers. The popups are claiming to be "ads by name" or "powered by name". PLEASE help, my browser is very SLOW and I can't get RID of the popups.Un-install and re-install FF to see if that MAKES a difference.

648.	Solve : SUPERSpyware hiccup?
Answer» Hi I operate two identical Dell desktops both running Windows & Pro 64 bit Both have the same anti spyware programs, however when running a FULL SUPERSPYWARE scan one consistently reports a fault and is unable to continue and has to CLOSE, whereas the other scans time after time without a qualm! On the malfunctioning PC nothing changes no matter what action is taken, including twice a total clean uninstall & reinstall It simply does not MAKE sense and sadly the SUPERSpyware F&Q’s do not supply any guidance The other antivirus PROGRAMMES I use are fine and report no problems What anti-spyware program are you trying to run?

649.	Solve : Norton Security download question?
Answer» I ordered, what I thought was a CD, for Norton Security and it turned out to be nothing more than Product Key, good for 5 computers. I only need it for three, however, I am limited to 250MB/day and I have no idea how many MBs this download needs as it is not stated on the box. If I get up at 2:00AM I can download unlimited amounts of MBs until 7:00AM. Does anyone know whether Norton Security could be downloaded to a DVD and then loaded on to my 3 computers. I really don't want to have to get up 3 mornings at 2:00AM to download this program ONTO 3 computers. I'm avoiding calling Norton as they route their calls to India and I know those FOLKS there are very computer savvy, but it doesn't do me any good as I can't understand what they say, so I was hoping someone here had the answer as to whether I can use the product key to download to a DVD. THANK youI did a search and I can't find any Norton Security ISO FILE.