InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 51. |
Solve : Virus Was "Removed" but Still seems to be around? |
|
Answer» Quote was also having a problem where the 1/3rd top of my screen would go really light and the mouse pointer would slow if you went up in that area but it keeps coming and going. any ideas?That sounds like a monitor or video card problem. Can you borrow a monitor from someone to try to isolate the problem. If another monitor works then it could be your video card. Download this program and run it Uninstall ComboFix .It will remove ComboFix for you ********************************************** To set a new Restore Point. Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. ***************************************************** Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup UTILITY along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free SPACE in C drive) ****************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX PROGRAMS to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before IMMUNIZING. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!i got a new monitor so that problem is gone. however I am still getting redirected to other websites....thought this was gone but it still seems to be thereRe-run MBAM: Code: Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and PRESS Scan. Remove selected, and post the log in your next reply.. ********************************************** Also, please run adwCleaner again and post the log.been away....I'll run those programs and post the logs tonight. I called best buy and bitched to them about it and they acted cluelessMalwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 912121411 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 12/14/2012 6:38:17 PM mbam-log-2012-12-14 (18-38-17).txt Scan type: Full scan (C:\|) Objects scanned: 553631 Time elapsed: 1 hour(s), 40 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
| 52. |
Solve : DLL file causes lockup - potential malware?? |
|
Answer» That's bad. First, you should defrag your harddrive. Next, run the chkdsk I've posted below. If that doesn't help, please take a look at this. What next - try running Kaspersky or one of the other malware scans again?No. The problem appears to be with the harddrive. You'll just have to wait and see if you have anymore BSOD's. Meanwhile, backup your important data to an external harddrive or DVD's just in case your harddrive gets worse.Hi SD I went back to the start and ran Windows Security Essentials Full Scan and it went through without a hitch Hopefully that's the end of it... Many many thanks for your advice and patience, you're a superstar. Take care, all the best AJust to be on the safe side, why not run a diagnostic on that harddrive. Run hard drive diagnostics: tacktech.com Make sure, you select tool, which is appropriate for the brand of your hard drive. Depending on the program, it'll create bootable floppy, or bootable CD. If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable. For Toshiba hard drives, see here: Note : If you do not know how to set your computer to boot from CD follow the steps here Hi SD Thanks for the info. I tried running the diagnostic tool but it didn't work - I emailed Toshiba support who told me the diagnostic tools on their site are only for Fujitsu branded Toshiba hard drives, not genuine Toshiba ones. They recommended I use a third party program like SeaTools... ...which is what I've done, and having run most of the scans without a hitch, when I run what appears to be the most comprehensive one, Long Generic, guess what..... It locks up, after about an hour of scanning. I checked BlueScreenView and there are no new logs there. Your thoughts welcome as always. Many thanks A Sorry, I can't think of anything else. |
|
| 53. |
Solve : P. C Power Speed: fake? Malware? did homework; logs below? |
|
Answer» I went ahead and pulled up add/remove programs and deleted P. C. Power Speed, (which showed itself as version 1.0.0.27). It seemed to work quickly and the undesired program no longer shows up as a desktop icon or in all programs. Question: do you want me to use the program's listed, "uninstaller," or go into Control Panel and use, "add/remove," programs?Check if the program has it's own uninstaller. If not, use the second method. Yes, it had it's own un-installer. However, LAST night I decided that if there was one bad way to uninstall, you'd have said so. Soooo..., in a quick note above, "I went ahead and pulled up add/remove programs and deleted P. C. Power Speed, (which showed itself as version 1.0.0.27). It seemed to work quickly and the undesired program no longer shows up as a desktop icon or in 'all programs.' I wonder if it really did completely remove it??? Could something still be buried in the registry? (I don't know much about working in the registry) ?? Follow up point: my wife has an iPad she likes. Along with her iPhone and iPod, she has put them all on Apple's, "iCloud." Which she updates regularly from the desktop computer you are working on here. Did you see any problems in her computer that were significant in the first place (regardless of P C Power Speed)? Do you see any reason that her other devices could be infected with anything because of what you found in her computer? Anything left to do?" Dennis Quote I wonder if it really did completely remove it??? Could something still be buried in the registry? (I don't know much about working in the registry)Please run another scan with adwCleaner and post the log. Quote Do you see any reason that her other devices are infected with anything because of what you found in her computer?No, there wasn't anything dangerous on the computer.Thank you again, Dave. My wife and I both are getting pretty excited about this. If I did it right again, here's the AdwCleaner log: # AdwCleaner v2.011 - Logfile created 12/02/2012 at 18:48:42 # Updated 02/12/2012 by Xplode # Operating SYSTEM : Microsoft Windows XP Service Pack 3 (32 bits) # User : User - RCI-E295BA48E47 # Boot Mode : Normal # Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{438B047C-C041-4D15-98CF-A97C6B366C28} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] ***** [Internet Browsers] ***** -\\ Internet Explorer v7.0.6000.17114 [OK] Registry is clean. OK? Dennis Ok. We should do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose Properties> enter Click DISK Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ******************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable SHOPPING sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the IMMUNIZE feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Dave: I've done everything up to getting the Web of Trust which will be next. I'll work through your suggestions for maintenance now. I'm guessing that about winds it up. ?? I really appreciate your help and my wife appreciates it even more ! Thank you, DennisYou're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 54. |
Solve : Malware infection following a moment of madness? |
|
Answer» Could you please run the ESET scan again and see what comes up?This time ESET scan found one threat. Should we be expecting more? Ps. Windows Search is still not displaying properly (crunched up search form) as shown in previous post.Is that your only problem now? Could you send me a screenprint? How to post screenshots or images Apart from the Windows Search problem, I’m not currently noticing any remaining malbehavior. Here are two screen images showing the scrunched up search form. Start > Search > For Files or Folders... Windows Explorer > Search Ok. I can't make out those pictures but I would suggest that you create a new thread in this forum and see if someone can help you with that problem. Let's do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup UTILITY along with other selections if you have chosen any. (if you had a LOT System Restore points, you will see a significant change in the free space in C drive) ************************************************ Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a RISKY website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being ADDED to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!While Combofix.was uninstalling it popped up a message box saying, “There’s a newer version of ComboFix available. Would you like to update ComboFix”. I clicked “No”. Later it sounded an alarm and popped the message shown here. I clicked “OK” and then it popped up another message as shown here. Again I clicked “OK” and then it ran to completion. I’m having trouble with the Windows updates. I have “Automatic Updates” turned on and at every shut down, there are five Windows updates that take ages attempting to INSTALL but fail. They are listed here. Looking back through the updates history I see this has been happening from 16th November. I realise these remaining problems may have nothing to do with lingering virus/malware so I will try to resolve them outside this thread. Dave, please accept a big thank you from me for helping me through this. It is much appreciated. KeithIt reads " If an update failed to install, click the Failed icon to learn how to solve the problem. Did you do that?Yes, I did that for the update that fails but I’m not too concerned about a security update for the ancient .NET Framework 1.1, SP1. I’m more worried by the other 4 (of the batch of 5) because they have green ticks next to them and yet keep reinstalling at every machine shutdown. I don’t feel confident they have installed properly? Maybe I need to try manually installing them. Maybe I’ll end up reinstalling .NET 4. I really don't understand why they keep installing. Have you tried contacting MS?Just for the record, and hopefully to help someone if they have similar problems: I fixed the persistent Windows updates issue described above as follows. I downloaded and run the .NET Framework Repair Tool, http://www.microsoft.com/en-us/download/details.aspx?id=30135 (this is actually Version 2, I believe). The tool runs in stages and I had to do stage two, where it repairs .NET Framework (back to 2.0) before I got an improvement. This fixed 4 of the five updates. The remaining update is for .NET 1.1, so it makes sense the tool could not fix this. For this update I simple blocked it from Windows Updater. I also fixed the jusched.exe crashing problem. I elected to send an error report, which sent me to a diagnostics page, which the sent me on to a new Java version page. Installing this new version seems to have fixed it. Keith Good news. |
|
| 55. |
Solve : I guess I don't know how to clean a HDD after all.? |
|
Answer» Hi Dave, |
|
| 56. |
Solve : Partially disabled by malware. Can't follow your instructions? |
|
Answer» Quote Once I am updated, should I run ComboFix or any of the other scans? ComboFix did not work previously because necessary files were missing or corrupted. No, just let me know what happens after you get your updates.All updates are loaded. Computer seems fine now. What NEXT?Ok. Try to run Security Check again. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a NEW window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser.
•Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be SAVED here: C:\Program Files\ESET\ESET Online Scanner\log.txt I ran Security Check without disabling Norton. Got this: Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:``````````````[/u] Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:`````````[/u] Java(TM) 6 Update 37 Java version out of Date! Adobe Reader 10.1.5 Adobe Reader out of Date! Google Chrome 23.0.1271.95 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent````````[/u] `````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````[/u] I then went back to normal mode and disabled Norton. Then was unable to get back into Safe mode because my touch pad and keyboard were inoperative. Tried Control-Alt-Delete and hard shutdown (removing battery). Cannot get into normal mode either. My computer is stuck on the log-in screen, with my password. I guess I did not make myself clear. I could not run ESET because I could not get past my log-on screen. While booting up, I could use the arrow keys to get into Safe Mode, Normal Mode, etc, but once the log-on screen appeared, the touch-pad and the keys were disabled. Thus I could not log in to Windows 7. Problem persisted despite removing and replacing battery, leaving battery out for a few minutes and replacing it, recharging overnight, etc. Checked with Lenovo forum; they suggested OneKey Recovery, which would return my machine to factory default. Then I would have to reinstall software and rebuild DATABASE from scratch. I have backups but the thumbdrives may have malware on them. Do you have any other suggestions? Thanks. Quote they suggested OneKey Recovery, which would return my machine to factory default. Then I would have to reinstall software and rebuild database from scratch. I have backups but the thumbdrives may have malware on them. Do you have any other suggestions? Thanks.The Recovery is probably your best bet. Just hold the SHIFT key while inserting your thumbdrives and this will prevent the transfer of infections. If you need to get into your computer to save any important data please let me know and I'll help you with that.OneKey Recovery implemented. Now building my databases. Computer does not appear to have a problem now. Thanks for all your help. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 57. |
Solve : Error ox80070424? |
|
Answer» Quote I rebooted but did not help, should I RUN COMBO fix again....maybe in safe mode this TIME?Yes, please try it in Safe Mode. Quote Allso.... I have a motorola (model sbg6580 router) If I am CORRECT it has a built in firewall, could thid be the problem?No, that shouldn't bother ComboFix. Quote also I know how to reformatte my computer the only thing is I have problems connecting to the internet after a clean install.... If we have to do this will you walk me thru the internet PROCESS?,If that is what you want to do. |
|
| 58. |
Solve : Pc slow after virus removal? |
|
Answer» Quote from: ashleemac on February 01, 2013, 03:47:08 PM Do I delete the checked found items in RogueKiller?Yes, please. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the BUTTON. •For alternate browsers only: (Microsoft INTERNET Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser.
•Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt No threats found Scanned files 141654 Infected files 0 Cleaned files 0 Total scan time 01:19:20 Scan status finishedHow's the computer running now? Any other issues before we clean up?It's still PRETTY slow.Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.Okay, thanks. Ok. We can do some cleanup and you can let me know if the tips I gave you have helped or not. Download this program and run it Uninstall COMBOFIX .It will remove ComboFix for you. Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) I haven't had to do any system restores. I've run disk cleanup & defrag once again this afternoon. It's now running slower than ever now it's now allowing me to lock, restart or shut down my system...Please do a hard shutdown(hold your power button until the computer stops) and try running in Safe Mode to see if it's still slow. |
|
| 59. |
Solve : FBI virus, black screen for desktop, etc HELP? |
|
Answer» At this point, your best bet would be save your important data and run The System Recover.I downloaded the AVG anit-virus and ran the scan...FOUND this.... This is from the sfc scan.... it will not let me open the log.That's ok. I didn't need to see the log. Did it ever ask for the OS disk while running SFC? Quote Yes, I still have the black screen, but I have ,my desktop if I run explorer from t/m.There are two ways that I know off to fix that problem. One is to run the Recovery Console which will take your computer back to the day it was purchased. The other way is to edit the registry so that it will boot normally. This is DANGEROUS procedure and most experts don't even want to mess around in the Registry. I still think the Recovery would be your best bet. It's a bit more work but you end up with a new computer.There are two ways that I know off to fix that problem. One is to run the Recovery Console which will take your computer back to the day it was purchased. The other way is to edit the registry so that it will boot normally. This is dangerous procedure and most experts don't even want to mess around in the Registry. I still think the Recovery would be your best bet. It's a bit more work but you end up with a new computer. [/quote] Will this delete my photos and other programs I have downloaded? And I have found Microsoft office, it just won't let me run it. And no, it did not ask for my OS disk. Could you please run aswMBR.exe again as described in Reply # 19 and post the log. Quote Will this delete my photos and other programs I have downloaded?You should save your important photos, videos, music and other important data to DVD's. You should also make a note of which programs you have downloaded and install so that you can re-install them.aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-01 18:56:28 ----------------------------- 18:56:28.326 OS Version: Windows 6.0.6001 Service Pack 1 18:56:28.326 Number of processors: 1 586 0x7F02 18:56:28.326 ComputerName: HAILEY-PC UserName: Hailey 18:56:41.066 Initialize success 18:56:57.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055 18:56:57.561 Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3 18:56:57.601 Disk 0 MBR read successfully 18:56:57.621 Disk 0 MBR scan 18:56:57.631 Disk 0 Windows VISTA default MBR code 18:56:57.651 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226674 MB offset 63 18:56:57.691 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11797 MB offset 464230305 18:56:57.741 Disk 0 scanning sectors +488392065 18:56:57.841 Disk 0 scanning C:\Windows\system32\drivers 18:57:09.111 Service scanning 18:57:30.871 Modules scanning 18:57:41.741 Disk 0 trace - called modules: 18:57:41.771 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 18:57:41.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853000c8] 18:57:41.791 3 CLASSPNP.SYS[86335745] -> nt!IofCallDriver -> [0x845ea688] 18:57:42.041 5 acpi.sys[862126a0] -> nt!IofCallDriver -> \Device\00000055[0x845ea9c0] 18:57:42.061 Scan finished successfully 18:58:48.851 Disk 0 MBR has been saved successfully to "C:\Users\Hailey\Documents\MBR.dat" 18:58:48.881 The log file has been saved successfully to "C:\Users\Hailey\Documents\aswMBR3.txt" I've had my mentor take a look at your problem and he suggests that you should try another monitor on the computer. Your monitor is almost 5 years old and they can go bad. Another thing to try is located here.I fixed the issue with my videos not being able to go full screen (if I clicked on the full screen option, my screen would go black, had to hit escape to return to the screen with a minimized video) In settings, I DISABLED the hardware acceleration selection in adobe flash and now my videos can go full screen.Ok, I didn't know you were having problems with videos. Do you require any more assistance?If I do the Windows security reset, will I loose and pictures, downloads, etc.? This is different from a system restore isn't it? Reply #39 about the videos. Quote from: katlyn on February 02, 2013, 05:26:36 PM If I do the Windows security reset, will I loose and pictures, downloads, etc.? This is different from a system restore isn't it?If you run the Recovery Console it will return your computer back to the date you bought it. As I stated before, you can save your photos, videos, music and your downloads to an external hard drive or DVD's . You should make a note of what programs you have installed so you may go back and re-install them afterwards. System Restore will only return your computer to the state it was in to a specific date and will not harm your data. You could try that if you have a Restore point previous to the date you started having problems. Run the Vista Recovery Console. 1. Eject and remove any DISCS or memory cards from your computer. 2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart". 3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots. 4. Highlight and select "Repair your computer" choose your keyboard type and click "Next". 5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu. |
|
| 60. |
Solve : My machine is still acting up even worse than before.? |
Answer» To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
*********************************************************** Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility ALONG with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ***************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free TOOLS to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!SUPERDAVE:OKAY, I'm done. Thanks again, JIMYou're WELCOME. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 61. |
Solve : My AV keeps detecting a virus from the same pop-up on different sites? |
|
Answer» It shows that you have Authentium Antivirus and AVG Anti-Virus Free Edition 2013 plus the AV from Earthlink but it also shows that they are DISABLED. One of them should be enabled. Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)Don't ignore this warning and run your defragger soon. SSD means Solid State Drive. You should turn on your Windows Firewall. Please try to run ComboFix again even though you can't disable your AV's Quote from: SuperDave on January 19, 2013, 06:41:39 PM It shows that you have Authentium Antivirus and AVG Anti-Virus Free Edition 2013 plus the AV from Earthlink but it also shows that they are disabled. One of them should be enabled. I use AVG. I do not know how to enable/disable/use/uninstall/whatever the others. I had no IDEA they were installed until now. And I don't see where it says they're disabled, besides for "On Access scanning". What is that? Quote from: SuperDave on January 19, 2013, 06:41:39 PM Please try to run ComboFix again even though you can't disable your AV's It SURE sounds to me like ComboFix will mess up the computer, ESPECIALLY if my AV's aren't disabled. I have not encountered the pop-up since the second time (which was a month ago), can we skip that part, or is there a safer alternative or something? I guess I will just use the Windows Firewall, and if I ever figure out what the other one is I'll use it. Quote And I don't see where it says they're disabled, besides for "On Access scanning". What is that?Quote Authentium AntivirusOn Access scanning disabled means that you have no AV to protect your computer while on-line. If you use AVG you should activate it now. Quote It sure sounds to me like ComboFix will mess up the computer, especially if my AV's aren't disabledNot really. It will just mess up the scan a bit. Quote I guess I will just use the Windows Firewall, and if I ever figure out what the other one is I'll use it.[/COLOR] If you decide to use another firewall make sure you disable the Windows Firewall.
On Access scanning disabled means that you have no AV to protect your computer while on-line. If you use AVG you should activate it now. How do I activate it? AVG is enabled, and it blocks sites if it finds something on them. I don't understand how it's not enabled? AVG found something (It just said "Unknown") when I ran RogueKiller. Is that what you mean by "RogueKiller has been blocked"? Quote How do I activate it? AVG is enabled, and it blocks sites if it finds something on them. I don't understand how it's not enabled?Ok. The securty check showed that it was not enabled. Just want to make sure. Quote AVG found something (It just said "Unknown") when I ran RogueKiller. Is that what you mean by "RogueKiller has been blocked"?Exactly. Please keep trying to run it |
|
| 62. |
Solve : ds-any-world.ngd.ysm.yahoodns.net? |
|
Answer» You're WELCOME. I will LOCK this THREAD. If you NEED it re-opened, please send me a pm. |
|
| 63. |
Solve : Bad Image - Application or DLL is not a valid windows Image? |
|
Answer» SORRY, it didn't work. I also get some error reports related to the installation failure the next time i start up and log in. The kind of report which windows wants to send in to Microsoft. Quote Problem: A problem on your computer is preventing updates from being downloaded or installedDid you try running the Troubleshooter?No nothing, couldn't find ANYTHING by searching with the error code (Error Code: 0x643). Perhaps I should just reinstall windows? Quote from: EV on December 25, 2012, 12:32:48 PM No nothing, couldn't find anything by searching with the error code (Error Code: 0x643). Perhaps I should just reinstall windows?Perhaps that would be the best solution if you don't have too much data to backup and you have the OS DISK(s). I'll give it a shot. Quote from: EV on December 27, 2012, 09:56:43 AM I'll give it a shot.Ok. Let me know how it works out.I have, after a lot of hustling and some procrastination, managed to get my computer BACK online. I'm not encountering any of my previous problems. Quote from: EV on January 15, 2013, 01:27:02 PM I have, after a lot of hustling and some procrastination, managed to get my computer back online. I'm not encountering any of my previous problems.Did you wipe the drive and do a re-install?No, I just did a reinstall. |
|
| 64. |
Solve : I think my computer in infected with Pup.PlaySushi? |
|
Answer» It is safe to use. It's just that when a program doesn't have it's latest updates, it's more vulnerable to infections. I'm going to consult someone on this. Did you try going to MicroSoft about this?Yes, I have. They're basically telling me the same thing that's been said over and over in their forum threads.
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) *************************************************** I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your BROWSER. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ENSURE you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 65. |
Solve : CPU/RAM usage spikes, music files going bad, something suspicious?? |
|
Answer» Quote from: Coco423 on March 31, 2018, 07:56:03 PM I know my system is 64 bit. Do you want me to do the full install/uninstall one or the zip file?Do the full install/uninstall version.Since I got the new battery, not getting as hot, no more blue screens. Local computer store said overheoverheatining my BSODs, but I ran into another problem. They said to CHARGE the new battery la or EIGHT hours for the first use, did that. Then tey said to use the battery until it was at 0%, to program the battery. Was doing that, after can use it on AC or battery and can switch as much as I want, charge 2-3 hrs. Except for one thing that arose jus a few minutes ago, PC suddenly shut off with new battery, on battery, when battery was still at about 20%. Not booting up on new battery at all now. Just shows a small flash of screen and shuts off again. By small, I mean 1-2 seconds. Any advice? Try AC despite what local computer store said? Would do eset and update and scan with MSE but don't have internet, and this that just arose. Quote By small, I mean 1-2 seconds. Any advice? Try AC despite what local computer store said? Would do eset and update and scan with MSE but don't have internet, and this that just arose.I would suspect that the battery is actually dead and not at 20%. Why can't you connect to the internet?I can connect to the internet, it's just thatI don't have the internet. Can't afford internet. I have to post this on a prepaid phone. ALSO, I got no critical battery warning or brightness decrease saying battery was almost dead, not sure if volume was turned down. Also, in the screen flash, I got a green battery light. Saw that new battery voltage was slightly higher than old one (by 0.3) and the Wh was 32 less, 53 instead of 85. I thought to check the voltage. I am trying to cooperate, the best I can right now.Is it possible that your laptop is overheating? Can you hear the fans running?The laptop us not overheating now, not lately. I just check and check constantly. It was when I got the BSODs.Download BLUESCREENVIEW to your desktop. BlueScreenView unzip downloaded file and double click on BlueScreenView.exe to run the program. when scanning is done, go to EDIT - Select All Go to FILE - SAVE Selected Items, and save the report as BSOD.txt Open BSOD.txt in Notepad, copy all of the CONTENT, and paste it into your next reply. Will still download, but said not getting them now. Quote from: Coco423 on April 19, 2018, 05:51:04 PM Will still download, but said not getting them now.Sorry, I don't understand what you mean.I am not getting the BSODs now. But, will still install BlueScreenView. Quote from: SuperDave on April 20, 2018, 12:38:40 PM Sorry, I don't understand what you mean.If you're not getting BSOD's don't bother with that scan. How is the computer working now?Hi Coco, Did you buy an original Lenovo battery the correct one for your laptop? OEM batteries can work if they are exactly the same specs as the original but it appears the one you received isn't. Do you remember when you were asking in the hardware section about your laptop getting really hot and me explaining it could make it unreliable and/or damage the ATI graphics chip if you kept using it, Seems you have kept using it. Did you get the over heating problem fixed by a technician? With the on going problems over the last 3 months, once the laptop is fixed it would pay to use the Lenovo factory restore disks to reload windows. *****Backup your important files first!***** I let someone use it and they forgot how to turn the brightness up and pounded on it a couple months ago. Now I need a new hard drive. |
|
| 66. |
Solve : Hidden supervirus?? |
|
Answer» You're welcome. I will LOCK this THREAD. If you NEED it re-opened, please send me a pm. |
|
| 67. |
Solve : UNWANTED ADS? |
|
Answer» try this Dave its how it came out.I don't see any photo.can you not see that PICTURE of my desktop google page with ADS down the right HAND side that is what im trying to get rid of.That looks normal for Google. You should be ABLE to right-click on each one and delete it. If not, RESET you Google to default. |
|
| 68. |
Solve : Pop-ups Re-directs? |
|
Answer» You're welcome. I will LOCK this THREAD. If you need it re-opened, please SEND me a pm. |
|
| 69. |
Solve : Need Help with spyware adds....? |
| Answer» BYE Bye | |
| 70. |
Solve : Trojan in system file Removal not easy? |
|
Answer» Hi guys. Good morning At least it is still morning here. |
|
| 71. |
Solve : spyware promotions? |
|
Answer» Raze Spyware has gone. Xsoftspy killed it on the first attempt. This looks like a good tool. After SCANNING over 130,000 objects on my HARD drive it found 69 intruders that AVG, Adaware and Spybot had missed. It is not free, though, the scan is but you PAY for the surgery. |
|
| 72. |
Solve : Panda Cloud Antivirus - Freeware Download? |
|
Answer» Check out the following website for info on how this cloud antivirus software works! Cloud antivirus is a good idea --> also coming from a respected antivirus vendor. But yet, it'll need more TIME to develop, like all software does in its initial phases. 2x3i5x - We just released version 2.0 of Cloud Antivirus today, so you should check out the improvements. We have fixed the initial slow post-install scan some users experienced, CREATED an “undo” option for the recycle bin and more. This version does require a download (after uninstalling the current version). More details and the link to the download are up on our blog: http://blog.cloudantivirus.com/2009/06/30/cloud-antivirus-beta2-released/ Also, version 3.0 will be out in EARLY fall, so keep an eye out for that, as well. We’re working on some exciting stuff (and often requested features) for that version: new platforms (Windows7, 64bits), improved features, a new site, a Collective Intelligence real-time encyclopedia, etc. I’m happy to tell you that we’ve officially launched Cloud Antivirus out of beta as of today. We’ve all been working hard over the last several months to bring you a number of key updates, including an UPDATED user interface, improved performance, real-time access to the latest malware detected in our user community, new Web site and online support forums. We’ve also made Cloud Antivirus compatible with Windows 7/64 bits, which was one of the top requests we received throughout the beta. The download if you’re interested (it’s free!) is available on the Cloud Antivirus site: http://www.cloudantivirus.com. Also, if you have any questions or technical issues, please post them here and I’ll be sure to address them openly here in the forum. |
|
| 73. |
Solve : HELP Virus Shutting down everything even MBAM etc.? |
|
Answer» Yes, please try ASKING how to boot from a USB in the Windows forum. You might COPY that LAST POST and add it to the new thread. |
|
| 74. |
Solve : internet explorer opens to www.syserrors.com? |
|
Answer» This might sound like a stupid idea but seen as the file is broken (the PSGuard licence) if i downloaded it again then when the file was ok DELETED it dya RECKON THATD work? If worst comes to worst have you got the original Windows or recovery CD to reinstall? :-/ :-/ :-/ What about this? Seems like we're not MAKING much progress.Have you TRIED running Ewido in safe mode?Aidan Colyer..... You hijackthis log indicates your using an older version of IE .....and you haven't got SP2 installed ........you should consider D/L SP2 as it has some very good features ......and then you could D/L antispyware Beta ......... http://www.microsoft.com/athome/security/spyware/software/default.mspx dl65 |
|
| 75. |
Solve : Boot fails post-restart after scan? |
|
Answer» On this laptop it was Windows Vista Home premiumI also have an external harddrive as well as a DVD burner on the other notebook...OK...I have the Vista Home premium disk which is spotless...the Toshiba Satellite P100 disk is scratchedYou're getting me confused. Do you have the OS disk for the disfunctional computer?yes1/ Click the Start button. Startup Repair in the Windows Vista Home Premium disk fixed the issue.That's good NEWS. So, everything is running well?ran an ad-aware scan which found one high-level threat, removed and restarted w/ no issues; then ran a malwarebytes' scan which found one high level threat, removed and restarted successfully; Windows Defender scan run w/ no threats detected; so far, more than one day of running well with no issues; the Startup Repair on the full Vista OS disk was successful, whereas that of the Restore Only disk was not (initial attempt). |
|
| 76. |
Solve : Everything is messed up!!!? |
|
Answer» Nothing really, i just rebooted and they CAME BACK, so i rebooted again, and they came back. Weired eh? They have been back now for about 2 days but i didnt want to SAY again in case they went. Also you might remeber that i said the red LED that told you if the computer was thinking was on CONSTANTLY, well that stopped about a week ago. Puzzeling really!Did you remove all spyware and viruses if PRESENT? |
|
| 77. |
Solve : firewall and spyware.? |
|
Answer» What did you do just prior to this popup? |
|
| 78. |
Solve : Trojan.Packed.NsAnti giving me problems. Please Help me? |
|
Answer» Your welcome. |
|
| 79. |
Solve : Very slow computer, need help please!? |
|
Answer» Glad it worked. |
|
| 80. |
Solve : document appearing on my computer? |
|
Answer» Good MORNING -- I need help. I discovered that someone had installed a program called Spector on my system -- the entire version. My husband -- who I work for -- was the one who did it. While that was for work -- and could care less -- now documents have gotten into his hands -- appearing that I wrote and supposedly that came off this computer -- which I did not. How does that happen and how do I prevent it from happening again? There were quite a few and are of such a nature that my husband actually believes that I wrote them -- something that if I had -- I would readily admit. Our IT Director is the gentleman in question -- and while in our employ -- has been sent to very exclusive seminars on "HACKING" -- can someone assist with how this can be done and how to stop it. Quote my husband actually believes that I wrote themWrote what exactly? I am not exactly sure what the problem is. Do you want SpectorSoft removed or is someone stealing your work?My husband and I jointly own a company. There were documents and files that were "supposedly" found on my computer -- which I have not seen. But having read these documents -- I know that I did not write them --may be bi-polar -- but I would remember that stuff as it could result in the loss of jobs for over 50 people. The IT Director had installed a program called Spector Soft on my system -- which has since been removed and prevention programs put in place to prevent that from happening again. My question -- could someone (IT Director) at this point -- have written these documents and made it look as though they were typed and came off my system. If so -- how and is there a way to prevent this from happening again? Quote made it look as though they were typed and came off my system. what do you mean by "look as thought it were typed"? are you referring to a scanned document? what do you mean by "came off my system"?I think Topsail is saying that someone else has put a file onto the computer without permission. In answer to your question 'How do I prevent this from happening again', you just need a good antivirus if it's over the internet (remote) or add a password to your computer (if the person had access to your computer). By the way, Nice to see you again JXY If your company computers are all connected on the same network (highly likely), then you may have some network drives. In which case someone on the same network may be sharing files with you, and not putting them on your pc. The documents in question were HANDED to my husband and he was told that I had typed them and that they were found on my individual computer. I work from home -- on a separate network -- not networked into the main OFFICE network -- but totally independent. I access files using an FTP system -- and my IP address is capture to give me access to the FTP site. My problem is that I did not type those documents -- but the IT director says that I did -- and that he accessed them using the Spector system. I run on Vista -- and use Spyware Doctor to remove threats -- and thought that the eblaster program -- as well as -- the Spector system (including the Pro_Keylogger) were totally removed. The scans for over a week showed a clean computer -- today -- came back with the Pro_Keylogger system back again. Does anyone know how that works and how to get it off? The documents -- how could someone gain access to a computer and make it look as though a document were created by an individual when it was not? How is that possible? I don't do technical -- I do databases so this is "over my head" but there are a few jobs which could be in question if I don't find a resolution.I think you need to take this up with the IT guy. He put it on, he needs to take it off, or ensure it is actually gone. Does the keylogger on your computer possess evidence that you typed the document(s)? Could someone else have gained access to your pc manually, and typed it themselves? Have you checked the date of the creation of the document? You can verify if you've truly typed the document yourself, by looking at the time and date. |
|
| 81. |
Solve : Spybot scan found "ABetterInternet.Aurora"? |
|
Answer» Please help!
If needed, see this Combofix tutorial with screenshots that will detail the downloading and running of combofix more thoroughly. Quote from: evilfantasy on May 21, 2008, 12:47:52 PM Are you having AVG and Spybot fix what they are finding?AVG fixed ("infected objects removed or healed') automatically for the only 2 "infections" it has found (5-13-08) since I re-installed it on 4-24-08. It has not been automatically removing ALL "warnings" and I don't see where to set it to do so in 'Advanced Settings'. Looking at all the past logs shows it sometimes "deletes", sometimes "moved to virus vault", but several entries are listed as "potentially dangerous object" but no action has been taken. I don't know exactly where the setting is to make it delete 'ALL "warnings". The AVG scan log screen shot I linked above shows "trojan"s and "logger"s ect. Shouldn't AVG be fixing these? Also, before I run Combofix shouldn't I go ahead and fix all these manually with AVG and Spybot? If you are infected I will find it in the CF log. Too many characters to copy paste the log. I guess attachment will work. If not I'll paste it in the next 2 replies. combofix log attached [recovering space - attachment deleted by admin]Looks fine. If you want a 'second opinion' we can run an online scan to be sure. This scanner works with Internet Explorer only Go to the BitDefender Online Scanner Click I Agree to the license and then install the ActiveX control. Please DO NOT change the Scanning Options. That will make your logs huge and we don't need to see clean files. Select Start Scan to begin. This scan can take a while so please be patient and let it complete. Once Bitdefender completes the scan: Click-on the Detected Problems tab. Then select Click here to export the scan report When the window comes up to save the report, change the Save as type: box to: Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later) This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us Attach the bdscan.txt in the next post. Quote from: evilfantasy on May 21, 2008, 02:42:35 PM Looks fine. If you want a 'second opinion' we can run an online scan to be sureWe can skip the scan. I highly value your opinion. I'm not having any problems. In fact, my computer is really running well LATELY, although I would like to set AVG to get rid of all thoso cookies ect. automatically. I'll search the AVG 8 support page to get directions on changing that later. Right now I've got to get some sleep so I can work tonight. Once again, thanks a ton for your time and expert knowledge!!! No problem. Hope you find the info, I have stopped using AVG in favor of Avast... |
|
| 82. |
Solve : AVG8 scan logs have partially broken letters when scrolling down warnings list? |
|
Answer» I noticed this when I first upgraded from AVG 7.5 paid to AVG 8. So I un-installed / re-installed NEW FILES downloaded from the AVG Grisoft site but it still does it. The letters SHOW up FINE when scrolling up, they only show as having a horizontal space through them about 2/3 of the WAY up the letters, all the way across the entry. Everything else with AVG 8 seems to work fine. I just found this odd and have not seen it with any other software I run. |
|
| 83. |
Solve : i have a avg free 8.0 e-mail scanner problem? |
|
Answer» when i installed 8.0 i selected personal e-mail setting, set it to notify me of e-mail scan on incoming and outgoing messages, it did state that the installer detected my default mailer is EITHER not set or not supported by avg. when i checked the avg setting it STATED there are no e-mail plugins installed. never had this problem with 7.5, it always stated with a notification that avg was scanning the email. now the really funny part, when i check e-mails now norton scans them, i have never used norton and those sending me mail dont use norton.what gives? i use at&t yahoo internet service and my e-mail acct. is with them. when i go to the avg control board and check overveiw it states the email scanner is funcitional and working properly, however checking stats it states no e-mail has been scanned, sorry for being so long but i am TOTALLY lost. thanks Take a look at this thread There is no good reason for an email scanning module. It is driven from the marketing folks at AV vendors, not from the technical side of the House. |
|
| 84. |
Solve : virus to remove? |
|
Answer» hi,i got virus by one *CENSORED* SITE,i not know much about how to REMOVE it.i am also getting advertisement by some company to BUY some kit of 29euro to remove.lz,let me know what i do to clean my system.any free site to remove virus.thanks-malikhttp://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.htmlThen FOLLOW These Instructions... |
|
| 85. |
Solve : spyware message? |
|
Answer» I get a blue background that SAYS warning spyware detected, What do I have to do to get rid of this. Im running Windows XP.Prior to posting for help we ASK that you please read and follow all instructions in the pinned topic titled Please read this before REQUESTING malware removal help. Following the steps in the Guide will allow for US to QUICKLY help you with specific fixes for what may remain on your system. |
|
| 86. |
Solve : Why do my virus scans take 5 to 6 hours????? |
|
Answer» My PC-Cillin anti virus program was driving me crazy because it would take 5 hours to scan. So it was about to expire and I decided to download AVG. Well right now it has been running 4 1/2 hours so evidently it's not the program. What is up with this?? HELP!!!It pretty much depends on how many files you have in your drive. My PC-Cillin anti virus program was driving me crazy because it would take 5 hours to scan. So it was about to expire and I decided to download AVG. Well right now it has been running 4 1/2 hours so evidently it's not the program. What is up with this?? Help!!! Your scan time is also dependent on the "power" of your computer: o Processor Type and Speed (CPU) o Amount of L1, L2 Cache o Front Side Bus Speed o Amount of Main Memory o Disk Access Speed o Version of Operating System o Number and Type of Files to scan The point I'm trying to make is if you're using an older computer with the minimum amount of memory the factory put in, it's going to be a "dog"; a faithful dog maybe, but still a dog. Having said all of that, I'm confident that you can reduce the scan time significantly if you keep your file system "defragged" and in good shape. Okay here comes some more dumb questions. My computer is only two years old. I have 122 gb of free space. I have cable hookup. When I had this computer set up I had the "computer guy" take out the hard drive from my old computer and put it into the NEW one to use as a backup file. That drive is now FULL but I'm thinking when the virus scan is going it's scanning that whole drive too which probably isn't needed. When I set up the scan should I just set to just scan drive C? I did that the other day to test it and it only took two hours. Hopefully someone, who uses PC-cillin will come up here to help with those settings.http://www.hackfix.org/software/configure/pccillin.html With Pc-cillin open you are presented with a side BAR of options, some options can be configured here and others must be done via the top toolbar. Side Bar options: (these options are also found in the top toolbar under File) Scan: This is where you can perform manual scans as required or set up scheduled scans. Scan wizard is your manual scan wizard. Regardless of what you are scanning (file/folder/system etc) the settings should Always include: Under scan options. All files and include boot sector should be selected Under action when found: clean is the best option, be sure "back up files before cleaning" Is selected. Under action on uncleanable files: select Quarantine so files can be researched if need be. Select Apply to save your changes. Web trap: This is where your web browser and web downloads protection is enabled. Scan manager is to schedule scans on a timed basis. Set as desired.Broni I don't have PC-cillin anymore as previously stated. I have AVG. |
|
| 87. |
Solve : my computers acting really weird? |
|
Answer» I dont know what this is but i think its a virus |
|
| 88. |
Solve : Hijack log Sluggish computer first time boot? |
|
Answer» When I boot up my computer the first time it takes a long time to load and it is really sluggish. Any problem with my log. I have heard that the aawservice is a resource hogThis is true, but... Quote You can try turning off the Ad-Aware 2007 ServiceThere is a problem with this solution. When you disable "aawservice" , Ad-aware won't start at all. If you set it to Manual, Ad-aware will start, but when it's done, its service will stay ON, so you're back to square one. We have to hate Lavasoft for putting some service on our computer, which we really don't need, and we didn't agree to have running. The only workaround, I know of is this: 1. Go Start>Run. Type in: services.msc 2. Find Ad-Aware 2007 Service. Set it to Manual 3. Create start_adaware.bat batch file with the following lines: ECHO OFF Ad-Aware2007.exe sc stop aawservice echo Done 4. Place start_adaware.bat in Ad-aware folder 5. Launch start_adaware.bat for launch Ad-aware 2007 aawservice will be stopped when ad-aware quit I have it set like this for myself, and it works. |
|
| 89. |
Solve : Cannot open the control panel. adware spyware? |
|
Answer» Hi there, |
|
| 90. |
Solve : Virus Drowor D. Trojan plus other Infestation? |
|
Answer» Infestation ! Identified by XoftspySE Neither are checked. Should I do so? No, we will fix it. Open HijackThis and select "Do a system scan only" Place a check mark next to: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Close all windows and click "Fix checked" What system functions have you lost? Have done. No identifiable loss of functions (but not run every program - yet!) Cant access control panel because of missing rundll32.exe but that existed prior to your instruction. For interest, I have just run Norton Win Doctor which identified 50 'errors'. I have not at this stage requested repair fix for these in case confuses your solution. One is missing shortcut link on start menu windows update "wupdmgr.exe" (affected by Virus Win32.Delf.ak ? ) One is invalid Subkey entry - "invalid identifier" Remainder all refer to missing "rundll32.exe" (affected by virus Smitfraud ?) Question: if I did ask Win Doctor to 'fix', would it only repair the missing item content or will it drag the entire virus back with it?Since you are on winME then I think letting Win Doctor try to fix this is best for now. Most of the normal tools will not work with 98 and ME. Also, it seems every time Xysoft is involved it reports more issues then are actually there. False positives, "things" missing etc. I would uninstall it and go with SUPERAntispyware Free Edition instead. Quote from: evilfantasy on November 22, 2007, 09:39:13 PM Also, it seems every time Xysoft is involved it reports more issues then are actually there. False positives, "things" missing etc. I would uninstall it and go with SUPERAntispyware Free Edition Agreed. SAS is a much more reliable and TRUSTWORTHY program.Hi Evil & CB, Used Norton WinDoctor accepting recommended fixes. Re-run Xoftspy and yet again identifies Drowor D. Trojan. (all others originally identified are gone). Xoftspy says deleted but re-appears very next scan! Being reinstalled from Restore mirror image? Re scanned with AdAwareSE nothing found. Rescanned with SpybotS&D nothing found. Rescanned with AGV antivirus nothing found. Rescanned with SuperAnti SpyWare nothing found. Rescanned with Norton Win Doctor - no errors Definitely had something affect pc because cannot access control panel due to 'missing' rundll32.exe therefore I cant access and stop restore function reboot and wipe clear. How do I reinstate the missing rundll32.exe ? I have original Win Me disk, can I extract and reload just this missing dll ? I have not yet deleted XoftspySE just incase you recommend pulling lost dll back from quarantine (but bring virus back with it!? What is the next step guys?With Xysoft being the only program out of those to report anything I would have to say they are false findings. We will wait on CBMatt to (possibly) confirm this as I am not 100% positive if Xysoft does this or not, but some antivirus/antispyware will hide certain features in an attempt to make it harder to uninstall them. They say it is to protect the computer but I believe otherwise. Like hiding the add/remove programs button, control panel and so on. Quote How do I reinstate the missing rundll32.exe You can replace the rundll32.exe from Merjin.org I'm not sure you can COPY it from the the WinME disk like you can with XP. Quote from: evilfantasy on November 26, 2007, 12:56:16 AM We will wait on CBMatt to (possibly) confirm this as I am not 100% positive if Xysoft does this or not, but some antivirus/antispyware will hide certain features in an attempt to make it harder to uninstall them. They say it is to protect the computer but I believe otherwise. Like hiding the add/remove programs button, control panel and so on. To be honest, I'm not 100% sure either. Aussie, Try running another virus scan, but this time, do it in Safe Mode. Does the file still come back? Because Xoftspy found Smitfraud, go ahead and try out the instructions on this page... http://www.bleepingcomputer.com/files/smitfraudfix.php Also, what is the exact message you are getting about rundll32? Typically, that file is kept in C:\WINDOWS\system32 (perhaps ME is different in this regard) and the one you're talking about is in C:\WINDOWS, so it sounds to me like your Control Panel is being pointed to the wrong location. As soon as you can, try my above suggestions and post back with your results.Hi CB, (& Evil) Ran new Xoftspy scan twice in safe mode (reboot between) and second time it cleared and not re-appeared Also ran all others AVG, Spybot S&D, AdAware, Super AntiSpyware & Win Doctor - all clear. Tried your suggestion re smitfraudfix but found wouldnt run - went back to download page and says for O/s WinXP / 2000 so appears not to be functional for Win Me. Leaves me with Icon & folder on desktop (no great problem) but cant go into Ad/remove programs because of loss of access to Control panel functions due to missing rundll32.exe Exact wording denying control panel access is : "Windows cannot find C:/WINDOWS/rundll32.exe. You may have TYPED the name incorrectly in the Run dialog. or another open program cannot find a systemfile. To search for a file, click the Start button and then click Search" (please note as an aside; the forward slash in above string should be a backslash. - might sound daft but I cant find the backslash key on the laptop I am using (not the affected machine) as it is set up for communication with the UK using £ instead of hash with digit 3, this in turn has changed backslash key to the hash with no trace anywhere now of backslash function. This doesnt matter other than your reading of the string above). Do you need a new HJT scan report or not? Looks as if system clear now; simply need to reinstall the rundll which I think goes to windows/options/cabs in Win Me. Await your observations re next step. Nearly there I think Aussie ps: public opinion 'virus' got the government here - all wiped out - new Labor team moving in. As a self exiled Brit I have no comment to make. |
|
| 91. |
Solve : Computer Question? |
|
Answer» Not sure where to post this question but I download a FILE and then my computer went crazy. All kinds of stuff started popping up like my instant messanger when I wasn't USING it. It was like SOMEONE was clicking around on my computer! I ran my McAfee antivirus nothing came up. Also ran spybot and deleted items that came up. I used system restore and it seems ok now but I made such a mistake I didn't pay attention where the file was SAVED to my computer so now I don't know how to find it and delete it. Does system restore delete it? I'm not even sure what I should do or where to begin. Does it sound like a VIRUS? What should I do? Any help would be great. ThanksThis is a good place to start. Follow the instructions, and download ComboFix as well. |
|
| 92. |
Solve : Brother Has A Virus Called clspring.HJ? |
|
Answer» Hello Everyone, My brother says it is suppose to be in win32systems, but we cannot find it. The hijackThis log is clean and we searched the registry with no luck. |
|
| 93. |
Solve : Unbootable PC after downloading - help!? |
|
Answer» Hi there good folks, Yes, with regard to the firewall, I only have the Windows firewall running. Sounds like that's not enough?Yeah, but better, then nothing. We'll take care of it later, along with tens of your startups, where some of them are not necessary as startups. They just clog your system. Ok - I have spybot and I also have the latest updates for it. I did as you specified with HJT - ticking the listed entries and clicking on the fixit button - all ok. However, when starting up in safe mode I was unable to get access to start spybot. The safe mode desktop background appeared with the windows cursor but clicking or using ctrl-alt-del did nothing at all. Both keyboard and mouse were completely UNRESPONSIVE. (Itried booting into safe mode several times with the same result) I used the power button to re-boot back into normal mode and that at least allows me to use ctrl-alt-del to get the task manager working. (I get no start button and right click does nothing). With task manager I can then do: "File - New task(run)" and execute spybot. Spybot is now running... Hope this makes sense.It's OK...Let's see what Spybot will come up with. There may be some other issues involved.Spybot found and fixed 10 problems - proceeding to next step...Opening Windows Explorere is a challaneg as I don't have access to the start button, right click menus or any icons. Also if I run explorer.exe from inside Task manager it starts for a few seconds and then terminates (see above). So I ran Xplorer2 from my UBCD4WIN cd and looked for the EmpirePoker folder in Program files but it is not there. How do you suggest I turn off System Restore? Many thanks.Latest HJT log... [saving disk space - old attachment deleted by admin]Anything serious found there?No not really - spybot found just tracker cookie's |
|
| 94. |
Solve : Annoying pop up window? |
|
Answer» I have had this annoying pop up window for quite some time, it just flasher on the screen then gone. Its a large BLACK window and says C:\windowssystem32\QPRAGENT.exe. I have tried everything I can think of to delete it, and in the process I have found that I have no MSCONFIG file or HELP and support. |
|
| 95. |
Solve : COMODO Firewall Pro?? |
|
Answer» Since I put COMODO on my PC I can not get online unless I turn that off all the way and the Win. firewall...If i KEEP COMODO on I can not get online There's a bit of a learning curve setting up Comodo or any firewall app properly...have you spent any time reading the Help files ? ?Who is the competition in your area ? ? Many times contacting their DIRECT competitors and mentioning switching you can wind up with a sweet deal... Quote It does not help that my cable company is down 80% of the timeThen, it's HARD to know, if it's you, or them. When you install firewall, basically they are all set not to prevent you from Internet connection. If you play with your firewall later on, you may screw your connection, but I don't think it's possible for firewall to interfere from the get go. What kind of connection is it, anyway?Sad to say guys I have Suddenlink now for my cable TV and PC. The only other choice I would have would be Centurytel.And they want ALOT down.($250) Parts of my area can use AT&T but,not where I am right now. Ugh.As i write this now it has already went down twice. So I'll have to send this out later. I used to work for MCI then Sunrocket (a VoIp company) So I know some about tech support-and Suddenlink SUCKS when it comes to that also.Its a major pain calling them up. Did you try to complain to Suddenlink? Quote from: Broni on November 25, 2007, 02:46:02 PM Did you try to complain to Suddenlink?Yeah did,I got one buck off my bill Whatever.lol.Working better now.I don't know, if this is gonna help, but try to run TCP Optimizer: http://www.speedguide.net/downloads.php Put a checkmark into "Optimize settings", and click "Apply changes". |
|
| 96. |
Solve : Zone Alarm Fire wall new questions.? |
|
Answer» I should have asked these questions first before I made my changes. Learning and flying off the cuff. My O/S is Window's 5.1I assume, we're talking Windows XP, then. Secondly, turn your Windows firewall ON, for now. Now, when you uninstalled Norton, it's very possible, it didn't remove everything, especially registry entries. Go START>Run, type in: regedit Hit Enter. Registry Editor will open. Go File>Export, and save your registry file to known location. Go Edit>Find In "Find" field type in: Norton Click OK. When entry is found, right click on it, click Delete Hit F3 to find next Norton related entry. Right click, Delete. Continue, until no more Norton entries are found. Repeat same action, looking for: Symantec Now, you need a firewall. I'm not a big fan of ZoneAlarm, so I'll recommend Comodo: http://www.personalfirewall.comodo.com/ Download it. Turn your Windows firewall OFF. Install Comodo. Restart computer to see, if everything checks out.Broni, I am still trying to clean up the PC with your instructions. I think everything is working so far as I am editing the registry like you said to do. I've removed my spyware , rootkit and (from some time ago) past A/V trial programs. I just got done deleting the Norton files the registry identified. I have a new question now. After Norton; I asked the registry to "find" Symantec. The left side of the screen seems to look like it located a point somewhere in the middle of the drop down tree. I'm lookin at a MILE listing of binary type files. The point is, I don't know where Symantec starts and where it ends so I know I have completely deleted all the Symantec files. Any ideas how I should approach this? Since you advised a free firewall, do you use and recommend a free anti virus? Thanks for all your help. T Quote The left side of the screen seems to look like it located a point somewhere in the middle of the drop down tree. I'm lookin at a mile listing of binary type files. The point is, I don't know where Symantec starts and where it endsI'm not quiet sure, if I understand. When "Find" finds something, that entry is usually highlighted. As for free antivirus, yes I'm using AVG free, and happy with it: http://free.grisoft.com/ Have you tried the Norton Removal Tool? Not yet. First I felt is was more important for me to understand how to learn and use the "run" commands and functions of editing the registry. I'm new so I am cautious and take my time learning; stop everytime I see something wrong or just don't understand it. You guy's out there are a great help and I really appreciate your time. By that; I can one day maybe help someone. So I went back to work in the registry and think I have solved many of my problems. The other reason I didn't run the tool yet was; if I'm going to remove Norton Symantec, installing the tool would be downloading more software and that might just compromise my initial objective which is to remove any identity of old Norton ware. Now that I cleaned it up, AVG A/V free edition is now working properly where it wasn't before when I started this project. Now back to the beginning of what started this whole dialogue; a firewall. I've decided to stop my attempt working with Zone Alarm and go with the other recommendation "comodo". What are your opinions, what has WORKED for you? TomEvilF, I just read your entry at the beginning of this catagory "read first". Very informative; I will study it. Thanks, T Quote from: tpolcha on November 22, 2007, 11:44:28 AM EvilF, Thanks The Norton Removal Tool runs from the desktop, it doesn't actually install. Just delete the exe when done and it is GONE. I would still suggest running it. Symantec/Norton entries are everywhere and finding them all manually might be impossible. Comodo and I/my computer don't get along very well. My preferrence is PC Tools Firewall Plus Free But everyone has their preference. The registry is really not the place to start learning in. It is a dangerous place to make changes even for a skilled user. It is best to use tools to clean it up. The space gained by deleting dead entries is so minimal you will most likely never notice the difference. Auslogics Registry Defrag is what I use "if" I am bored. It isn't something that needs to be done often. Then the Registry cleaner in CCleaner is probably the safest to use. Let us know how everything goes. EFComodo is the best, you can get (including paid firewalls). Quote I would still suggest running it.I'd be curious myself, if it's gonna find more stuff.I will give it all a try especially the removal tool; except the Ccleaner right now. I read an article that it could cause some interference with Window's Media Player 10. I had to roll back to WMP10 when my daughters b/d gift; mp3 player specifically required that version in order to download music to her player. I've collected and saved all of yall's notes. Once again, I appreciate your help. It has saved me allot of grief. I'll post my new success's. If you folk's live in America, please enjoy a Happy Thanks Giving. |
|
| 97. |
Solve : Widows Explorer/Dr. Morten? |
|
Answer» I downloaded what I think was a bad file from a torrent about a month ago and now I can't open the folder I downloaded it in. I use Windows XP. I put it in My Documents>My Videos>My Movies. Sometimes I can open my videos, but most of the time I can't. If I try and delete it or open it I get an error message saying that Windows Explorer has encountered a problem and needs to close. Then it freezes up. A couple time it would came up with a Dr. Morten's Postmortem Debugger error message. Can you help me fix it? |
|
| 98. |
Solve : Please Help Me! i Cant Get Rid of A Virus!? |
|
Answer» Hi my computer caught a virus called JOKWMP.DLL TROJAN.VIRTUMOND and it continually directs me to web pages trying to sell antivirus software plus it has also slowed down my computer heaps. i tryed NAV and spydoctor but both didnt remove it. iam really desperate to fix it because i need my computer for work. i dont know much about computers so if someone could explain wat to do in simple terms that would be great. thankslet's try a quick help. download avira anti virus and S&D for spy ware, update and run full scan in safe mode. |
|
| 99. |
Solve : Hijack logfile part 1and part 2? |
|
Answer» log file is too big I had to put it in 2 messages C:\WINDOWS\system32\onfofdwt.dllThen click on the button that has the red circle with the X in the middle after you enter the file. It will ask for confirmation to delete the file. Click Yes. Note: It is possible that Killbox will tell you that the file does not exist. Reboot to normal mode and re-hide the protected files. ===== Let me know how things are now. |
|
| 100. |
Solve : My Hijack logfile & others...? |
|
Answer» Here are my HijackThis AND SUPERAntiSpyware Scan Log... WOW! A lot of stuff....Did it.It found nothing....It looks like SUPERAntiSpyware did pretty good job. Post new HJT log. Quote from: Broni on November 23, 2007, 04:42:55 PM It looks like SUPERAntiSpyware did pretty good job.Okay here is the new one: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:18:41 AM, on 11/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\atievxx.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ibwhuxr.exe O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Eek! Promoter] C:\Program Files\Eek! Records\Eek! Promoter\EekPromoter.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: SUN Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{77765848-D713-4D0B-BFF8-9CF403173596}: NameServer = 208.180.42.68,208.180.42.100 O18 - Filter hijack: text/html - (no CLSID) - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rteqe.html -- End of file - 6193 bytesI can't see any firewall running. Do you have Windows firewall up? Download, and run CWShredder: http://www.intermute.com/spysubtract/cwshredder_download.html Let it fix whatever it finds. 1. Print this post out, since you won't have an access to it, at some point. 2. Download, and install Spybot (if you don't have it) from here: http://www.download.com/3000-2144-10122137.html 3. Close all windows, except for HJT. 4. Put a checkmark next to the following HJT ENTRIES: - O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto - O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing) - O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing) - O18 - Filter hijack: text/html - (no CLSID) - (no file) 5. Click on "Fix It" button. 6. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts) 7. Run Spybot (check for updates, first), and fix whatever it asks you to fix. 8. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to "Show hidden files, and folders". 9. Delete following files (if they still exist): - outlook folder from C:\Program Files 10. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 11. Restart in Normal Mode. 12. Turn System Restore on. 13. Run HJT again, and post back its log back here. Okay I'll do that now-And No I do not have a Windows Firewall up. Quote from: Broni on November 24, 2007, 09:59:01 AM I can't see any firewall running. Do you have Windows firewall up?You CAN'T be without any firewall. For now, turn your Windows firewall ON. Quote from: Broni on November 24, 2007, 10:50:57 AM You CAN'T be without any firewall. For now, turn your Windows firewall ON.Okay,How would I do that? Also just ran the CWShredder it found nothing.1. Click Start, click Run, type Firewall.cpl, and then click OK. 2. On the General tab, click On (recommended), and then click OK. Quote Also just ran the CWShredder it found nothing.GoodHere is the new HijackThis file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:36:54 PM, on 11/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\atievxx.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ibwhuxr.exe O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Eek! Promoter] C:\Program Files\Eek! Records\Eek! Promoter\EekPromoter.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{77765848-D713-4D0B-BFF8-9CF403173596}: NameServer = 208.180.42.68,208.180.42.100 O18 - Filter hijack: text/html - (no CLSID) - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rteqe.html -- End of file - 6205 bytesDid you turn on Windows firewall? How are the pop-ups? Do you USE MSN Gaming Zone? Quote from: Broni on November 24, 2007, 02:02:21 PM Did you turn on Windows firewall?Yes I did turn on the windows firewall-Before I did everything. So far no pop-ups-Since I did everything. And I not use MSN Gaming Zone.-I use Hotmail.com but,thats it.lolIf so, run HJT one more time, put a checkmark next to: - O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rteqe.html and click on "Fix it". That should take care of last questionable entry. Now, Windows firewall isn't that good, so I'd recommend to: - download free Comodo firewall: http://www.personalfirewall.comodo.com/ - turn off Windows firewall (reverse steps as described above - install Comodo. |
|
