4832 + Interview Questions in Computer viruses and spyware in Software Page 20 InterviewSolution

951.	Solve : Good site blocked by McAfe Antivirus. True??
Answer» I got a call from a relative to tell me that MalwareBytes.org, a good site. was blocked by McAfe Anti VIRUS. That just can not ber true, -Right? I dont see anything wrong with it. Unless macafee doesnt want anyone to buy anything other then them Or mabye it was a fake site or something. Mabye theyve been hacked or soemthing. All of whcih I doubtThere was an issue a while back with McAfee blocking the Malwarebytes.exe but it was srraightened out with a McAfee update. Is there AV up-to-date? If so it could be an infection trying to re-direct them away from the Malwarebytes web site and not blocking the actual URL. He got the McAfe on sale at Cost-Co and now we know why it was on sale! MalwareBytes is a respected ORG, so why would anyone in his right mind try to block it? That was very bad PR. Could you imagine Microsoft putting a block on the Apple site? Hard to believe!This highlights one of the main reasons I myself don't use any AV solution. Blacklists simply don't work. http://www.codinghorror.com/blog/archives/001009.html I don't think it's a blacklist issue. Nice article but I think he is a little off on a few points: Quote Ask yourself this: why don't Mac users run anti-virus software? Why don't UNIX users run anti-virus software? Because they don't need to. It's because malware writers haven't put any effort into attacking a Mac. Too much work with no reward. But Mac viruses are rising, slowly but there new ones being released. Quote At its heart, anti-virus software is little more than a glorified blacklist. It maintains an internal list of evil applications and their unique byte signatures, and if it sees one on your system, kills it for you. Sure, anti-virus VENDORS will dazzle you with their ad copy, their heuristic this and statistical that; they'll tell you (with a straight face, even) that their software is far more than a simple blacklist. It's a blacklist with lipstick. It's the prettiest, shiniest, most kissable blacklist you've ever seen! Not true. Behavior/heuristic detection is a very good resource. That's why users have to turn off their AV before using some of the specialized tools in malware REMOVAL. They behave just like some malware and will be terminated. But hey, who am I to try and tell a PROGRAMMER that software is better than something that can be done with DOS or manually. So you are 100% sure that McAfee is blocking access to the MalwareBytes Web site?yeah I pretty much disagreed with the same two points- but as far as Admin/limited this was made pre-vista and I think that MS addressed that issue at least partly with UAC and related security features. As far as hueristics I think they work fairly well, especially in that they will find new "strains" of previously profiled viruses- and even can be set so that they detect any virus using a module or loader distributed between malware authors; Additionally I find it interesting how he says blacklists don't work and yet offers no reasonable ALTERNATIVE other then that now essentially made the default- run as a limited user. I think Vista and now Windows 7 have addressed the whole "running as admin" issue fairly well.

951.

Solve : Good site blocked by McAfe Antivirus. True??

Answer»

I got a call from a relative to tell me that MalwareBytes.org, a good site. was blocked by McAfe Anti VIRUS. That just can not ber true, -Right?

I dont see anything wrong with it. Unless macafee doesnt want anyone to buy anything other then them Or mabye it was a fake site or something. Mabye theyve been hacked or soemthing. All of whcih I doubtThere was an issue a while back with McAfee blocking the Malwarebytes.exe but it was srraightened out with a McAfee update. Is there AV up-to-date?

If so it could be an infection trying to re-direct them away from the Malwarebytes web site and not blocking the actual URL. He got the McAfe on sale at Cost-Co and now we know why it was on sale!
MalwareBytes is a respected ORG, so why would anyone in his right mind try to block it? That was very bad PR. Could you imagine Microsoft putting a block on the Apple site? Hard to believe!This highlights one of the main reasons I myself don't use any AV solution. Blacklists simply don't work.

http://www.codinghorror.com/blog/archives/001009.html

I don't think it's a blacklist issue.

Nice article but I think he is a little off on a few points:

Quote

Ask yourself this: why don't Mac users run anti-virus software? Why don't UNIX users run anti-virus software? Because they don't need to.

It's because malware writers haven't put any effort into attacking a Mac. Too much work with no reward. But Mac viruses are rising, slowly but there new ones being released.

Quote

At its heart, anti-virus software is little more than a glorified blacklist. It maintains an internal list of evil applications and their unique byte signatures, and if it sees one on your system, kills it for you. Sure, anti-virus VENDORS will dazzle you with their ad copy, their heuristic this and statistical that; they'll tell you (with a straight face, even) that their software is far more than a simple blacklist. It's a blacklist with lipstick. It's the prettiest, shiniest, most kissable blacklist you've ever seen!

Not true. Behavior/heuristic detection is a very good resource. That's why users have to turn off their AV before using some of the specialized tools in malware REMOVAL. They behave just like some malware and will be terminated.

But hey, who am I to try and tell a PROGRAMMER that software is better than something that can be done with DOS or manually.

So you are 100% sure that McAfee is blocking access to the MalwareBytes Web site?yeah I pretty much disagreed with the same two points- but as far as Admin/limited this was made pre-vista and I think that MS addressed that issue at least partly with UAC and related security features.

As far as hueristics I think they work fairly well, especially in that they will find new "strains" of previously profiled viruses- and even can be set so that they detect any virus using a module or loader distributed between malware authors; Additionally I find it interesting how he says blacklists don't work and yet offers no reasonable ALTERNATIVE other then that now essentially made the default- run as a limited user. I think Vista and now Windows 7 have addressed the whole "running as admin" issue fairly well.

954.	Solve : okay, so I've used the combofix...?
Answer» So I USED the combfix to get rid of the crap that got on my computer. I have no idea what I have to delete from the other notepad document. Here's the log. Thanks [ATTACHMENT DELETED by ADMIN]

955.	Solve : Can't uninstall all of program?
Answer» I tried updating my antivirus program and wasn't able to CONNECT to the internet. After several attempts to find the cause, I decided to UNINSTALL and reinstall the program. After re-installing The same thing happened. I uninstalled again, but could not uninstall the firewall portion of the program. The anti virus program is CA Internet Security Suite 2007, which is provided by the cable company I have as a server. When trying to uninstall, I get an error message (Error E9011), with a message stating: You do not have sufficient privileges to install or uninstall CA Personal Fiewall. Unable to update registry key: HKEY_LOCAL_MACHINE\SOFTWARE\classes\.efw. It also says Try logging on as Administrator. I am already logged on as the Administrator. My OS is Windows Vista. Does anyone have any SUGGESTIONS as to how I can uninstall the remainder of this program?

957.	Solve : further help following your mwsoemon instructions?
Answer» That looks a lot better! Go to Add or Remove Programs and uninstall: Viewpoint Media Player Go to START > Run and type NOTEPAD.exe then click OK. Copy and paste the following text WITHIN the code BOX into the new Notepad file. Code: [Select]ECHO OFF sc stop "AOLService" sc delete "AOLService" exit In Notepad select File and Save as Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files. Next double click fixservice.bat to run it. A black box should open and close after a short time, this is normal. Do not continue until the black box has closed Delete fixservice.bat from the Desktop. ---------- How is the computer running now? .Thanks for you time & help evilfantasy. I put new hijack log in the VA9 tool and all ok. Can I also ask if it ok to post hijack log for my daughters LAPTOP who also had the same mwsoemon malware for you to check? Yes but start a new topic for a different computer.

958.	Solve : newbie can't restore OS because of virus(es)?
Answer» Hey all!< My computer is self destructing, I did not renew my subscription to RegCure and everything has been going south since. I am no longer even able to log in without gettign a blue screen. I know I am loaded with viruses. I was in the middle of a VirusScan re-install with McAfee when I lost internet access. Now it's to the point that I can no longer log on. When I try to do an OS repair/ restore using manufacture's disk I get error messages that certain files do not pass the windows logo test, i say to copy anyway but then install does not finalize. I don't know where to start, I don't necessarily WANT to reformat the whole drive. Can anyone guide me in what STEPS to take using dos commands? I do not have anti virus software installed and do not have internet access. all I have is a DOS prompt I am running XP home. (this is not the infected computer) Thanks, RayThanks for all your help, I did the recommended reinstall but w/out formatting, reinstalled McAfee virus scan plus, and have been updating and rescanning for 2 days straight and FINALLY have a "Clean" scan log! yea!!! , I was able to boot in safe MODE and change ownership of all my old password protected folders too! Thanks for all your help!!! Ray

959.	Solve : IE Script Error - opens as a pop-up for many programs?
Answer» Thank GOODNESS!! I was starting to get SORT of stumped. Now to finish. Disable/Enable the System Restore Utility to flush old corrupted restore points 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Here are some great FREE tools to help you keep you safe. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's EASY and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, SEE here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

960.	Solve : Avira Anti-Virus?
Answer» Hello all, I just have a quick question. I am currently using AVG, and was thinking about trying Avira. Does the free Avira program offer email protection? Yes. http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html AntiPhishing AntiSpyware AntiRootkit Email protection Award winning malware protection Thanks evilfantasy, however; according to the specs. the free avira does NOT offer the email protection. Perhaps AVG may be my better optionoops, I didn't see that. Actually though email protection is a bit confusing. As long as an antivirus is running you have email protection. Products ADVERTISE it but it's there anyway.So I should not be worried about my email not being protected with Avira?No you don't need to worry. Opening an attachment in an email is just like when you download software. The antivirus is protecting you either way. It won't scan them before you open them but that rarely does much good anyway. There is also Avast you could look at. It does everything that AVG and Avira do and more, for free.Evilfantasy, Thanks you very much for your input I can now at LEAST have some peace of mind knowing my email is protected. I appreciate the input on the Avast program. I will check it out. Thanks again!Email safety is pretty basic, with or without an antivirus. If it contains a virus many times it will install before your antivirus can stop it. Some even have the ability to turn off your AV long enough to install themselves. Or they will lie dormant until you start or shut down your PC. Then nothing is running that can stop them from invading. Safe Email Practices # Attachments Attachments require special attention. They could contain viruses - even if it's coming from the computer of a friend. Therefore: 1. Don't open attachments if you don't know who they're from 2. Even if you do know who it's from, if the subject line sounds SUSPICIOUS, contact your friend before opening. Viruses often "spoof" the from address (masquerade as SOMEONE else - usually getting the name from an infected computer's address book - the infected computer could be a friend's which is why all email - even from friends should be held suspect.) Viruses also often try to come up with a compelling subject line to GET you to open them.

961.	Solve : After deleting virus still get error message.?
Answer» This all HAPPENED when I download VISTA Transformation Pack 9 which was rumored to have Trojans. I first got the error and went in to System 32 and found the file and deleted it, then went to CCLEANER and got rid of it's trace. Then also AVG found it and deleted it. Since then I have not found the virus but I still KEEP getting this message every time I boot up my computer. View Image to view it larger. Then I click Ok and get this After that everything is okay.. So how can I get rid of this?

962.	Solve : So many problems I'm having, and don't know and having problems understanding?
Answer» I'll try and explain things as best as I can. I have been having so many problems over the years with my computer. Seems to be getting worse especially over the past few months or so. It is a DELL Computer Dimension 8200 Have hired several repairmen over the years, and they seem to cause new problems all the time. Problems started when I had to download AIM for an online computer class I had just registered for. Something called an MBKWBar Tool bar came through with it and installed itself in Internet Explorer and kept FLOODING me with pop up ads and of course would crash with all the pop ups. So, that is the first time we heard of SPYWARE, ad ware, all that stuff. We had heard of viruses, but not the other stuff. Had Norton Anti virus when I got infected with the tool bar. Oh dear, now while on my mom's computer something is COMING up and now my mom is mad at me. Thinks I've got her computer hacked. It says Spyware Protect 2009 alert. Infiltration Alert- Your computer is being attacked by an internet virus. It COULD be a password stealing attack, a trojan- dropper or similar. Details: Attack from: 153.74.175.9, port 22223 Attacked Port: 57897 Threat: BankerFox.A Do You want to block this attack? yes or no We don't know whether to put yes or no because the repairmen warned us that when hitting yes or no can cause more stuff to come through too. I also keep getting parsing errors, and now learning that may have something to do with CSS, and I have no idea anything or how to fix this type of stuff. Getting the same problems on both mine and mom's computer. Oh dear, it's happening again on my mom's computer. Spyware Protect 2009 alert. Saying it again and says Details Attack from: 148.3.173.122, port 49786 Attacked port: 32816 Threat: Win32/Nuquel.E Do you want to block this attack? If I click yes, it takes me somewhere and then asks for a credit card number. What do I do?

964.	Solve : Re: removing a virus?
Answer» HI, You can use SYMANTEC ANTIVIRUS it automatically remove virus. Tech Tiger1Come again?Sorry, I split this from ANOTHER POST and forgot to lock it.

966.	Solve : Trojan, no idea what kind, please help, have scan logs?
Answer» i have an hp computer with windows xp and i was told by norton that it has detected a Trojan last night. my computer shut down unexpectedly a couple of times this morning but now it seems to be staying on, the only other symptoms i have so far is every time i right click on any file or try to drag it SOMEWHERE Data Execution Prevention program shows up and shuts windows explorer down. i can still open the programs its just i can't move them or delete them. i've been running scans with Norton but it doesn't detect anything anymore. i know it can't get rid of it so i was hoping someone might know what i should do. please help. i have the scan logs below... SUPERANTISPYWARE Scan Log http://www.superantispyware.com Generated 02/13/2009 at 08:23 PM Application Version : 4.25.1012 Core RULES Database Version : 3754 Trace Rules Database Version: 1718 Scan type : Complete Scan Total Scan Time : 01:23:38 Memory items scanned : 554 Memory threats detected : 0 Registry items scanned : 6504 Registry threats detected : 0 File items scanned : 176177 File threats detected : 0 Malwarebytes' Anti-Malware 1.34 Database version: 1736 Windows 5.1.2600 Service Pack 3 2/13/2009 8:57:26 PM mbam-log-2009-02-13 (20-57-26).txt Scan type: Quick Scan Objects scanned: 71938 Time elapsed: 4 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:05:17 PM, on 2/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\ehome\ehtray.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: CACHED Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O24 - Desktop Component 0: (no name) - http://l.yimg.com/a/i/ww/thm/1/whood.png -- End of file - 12958 bytes thats it i think....one more question, whats probably the best thing to use instead of Norton. i don't care if its free or not. thankyouNORTON IS NOT GREAT SECURITY AN EXPERT WILL GIVE YOU BETTER

971.	Solve : what is tr/crypt.xpack.gen?
Answer» Is it dangerous? Avira found it and (apparently) removed it. The Avira website tells me it is a low THREAT virus capable of minimum damage while this website &LT;Link Removed> tells me it is an extremely dangerous virus.That's a rouge web SITE so I removed the link. See here http://www.mywot.com/en/scorecard/scanforfree.com They use scare tactics to try and lure in the unsuspecting and buy their BAD software. Most trojans, while they are a pain to have are easily removed with a good antivirus. Avira's description is a good one. http://www.avira.com/en/threats/section/fulldetails/id_vir/3488/tr_crypt.xpack.gen.html More info: http://www.sophos.com/security/analyses/viruses-and-spyware/maltinydlo.html http://www.virustotal.com/analisis/258fbdfb7eb6ecfedbf236533b03c945

976.	Solve : antivirus 360?
Answer» Help..... Was interupted in the middle of something, and downloaded this 'thing' in error. Now I cnt get rid of it. it WONT let me do anything... and keeps TELLING me i got VIRUS's and things. It doesn't show in add and remove programmes, and it wont let me delete from'my computer' I get the message "cannot delete av360 exe. access denied." and pop-ups appear all over the place. Any web site i got to (including microsoft's own) is blocked so I have to 'back' up to previous page to continue. I tried re-setting to a previous date and that doesn't work either. Help...Please Need...more...info...gasp Operating SYSTEM / antivirus & antispyware PROTECTION / service packs installed / tried booting into safe mode (F8 when starting computer) and running scans? Alan <><

985.	Solve : csrssc.exe virus and random black windows popping up with errors?
Answer» Hi, I was recently watching a show on Fox.com and an antispyware program popped up on my screen and started scanning my computer, so I immediately stopped the scan and DELETED the program. Or so I thought. Now, every time I log on to my account (the only account on the computer) I KEEP getting these little black windows that pop up and tell me that there has been some sort of error. I first went to the post that said to do this stuff before I POSTED and I did and this is the report for the SUPERAntiSpyware scan: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/29/2009 at 05:59 PM Application Version : 4.25.1012 Core Rules Database Version : 3743 Trace Rules Database Version: 1711 Scan type : Complete Scan Total Scan Time : 01:04:33 Memory items scanned : 556 Memory threats detected : 4 Registry items scanned : 6361 Registry threats detected : 211 File items scanned : 79273 File threats detected : 32 Trojan.Smitfraud Variant-Gen/Bensorty C:\WINDOWS\SYSTEM32\GSDRGFDRRGND.DLL C:\WINDOWS\SYSTEM32\GSDRGFDRRGND.DLL HKLM\Software\Classes\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D} HKCR\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D} HKCR\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D} HKCR\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D}#ThreadingModel HKCR\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D}\InProcServer32 HKCR\CLSID\{D5BF4552-94F1-42BD-F434-3604812C807D}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf4552-94f1-42bd-f434-3604812c807d} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{D5BF4552-94F1-42BD-F434-3604812C807D} HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5BF4552-94F1-42BD-F434-3604812C807D} Trojan.Dropper/Gen-NV C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\WINLOGNN.EXE C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\WINLOGNN.EXE [lrijh8s73jhbfgfd] C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\WINLOGNN.EXE [lrijh8s73jhbfgfd] C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\WINLOGNN.EXE C:\DOCUMENTS AND SETTINGS\PHIXIUS\LOCAL SETTINGS\TEMP\WINLOGNN.EXE C:\WINDOWS\Prefetch\WINLOGNN.EXE-1008CFA5.pf Trojan.Downloader-Gen/A C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\A.EXE C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\A.EXE C:\WINDOWS\Prefetch\A.EXE-2C1E3FDA.pf Trojan.Csrssc/Systemc-B C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\CSRSSC.EXE C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\CSRSSC.EXE [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\CSRSSC.EXE C:\DOCUMENTS AND SETTINGS\PHIXIUS\LOCAL SETTINGS\TEMP\CSRSSC.EXE C:\WINDOWS\Prefetch\CSRSSC.EXE-326D7AD2.pf Trojan.FakeAlert-GenA [MSFox] C:\DOCUME~1\PHIXIUS\LOCALS~1\TEMP\A.EXE C:\DOCUMENTS AND SETTINGS\PHIXIUS\LOCAL SETTINGS\TEMP\A.EXE Malware.Safety Bar HKLM\Software\Classes\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522} HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522} HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\Implemented Categories HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\InprocServer32 HKCR\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\InprocServer32#ThreadingModel C:\PROGRAM FILES\SAFETY BAR\SAFETYBAR.DLL HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{052B12F7-86FA-4921-8482-26C42316B522} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar#UninstallString Trojan.Unclassified/MSXML71 HKLM\Software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D} HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D} HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D} HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}#Install HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\InprocServer32 HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\InprocServer32#ThreadingModel HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\ProgID HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\Programmable HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\TypeLib HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}\VersionIndependentProgID HKCR\XML.XML.1 HKCR\XML.XML.1\CLSID HKCR\XML.XML HKCR\XML.XML\CLSID HKCR\XML.XML\CurVer HKCR\TypeLib\{48DE7E85-178E-CA61-5325-23647F3D90CC} HKCR\TypeLib\{48DE7E85-178E-CA61-5325-23647F3D90CC}\.0 C:\WINDOWS\SYSTEM32\MSXML71.DLL HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} Adware.MyWebSearch HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Browser Hijacker.BestSafetyGuide HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} Trojan.Unknown Origin HKLM\SOFTWARE\Microsoft\MSSMGR HKLM\SOFTWARE\Microsoft\MSSMGR#Data HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST HKLM\SOFTWARE\Microsoft\MSSMGR#PID HKLM\SOFTWARE\Microsoft\MSSMGR#Rid HKLM\SOFTWARE\Microsoft\MSSMGR#LID HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR C:\WINDOWS\SYSTEM32\OT.ICO C:\WINDOWS\SYSTEM32\TS.ICO Adware.MyWebSearch/FunWebProducts HKU\s-1-5-21-2831675395-3779781758-680594672-1007\SOFTWARE\Fun Web Products HKLM\SOFTWARE\Fun Web Products HKLM\SOFTWARE\Fun Web Products#JpegConversionLib HKLM\SOFTWARE\Fun Web Products#CacheDir HKLM\SOFTWARE\Fun Web Products\ScreenSaver HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir HKLM\SOFTWARE\Fun Web Products\ScreenSaver#PM HKLM\SOFTWARE\Fun Web Products\Settings HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\Promos HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7 HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#iexplore.exe.pos HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#firefox.exe.pos HKU\s-1-5-21-2831675395-3779781758-680594672-1007\SOFTWARE\FunWebProducts HKLM\SOFTWARE\FunWebProducts HKLM\SOFTWARE\FunWebProducts\Installer HKLM\SOFTWARE\FunWebProducts\Installer#Dir HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall HKLM\SOFTWARE\FunWebProducts\Installer#sr HKLM\SOFTWARE\FunWebProducts\Installer#pl HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir HKLM\SOFTWARE\FunWebProducts\Installer\downloaded HKU\s-1-5-21-2831675395-3779781758-680594672-1007\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch\bar HKLM\SOFTWARE\MyWebSearch\bar#pid HKLM\SOFTWARE\MyWebSearch\bar#Dir HKLM\SOFTWARE\MyWebSearch\bar#CurInstall HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir HKLM\SOFTWARE\MyWebSearch\bar#sr HKLM\SOFTWARE\MyWebSearch\bar#pl HKLM\SOFTWARE\MyWebSearch\bar#Id HKLM\SOFTWARE\MyWebSearch\bar#CacheDir HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision HKLM\SOFTWARE\MyWebSearch\bar#sscLabel HKLM\SOFTWARE\MyWebSearch\bar#sscURL HKLM\SOFTWARE\MyWebSearch\bar#Flags HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir HKLM\SOFTWARE\MyWebSearch\bar#DSSEnabled HKLM\SOFTWARE\MyWebSearch\bar#tiec HKLM\SOFTWARE\MyWebSearch\bar#SearchProvider HKLM\SOFTWARE\MyWebSearch\SearchAssistant HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fs HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp HKLM\SOFTWARE\MyWebSearch\SkinTools HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version HKLM\Software\FocusInteractive HKLM\Software\FocusInteractive\bar HKLM\Software\FocusInteractive\bar\Switches HKLM\Software\FocusInteractive\bar\Switches#incmail.exe HKLM\Software\FocusInteractive\bar\Switches#msimn.exe HKLM\Software\FocusInteractive\bar\Switches#msn.exe HKLM\Software\FocusInteractive\bar\Switches#outlook.exe HKLM\Software\FocusInteractive\bar\Switches#waol.exe HKLM\Software\FocusInteractive\bar\Switches#aim.exe HKLM\Software\FocusInteractive\bar\Switches#icq.exe HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe HKLM\Software\FocusInteractive\bar\Switches#ypager.exe HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll HKLM\Software\FocusInteractive\bar\Switches#au HKLM\Software\FocusInteractive\bar\Switches#ok HKLM\Software\FocusInteractive\bar\Switches#od HKLM\Software\FocusInteractive\bar\Switches#nk HKLM\Software\FocusInteractive\bar\Switches#nd HKLM\Software\FocusInteractive\Email-IM HKLM\Software\FocusInteractive\Email-IM\0 HKLM\Software\FocusInteractive\Email-IM\0#Toolbar HKLM\Software\FocusInteractive\Email-IM\0#AppName HKLM\Software\FocusInteractive\Outlook C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\History C:\Program Files\MyWebSearch\bar\Settings\setting2.htm C:\Program Files\MyWebSearch\bar\Settings\settings.dat C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings C:\Program Files\MyWebSearch\bar C:\Program Files\MyWebSearch C:\Program Files\FunWebProducts\ScreenSaver\Images\0021736A.urr C:\Program Files\FunWebProducts\ScreenSaver\Images C:\Program Files\FunWebProducts\ScreenSaver C:\Program Files\FunWebProducts\Shared C:\Program Files\FunWebProducts Trojan.Security Toolbar C:\Documents and Settings\Phixius\Favorites\Antivirus Test Online.url Trojan.Incestuously HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#incestuously [ {03413bf7-e34c-445b-bfc0-a2b127255871} ] Trojan.Unclassified/MSFox HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Run#MSFox [ C:\DOCUME~1\Phixius\LOCALS~1\Temp\a.exe ] HKLM\SOFTWARE\Mozilla\MSFox HKLM\SOFTWARE\Mozilla\MSFox#Str5 HKLM\SOFTWARE\Mozilla\MSFox#Str9 HKLM\SOFTWARE\Mozilla\MSFox#Str6 HKLM\SOFTWARE\Mozilla\MSFox#Str7 HKLM\SOFTWARE\Mozilla\MSFox#Str8 HKLM\SOFTWARE\Mozilla\MSFox#Str4 HKLM\SOFTWARE\Mozilla\MSFox#Str10 HKLM\SOFTWARE\Mozilla\MSFox#Str1 HKLM\SOFTWARE\Mozilla\MSFox#Str0 HKLM\SOFTWARE\Mozilla\MSFox#Int2 HKLM\SOFTWARE\Mozilla\MSFox#Int3 Trojan.Unclassified/Cognac HKU\s-1-5-21-2831675395-3779781758-680594672-1007\Software\Microsoft\Windows\CurrentVersion\Run#Cognac [ C:\DOCUME~1\Phixius\LOCALS~1\Temp\~tmpe.exe ] Rogue.MSAntiSpyware2009 C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd Adware.MyWebSearch-Installer C:\DOCUMENTS AND SETTINGS\PHIXIUS\DESKTOP\UNUSED DESKTOP SHORTCUTS\ZWINKYSETUP2.2.50.1-3.ZJFOX000.EXE Adware.ClickSpring/Yazzle C:\WINDOWS\PREFETCH\YAZZLE1162OINUNINSTALLER.EXE-1ED8E2D1.PF I am now running the Malwarebytes Anti-Malware program.Ok, and here are my Malwarebytes' Anti-Malware log and HijackThis log. Now that I have ran all of these programs my computer no longer seems to be bringing up the little black windows with errors anymore. Also, in case you need to know, my computer information is: MS Windows XP Professional SP3, INTEL Pentium 4 CPU, 2.80GHz, 512MB RAM, Intel 82845G/GL/GE/PE/GU Graphics Controls That's about all I know about it. I really hope that this will fix everything on my computer. I use this computer for school so I have a ton of school work SAVED on here. [attachment deleted by admin]

988.	Solve : Malware infected. Need help?
Answer» Hi experts, I need help to get rid of a malware infection. It affected my MOTHER's notebook, and once she noticed something was wrong and handled the computer to me, the infection was ALREADY pretty bad. I attached logs from SuperAntiSpyware, Mbam and Hijackthis. It has AVG 8 installed, and it's updated. It reports threats every boot and during computer use. I disabled the anti-virus while running SuperAntiSpyware, mbam and hijackthis. SuperAntiSpyware could report lots of infections, but crashed while cleaning the computer (the computer restarted without any prompt). At the "Add or Remove programs" screen there some softwares that she claimed she did not install. They are ESPNMotion (0.27mb), Mah Jong Quest (13.17mb), Otto (no size available), Penguins (36mb), POLAR Bowler (13.73mb), Polar Golfer (14.12MB), Scrabble (14.78mb), SD Secure MODULE (0.05mb). At the DEVICE Manager, under non-plug and play drivers, there's a driver called catchme, that I found at a site that could be a malware. [attachment deleted by admin]download , malwarebytes anti-malware and add the log and let an expert look at them

972.	Solve : Cannot open programmes from Desktop Icons?
Answer» If I have posted in the wrong location, I apologise. Running Windows XP Home edition. As far as I know, my computer was running ok LAST NIGHT. This morning if I double click on a Desktop Icon, or an Icon in a folder, all I get is a box telling me that it is a short cut. I cannot access the Internet. No programmes or downloads have been added to this computer in over a week. I have transferred some photographs via my NETWORK Connection. I have tried to do a restore and cannot. ALSO, if I do any work in a programme, say Photoshop, I cannot save the work. I have also found that if I right click on an Icon and Explore I can run a programme but it will not let me save any changes. Using the right click method, I have managed to run Malwarebytes SuperAntiSpyware and CCleaner - nothing found. Any help appreciated. Thank you, George.Try performing a System Restore to a few days before this started.As I put in my original post, I am unable to do a Restore.Oh, sorry about that. When you try it, what happens?I highlight Restore my computer to an earlier time then click on Next. The button operates but nothing happens. It will operate every time that I click on it but it never changes to the CALENDAR - even if I wait.Try doing it in Safe Mode

974.	Solve : advanced systemcare ( advice please )?
Answer» i have had this for a good while and find the UPDATE very good and easy to use has any-one went into utilities and used all that is in " tune up , security , ADMIN tools " or are there any in there that you WOULD not use i have used most of them thanks for your help , harry

975.	Solve : Help, desktop died...?
Answer» Here's what happened. We use Avaist. The other day, a window came up and said that Avaist was expired and we needed to ENTER a new REGISTRATION code, but Avaist was last installed in Nov., and should have expired yet. Well, sometime between it expired and we reinstalled it, something must have gotten in, because when we rebooted, the boot scan came up and just about every file that it scanned was put in the chest and then it said the chest was full, so we ESCAPED out and rebooted. Now it loads up to the user name/password LOGIN box, you hit ok, and it says loading personal settings, and then immediately LOGS back off to the login box. Does the same thing when trying to load in safe mode and from last good known configuration. Please help. Thanks.

977.	Solve : help everytime i open .bat files my pc shut downs!!?
Answer» help everytime i open .BAT FILES my pc shut downs!!do you think its a virus and if i scan it ..it will REMOVE RIGHT?

979.	Solve : Norton 2009 unblock virus??
Answer» I GOT a problem whit norton 2009, im TRYING to get a file but norton class it as a virus, well it is a virus but a virus i need to do a thing. and i have try to do all things i can THINK of but still it just wont leave it alone... i have looked in nortons home page, and more forums but dident find any thing so do some one KNOW how to fix this? In my experience, Norton isn't easy to turn off. What is this file, what are you trying to do may I ask?its a trojan who can hide drivers, program and so on like it can hide your games, so no one know your playing it. like you have Xfire it will SENS if you are playing a game but whit this "virus" it hide the game so Xfire wont see that you are playing it. It might seam like I'm crazy but it is quite nice program which you can have much fun whit... It sounds like something we can't do here too....well guess i have to live whit out it... well thx anyway

980.	Solve : Continue to have problems?
Answer» I was here a few weeks ago, and got assistance with my computer and what I believe was spyware and such. However, now just a few weeks later, it is all starting over again. My computer, while on internet, is extremely slow, I have a DSL connection. And it's starting again where I click on certain buttons and it does nothing, just sits there. I've run the SuperAntiSpyware program, and removed the files it said, etc...but it's still so slow. Can someone tell me if I'm going to have to go through this continually now, or what the problem might be? Thanks!Hard to say. Have a friend come to you house with his laptop and see if it is the DSL connection. I've had my isp check that, it's not the connection. It's doing almost exactly what it was before, which is running extremely slow, not navigating to pages when I click on things, even the spyware, malware and virus programs I got here are all messed up, they don't run the scans the same way. One of the things that I thought was really WEIRD is when I am typing, about every 15 characters or so, it'll "miss" the stroke, I GUESS is the only way to put it. I'll be typing and one letter or character will not come through. I don't know how to explain that PART, it's just another one of the weird things happening. Anyone have any ideas here? This is causing major frustration, as I work on my computer from home, and it really slows things down for me. could you run through the malware guides and post the logs; our experts can then look over the logs for you I'll try, but that's another one of the issues I am now having. None of them are doing what they used to do. I ran all the programs I have in the last 24 hours, I will attach them here, but I'm not sure if they will be useful, since so MUCH seems to be happening. I also want to be sure to include that last night this computer completely went NUTS for a few hours. It would either let me get to the point where you click on your username, right at the start of windows, then my mouse would freeze. If I got past that page, one of two things happened: I would either get my usual desktop but when I clicked on any of my icons, got nothing OR I would get the picture of my girls I have on my desktop, but none of my icons or the tool bar at the bottom. If I got that, I had to disconnect my computer from the power in order to start over. I did this for a couple of hours at least, until I finally was able to do a system restore in safe mode. Not sure if that means anything or not, but it was really weird and very frustrating. Thanks for the quick replies, I'll get the logs now! I'm attaching the logs I have so far, thanks! The 2nd attachment is ComboFix [attachment deleted by admin]

982.	Solve : I Have Virus(es) on my computer, please assist!?
Answer» Okay, then try this: right-click on the FILE and go to Send To > COMPRESSED (zipped) Folder. That should create a .zip file. You can then attach it to your next post or try uploading it to SaveFile.http://www.savefile.com/files/1961368 Thank you for getting the file uploaded. I have scanned it with several different programs and none of them FOUND anything, so it looks like the file should be LEGIT. I guess you're in the clear! Are things running okay?Yes! everything is running great!Great, I'm glad to hear it.Thanks a million!

983.	Solve : trojan and new problem that wont come off ); im gonna cry?
Answer» hi i kno that im new here but dont even kno if this is right section for me but am REQUIRING some help on y my computer is acting funny obvoiusly from a virus or trojan but ive delt with this same trogan a aday ago and seems as if it is back i have using many things trying to remove it COMBOFIX avg spybot search destroy and spybot had found it but couldnt remove it becuase it was runing in memory or something but i need help now becuase now i cant deal with this on my own im not sure if the 2 are related thow here is the website it was trying to acess http://70.38.98.32/red.php?lid=acr [...] z&xp=1&p=1 http://sagipsul.com/go/?cmp=vm_mg_ [...] profiling4 and many others related to taht i have no clue what it is but the website cant be shown when it is accessed here is a hijackthis log ~~~~~~~~~~~ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:48:37 PM, on 1/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\APPLE\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Games\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files\iPod\bin\iPodService.exe C:\Games\Silkroad\sro_client.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Games\Silkroad\sro_client.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.22\RivaTuner.exe" /S O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - EXTRA button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 0140548374 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll iiickz.dll fzwtze.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Games\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7455 bytes dont kno if that helps but thanks for replys nvm i fixed I have the same winlogun problem. How did you fix this? It's also made it impossible to change my folder options (Show hidden folders, etc) and creates a ridiculous amount of popups on various browsers.

984.	Solve : Computer...****** completely?
Answer» To be honest, I'm not really seeing much. I only noticed one file that looked suspicious, but I don't even know if it's still on your computer. For the heck of it, CREATE a new CFScript using the text below: Code: [Select]KillAll:: File:: C:\WINDOWS\system32\ieiwebmscgfwieuet.exe Then just follow the CFScript instructions I gave before. Other than that, I can't find anything that looks like it would be causing all of your problems. You may want to try Sophos Anti-Rootkit, but at this point, there's a chance that you're not infected anymore. It seems to me that either your problem is related to something other than a virus, or the infections did some real damage on your computer.Hi again. Sorry been around the last few days trying to see what anyone can do with this computer physically but had no RESULTS so far. Ive tried your second ComboFix text and got the results on the attachment. I take it that a solution is now looking...well...dismally bleak? [attachment deleted by admin]Tried that Sophos Root-Kit...well attempted to. Can't run a scan whatsoever in Safe Mode. And well, thats all that my laptop can pretty much do at the moment. Any other suggestions would be very helpful. But if you THINK the laptops hit the fan then, well, nothing more can be done I suppose. do you have a windows CD? You could try a format/Install. (after backing up any important stuff.)Unfortunately, BC's suggestion MIGHT be your best bet. I can't really find much of anything malicious anymore, which suggests that it is not a virus issue. There may be something you can do, but with all of the things on my plate right now, I'm not quite sure where to begin with the troubleshooting PROCESS. If you have the CD, you can try a reformat or fresh install of Windows. Or you can see if anyone over at the Windows or Software sections of the forum might have any better suggestions.

987.	Solve : I keep getting sysxd.exe error?
Answer» So this only pops up periodically and I have been waiting for like half an hour but it won't COME back up so I can reproduce it but I have seen others on the forum with it. I tried some of the steps from the other posts and I have logs. Can someone please let me know if there is some crazy infection going on? I am having trouble using the internet so I am running the steps on my laptop in safe mode and saving the files/logs to my flash drive and posting here. I also have to save any installations to the flash drive and OPEN them on the laptop and copy them to the desktop there. I have Windows XP SP2 Thanks Cris [attachment deleted by admin]I figured i should add all of this INFORMATION: What operating system are you using? Windows XP SP2 If you're getting an error what is the error message? Basic details on your computer, MANUFACTURER: IBM Thinkpad T60 2GB Ram When did the issue start occurring? Did you recently install a program, new hardware device, or visit a web page? the issue started occuring about 2 weeks ago. I was getting an error about a rafki.b (or something like that) but found out it was a fake error. I followed the instructions Here http://deathwaltz.blogspot.com/2009/01/fake-security-center-alert-win32zafib.html and that FIXED the initial errors but I am still a little cautious about how my laptop is performing. Please help. Thanks

Explore topic-wise InterviewSolutions in .

Solve : Good site blocked by McAfe Antivirus. True??

Solve : Virus preventing access to antivirus sites and programs.?

Solve : spyware or malware help??

Solve : okay, so I've used the combofix...?

Solve : Can't uninstall all of program?

Solve : Vista Firewall?

Solve : further help following your mwsoemon instructions?

Solve : newbie can't restore OS because of virus(es)?

Solve : IE Script Error - opens as a pop-up for many programs?

Solve : Avira Anti-Virus?

Solve : After deleting virus still get error message.?

Solve : So many problems I'm having, and don't know and having problems understanding?

Solve : Can a camera memory card catch a viruse??

Solve : Re: removing a virus?

Solve : Desktop Icons Flashing On and Off as well as Taskbar?

Solve : Trojan, no idea what kind, please help, have scan logs?

Solve : viruses in yahoo messenger?

Solve : hijack this file DELETING AUTORUN.ini?

Solve : Windows cannot find F:\Windows\eksplorasi.pif?

Solve : Computer problem help plz?

Solve : what is tr/crypt.xpack.gen?

Solve : Cannot open programmes from Desktop Icons?

Solve : Help! (beginner here and unexperieced): redirect virus?

Solve : advanced systemcare ( advice please )?

Solve : Help, desktop died...?

Solve : antivirus 360?

Solve : help everytime i open .bat files my pc shut downs!!?

Solve : NORTON . allow inbound and outbound connections to?

Solve : Norton 2009 unblock virus??

Solve : Continue to have problems?

Solve : Online XP Scanner: DANGER! Virus upgraded and back on the prowl!?

Solve : I Have Virus(es) on my computer, please assist!?

Solve : trojan and new problem that wont come off ); im gonna cry?

Solve : Computer...****** completely?

Solve : csrssc.exe virus and random black windows popping up with errors?

Solve : I Got What I Believe is a Trojan and I Need HELP Removing It?

Solve : I keep getting sysxd.exe error?

Solve : Malware infected. Need help?

Solve : Panda Active Scan Reads Adware, Hacktools and Trojan?

Solve : My computer turns completely off if idle for maybe 20 minutes?

Solve : is ther any thing wrong with my system??

Solve : avast!?

Solve : Spyware & Viruses, Trying to clean out, Can you help please. :-)?

Solve : Help with system32 in a way?

Solve : My HJT file as requested by evil fantasy?

Solve : pls check my laptop?

Solve : Please help!Computer won't start in normal mode after Trojan's cleaned in Safe?

Solve : heres my HJT log as requested broni?

Solve : What are spr.exe files? Is that a virus or worm??

Solve : firewall help!!!!?

989.	Solve : Panda Active Scan Reads Adware, Hacktools and Trojan?
Answer» Have you tried uninstalling HomeKey? If so, what happened? If you have trouble, you can take a look at this page: http://www.spywaredb.com/remove-home-key-logger See if you can uninstall it and then try the following steps... Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop. http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double-click combofix.exe and follow the prompts. When finished, ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.Combofix is attached...to big to post. Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:49:29 AM, on 1/25/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Documents and Settings\Sylverkitti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\HomeKey\KeyLogger.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\lxcgcoms.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PicPick\picpick.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ocwencustomers.com/home.cfm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\SYLVERKITTI\Application Data\Mozilla\Profiles\default\n77ayi80.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SYLVERKITTI\Application Data\Mozilla\Profiles\default\n77ayi80.slt\prefs.js) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF READER Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected] O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1AC1131-1A94-4922-82BE-EC2D80A6CCA7}: NameServer = 205.171.3.65,205.171.2.65 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet LICENSING Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Jesuk Service (JesukSrv) - Unknown owner - C:\WINDOWS\system32\jesuk.exe (file missing) O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: Mocugyk Service (MocugykSrv) - Unknown owner - C:\WINDOWS\system32\mocugyk.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (file missing) O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe -- End of file - 8276 bytes [attachment deleted by admin]Open up HijackThis and run another scan without saving a log file. When your results are displayed, place checkmarks next to these entries... O23 - Service: Jesuk Service (JesukSrv) - Unknown owner - C:\WINDOWS\system32\jesuk.exe (file missing) O23 - Service: Mocugyk Service (MocugykSrv) - Unknown owner - C:\WINDOWS\system32\mocugyk.exe (file missing) Close all other windows and click on Fix Checked. Close HijackThis. How is your computer running now? Are you still experiencing any of the same issues as before?It seems ok...when I click links that lead to emailing someone it still is odd, before it wouldn't take me at all to the email...now it does but it has mailto: in front of it for some reason...like it forgets to just put in the email and puts everything in....other than that so far so GOOD. That could be an issue with certain sites or with the e-mail client you're using. What do you use for e-mail? Perhaps there's a setting that can be changed.I use Yahell...I mean yahoo for everything...I am pretty sure I didn't change anything, I don't think i would know how to change something like that, but it may have been an accident? Do they even have those kind of options?To be honest, I don't really know. I haven't used Yahoo in years, so I have no idea how much things have changed with them. It may be worthwhile to get ahold of their Customer Care... http://help.yahoo.com/l/us/yahoo/mail/original/forms_index.html Or you could perhaps try the Other or Browser section of our forum. Unfortunately, I don't e-mail much, so I'm not as well-versed in the subject. My knowledge here is pretty much limited to Microsoft Office Outlook and AOL.Its ok...its something I can live with. I really appreciate all the help you have offered me...without you guys where would we all be?? I'm sure I'll be back with another problem in the future...thanks!!I'm GLAD I've been able to help somewhat. I'd hate for you to have more problems, but if you do, we'll be here. I just wish I could give you more help with the e-mail issue. Just for the heck of it, you might want to try testing a different e-mail client such as Hotmail to see if the same thing happens with them.

990.	Solve : My computer turns completely off if idle for maybe 20 minutes?
Answer» This never happened before. What would cause this to happen?Make? Model? OS? Hi Eg0Death, It's a Compaq Presario with Windows XPWhat are your power settings? Start -> CONTROL Panel -> Power Options A setting may have been CHANGED to power down the system after 20 minutes of inactivity. These are the settings: System standby: After 20 mins System HIBERNATES: After 25 mins I've never changed these settings and I've had the computer for hours and it never shut off. Would one of these settings completely shut down the computer?Hibernate saves the contents of RAM to a file on the HARD drive (hiberfil.sys, I think) and shuts down the computer. I'm not SURE why it wasn't working before. Thanks for your help. I'll change the settings.

991.	Solve : is ther any thing wrong with my system??
Answer» hi, good day... is there any thing in my system? [Saving space - attachment deleted by ADMIN]You had a couple of minor infections, but it looks like the scans took care of them. I'd say everything looks clean. You need a firewall, however. You're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio PERSONAL Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! DOWNLOAD the firewall of your CHOICE, disconnect from the internet, disable Windows Firewall, and install your new firewall. Also, I see that you don't have Java installed. You'll want to correct this quickly, as it will help provide further protection for you. To do so, go here and click on Free Java Download. You will be given instructions on what to do next.thaks a lot for those things.... You're welcome. Come back anytime.

992.	Solve : avast!?
Answer» Hey, everyone I have a question. I'm running Windows XP, and I have use avast! 4.7 for my antivirus software. I haven't had any problems with VIRUSES since I switched from MCAFEE. I was just wondering, how GOOD is avast! at keeping viruses out and detecting them in scans? And how is the spyware protection, if there is any at all?Avast! is very reliable for protection. It has no real time spyware protection. For real time spyware protection check out: WinPatrel 2007 Comodo BOClean SpywareBlaster You have to manually update SpywareBlaster. Usually check weekly. Although they have PAID for versions, the FREE ones work just as well.

994.	Solve : Help with system32 in a way?
Answer» Hello. Me and my friend are tying to see which one of us can get each OTHERS pw's first lol ik it is probably a stupid and childish thing to do but here is how it goes. We each get an hour a day on each others strictly limited guest ACCOUNT we are not allowed to USE the admin account on the comp. the point is to get the pw not mess with each others files. so far i have ESTABLISHED that i can make .bat files cmd.exe is blocked but command.com is not the "at" command is blocked My question is this I have copied my friends system32 to my flash drive. Is there a way to get his pw through the files i have obtained on my computer at my house? If so what programs would i need to use and is it possible to run such programs on his restricted account so i can do it on his comp? {btw i cant install or run certain software EX. U3smart from my other flash drive) All help and advice is greatly appreciatedSorry. Even if this is a "fun" project and it's a challenge for you and your friend the info won't be found here. Didn't the hint after you wanted to hack a server make sense to you ? ? It's not what we do. Another TOPIC Closed.

995.	Solve : My HJT file as requested by evil fantasy?
Answer» Here it is. Thanks [getting disk space - attachment deleted by admin]Go to Start > Control Panel > Add/Remove Programs and remove the following (if they exist): VSAdd-in Viewpoint Viewpoint Manager Viewpoint Media Player ===== If you do not use Windows MESSENGER, look for it in Add/Remove programs also and uninstall it. This is not MSN Messenger If you do not see it in Add/Remove programs: 1 SELECT "Start" 2 Choose "Control Panel" 3 Choose "Administrative Tools" note in Windows XP Home edition, Admistrative Tools is in Performance and Maintence 4 Choose "SERVICES" 5 Right-click on "Messenger" 6 Select "Stop" To permanently disable Messenger:<---Preferred Method 7 Right click "Messenger" 8 Select "Properties" 9 Change "Startup Type" to "Disabled" and click "OK" ===== Open HijackThis and select "Do a system scan only" Place a check mark next to these entries: O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe<---If present O4 - HKLM\..\Run: [QuickTime TASK] "C:\Program Files\QuickTime\qttask.exe" -atboottime<---Unnecessary O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"<---Unnecessary O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe<---If present Close all windows except HijackThis and click "Fix checked" ===== Next post: Tell me how everything went Post a new HijackThis log Tell me how things are now.

996.	Solve : pls check my laptop?
Answer» here are the 3 logs, [Saving space - ATTACHMENT deleted by admin]Download ComboFix by sUBs to your Desktop. Note: It is important that ComboFix is saved directly to your Desktop Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Close any open Web browsers. (Firefox, INTERNET Explorer, etc) before starting ComboFix. Double click on ComboFix.exe & follow the prompts. As part of its process, ComboFix will check to see if the Microsoft Windows Recovery CONSOLE is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal should your computer have a problem during the procedure. If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's NORMAL malware removal procedures and you will not see the Recovery Console Query. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console. When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes to continue scanning for malware. When finished ComboFix will produce a log for you in C:\combofix.txt Post the ComboFix log and a NEW HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

997.	Solve : Please help!Computer won't start in normal mode after Trojan's cleaned in Safe?
Answer» Hi All, Desperate for help... I have a Thinkpad T60. Yesterday it's infected by Trojan. I followed Norton's advice. I disabled system recovery and went into safe mode to do a full scan using Kaspersky. Some file were deleted. But after that, the computer won't start in normal mode but safe mode only (without network).. In the blue screen, it asks to uninstall latest software or hardware. I removed the Kaspersky folder since I can't uninstall it in safe mode. But it STILL doesn't work.. I followed the above topic and tried SDFix. It finished its job successfully and FOUND more infected FILES. But now I still can't start the computer in normal mode... Would you PLEASE help me out? I really don't want to reinstall the whole system... Thanks a million!Can you GET HijackThis on there so you can run a scan in Safe Mode? Download it on another computer and transfer it via CD or flashdrive. It's not much, but it may help give us a bit of insight.

998.	Solve : heres my HJT log as requested broni?
Answer» Logfile of Trend MICRO HijackThis v2.0.2 Scan SAVED at 10:15:05 AM, on 14/11/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Lexmark 3400 Series\lxcymon.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Mail\WinMail.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MICROSOFT Office\Office12\WINWORD.EXE C:\Users\Radio Rentals\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.shafston.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /STARTUP O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[email protected] O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 11993 bytes Let me take a look...Your HJT log is clean You may fix just one entry (cosmetic move): - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Happy computing your a legend!!!! Please.....LOL

999.	Solve : What are spr.exe files? Is that a virus or worm??
Answer» I have found several spr.exe FILES in my local settings, temp folder. My computer performance is slower than it used to be, and I found these files in an ATTEMPT to clean up the C drive. I have Windows XP Home, it's a SONY VAIO computer. I have Norton Security. One of the SPR files is listed in a blue font, which I am assuming indicates it's a system file. Two of the SPR files show as file type application. One shows as a temp file. SPR.18F3.EXE (BLUE FONT) SPR.196A.EXE (BLACK FONT) SPR.196A.TEMP (BLACK FONT) How can I find out if these are bad files or what application they belong to?spr.exe are associated with plenty of malware/worms. It is hard to say for sure without some scans though. We can take a closer look. Download HijackThis to your desktop. Double-click on the file you just downloaded. Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Please do not change the default install location. Upon install, HijackThis should open for you. Next click on the "Do a system scan and save a log file" button. HijackThis will scan and then a log will open in notepad. In the top left of the notepad window click "File" > "Save As" name it hijackthis and then save it to the Desktop. Please save the log as a text (.txt) file. In your post, add the log as an Attachment. * Don't have Hijackthis fix anything yet. Most of what it FINDS will be harmless or even required. ** Don't use the Analyse This button. It's findings are dangerous if misinterpreted.