4832 + Interview Questions in Computer viruses and spyware in Software Page 27 InterviewSolution

1301.	Solve : Not sure what is wrong, might be a virus, I'm not sure.?
Answer» OK, my issue is that I can't sign into AIM, MSN messenger or Yahoo Messenger, and I also cannot use any browser except for Firefox. I'm running Windows XP and this only happened recently. Thanks for any help! Please download Malwarebytes Anti-Malware from Malwarebytes.org. Alternate link: BleepingComputer.com. (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!) Double Click mbam-setup.exe to install the APPLICATION. (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as INSTRUCTED below!) Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When DISINFECTION is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer. Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Copy and paste the entire report in your next reply. It might just be a problem with their server, or maybe your messenger has become corrupted. Either way, I would suggest that you try out Pidgin instead. It is able to connect to almost all the messengers (AIM, MSN, Yahoo, Google...), and is completely free.Please WAIT for the OP to reply with the log, before assuming anything.

1301.

Solve : Not sure what is wrong, might be a virus, I'm not sure.?

Answer»

OK, my issue is that I can't sign into AIM, MSN messenger or Yahoo Messenger, and I also cannot use any browser except for Firefox. I'm running Windows XP and this only happened recently.
Thanks for any help! Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the APPLICATION.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as INSTRUCTED below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When DISINFECTION is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

It might just be a problem with their server, or maybe your messenger has become corrupted. Either way, I would suggest that you try out Pidgin instead. It is able to connect to almost all the messengers (AIM, MSN, Yahoo, Google...), and is completely free.Please WAIT for the OP to reply with the log, before assuming anything.

1302.	Solve : Bearshare?
Answer» I foolishly downloaded "Bearshare" and it seemed to want to take over my computer. I uninstalled parts of it, but its ICON and program REMAINS. It will not uninstall. I am a BEGINNER and not that savvy. But I can follow directions. Help.download "LINK REMOVED."

1305.	Solve : superantispyware step?
Answer» Hello ALLAN, I had run CCLEANER successfully and was into running SUPER antispyware at 4:23 minutes when it stopped on: C:\WINDOWS\SYSTEM32\MSXML3.DLL The TIMER is not MOVING past 4:23 Shall I wait for SUPERantispyware to resume? (I am able to move my cursor). Thank you, Roley1) ccleaner is useless 2) Yes, wait for a while

1306.	Solve : Requesting help fixing trojan infection?
Answer» Let us know how it goes. If needed we can try a few other things.Im having trouble getting the computer to let me choose to boot from the USB. Im still trying to find the option, but no luck so far. After i START the computer and press F8 to get to the options screen before it boots, i cannot find an option for USB or removible harddisk boot.Try using the F12 key.does nothing. F8 is the key on that computer. i can also load a ROM settings screen with F10. but no where in the menu can i boot from anything other then the hard drive. im just going to put the ISO and the unetbootin file on a gig stick and put it all on there and install it from that computer and reboot thereeven after installing directly onto the hard drive of the computer there is never an option to boot any DIFFERENTLY in any of the starting menus. Thanks for the help, but my patience with the computer is GONE now. Gonna just wipe the hard drive and start FRESH.

1308.	Solve : McAfee Detected Suspect File?
Answer» I have an HP computer w/XP. Ran MCAFEE last night and it found the following "POTENTIALLY Unwanted File" : C:\hp\bin\KillWind.exe It calls this RemAdm-PSkill. What does this file do? How Does McAfee know it is "potentially unwanted"? Should I delete it? Thanks.It's fine, you can consider the file safe.

1309.	Solve : McAfee Slowing Things Down!?
Answer» Installed MCAFEE 90 day free TRIAL last night. Computer is noticeably slower now. I have HP with XP and FiOS 25/15 internet connection. Is this slowdown typical or should I look for a problem?As a rule I don't badmouth software vendors, but McAfee produces pretty poor products. I don't know which particular McAfee app you've installed, but I strongly suggest uninstalling it and trying a competitor's product (ANY competitor's product).Thanks, the deed is done. What anti-virus do you recommend?There are so many good products out there. I'm a fan of Kaspersky for a number of reasons (for example, they update their definitions HOURLY as opposed to daily or weekly as most other vendors do, their online forum support is OUTSTANDING - as is their PHONE support, and their products are consistently ranked at or near the top of pretty much every reliable comparative evaluation I've seen). Other very good products (paid and free) include NOD, Avira, Avast, etc. Lot's of threads on other forums you might want to check out - not sure if I'm allowed to POST links here though.

1312.	Solve : VIRUS DNA CHANGER?
Answer» HELOO, CAN ANYONE HELP ME? Everytime i delete/turn off my virus dna CHANGER my internet stops any idea how?No NEED to post the same question more than once.

1313.	Solve : Application Cannot Be Executed. The File *** is infected - Under Attack?
Answer» Good EVENING, I can't imagine I'm having an issue that hasn't been dealt with a million times before but I can say I'm just as frustrated either way >.< The problems all seemed to start when I downloaded an update for Java and now I have some sort of fake anti virus software popping up and causing all sorts of issues. I was able to find this place through Google and was able to stop the onslaught of execution errors by hijacking this step from another thread: You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus. Rkill.exe Rkill.com Rkill.scr Rkill.pif Once you've gotten one of them to run then try to immediately run the following. Now download and Run exeHelper. Please download exeHelper from Raktor to your DESKTOP. * Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next MESSAGE. Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file). I read that every situation is different and following all the steps that worked for that user might adversely effect my machine. I am willing to do any and everything and look forward to any assistance that can be given.What is your situation now? Are you able to boot into NORMAL Mode? Can you connect to the internet?

1315.	Solve : Antivirus just labeled Hosts file as virus and removed it.?
Answer» Sorry before hand if post should have been directed elsewhere. AVG 9.0.814 free edition just ran a scan and marked my hosts file as a virus and removed it. Question is there a way to CREATE a new hosts file or should i just restore it from the virus vault? NEVER had this happen before. Running Windows XP service pack 2 (i know i NEED to upgrade). Thanks again for your help before hand. Please go to this LINK and follow the directions and post the required logs. Please post your logs in this link.

1317.	Solve : How does Win Police Pro gets into your computer?
Answer» I have a friend that his OP crashed because he had Win Police Pro. It downloaded itself and BEGAN its DESTRUCTIVE course. My question is how did she get it in her COMPUTER, via e-mail, via the Internet. anyone know it comes thru?Can be via email, but usually from a link on a website or sometimes downloads,,.....Use Web of Trust to screen all websites while browsing and the CHANCES of it happening again will be greatly reduced......

1321.	Solve : Extremely aggressive worm chokes instant messaging?
Answer» New variant of Palevo blasts unprotected systems via fake photo gallery links. The latest offspring of the Palevo family has begun spreading these days via a massive wave of AUTOMATICALLY generated IM SPAM. The unsolicited message INCITES the recipients to click a link accompanied by a grinning smiley face, which purportedly leads them to an image or photo gallery. http://tinyurl.com/3anctv4 Is the THREAT was discovered by BitDefender only

1326.	Solve : computer won't install any mal-ware removal programs?
Answer» Go to this LINK to create a Rescue CD or to this site to create a Rescue USB. Carefully FOLLOW all the instructions for whichever METHOD you choose.

1327.	Solve : APPLICATION CANNOT BE EXECUTED! WHAT DO I DOOO?
Answer» I keep getting this alert and I don't know what to do. My laptop is run by WINDOWS vista bought 2.5 years ago. SOMEONE HELPPPSome applications cannot be run in vista because of compatability issue....Right click on application --> properties --> compatabilty. and select Run this program in compatability mode for then choose the windows version.noooo its a malware thingy rogue program or whateverI FOLLOWED SuperDave's instructions i saw in other threads. But I can't seem to update SUPERAntiSpyware cause of the firewall or something This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Owner on 08/05/2010 at 12:11:42. Processes terminated by Rkill or while it was running: C:\Users\Owner\AppData\Local\pducbhtkn\pmvpcektssd.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Owner\Desktop\rkill.com Rkill completed on 08/05/2010 at 12:11:48. - exeHelper by Raktor Build 20100414 Run at 00:32:52 on 05/08/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- exeHelper by Raktor Build 20100414 Run at 12:13:53 on 05/08/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- HIJACKTHIS LOOGGG MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\Rogers\SelfHealing\shs.exe C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe C:\Program Files\Registry Mechanic\RMTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet SETTINGS,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\ADOBE\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Rogers Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\Rogers\SelfHealing\shs.exe O4 - HKLM\..\Run: [RogersServicepointAgent.exe] "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O15 - Trusted Zone: http://www.nba.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - PROTOCOL: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 14149 bytes What do you mean by Hijack it?

1329.	Solve : Suspicions of Malware on my laptop?
Answer» Hi guys and girls My LAPTOP is an ACER Aspire 5920G, with Intel Core 2 duo processor, and running windows Vista SP2. My antivirus program is Avast and I also run half monthly scans with Malwarebytes and Superantispyware. My browser is Firefox. I have got a feeling that there may be something nasty on my laptop that I can't find. Last WEEK I clicked on a link from Google and this screen pops up saying that my laptop has problems and starts a scan screen. I click the cross to close it, but this simply opened another screen asking if I wanted to scan my computer. I suspected a virus so I shut off the internet and powered down my laptop. After restarting I immediately ran Malwarebytes and Superantispyware. Malwarebytes detected nothing, and all Superantispyware picked up was 3 tracking cookies which it finds all the time. Since then startup times have been increasing for the last week. I have run Malwarebytes and Superantispyware a couple times since then (See logs) but they have detected nothing. I have also posted a hijackthis log done a few minutes ago. I am wondering if despite me closing off the internet and powering down a virus managed to GET in. Also I nearly forgot - my internet has slowed down lots - more than just a usual busy period. For example a 5 min youtube X factor vid would have played through smoothly no gaps, maybe a minute to reach full download - now its taking close to 10 minutes. I am wondering whether a virus is causing this as well? I have checked my bandwidth and its fine, got lots of capacity left. Can you see anything that might be causing problems? Is it possible that there are other causes for system slow down? Thanks Razor [attachment DELETED by admin]

1333.	Solve : AVR09.EXE, Cannot Launch CMD, or Task Manager?
Answer» OH sweet lord in heaven. It found it. Rebooting computer to take CHANGES now. Whewww thanks for recommending SUPERAntiSpyware. I checked their website about winupdate.exe, and the POSSIBLE sizes for the files, matched the exact SIZE of my winupdate.exe. I hope this PROBLEM is resolved...

1322.	Solve : How to remove windows defender?
Answer» Hi, Over the past week or so the Window Defender icon showed up on the bottom right of my screen with the other icons. Since then I've turned down updates and tried to remove the icon (it comes back when I turn the computer back on). I've looked around and there seems to be some chat about this being a virus. Aside from the FACT that it won't go away, I don't seem to be having problems with my computer other than a wifi connection issue which I think is related to an ROUTER that needs to be replaced. How can I tell if this Windows Defender is something to be worried about or just an unsolicited Windows update? I have Vista and Avast.If you don't want Windows Defender running you can simply disable the Windows Defender Service (start - run - services.msc)Please go to this link and follow the DIRECTIONS and post the required logs. Please post your logs in this link.Hi, I've tried going through the steps but HIT a snag. I can't seem to find an "add or remove programs" icon. I do have one called "programs and features." Also today I have noticed something different. I usually use Google to search and it looks a little strange. It is hard to explain but the box you type in is a BIT larger and when the list of results comes up there is a left-hand margin on the page. Something strange with Yahoo too. When I check my e-mail on Yahoo and log-out the screen that shows up is really different with only a few sentences of info and a beige banner across screen.If your OS is XP it's Add/Remove Programs. Vista and Windows 7 it's Program and Features. My Google changed yesterday also. The main thing is to run the scans and get the logs.

1324.	Solve : Cannot Open Anything?
Answer» I have tried using the "Read this before requesting malware help" thread, but after installing and running CC cleaner, and installing and beginning a scan with SUPER Anti Spyware, my computer froze and now i cant open up CC cleaner, or Super Anti Spyware. I have tried REINSTALLING, but i cannot open the installer.If you've lost your CONNECTION, download the programs to a USB stick on a good PC and transfer them to your PC. If you have difficulty, you may have to run them in safe mode, TAP F8 at start, . If you have difficulty, you may have to rename the programs when you save them. If you get stuck on a step, proceed to the next . Post the logs for step 3,4 and 6. I can open firefox and my computer. I haven't tried MANY but things like itunes, internet explorer, mcafee, ccleaner, super anti-spyware, etc. won't open.I need help. Can you get HijackThis to run? It is in the "Read this" topic that you read before requesting help. Since you can at least get Firefox to open, try running an online scan: http://www.kaspersky.com/virusscanner

1328.	Solve : Total Security 2009?
Answer» I've tried everything.. Taskmanager is DISABLED, I tried renaming it. You can NOT start in safe mode. You can NOT do a system restore. Can not connect to the internet with this pc either. Can NOT download hjt. Please advise.. Thank you for any help. Have you tried transferring the AV programs to the infected PC via a USB stick?...Try renaming the programs when you save them.It won't let you do anything once the pc is up and running. It just launches virus updates and scans. What I did do though, was installed y new U3 Data stick with auto launch enabled. That caused enough lag that gave me enough time to launch a taskmanager REPAIR and then USE the task manager to CLOSE out the program as it was starting. Then once it was closed out I went ahead and deleted the virus and all the reg that it had installed. It was NOT easy, but it's done an my granny gets her pc BACK

1330.	Solve : Yahoo Instant Messenger ???
Answer» Win XP Java is updated. all other updates currant. On my sisters computer, doing a cleanup. Used AVG and malware BYTES, also deleted all unused programs. Tried to remove Yahoo IM and it will not delete. All other programs not wanted deleted just fine. Runs much faster now but am WORRIED about any file that will not allow us to delete it. We had IE 8 and had to remove it also. Please direct me how to remove. THANKS RC 1) Deleting unused programs does not speed up your system 2) Reinstall Yahoo Messenger then uninstall it. I am sure you are right about unused programs, so I guess that means that it needed the cleaning AVG and Maleware Bytes gave it was needed badly. THANK you for the tip will try it right away. R C

1334.	Solve : Rogue.A360AntiVirus and other problems?
Answer» This is a Dell Inspiron 1525 laptop, Vista HOME Basic SP1. Lately it's been slow and some settings were changed mysteriously. I completed the steps listed in themalware removal guide At this point I'm not sure what to fix or not with the HJT PROCESS tool. Thanks Mike SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/14/2009 at 06:55 AM Application Version : 4.28.1010 Core Rules Database Version : 4097 Trace Rules Database Version: 2037 Scan type : Complete Scan Total Scan Time : 16:10:06 Memory items scanned : 665 Memory threats detected : 0 Registry items scanned : 8673 Registry threats detected : 0 File items scanned : 646704 File threats detected : 30 Adware.Tracking Cookie C:\Users\selbyclu\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\selbyclu\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\selbyclu\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\selbyclu\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\selbyclu\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\selbyclu\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\selbyclu\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\selbyclu\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\selbyclu\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt C:\Documents and Settings\selbyclu\Cookies\[email protected][1].txt C:\Documents and Settings\selbyclu\Cookies\[email protected][1].txt C:\Documents and Settings\selbyclu\Cookies\[email protected][1].txt C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Administrator\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Administrator\Application Data\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Administrator\Cookies\[email protected][1].txt C:\Users\Administrator\Cookies\[email protected][2].txt C:\Users\selbyclu\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\selbyclu\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\selbyclu\Application Data\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\selbyclu\Cookies\[email protected][1].txt C:\Users\selbyclu\Cookies\[email protected][1].txt C:\Users\selbyclu\Cookies\[email protected][1].txt Malwarebytes' Anti-Malware 1.41 Database version: 2812 Windows 6.0.6001 Service Pack 1 9/16/2009 2:26:52 PM mbam-log-2009-09-16 (14-26-52).txt Scan type: Quick Scan Objects scanned: 96934 Time elapsed: 6 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Users\selbyclu\AppData\Roaming\Microsoft\Windows\Start Menu\A360 (Rogue.A360AntiVirus) -> Quarantined and deleted successfully. Files Infected: C:\Users\selbyclu\AppData\Roaming\Microsoft\Windows\Start Menu\A360\A360.lnk (Rogue.A360AntiVirus) -> Quarantined and deleted successfully. C:\Users\selbyclu\AppData\Roaming\Microsoft\Windows\Start Menu\A360\Help.lnk (Rogue.A360AntiVirus) -> Quarantined and deleted successfully. C:\Users\selbyclu\AppData\Roaming\Microsoft\Windows\Start Menu\A360\Registration.lnk (Rogue.A360AntiVirus) -> Quarantined and deleted successfully. C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.AV360) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:43:22 PM, on 9/16/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Creative Home\Hallmark Card Studio 2008 Deluxe\Planner\PLNRnote.exe C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Windows\System32\mobsync.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\sniper\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myembarq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Embarq Toolbar - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - C:\PROGRA~1\EMBARQ~1\EMBARQ~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Embarq Toolbar - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - C:\PROGRA~1\EMBARQ~1\EMBARQ~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Automatic E-Mail Printing.lnk = C:\Program Files\INETPRN\INETPRN1.EXE O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Event Planner REMINDER 2008.lnk = ? O4 - Global Startup: McAfee Security Scan.lnk = ? O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll O13 - Gopher Prefix: O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} (InstallShield Setup Player V14) - https://www.mnlife.com/LifeSolutionsUpdate/setup.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\Windows\system32\brsvc01a.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing) O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\rthlpsvc.exe O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10892 bytes Go ahead and download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop. http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double-click combofix.exe and follow the prompts. When finished, ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

1336.	Solve : Bad virus help plz?
Answer» Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices. * Scroll down to Non-plug and Play Drivers and click the plus icon to open those drivers. * Search for any of the following: * Important! The letters can appear in either upper case or lower case letters. - UACd.sys <- Or anything beginning with UAC - gaopdxserv.sys <- Or anything beginning with gaopd - gxvxcserv.sys <- Or anything beginning with gxvx - Seneka.sys <- Or anything beginning with Seneka - clbdriver.sys <- Or anything beginning with clbdriver - TDSSserv.sys <- Or anything beginning with TDSS - ovfst.sys <- Or anything beginning with ovfst - lowsec.sys <- Or anything beginning with lowsec * If you do find it, right click on it, and select Disable. Do not try to uninstall them. * Now restart the computer and see if you can run the scans that would not run. * Let me know if you found them or not.when i try to click on system from the control panel i get that stupid black box that looks like CMD or RUN... there is a message that pops up in the black box right before it disappears and says.. The programs is too big to fit in memory... any suggestions on a different way to get to system... thxDoes it do the same thing in Safe Mode also?not sure which safe mode you want me to use... if i just use regular safe mode i get files that go down my screen mosly in system 32 and then a blue screen appears... saying A problem has been dected and windows has been shut down to prevent damage to your computer.. then tells me some steps to prevent further damage and cant do anything but restart my computer.. Technical information * Stop: 0x0000007B (0xF78EA528, 0xc0000034, 0x00000000, 0x00000000).. not sure if there is a way around this or a different route you want me to choose...Try this please. Click Start > Run Now type this in exactly as it is typed, note the space between the chkdsk and /r Code: [Select]chkdsk /r Then press Enter on your keyboard. You will likely see an error about why chkdsk can't run. Just type Y and then press the Enter key. Be sure the computer restarts. Let me know how that goes.i typed in exactly how you said and again that black window appears .. says program too cant fit in memory... then quickly disappears.. leaving me no chance to click Y and enter...There are definite malware issues but I'm also afraid this is more than malware. The OS or possibly the Hard Drive itself is corrupted. Do you have your Windows install CD?unfortunitly the windows cd is nowhere to be found.. i have a key with no cd... not sure if that matters... any suggestions ? thxKnowing the key is a good thing. Do you have a friend that has the same OS as you that you could borrow a disk from?You might also try another rescue cd. Dr.Web LiveCD 1. Download the image of the Dr Web LiveCD The download link is at the BOTTOM of the page. Click Download Dr.Web LiveCD*. On the next page click on the most recent modified version, which is usually either the first or second download. 2. Burn the Dr Web LiveCD ISO images to a CD or DVD. - If you need a free burning application, CDBurnerXP works on all operating SYSTEMS from Microsoft Windows 2000 SP4 onwards.* 3. Start the computer with the Dr Web LiveCD in the CD/DVD tray. As loading starts a dialog window will prompt you to choose between the standard and safe mode. Use arrow keys to select Dr Web LiveCD (Default) mode and press Enter on the keyboard. 4. When Dr.Web LiveCD (Default) is selected, all available disk drives will be detected automatically. The operating system will also try to CONNECT to the local network if available. 5. When the system is loaded, check all disks or folders you want to scan and click Start 6. Let Dr. Web FINISH it's scan and then remove any threats found and then exit out of the scanner.. 7. Take the CD out of the CD/DVD tray and then restart the computer. The Dr Web LiveCD also includes other useful features and helpoptions if needed. * If you’d like to start the scanner using the command line (console) select Dr.Web LiveCD (Safe Mode). * Choose Start Local HDD if you want to boot from the hard drive instead of Dr.Web LiveCD. * Select Testing Memory to launch the Memtest86+ utility. See the Dr.Web LiveCD Homepage for complete details. not Windows Media Center.. i do have a Windows xp Home edition restallation cd but that is different from media center... i dont think i can use home edition on my labtob.... Home edition is different but a XP Pro disk would work. XP Pro is the same as Media Center only without the Media Center SOFTWARE which can be downloaded separately from Microsoft.yeah i dont have a xp pro disc.... i will try the Live cd, though i dont think i will be much use... let me know if you have any other ideas.... i will let you know how the cd rescue works.. thx

1338.	Solve : Toshiba Laptop Super slow and non responsive, was directed to post in the malwar?
Answer» I followed the instructions in the guide and I finally got Avast antivirus installed on the laptop but was not able to update it as the system would not let it connect to the web site, I ran a boot scan and it did not find anything, then I was able to update the virus scanner and ran a scan and it found 5 or 6 infections which I placed in the chest, then I installed the cc cleaner and ran it and then I could not connect to have it analyzed so the log is gone, now the computer is so slow that it takes about 20 minutes to get to my desktop, and the control panel will not open, when I click on control panel I get a silhouette of the window and the rest is invisible then it closes on its own, also it keeps closing and locking the user after less than 60 seconds, I am so frustrated and confused I don't know what to do now, Please help!! Irven You have to produce some logs....try running them in safe mode and/or when you save the programs rename them , For example...test.exe or sniper.exe...this will allow the programs to fool the virus.......this may enable you to run them and produce logs for analysis...........You may even have to download the programs to a USB drive and transfer them to the infected pc......Calm down, relax, and someone will get you up and running,,,,Thank you Karnac for your post, I am sorry I did not see it until now as when I posted in this section I neglected to click on notify of posts, But I did make some headway as I was finally able to open the control panel by going through the windows explorer and was able to delete some of the malware using the rogue tool list, As far as starting in safe mode I cannot get past the loading of the files as it sets there for hours and I have to shut it down. I ran the virus scan again and it did not find anything so I tried to back up all of the files that I need to save to my external hard drive but after about 2 hours it failed and the window said that it could not find file 0x80070002, I have no idea what it is, I tried backing up just one file to see if maybe the missing file was in one of the other files but now matter what file I try to back up I get the same error list the same missing file, Also I did get it so that it no longer shuts down every 60 seconds, so that help a lot, It is still very slow booting,(takes about 20 to 30 minutes to reach the desktop).Problems this serious are often hard to fix. In some cases, it can't be fixed at all without someone actually PHYSICALLY accessing your computer. Even then, there's no guarantee. I'm just giving you this warning so you are prepared. I know you are having many issues with your computer, but is there any chance you can get a HijackThis log posted on here? It could really help give us an idea of what's lurking around on your computer. Additional tools will be needed later, but let's just focus on this for now, as it's one of the simpler steps.As of today the computer will not boot, I get the error windows\system32\winload.exe cannot load, the selected entry could not be loaded because the APPLICATION is missing or corrupt, I tried the Toshiba's recovery disc and get a error 10-FC12-045D I do not know what that means but I cannot get it to boot, I am almost ready to give up I can't be entirely certain, but you may actually have a faulty hard drive. It could be a physical problem or could be a matter of boot files missing. I would strongly urge you to run a drive diagnostic utility, but if you're having that much trouble booting, it may not work even if run from a boot disk. If you'd like to try, someone here can surely give you easy steps to follow. I personally don't have enough experience with this to feel comfortable with guiding you through it. If you want to reformat, you can try DBAN: http://www.dban.org/about Just keep in mind that all files on your computer will be gone. HOWEVER, it's hard to say if they are even still there as we speak. I would suggest trying out the diagnostic utility before deciding to reformat. You can make a new post in the Software or Windows section and let them know that I suggested checking for drive errors. Somebody should be able to help set you up.CBmat, I have downloaded the boot disc from the link you provided but I dont know if I will be able to reinstall windows Vista as I only have the recovery disc, Please advise if this will work.Have you tried my first suggestion of getting appropriate steps for the diagnostic utility? I would try that first, just to see if it FINDS anything. Unfortunately, I can't really answer your question 100% because every manufacturer is different. Recovery discs will usually reinstall Windows for you. However, there are some that only repair system files. Yours should install Windows for you, but you may want to call Toshiba and ask them first, as I don't know what their standard practice is. Also, keep in mind that there's a chance this won't help ANYWAY. Your hard drive could be failing physically, which would mean that it is basically dying. That's why I think running a diagnostic first would be a good idea.I want to thank all who tried to help me with this problem, I got a copy of Windows vista installation disc and installed a second copy of Vista on my laptop then deleted the default copy and now all is great, everything is working fine Great, I'm glad to hear that everything is working fine. I was concerned that it may have been a physical problem, but it sounds like you probably just had a corrupt boot sector. In any case, I'm happy that you are up and running again. And now, make sure you get a good anti-virus and firewall installed immediately! Avast and AVG are both good free anti-virus, and Comodo and ZoneAlarm are good free firewalls.Thank you, I have installed Avast so I think I will be fine now Good to hear. I would still suggest getting a firewall, however. Vista is a bit more protected than XP, but I don't trust the Vista Firewall. Heh. But it's ultimately up to you, I suppose. To learn more about how to protect yourself while on the internet, read this article by Tony Klein: So how did I get infected in the first place?Thank you for the link, it has a lot of helpful information that I would have had trouble finding, I have installed the super anti spyware for protection, I am still trying to decide what firewall to use. Again thanks for all of your time and effort, it sure helpedYou're very welcome. Let's not see you back in here anytime soon!

1339.	Solve : cant navigate windows?
Answer» If you are using the FREE version of SUPERANTISPYWARE, real-time protection isn't available. At this POINT, it would probably be easier to just close the programs. Go AHEAD and disable Avast LIKE you did before, then close it. Then, for SAS, just exit the program rather than trying to disable it. Even if ComboFix gives you a warning about it, it shouldn't interfere because its real-time protection is turned off. ComboFix just sees that the program is PRESENT, even if it is disabled.

1340.	Solve : Don't know how to remove this bug. I've done research! SASW, MBAM & HJT logs!?
Answer» This STARTED because I'm unable to access Internet Options in any way. No Spybot, and Internet Options is not available in Control Panel either, it shows the icon, however the name is blank and when clicked it gives the same result as trying the Start:Run:inetcpl.cpl trick. I am also unable to RIGHT click anywhere in IE, (I believe this is 8, unable to access the drop down menus either!) Anyways, back to Internet Options, I went to restore the inetcpl.cpl file... guess what: it's GONE. So is the backup location and the entire win\sys32\dllcache directory!!! So at this point I got nervous. I tried SFC /scannow and it says my CD is the wrong version of xp pro. I found viruses using AVG yet they kept coming back. I came here, downloaded the step by step process and followed it. So here I am (on a different pc, as I'm unable to post the logs from the sick one), very afraid! ADDED: 09-10-07: I did try the Java update, it allows internet access, even followed the link to update Java, but the "Download Java" button just causes a quick blink of the screen and then nothing. This thing gives me the heebiejeebies LOL! I am not trying to bump my post, I do see that people who posted after me have replies but maybe this is a tough one? Even a little hint as to which direction to go would be appreciated. I will continue to do the Self Help scanner, It did find a malicious process in the HJT log - the facebookphotouploader thing in blue - but I was waiting as I didn't want to do something and then have someone come along to help and it mess them up! After looking this over I do not understand how to remove the facebook thing. So... back to waiting Logs follow: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/06/2009 at 01:00 PM Application Version : 4.29.1002 Core Rules Database Version : 4148 Trace Rules Database Version: 2077 Scan type : Complete Scan Total Scan Time : 00:43:00 Memory items scanned : 469 Memory threats detected : 0 Registry items scanned : 5420 Registry threats detected : 0 File items scanned : 44214 File threats detected : 3 Trojan.Agent/Gen C:\WINDOWS\system32\A.TMP C:\WINDOWS\system32\B.TMP Trojan.Agent/Gen-Dropper[Temp] C:\WINDOWS\SYSTEM32\9.TMP Malwarebytes' Anti-Malware 1.41 Database version: 2916 Windows 5.1.2600 Service Pack 3 10/6/2009 2:17:44 PM mbam-log-2009-10-06 (14-17-44).txt Scan type: Quick Scan Objects scanned: 100595 Time elapsed: 4 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{231f6fab-eced-4975-9ef2-c0c7bc81927b} (Adware.AdSponsor) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HIJACKTHIS v2.0.2 Scan saved at 2:27:18 PM, on 10/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Kodak\printer\center\KodakSvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\desksite\bin\cma.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE83E0A-4065-4D93-8D7C-690A8A8C9A40}: NameServer = 10.150.1.10,10.150.1.11 O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- End of file - 7584 bytes Thank you very much in advance for your time, I have tried not to be wasteful or ignorant, and have spent about a day reading and researching, trying out every logical next step I could find... I'm Lost Blessings, MBooted to WinXP Pro CD. Ran CHKDSK /R - this restored the inetcpl.cpl file and several others that were missing when I tried to uninstall IE8. Found a post on another site stating that there are multiple inetcpl.cpl files on a search and that the smaller ones actually work... so I searched. inetcpl.cpl = 350 kb or 353 kb both bring up Internet Options just fine. These are located in the c\win\IE7 dir and c\win\sftwr distro\cf8ec... folder respectively. inetcpl.cpl = 1,788 kb cause the flash and nada. Incidently if I copy the 350 kb ver into win\sys32 then the shortcut from Control Panel works... if I click one of the others it overwrites the 350 in Sys32... (and, incidently the source file inetcpl.cpl.mui are both 1,244 kb) So, IE7 works, yet there's this file that seems to be somehow evading all attempts to overcome. I am not going to re-install IE8 on possibility that it is more vulnerable. shrug I stumped. I will try the self-help some more... 10-12-09 Still no response or contact other than some newbie flipping crap. Since 20+ posts above me have responses, I get the hint. g'luck all, Maj out. Bumping your thread just made it longer before help comes.

1341.	Solve : Virus - malware help.?
Answer» So I discovered that I had a virus by trying to play Starcraft : Broodwar. I couldnt connect to battle.net and the error message I got told me that I needed to reinstall SC (which I did) and if it didnt work, it might because I had a virus. So I scanned with Ad-Aware which gave me a bunch of malwares as result (win32 stuff, you'll get more info later). It deleted them all and we I rebooted, it wasnt loading my session and I was GETTING error messages. After a few REBOOTS I finally reached my desktop with this error message : Yes its in french (I'm french-canadian so forgive my sloppy english), and it means that MOM.exe couldnt load PROPERLY (0xc000007b). Then my avast started giving me these warnings : So I came here and got all the logs for you guys : SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/07/2009 at 07:36 PM Application Version : 4.26.1002 Core Rules Database Version : 3838 Trace Rules Database Version: 1794 Scan type : Complete Scan Total Scan Time : 00:45:02 Memory items scanned : 661 Memory threats detected : 0 Registry items scanned : 6375 Registry threats detected : 0 File items scanned : 27008 File threats detected : 7 Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:46:26, on 2009-10-07 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Digital Media Reader\readericon45G.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Owner\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iTunes\iTunes.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Shareware.Pro-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Shareware.Pro-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Shareware.Pro-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [lifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Owner\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service Google Update (gupdate1c9fa73ff021c62) (gupdate1c9fa73ff021c62) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 10889 bytes This is the first malwarebyte log : Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 2009-10-07 20:22:41 mbam-log-2009-10-07 (20-22-37).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 80522 Time elapsed: 26 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwsrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\btwsrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> No action taken. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1VOL9AAC\w[1].bin (Backdoor.Bot) -> No action taken. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SSWL1JPP\w[1].bin (Backdoor.Bot) -> No action taken. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SSWL1JPP\w[3].bin (Backdoor.Bot) -> No action taken. Then after quarantine, delete and reboot and seeing that my problem wasnt fixed I scanned again : Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 2009-10-07 20:50:06 mbam-log-2009-10-07 (20-50-03).txt Scan type: Quick Scan Objects scanned: 115959 Time elapsed: 15 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 3 Registry Values Infected: 9 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\msxm192z.dll (Trojan.Agent) -> No action taken. Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ter8m (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken. Files Infected: C:\WINDOWS\Temp\VRTB9.tmp (Malware.Tool) -> No action taken. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\msxm192z.dll (Trojan.Agent) -> No action taken. And even after all of those, when I rebooted, I got the same error message as the beginning and another one that said that C:\WINDOWS\system32\msxm192z.dll couldnt run properly. Thanks in advance for your help, I really need my Starcraft to work again, I got some important matches coming up soon .you need to delete your malware log , run it again and delete what it brings up , there was no action taken in the log you sent , you need to post a clean one you have 2 problems in your hjt log but you will have to WAIT for an expert to help i think the problem comes from your P2P I did delete, I guess the log was saved from before I deleted everything.

Explore topic-wise InterviewSolutions in .

Solve : Not sure what is wrong, might be a virus, I'm not sure.?

Solve : Bearshare?

Solve : Windows Police Pro on Friends PC?

Solve : Combat Arms Virus??

Solve : superantispyware step?

Solve : Requesting help fixing trojan infection?

Solve : Computer keeps restarting before it even loads up?

Solve : McAfee Detected Suspect File?

Solve : McAfee Slowing Things Down!?

Solve : The Virus Alert Virus?

Solve : quick help w/ hjt logs?

Solve : VIRUS DNA CHANGER?

Solve : Application Cannot Be Executed. The File *** is infected - Under Attack?

Solve : BAD virus. can't open hijack this, firefox or any other apps.?

Solve : Antivirus just labeled Hosts file as virus and removed it.?

Solve : can't get rid of virus/rootkit infection - need help...?

Solve : How does Win Police Pro gets into your computer?

Solve : The only thing I can see if my screen saver.?

Solve : Can't get past welcome screen?

Solve : Please Help Something is eating my Memory?

Solve : Extremely aggressive worm chokes instant messaging?

Solve : How to remove windows defender?

Solve : Rogue Problem?

Solve : Cannot Open Anything?

Solve : Application cannot be executed. The file --- is infected?

Solve : computer won't install any mal-ware removal programs?

Solve : APPLICATION CANNOT BE EXECUTED! WHAT DO I DOOO?

Solve : Total Security 2009?

Solve : Suspicions of Malware on my laptop?

Solve : Yahoo Instant Messenger ???

Solve : "Your System is Infected" is virus leeching my computer - help please! :)?

Solve : Undetectable malware/virus/Antispyware Pro??

Solve : AVR09.EXE, Cannot Launch CMD, or Task Manager?

Solve : Rogue.A360AntiVirus and other problems?

Solve : anti viruses?

Solve : Bad virus help plz?

Solve : please read this hjt log?

Solve : Toshiba Laptop Super slow and non responsive, was directed to post in the malwar?

Solve : cant navigate windows?

Solve : Don't know how to remove this bug. I've done research! SASW, MBAM & HJT logs!?

Solve : Virus - malware help.?

Solve : Cannot Run Adaware or HiJackThis?

Solve : I've been attacked! Malwarebytes no longer working. Please help?

Solve : Need help please. Unknown Infection?

Solve : AVG WILL NOT INSTALL PLEASE HELP?

Solve : Slowed to a Halt?

Solve : Have Virus or trojan need help.?

Solve : Laptop still running slowly - rootkit??

Solve : How to remove my spyware?

Solve : Why my Favourite sites are blocked??

1342.	Solve : Cannot Run Adaware or HiJackThis?
Answer» After installing adaware to try and deal with redirecting IE pages, I tried to run a scan of my computer. It kicked me out of the program with no error message whatsoever in about 10 SECONDS. When trying to REOPEN the program I get an error message "Failed to Connect to Service". My internet connection how ever is fine. I then downloaded HiJackThis and tried to give that a run, same issue. It kicked me out of the prorgam with no error message and when trying to open it up again i get this error message "Windows cannot access the specified devide, PATH, or file. You may not have the appropriate permissions to access the item." Yet theres only one profile on this computer. Im LOST. Help anyone? ChrisInstead of AdAware try either MalwareBytes or Super AntiSpyware. If no luck, try running from Safe Mode.Some malware/spyware prevents anti-malware/spyware from opening. Try renaming the exe file for ad-Aware.If it's particularly tricky, you may need to try both of the above suggestions.

1344.	Solve : Need help please. Unknown Infection?
Answer» Tried almost EVERYTHING. But, throwing the DANG thing out the WINDOW. Anyway heres the requested logs. Thanks in advance. [Saving space, attachment deleted by admin]

1346.	Solve : Slowed to a Halt?
Answer» Ok, yesterday I was on my computer when I noticed it started to slow. Now this is very odd as I have 4gbytes of RAM and a quad core running a 2.83GH/z. So thinking it just needed a good old shutdown I let if rest for the night. Now today on start-up my system froze/wouldn't respond on simple tasks like opening Task Manager, or calling the search function, oddly though calling Internet Explorer/Mozilla Firefox booted fast and smoothly, same with any process running to view or folders but anything that needs to use power or do anything to the system it would bog down. I'm running Windows Vista x32. I figured it was something small so I tried a bunch of the standard stuff, clearing temp, attempting to defrag, removing all of my third party start-up stuff, stopping all secondary services. The weird thing is that it start's up in ruffly 2-3min, but any task past that causes it to slow to a screeching halt, I waited five minutes just to get to the "CTRL ALT DEL" screen and then another five or more just to get up Task Manager. So any and all help is GREATLY appreciated. Also I noticed that the process "CMDAGENT.exe"(A process used by my firewall/antivirus Comodo) is using 50% of my processor power I have seen this before on another computer but never had the chance to fully investigate it before the hard drive was wiped, it did appear to be a virus as the cause. If you don't know what Comodo is it's a firewall/real time scanning antivirus. Please any help is welcomed! Thanks in advance! Edit: Well I seem to have found the issue, the issue was cmdagent.exe, it was using all of my system resources. After stopping it from auto starting my system ran smooth, issue is now that I've done some searching and it seems that it can either mess up on it's own or a malware can do it. Trojan found "Trojan.Agent/Gen-PennyStockChaser". Along with a Malware.Packer that infected Comodo. So if you ever have this issue this is most likely the cause. ~~WARNING~~ This "fix" caused windows to blue screen on restart, restarting again how ever will "fix" the issue. Not sure why it does this. Edit again: Well the underlying issue isn't resolved, Comodo(Firewall) will cause me to freeze. Also, it seems SuperANTISpyware &AMP; Malware Bytes cant update, they both return an error so I believe I'm still infected. Help would be appreciated!I would go into safemode delete everything that sas antispyware and MALWAREBYTES go into control panel and delete the two and reinstall them. you COULD try these to speed it up so you can try to fix it faster you already did defrag just do the quick stuff all the things i listed is for xp but i think some of it will work for vista but i wouldn't know were to look because i don't have vista then run the antiviruses after this 1 disk defragment go to start then accessories then diskdefragment you can see if you need one before you do it by clicking the analyze 2 same place in start accesories then disk cleanup I usually check everything 3 go to all of your internet browsers and delete everything mosty just the cookies, will speed it up like internet explorer it's tools then delete browsing HISTORY and in there you can delete cookies are whatever you want, I will usually check everything 4 Ok xp has alot of visual effects that slows it down alot more than you might think this speeded up my computer quit a bit even after i did the stuff above ok to do this go to start all programs left click on my computer then properties then advanced then under performence click on settings then click on adjust for best performece don't worry NOTHING bad will happen and uncheck everything but your your computer will lose it's settings so your computer will look like windows 95 are 98 but you can change it afterwards but i don't i'll gladly sacrifice fancy looks for some more speed anyday but just going back to the xp look by left clicking on the desktop then properties shouldn't slow it down to much 5 ok now make sure everything on your computer you don't want is deleted 6 ok now some antiviruses with live protection can slow down a computer alot more than you think try avira and turn off live protection also download malwarebytes and superantispyware these are good 7 there are some other things you could try besides antispyware and malware programs like registry cleaners try tweaknow regcleaner and eusing free registry cleaner from cnet you could also download smart defrag 8 ok go to run type in msconfig and under services and startup uncheck everything you don't want becarefull there are some things in there you want to have for your computer to run properly like in startup i can uncheck with my computer superantispyware avgnt readersl teatimer realschred qttask now in services you could also uncheck alot of things like with mine i can uncheck google updater service windows cardspace java quick starter windows media player n (sucurity center optional but i din't want it) also avira antivir shceduler avira antivir guard google software updater and there are many more i have unchecked make sure you unchech all the things you don't want and not uncheck everything you need some of these things for windows to run properly on the internet if you don't know what each thing is google it and it will tell you what it is. 9 ok in mycomputer left click on c then properties and uncheck indexing service to index this disk for fast file searching this doesn't help for a faster computer and don't compress the disk to save space then click apply then ok 10 in my computer click on tools then folder options then view then uncheck automaticly search for network folders and printers Thanks for the help, but I said screw it and decided to just install Windows 7. Everything is working beautifully now. Thanks anyways! Good luck to any one else that has this issue, I've read that installing a latter version of Comodo fixes this, but I never tried.

1349.	Solve : How to remove my spyware?
Answer» I scan my spyware begone and i got 2 was FOUND, So how do i remove it for free n when i PLAY my movies from my hard drive it doesn't work well Please HELP ASAPThere are many freeware applications. I google searched "Spyware REMOVAL Free" and I have the link below: http://www.google.com/search?q=Spyware+Removal+Free&rls=com.microsoft:en-us&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1The two best utilities are MalwareBytes and Super AntiSpyware - choose the free version of either (or both)

1350.	Solve : Why my Favourite sites are blocked??
Answer» DEAR All, My favou rite sites are blocked and I believe by Spybot. I installed it few days AGO. Before that everything was working fine. After I installed it, some of the sites (those on my favourite list) were blocked. I uninstalled it. I thought this would fix the problem out but I am having the same problem. Has anyone any idea how this could be fix. Thanks in Advance. Regards HI there, if this is a MALWARE problem, first go here and post the three log requested. An expert will see them and help you further. (I have spybot, but didn't encounter this problem... maybe it's where you downloaded it from, or maybe it's the sites themselves that might have some sort of malware....) Hope everything goes for the better, Two-Eyes %if it worked before the d/load , go to add and remove , take it out and try itCheck your hosts file and if you see those sites listed remove them.What does the blocked page look like? Does it have a company name, REASON why it was blocked?Download HostsXpert Unzip HostXpert to your Desktop Open up the HostXpert program. Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled. Click Create Back Up Then click on Restore Microsoft's Host Files Close the HostXpert program . Now go to http://windowsupdate.microsoft.com and get all critical updates.