InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 1401. |
Solve : WinPC rogue Antivirus Infection issues - Help Wanted? |
|
Answer» Hi - |
|
| 1402. |
Solve : PE Patch problem? |
|
Answer» Go to Add or Remove Programs and uninstall Adobe Reader 8. |
|
| 1403. |
Solve : anti-virus on Virtual Machines? |
|
Answer» Do virtual machines like MICROSOFT Virtual PC require an anti-virus PROGRAM...I mean, can they get infected?Yes.OK THX |
|
| 1404. |
Solve : file msnmgnr.exe is missing error message at startup? |
|
Answer» Hi |
|
| 1405. |
Solve : .exe Not a Valid Win32 Application!?? |
|
Answer» This is driving me crazy! I have a new dell notebook with Vista installed, everything was going good up until 2 weeks ago. Almost all of my programs I try to run give me the message "... is not a valid Win32 application." These programs used to run fine but I have no idea what I could have did to make programs stop running.
See below. I had Vista Home and Internet Explorer 8. I started getting csc.exe. It said the Publisher was Microsoft. It popped up on my page every few minutes asking me if I want to Install it. I clicked "No" and clicked the box that said "Don't bother me anymore, or something to that effect. It still kept popping up. I ran "Malwarebytes", a Free Program. It found 2 Trojans. I uninstalled IE 8 and went back to IE 7, SP1. I've read forums that SP 2 is still full of problems. ptfitzy Quote Topic started: April 06, 2007, 07:11:54 PM » |
|
| 1406. |
Solve : CTHELPER.EXE? |
|
Answer» Not 100% sure this is a virus but it seems like one so I'll ask the experts. |
|
| 1407. |
Solve : Computer Slow? |
|
Answer» I don't see anything indicating a MALWARE issue. How is the computer running now?Still feels slow ;/ When I start up steam or a program it doesnt respond sometimes.
. The above procedure will:
I would also recommend that you Defrag the computer. You can use the built in Windows Defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler is very effective and easy to use. Note: Be sure to clean out temp files and restart the computer just before beginning a defrag.I just tried to OPEN the taskmgr.exe and I get this error "The wrong volume is in the DRIVE. Please insert volume CSS_1 into drive D:."How long has that been happening? It sounds like something didn't install right. Printer, sound card or some other hardware.I just now tried it. cause my steam wasn't responding was gonna end the process and now I have the icon in my lower LEFT corner but I can't open it.Restart the computer? |
|
| 1408. |
Solve : sysvxd.exe trojan? |
|
Answer» Attn: EvilFantasy --
. The above procedure will:
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Wow. I'll be sure to click the Thank You button in a moment, but for the benefit of the other readers I'll let you know what I discovered. First, the Windows Messenger you had me delete. Had no idea, and thought it was a necessary component. Now gone, thank you very much. Not to be confused with MSN Messenger... Thanks for that. Thanks for the Combofix /u cleanup suggestion. Did that, no issues. The Secunia website is terrific. I regularly go to check Windows updates, but even so, it's a new month and there were a bunch more. Secunia reminded me of these and several more, including Flash and several Adobe updates. All those Microsoft updates? Malware designers must have been busy recently. Gotta tell you that I ran into trouble with an old version (pre-Adobe) of Flash, actually Macromedia Flash 6.0.79.0. When I tried to upgrade to Adobe's version 10 of the program it didn't work. Nor could I delete it in the control panel. Instead, I found a technical note about this specific version via Google, which advised where to find the Adobe Uninstaller. A useful tool for uninstalling Adobe programs that are stubborn. Found here: http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe . This tech tip (on Secunia) also provided a tip about another application you might want to review, called Revo Uninstaller. --Useful for uninstalling some of the fragments that programs leave behind in the Windows Registry. Please comment on whether this is 'foolproof' enough for the general user. Adobe had several updates to make, progressively, on Acrobat and the Adobe Reader. Had to run Secunia several times. But that's typical with many update routines. The trick is to be patient, reboot between each update, and follow the directions. I added Web of Trust, and will look at AntiSpywareBlaster in a moment. Also will read the paper you wrote on improving computer speed - "It may not be malware". Really, this has been enormously helpful. Thanks evilfantasy... Anything else left to do?Glad you found the Adobe Uninstaller. For some reason Flash refuses to remove it's leftovers when it's updated. Anyway , now ya know... I've used and recommend Revo for a while now. I won't uninstall anything without it and it has never given me any problems whatsoever. Quote Anything else left to do? As long as the computer is running OK then I think you are good to go. |
|
| 1409. |
Solve : HJT Recommendations and Overall Cover? |
|
Answer» Hi again to the best forum out there! |
|
| 1410. |
Solve : Tracking cookies? |
|
Answer» Hi, everytime I run an anti-virus search (daily) either quick scan or auto idle time scan, I have multiple tracking cookies that are then removed. Is there any way to trace where these come from or are they just added by random websites. I'm only wondering if a programme I have installed could be adding the cookies. Although not a major problem would just LIKE to understand it a little bit more.
Thanks evil very helpful. Hi evil sorry since I went into Internet explorer; tools; privacy; advanced and changed third party cookies to block I get this message every time I start up explorer. It refreshes once and then it's fine, I just want to make sure there is nothing more sinister behind it. Again thanks for your time guy's. [attachment deleted by admin]I'm not sure how IE8 handles Cookies and not sure why Compatibility View would complain about the change. I found this which has information about using InPrivate Browsing as an alternative.Thanks again Evil very helpful. |
|
| 1411. |
Solve : infected Packed.Generic.200? |
|
Answer» My computer has been infected with a Packed.Generic.200 virus and I have no idea how I got it. I have tried running both Ad-Aware and Malewarebytes’ Anti-Maleware in safe mode with the SYSTEM restore turned off. They both find it and say it was unable to delete and will delete on the reboot but every time I restart the computer the virus is still there. |
|
| 1412. |
Solve : craptop goes offline by itself? |
|
Answer» by the way....cute picture! Quote from: ponies on September 24, 2008, 01:30:56 PM ok, i did the superspyware, and ran it. It found a couple of things and quarentined them. I never saw a "log."Sure you're following the guide to the letter? * On the main screen click Scan your computer * On the left check the box for the drive you are scanning. * On the right choose Perform Complete Scan * Click Next to start the scan. Please be patient while it scans your computer. * After the scan is complete a summary box will appear. Click OK * Make sure everything in the white box has a check next to it, then click Next * It will quarantine what it found and if it asks if you want to reboot, click Yes
* Click close and close again to exit the program. *Copy and Paste the log in your post Quote from: ponies on September 24, 2008, 01:30:56 PM What does it mean "alternate download link (.exe) in step 4?It's just another link to the program in case he first one doesn't work.Here is the log.... What do I do with it? It MAKES no sense to me.............. Malwarebytes' Anti-Malware 1.28 Database version: 1203 Windows 6.0.6001 Service Pack 1 9/25/2008 12:26:54 AM mbam-log-2008-09-25 (00-26-54).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 106984 Time elapsed: 1 hour(s), 6 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 17 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully. C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. Should I attempt step 6 now? Quote from: ponies on September 25, 2008, 11:17:09 PM Should I attempt step 6 now? Yes, sir! (also moving this to the Computer Virus Section)GREAT news! My nephew CAME over today and did something, don't know what, and fixed my craptop! It doesn't go offline by itself anymore! He also showed me how I can get it back online from my craptop w/o having to unplug stuff and go through all of that. Should I continue with step 6 anyway? What does it do?Never mind. Craptop is still going offline by itself. Bless Abe's little heart, he tried but the *censored* thing is still f-ed up.http://www.snapfiles.com/reviews/HijackThis/hijackthis.html Quote TrendMicro HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect, and optionally remove selected items. The program can create a backup of your original settings and also ignore selected items. Additional features include a startup list report, hosts file manager, uninstall manager and some other tools. Intended for advanced users. Hope that gives you some insight. I have my solution. Abe fixed my craptop so that when I walk away from it or leave it alone overnight, it doesn't SHUT down and it doesn't go into sleep mode. It hibernates only. It does not go offline that way. As long as I don't shut it down it seems to stay online. I can live with that. Thank you so much for taking all the time you did to help a techno dunce like me! All right. Hibernation can be disabled through My Computer --> Properties, if you're interested.what would the craptop do if I disabled hibernate? Quote from: ponies on September 29, 2008, 12:51:19 AM what would the craptop do if I disabled hibernate? It simply wouldn't hibernate unless you turn it on again (I have mine disabled)I think it's ok with me if it hibernates. At least it's not going offline anymore, the stupid piece of s==t! My girlfriends laugh at me and sing SONG "operator error, operator error." Nasty, mean women.Heh, ok. At least problem solved. |
|
| 1413. |
Solve : Help with Viruses, logs attached? |
|
Answer» I know that my computer has viruses, but I don't know how to remove them.
After rebooting (restart) back into normal boot mode. Make sure you have all web browsers closed.
Click OK. This will open a command prompt. Type or copy and paste the following line in the command window: ipconfig /flushdns Hit Enter. Exit the command window. Restart your computer. Please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log. ---------- Is totalinternet.snap.com set as a homepage? Here they are. Username " " - n 09/28/08 9:17:36 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4E2A1DC8-EE09-402A-A2BA-BFF93C6FD1A7} "nameserver"="194.54.90.226" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{774C0923-518F-45BA-A934-E7BED649E474} "nameserver"="194.54.90.226" Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe\"" "SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray" "AGRSMMSG"="AGRSMMSG.exe" "Apoint"="\"C:\\Program Files\\Apoint2K\\Apoint.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\"" "hpWirelessAssistant"="\"C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe\"" "HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe" "eabconfg.cpl"="\"C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe\" /Start" "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "QUICKTIME Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "WD Button Manager"="WDBtnMgr.exe" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Uniblue RegistryBooster 2"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:44:54 AM, on 9/28/08 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\Sniper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.centurytel.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: WD Anywhere Backup Launcher.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition UTILITIES Class v9) - https://accounting.quickbooks.com/c9/v15.585/qboax9.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161231099046 O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c1/v14.186/qboax8.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.arkansashighways.com/road/acgm.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 12304 bytes Looks much better. Run this online scan. Requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.Sorry it took so long. Here is the EsetOnlineScanner log. # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3478 (20080928) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=de7fe6ec394aca46986729169f7aaee8 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-09-29 02:31:07 # local_time=2008-09-28 09:31:07 (-0600, Central Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=294652 # found=0 # scan_time=3480Download OTCleanIt.exe and save it to your Desktop.
---------- Set a New Restore POINT to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about BROWSER Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates SITES on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 1414. |
Solve : My PC got infected by another virus! Please help!? |
|
Answer» This is terrible my PC got this another virus that invaded my computer and messed it up in a second! The virus masks itself calling itself a "Window XP Antivirus Software" program and keeps on running scans on my computer. It also changed the Desktop background to this bright blue color and took away my ability to remove it. I first rebooted the computer to safe mode and physically disconnected from the INTERNET I then ran SuperAntiSpyware 2 times in Safe Mode and got rid of everything I could find. I still have the bright blue background on my desktop.Don't worry about it, for now. I'll check HJT, now.*** Open HJT, and checkmark: - O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (unnecessary startup) Click "Fix checked" button. *** Download, and run CTFMON-Remover: http://www.gerhard-schlager.at/en/projects/ctfmonremover/ The CTFMON-Remover helps you removing the annoying CTFMON.EXE from your Windows operating system. The program is easy to use and displays whether the CTFMON.EXE is installed and running or not. If it was found then you can remove it within seconds. Just in case that you need the CTFMON sometime in the future there is also an option to restore the original one. Note:The CTFMON.EXE is among other things responsible for changing the language schema of your keyboard (e.g. for switching between the German and English keyboard layout). So in case you are using this feature you shouldn't remove or DISABLE the CTFMON.EXE! Other than that.... Your computer is clean 1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. Download, and install McAfee SiteAdvisor: http://www.siteadvisor.com/download/ff.html. It'll warn you (in most cases) about dangerous web sites. 6. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program 7. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html 8. Let me know, how your computer is doing. Thank you so much Mr. Broni! You are a lifesaver! Mr. Clean! Mr. Clean! My computer is so clean now! Heres the last Hijack this file I did after I delted that entry you told me and I ran CCleaner and restarted the computer. I'm definitely going to be more careful when the surfing the web this was a painful lesson! [recovering disk space -- attachment deleted by admin]Happy surfing |
|
| 1415. |
Solve : My laptop is infected please help!? |
|
Answer» I have a dell windows 98 laptop that freezes up when trying to turn it on. Two days before this happened I installed a flash player update while using safari because a notice kept popping up. Please post exact model and manufacturer of laptop. I can intently see from you what you have told us, that infact the most likely reason for this to be happening, was that you downloaded a flash player. Many website which contain porn etc, will ask you to download a flash player from there website to watch there videos, most of the time these will be infected OP said that they downloaded an update to Flash Player - a normal process for security minded computer users. Let's not ENGAGE in idle speculation about a poster's web habits. |
|
| 1416. |
Solve : pages freeze/lock up, task mgr shows double the pages open.? |
|
Answer» Final steps.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer REGULARLY to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a week minimum. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I would suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop CERTAIN cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 1417. |
Solve : To many programs at start up. What to ckeck in HJT?? |
|
Answer» HJT log attached. You should note that there are more ways to increase speed as well.Thanks Carbon Dudeoxide. Speed is good after startup, it's just STARTING all those programs that I was concerned about. I ran both programs a few days ago and again just now ='Disk Defragmenter Anylize' says "defrag not needed" on both harddrives. I did find some files in 'Disk Cleanup' > 'more options' > 'Windows Components' and 'Installed Programs' that it fixed. Thank you also for the help! |
|
| 1418. |
Solve : Removing Ask from the choices in Internet Explorer? |
|
Answer» I am using XP HOME with IE7 and for some reason, IE seems to keep defaulting to Ask (search powered by Ask (default) when I want to use a browser. Could someone please look at the HT log and tell me how I can get rid of Ask?
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Be sure to close all browser windows before clicking Fix checked Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Safe surfing...Thanks, will do. Best wishes, Harpo. |
|
| 1419. |
Solve : Following the instructions from evilfantasy...problem encountered? |
|
Answer» Under step 3 I am unable to install SAS..error message..WINDOWS installer SERVICE not accessible in Safe MODE....PLEASE try again when not in safe mode etc. |
|
| 1420. |
Solve : Internet Explorer websites keeps popping up? |
|
Answer» I've ran many anti-VIRUS programs to try and remove it. For example, I've used SpyBlaster, Ad-Aware, Vundo, AVG Anti-Virus, Super Antivirus, HiJackThis, and etc. When I'm on Firefox, the pop ups in IE tends to pop up more than usual. I've ran the programs and supposedly it was removed but for some strange reason, the pop up still seems to be happening. Thank you very much.OK, what site pops up? Or does IE just open? And can you post us a HijackThis log (just scanning with it does nothing) to take a look at? It might take up a few posts, so post in sections (include all headers and such). When I'm on Firefox, the pop ups in IE tends to pop up more than usualExplain. I think two of them was getmusicfree and revenueloop. Another one seemed to be http://url.cpvfeed.com/cpv.jsp?p=111131&ron=on IE opens with sites. When I'm off Firefox, it doesn't seem to load as much as when I'm on. Logfile of HijackThis v1.99.1 Scan saved at 6:44:54 PM, on 6/15/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AIM\aim.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\DOCUME~1\Default\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeIs that the whole log? There should be more.Nope, that's basically it. You win the new record for the SHORTEST log I've ever seen. Your HijackThis is in a temporary location. If you leave it there, it (along with its important backups) can and will eventually be deleted. Please navigate to its current location (C:\DOCUME~1\Default\LOCALS~1\Temp\Rar$EX00.078) and it move to a new permanent folder at C:\Program Files\HJT. I would also like for you to rename HijackThis.exe to HughJackman.exe. Before moving on, I'm going to have to ask you to apply Service Pack 1a (do not install Service Pack 2) for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx Apply the update, reboot, and post a fresh HijackThis log.Okay, done. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Default\Desktop\HughJackman.exe O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\ewffqhlf.dll O2 - BHO: (no name) - {93505CBB-CA59-48C2-88E3-4BDF6730B2A0} - C:\WINDOWS\System32\rqoon.dll (file missing) O2 - BHO: (no name) - {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} - C:\WINDOWS\System32\xxywt.dll O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\dnsersnd.dll (file missing) O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: rqrssqq - rqrssqq.dll (file missing) O20 - Winlogon Notify: winlnu32 - winlnu32.dll (file missing) O20 - Winlogon Notify: xxywt - C:\WINDOWS\System32\xxywt.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe xxywt.dll - Trojan dnsersnd.dll - Trojan Other than that, everything's fine. No unusual programs running. I'm not very good at this, so that's all I can gather. Wait for CBMatt, he'll fix your problem. And I Googled the sites that you said popped up before. revenueloop and the long sitename one (ww.smashits - the site it links to) both look legit from what I gathered, but getmusicfree isn't so good. Email spamming and links to virus infested sites are what I found out about it.Dark Blade is right about those being infected files (there are more). You have a Vundo infection, which is most likely causing these popups... 1. Download VundoFix and save it to your desktop. 2. Run VundoFix and click on Scan For Vundo. 3. Once it's done scanning, click on Remove Vundo. 4. When it prompts you to remove the files, click on Yes. 5. Your desktop will go blank as it's removing files. Don't worry, this is normal. 6. It will prompt you to restart your COMPUTER, so click OK. 7. When your computer is turned back on, your problem should be gone. 8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post. And then, just to be thorough... 1. Download VirtumundoBeGone and save it to your desktop. 2. Reboot into Safe Mode. 3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions. 4. Exit when it has finished and reboot back into normal mode. Vundo should now be removed from your computer. After doing so, open up HijackThis and scan. In a minute, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet... O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\ewffqhlf.dll O2 - BHO: (no name) - {93505CBB-CA59-48C2-88E3-4BDF6730B2A0} - C:\WINDOWS\System32\rqoon.dll (file missing) O2 - BHO: (no name) - {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} - C:\WINDOWS\System32\xxywt.dll O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\dnsersnd.dll (file missing) O20 - Winlogon Notify: rqrssqq - rqrssqq.dll (file missing) O20 - Winlogon Notify: winlnu32 - winlnu32.dll (file missing) O20 - Winlogon Notify: xxywt - C:\WINDOWS\System32\xxywt.dll Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders. Navigate to and delete the following file(s) if present (they should be gone after VundoFix, but look for them anyway)... C:\WINDOWS\System32\ewffqhlf.dll C:\WINDOWS\System32\rqoon.dll C:\WINDOWS\System32\xxywt.dll C:\WINDOWS\System32\dnsersnd.dll C:\WINDOWS\System32\rqrssqq.dll C:\WINDOWS\System32\winlnu32.dll Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps. When you post your next log, please post the whole thing, including the header that lists information about Windows and Internet Explorer.The pop ups are still there. Logfile of HijackThis v1.99.1 Scan saved at 10:14:10 AM, on 6/16/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Default\Desktop\HughJackman.exe O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\jjevutlj.dll",realset O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe Here's the one on VBG: [06/16/2007, 9:40:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" ) [06/16/2007, 9:40:28] - Detected System Information: [06/16/2007, 9:40:29] - Windows Version: 5.1.2600, [06/16/2007, 9:40:29] - Current Username: Default (Admin) [06/16/2007, 9:40:29] - Windows is in NORMAL mode. [06/16/2007, 9:40:29] - Searching for Browser Helper Objects: [06/16/2007, 9:40:29] - BHO 1: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/16/2007, 9:40:29] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:40:29] - Checking for HKLM\...\Winlogon\Notify\bmxuclwm [06/16/2007, 9:40:29] - Key not found: HKLM\...\Winlogon\Notify\bmxuclwm, continuing. [06/16/2007, 9:40:29] - BHO 2: {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} () [06/16/2007, 9:40:29] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:40:29] - Checking for HKLM\...\Winlogon\Notify\xxywt [06/16/2007, 9:40:29] - Key not found: HKLM\...\Winlogon\Notify\xxywt, continuing. [06/16/2007, 9:40:29] - Finished Searching Browser Helper Objects [06/16/2007, 9:40:29] - Finishing up... [06/16/2007, 9:40:29] - Nothing found! Exiting... [06/16/2007, 9:48:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" ) [06/16/2007, 9:48:02] - Detected System Information: [06/16/2007, 9:48:02] - Windows Version: 5.1.2600, [06/16/2007, 9:48:02] - Current Username: Administrator (Admin) [06/16/2007, 9:48:02] - Windows is in SAFE mode with Networking. [06/16/2007, 9:48:02] - Searching for Browser Helper Objects: [06/16/2007, 9:48:02] - BHO 1: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/16/2007, 9:48:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:48:02] - Checking for HKLM\...\Winlogon\Notify\bmxuclwm [06/16/2007, 9:48:02] - Key not found: HKLM\...\Winlogon\Notify\bmxuclwm, continuing. [06/16/2007, 9:48:02] - BHO 2: {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} () [06/16/2007, 9:48:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:48:02] - Checking for HKLM\...\Winlogon\Notify\xxywt [06/16/2007, 9:48:02] - Key not found: HKLM\...\Winlogon\Notify\xxywt, continuing. [06/16/2007, 9:48:02] - Finished Searching Browser Helper Objects [06/16/2007, 9:48:02] - Finishing up... [06/16/2007, 9:48:02] - Nothing found! Exiting... [06/16/2007, 9:48:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" ) [06/16/2007, 9:48:43] - User choose NOT to continue. Exiting... [06/16/2007, 9:48:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" ) [06/16/2007, 9:48:52] - Detected System Information: [06/16/2007, 9:48:52] - Windows Version: 5.1.2600, [06/16/2007, 9:48:52] - Current Username: Administrator (Admin) [06/16/2007, 9:48:52] - Windows is in SAFE mode with Networking. [06/16/2007, 9:48:52] - Searching for Browser Helper Objects: [06/16/2007, 9:48:52] - BHO 1: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/16/2007, 9:48:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:48:52] - Checking for HKLM\...\Winlogon\Notify\bmxuclwm [06/16/2007, 9:48:52] - Key not found: HKLM\...\Winlogon\Notify\bmxuclwm, continuing. [06/16/2007, 9:48:52] - BHO 2: {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} () [06/16/2007, 9:48:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:48:52] - Checking for HKLM\...\Winlogon\Notify\xxywt [06/16/2007, 9:48:52] - Key not found: HKLM\...\Winlogon\Notify\xxywt, continuing. [06/16/2007, 9:48:52] - Finished Searching Browser Helper Objects [06/16/2007, 9:48:52] - Finishing up... [06/16/2007, 9:48:52] - Nothing found! Exiting... Try running VundoFix again, as you still have traces of it left on your computer. Also, it's very important to update to Service Pack 1 like I stated in my first post. Once you have done these things, go ahead and post a new HijackThis log.When I scanned for Vundo, there wasn't anything. Also, I did another scan on AVG. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 3:15:01 PM 6/16/2007 + Scan result: :mozilla.348:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.349:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.350:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.351:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.352:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.353:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.354:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.355:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.356:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.357:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.358:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.359:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.360:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.361:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.362:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.363:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.364:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.365:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.366:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.367:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.370:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.373:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.374:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.375:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.376:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.519:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.536:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.529:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.530:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.484:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.485:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.486:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.487:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.488:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.483:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.310:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.311:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.312:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.313:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.314:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.315:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.316:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.397:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\Default\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.413:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.398:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.399:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.400:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.549:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.550:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.551:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.552:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.553:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.521:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.525:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.526:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.527:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.528:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Default\Cookies\[email protected][2].txt -> TrackingCookie.Revsci : Cleaned. :mozilla.212:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.213:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.470:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.341:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.342:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.343:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.344:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.345:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.403:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.404:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.405:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.406:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.407:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.408:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. ::Report end It still seems to pop up websites on Internet Explorer.Okay...install Service Pack 1a if you haven't already and then post a new HijackThis log. Without SP1, it makes it very easy for you to become reinfected. |
|
| 1421. |
Solve : Need Viruses? |
|
Answer» Quote from: Carbon Dudeoxide on May 09, 2007, 07:17:25 AM Quote from: CBMatt on May 09, 2007, 07:15:54 AMIt means that just because a person has a lot of posts, it doesn't mean that they are inelligent or mature.Quote from: Carbon Dudeoxide on May 09, 2007, 06:13:46 AMExactly!..........wait, is that a bad thing?Quote from: contrex on May 09, 2007, 06:10:16 AMQuantity doesn't exactly MEAN quality.Is everybody on here AGED about 10? This place is more like a kindergarten than a proper forum.Lol, this HAPPENS with the 1000+ posts guys too. |
|
| 1422. |
Solve : Is this a virus!!? |
|
Answer» Tony, don't worry if you can't find the files. They're not always there. Even thought HJT says the files are missing, I ask people to look because it may not always be true. I have a question, though: you're absolutely sure you don't have a Network Monitoring folder in Program Folders? if i end the suspected virus it warns me to save and shut down programs and gives me a min before i shuts down.Exactly what process are you ending? svchost? That file is LEGITIMATE; there's no need to shut it down. Please post a full HijackThis log and let me know if you are experiencing any other problems.network montoring is in add/remove programs but it wnt let me unistall it , i tried unstalling it out of safe mode still wouldnt allow me came up with a error message , i will try and put my computer in safe mode again i have solved the problem with my shockwave player so embrassing i dnt want to say what the problem was lol As far as any virus program i go on her goes its all saying im am fine i have tryed eveything ccleaner , norton , avg , spybot u name it . I WENT onto major geeks installed a few beta programs not very good to be honest , but theres a lot of files on here they shouldnt be here . As for my pc's cpu its throught the roof its on a flat line then drops ____________ / / Remind me how do i post a screenshot on here of my pc's cpu and proccess Well, whatever you did, I'm glad you got your Shockwave issue sorted out. Network Monitor may have already been removed. Go to C:\Program Files and if you're absolutely sure the Network Monitor folder doesn't exist, then use the Tools feature on CCleaner to remove it from your list. You should also run the Cleaner and Issues while you're at it, just for good measure. HJT provides a list of all of your running processes, but if you WOULD like to take a screenshot, press the Print Screen key on your keyboard. Then open up Paint, press Ctrl+V, and save the file as screenshot.jpg. You can then attach it to your next post (if the file is too big, you may need to upload it to PhotoBucket).This gunna make me sound like a noob but i will list what ccleaner has listed on my start up .... 1.CFTMON.EXE 2.USERFAULTCHECK AKA (%SYSTEMROOT%\SYUSTEM32\DUMPREP 0-U Now i have no clue what this 2 are the others i want to run shall i close them in ccleaner Quote from: richenstony on May 15, 2007, 08:31:07 PM 1.CFTMON.EXE It says CFTMON? Or does it say CTFMON? If it's CTFMON, leave it alone. If it's CFTMON, tell me. Network Monitor wouldn't be listed in the Startup. When in Tools, click on the UNINSTALL tab and it will give you a long list of programs. Go all the way down to Network Monitor and click on Run Uninstaller. If it still doesn't work, then click on DELETE Entry. But only do this if C:\Program Files\Network Monitor DOES NOT exist.The next HJT log should be run in full mode with Hijack this in it's own directory... Carry on. |
|
| 1423. |
Solve : TO vundo or not to vundo? |
|
Answer» c:\\WINDOWS\SYSTEM32\GGJLM.BAK1 vundo picked this up and 10 others like it do i fix them or to i just EXIT vundo need to know due to msn virus last week cheersYou're close to winning the Monthly award for lack of details for your dilemna... |
|
| 1424. |
Solve : Javascript/ Flashplayer don't work- virus???? |
|
Answer» Hi, I have a Dell laptop that runs on Windows XP. Recently I had a virus and a computer technician deleted the virus and put McAfee Antivirus on my computer. However, since the virus was deleted, many of my websites don't work, such as BANKING websites and tv websites (like abc.com, mlb.com, etc.). The websites say that I dont have my javascript enabled (which I do) or that I dont have flash player (which I do). I even tried to redownload macromedia flashplayer and the place where I was supposed to click "install now" didn't show up. Do you have any idea whats wrong with my computer? Thank you!more info plz like what was the infections name? |
|
| 1425. |
Solve : W32.IRCBot.Gen PLEASE HELP!? |
|
Answer» recently my norton system works 2006 has been giving me the message of the W32.IRCBot.Gen virus has been FOUND and ALSO deleted and it comes up the page, found 1 infection and its been deleted etc. Though this message constantly comes up all the time saying its found the W32 and deleted it. What does this mean? I'v done the symantec walkthrough to get rid of this virus/trojan but when i go into safe mode to scan for it, it doesnt show up o nthe scan. Can someone please help?System Restore turned off and Safe Mode are the best way to thoroughly CLEAN so you are not just reinffecting yourself. You may also want to try the online scanner at Panda or Trend Micro |
|
| 1426. |
Solve : Critical System Errors? |
|
Answer» Im getting an icon in sys TRAY that says critical system error when i click on it it TAKES me to this SITE http://www.virusbursters.com/?aff=334 Can anyone help me get rid of this. cant find it in startup but its loading every time i restart? Im running win xpClick on the link below. |
|
| 1427. |
Solve : Spybot S? |
|
Answer» Here's the answer to the second part of your question. SPYBOT |
|
| 1428. |
Solve : ice 2.5 setup.exe? |
|
Answer» For the past week or so, I've had a lot of problems with my HP 1300 All-In-One printer. Ever since I had to cancel the printer process to clear the spooler I've had these four programs that continually install themselves. There named 1300Tour, 1300Trb, 1300_help, and 1300. The run every time I turn on the printer, insert a CD, or plug-in a USB device like my flash DRIVE. What's strange is that they do not show up in the Add, Remove programs list. They do however, show up in the uninstall list for CCleaner, though I am unable to remove them. I did a little searching in my programs folder and discovered in "C:\program files\HP\temp\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" a program named "ICE 2.5 setup.exe." Stupid me I ran the setup file and sure enough it was the HP All-In-One file that runs every single time, though this one was a bit different as it was claiming to be running a "clean up process." As I looked at the status of what it was cleaning up, I realized it was cleaning up my INSTALLED programs by deleting them. I immediately canceled the process in Task Manager, though I was to late to save my RCT 3 game from being partially deleted. I am total lost on what to do. I've tried preventing the programs from running by having them labeled "kill" by Zone Alarm. That didn't work. I provided the log file from HijackThis below. Post the complete HijackThis log... You will need to post the log over 2 or 3 posts, there is a 5500 character limitation on forum posts.Here is the rest of the log. O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://activex.microsoft.com/objects/ocget.dll O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe |
|
| 1429. |
Solve : virus detectors not working? |
|
Answer» Quote If you don't wish to reformat (BTW, it will fix EVERYTHING) then you should really try to get into safe mode and run all the scans. If safemode doesn't load quickly, something is wrong with your system.Well EITHER that's a LOT of Word documents (which I doubt) or a lot of P2P downloads that each may be laced with nasties. Be careful with what you save. Maybe an external HD would be in order?Agreed. 123G of Word docs sounds like the entire Library of Congress to me...if there where 6150 documents at around 20000 that seems like alot lol |
|
| 1430. |
Solve : virus help,just wanna get rid of them? |
|
Answer» hey,i been GETTING a yellow triangle in my icon,and things saying my performance is slowing down hey,i been getting a [highlight]yellow triangle[/highlight] in my [highlight]icon[/highlight],and [highlight]things[/highlight] [highlight]saying[/highlight] my performance is slowing down What yellow triangle? What icon? What things? What exactly are they saying? What OS? What protection are you using?Sounds like a personal PROBLEM. Fed, be SURE and check his last 50 posts to refresh your MEMORY of what the problem may be. That sure are a lot of.. PROBLEMS.. Something about Ebay, haircuts, usb ports and dads? Quote just want it 2 stop,thanks, Us too...believe me. Quote Quotejust want it 2 stop,thanks, |
|
| 1431. |
Solve : Boot Sector Virus Removal?? |
|
Answer» Not through a cable, not through hardware, EXCEPT for an infected hard drive. Only from a download or having/running an infected file.BIOS Virus? Self employed...all over the State.Sounds fun!I enjoy my work even though i find the CONCEPT of working for a living pretty ridiculous.... Meanwhile the original poster has gone AWOL. maybe he'll come back... If he only knew how well his THREAD turned out... patio. 8-)oh well he might come backThen again if he in fact does have a bootsector virus chances are he can't get back... patio. 8-)very TRUE i hope hes smart enough to reformat or go to another computer.. |
|
| 1432. |
Solve : Trojan Vundo.be issues? |
|
Answer» This trojan is apparently in or running from sstrs.dll. I've tried everything I can think of to DELETE that file: Starforce, if you haven't tried anything else yet I'd really like to know if Ewido cleans it for you. Ahh...a new toy. Well, lets just say the trendmicro trail sucked arse, it slowed my system toa crawl worse than any virus I ever had. I realise I got a 1200 mhz on 256 ram but still...so I'll see what this does. ok, ewido has givin me a popup alert to sstrs.dll a few times, I asked it to cleana nd quarentine and once to simply delete, so FAR the file is still there. It's in the middle of a full scan right now. Found a few other oddballs the rest missed, such as the fact that I had that effin purity scan again. Also, that vundofix.exe I downloaded, never reopens after I select run as a TASK. Or, atleast I see no evidence it has in task manager or anywhere else.I'm not quite sure exactly where you are at right now? You could also try Ewido in safe mode, let us know the END result. Quote I'm not quite sure exactly where you are at right now? Well, at this point I'm back where I started. I ran the basic scans on ewido to keep the time short and it removed items and detected the sstrs.dll but didn't delete it. I also tried dos and will trys afe mode command prompt but I hve no idea how to start windows 2000 in dos so..if that option doesn't work... Also now that I know how to do the cd and delete stuff in dos I might try Bart PE again.Do the full Ewido scan in safe mode, let's see if it works. Thanks. Quote QuoteI'm not quite sure exactly where you are at right now? Safe Mode is not DOS. Win2000 does not have DOS. Safe Mode is F8 at boot before the Windows logo. Yikes a vundo plague, come on Starforce, what happened?I might hafta find someone who can use my drive as a slave drive, and boot of theirs and then sweep all the crap out...What kind of hard and optical drives are in that machine? How much data needs to be backed up roughly?I got 2 hd, one 30 and one 200gb and I got a zip 256 and a dvd+r (I think it's a dual layer). I could just dump everything over and format but I don't see a point in doing a system restore when I'll be building a whole new machine soon.Did you try ASquared as well ? ? And or the trial version of Trojan Hunter. Again update them both first...turn off System Restore and run them in SafeMode. Hope this helps. patio. 8-)Never heard of either of those. |
|
| 1433. |
Solve : Is this caused by a virus?? |
|
Answer» I have been infected by a spyware program that comes in the form of a spyware add. I have sbc yahoo so I want to download their free program. Problem I have Norton antivirus and Mc afee firewall . Do I have ot uninstall any of them. How? :-? I have been infected by a spyware program that comes in the form of a spyware add. I have sbc yahoo so I want to download their free program. Problem I have Norton antivirus and Mc afee firewall . Do I have ot uninstall any of them. How? :-? dellydestiny, [highlight]Create your own post[/highlight] in this section of the forum and give as much info as possible about your problem and what [highlight]you[/highlight] have done so far to CORRECT it. Such as, what programs you have ran. etc. And what free program from SBC/Yahoo? Quote Welcome Aboard... Still waiting...Original Poster is AWOL. Next?Yup, APPEARS to be a HIT and run.Thank goodness their problem is solved...see how efficient we are ? ? ? patio. 8-) Quote Thank goodness their problem is solved...see how efficient we are ? ? ? at scaring ppl away lolDid you try getting into safe mode. Start up the computer and press F8 and select safe mode with network connection. SteeveSteeve, The original poster has been absent for almost a week. This is called Hit and Run Posting.Sorry dude didn't notice thxs for the shout out. Regardsdo u think he solved his own problem or just forgot about us Quote do u think he solved his own problem or just forgot about us Its hard to SAY. Quote do u think he solved his own problem or just forgot about us Let's hope it was the FORMER and assume the latter. |
|
| 1434. |
Solve : spywareblaster's block list: won't "protect"? |
|
Answer» Greetings everyone! X-Cleaner, Spybot, Microsoft Malware Detection Tool, Webroot, macaffee VirusScan Enterprise, Microsoft AntiSpyware and Ad-Ware all seem happy to congratulate me on not having any suspicious stuff on my computer. Spycatcher caught a few things but only one was a confirmed dangerous piece, which I deleted....... You must REALIZE , that there hasnt been a nasties scanner desgned that will find and remove everything . You must use a number of various apps to do the job. When you respond , I will be happy to offer some suggestions. dl65 ... and i thought i was so thorough in my post LOL... windows XP is my OS. and you are absolutely right on the need to use different apps. that's precisely why i tried running all of the ones i mentioned, in addition to AVG and the GDATA Softwared worm remover. Thank you for writing. I look forward to your suggestions. I'm wishing you well. driveerased..... LOL , your post was pretty complete , however the reason I inquired about your O/S is because some apps won't run on all windows o/s . I would suggest the following : A good Anti-Virus Ewido Security ........ good for finding and removing trojans Spybot Search and Destroy ...... Be sure to enable the resident M/S ...... Windows Defender is decent . Ad-Aware SE Personal ....... Always check for updates before running any of these Then in your toolbox ......you should have: hijackthis ....( very powerful tool ) CWShedder Vundo Fix Stinger CCleaner .... excellant for cleaning up your system Always check for updates before running any of these There is a multitude of free apps out there ........ The ones I mention are simply the ones I use. BTW ..... You didnt mention which version of SpywareBlaster you are using .....I just D/L V3.5.1 ..... and it doesnt have any scanner it just appears to block anything comming in .... so if your machine is infected , another tool will be required to find and remove them . dl65 DL65, thank you for your suggestions. I have downloaded, installed and run Ewido Security (as well as the online scanner beta), CWShedder, Stinger and CCleaner. This morning I updated every single one and ran them again. None of them seems to find an infection. However, G DATA anti-worm tells me that it "looks like" my HOST has been hijacked and it does provide me with a report, which, unfortunately, I can't understand. What I have noticed, though, is that all addresses end with #SpySweeperCASS, and SINCE I have Webroot Spysweeeper as resident, I'm not sure how this can indicate hijacking. I continue to be unable to protect against the several instances of BlockCheckers, Clickzs, CoolWebSearch, mirar and Z-Quest that my (newly downloaded version of) Spyblaster indicates are "unprotected". I was hoping that you might provide other ideas. Thank you. I'm wishing you well. driveerased...how about posting the report from....G DATA anti-worm and how about a new hijackthis log . dl65 Thanks for writing. Much as I hate to admit it, I don't know what hijackthis is, nor do I know how to get a log through/with it. I will however post the antiworm hosts report here as soon as i find out how to convert a text file to one of the formats accepted by this forum. Thank you again for your interest and help. Regards.Have you used a program like Spybot to 'lock your host file'?i use spybot all the time but i don't recall using it to "lock host file". i imagine one would do it through the TOOLS tab... i'm running on the affected computer right now. will look at the TOOLS commands once the scan is over. Thank you. PS: what would that accomplish, locking my host file? or are you suggesting that this might be the problem?I'm suggesting that if your hosts file is locked by a third party program then your spyware blaster will not be able to alter it.good pont on the locked hosts files, Fed. Thank you. I have now locked them with SpyBot. Incidentally, this scan by SpyBot was also unsuccessful in eliciting any malware or programs, which, in turn, brings me back to my original question: how can i either prevent those items SpywareBlaster tells me are "unprotected" - BlockCheckers, Clickzs, CoolWebSearch, mirar and Z-Quest among others, from stealing my privacy and/or further demaging my system? How do I get to them and pry them out? Incidentally, the SpywareBlaster report shows IE only has these problesm Mozilla Firefox items all appear checked and protected. Thank you in advance for any help anyone can provide. I am wishing you well. At the bottom of the Status tab, click "Enable all protection". |
|
| 1435. |
Solve : What is KernelFaultCheck?? |
|
Answer» Hi Everyone, |
|
| 1436. |
Solve : NEEDED!? |
|
Answer» hey! this could REALLY sound ridiculous but i really need a simple program on a computer virus. hey! this could really sound ridiculous but i really need a simple program on a computer virus. You want a virus? Or you want to GIVE a virus? In either case there are BETTER things to do with a computer. Quote hey! this could really sound ridiculous but i really need a simple program on a computer virus. You're right, it does sound ridiculous. |
|
| 1437. |
Solve : Updated HighjackThis Log? |
|
Answer» So I ran all the programs in regular mode and safe mode and turned off system restore and all that. Here is the new log: Running processes:Quote R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.htmlQuote O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000Armando.... You logfile looks ok... Did you find anything when you ran the scans in Safe Mode ? dl65 Surprisingly (for me at least), yes. Ewido found some adware and spyware which I got rid of. Spypot didn't find anything though. |
|
| 1438. |
Solve : Heres my hijackthis log backdated? |
|
Answer» Thanks for any replys Logfile of HijackThis v1.99.1 Quote O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllQuote O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmThe following should be removed: O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) I you don't know what these are, remove them also: O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O23 - Service: Thread Master (ThreadMaster) - http://threadmaster.tripod.com - [email protected] - C:\WINDOWS\system32\ThreadMaster\ThreadMast.exe You have loads of unnecessary crud starting up so please review your Add/Remove Programs applet. Be vicious with it.... You know you want to. $%^& ! My computer has completely messed up I shouldn't have deleted that thread master thing, I looked at their homepage and remember downloading from there, but i couldn't remember why... so i just deleted it Luckly i have found the link to a page i read about it ages ago http://bbc.cpdn.org/forum_thread.php?id=600 I used it to turn down the CPU usage of a program, but now i have deleted it has turned down on everything! no programs will use more than 60% CPU, i cannot play games or use any media without the screen jumping. Got myself in a right pickle... I'll look into it tomorow and maybe ask them, but i just can't be botherd right now I did not backup the file either, does Hijackthis save backups by itself? no BF1942 for me tonight Hijackthis does create backups. Run it and click on Config>Backups. |
|
| 1439. |
Solve : Cheap Norton Replacement? |
|
Answer» I've been a loyal Norton user for years and years.... But find myself strapped for cash as my annual $ubscription runs out... Your post count is "666"... Troubling... LOL ....... Thats because his post before that was 665 dl65 Quote Thats because his post before that was 665Post PROOF or retract. I guess I don't lose utilities when I don't resubscribe, do I? Just the Firewall and AntiVirus.... I'll try both firewalls - one on each machine - and see what happens! Thanks rjbinney........ Quote Post proof or retract. Excuse me , but what are you refering to? dl65 See... prove that his previous post was indeed 665... otherwise I'll assume his postcount always is 666.... see, it's a joke... I don't think the guy REALLY is evil incarnate.... See? It's like, well, humour...If you're trying out Firewalls then give Sygate a try. http://207.33.111.31/spf/ Get Version 5.5 Build 2710.coffe+offler=coffee monster Well, I loaded Kerio... And it instantly gave me an Incoming warning about Java... so I hit Deny, OVER 75 TIMES, so I decided, well, maybe I'll allow it.... OVER 30 TIMES before I forced the machine into Safe Mode and uninstalled it. So I didn't like that one! With Kerio, as with any good app based firewall, there are two levels of admittance or denial; temporary and permanent. To make a choice permanent, check the Make Rule box. It's really that simple and it's all there in the help files. If it was correctly set up, the Norton firewall did exactly the same! Why did it warn about incoming attempts anyway? It doesn't do it without very good reason."Of course I've tried soapy water!" Yeah, I figured that Norton had allowed it in the past. That's why I only was going to permit it once, so I could research it (a flawed strategy, but a strategy!) I don't remember the specifics - I should have written it down - but it was like "Attack from [IP], in Germany". But even when I started permitting it permanently, it came back with the same problem. So I powered it out. It was just too frustrating! Maybe I'll try again when I have a good movie on in the background. Or a good book nearby. But I'm gonna try Sygate next. Thanks!What was running when these "attacks" were taking place? The only permissible multiple Java connections that I can think of would be if you're running something like Azureus. Perhaps Norton had blocked it in the past.Well, I do run Azureus, but it doesn't load at startup, and it wasn't on the port I have authorized Azureus to use (which is assigned at my router, anyway). I don't know a whole heck of a lot about how Java works, so I just went into scared-and-confused mode and punted. The only things I've put in my Startup folder are Palm's HotSync and Adobe Quick Install (which isn't). (And also a small macro program AutoHotKey because my 8 key doesn't work, so I have SHIFT+WIN+9 = 8.)In that case, no connections, inbound or outbound should be apparent. You were perhaps being scanned but that doesn't add up as to where Java is involved. You need to make a complete security audit. Quote You need to make a complete security audit.Alright, I'll bite. How? ("complete security audit" sounds much more serious than what I usually do!) Is it just me, or does everyone start singing "Substitute" to themselves when they see your posts??!?!? Carry out the procedures listed [highlight]here[/highlight] and post a Hijackthis logfile here when done. WHO sings substitute? Wow. That's a lot of stuff.... I run SpyBot weekly, AdAware weekly, NAV 3x/week, and have the Norton Firewall on. NEVER had an issue...Hw do you know you've never had an issue if you don't cross check? The majority of heavily infected machines that I see (And believe me, that's a *censored* of a lot) with any protection at all are "protected" by NAV....which is one of the reasons why I am looking for something other than NAV. I will obviously need some time to run all this!So I ran AVG free last night, and it found a virus in a ZIP file I downloaded... But didn't DO anything about it. It didn't OFFER to repair, quarantine, whatever. I've tooled around with different options, and I can't see how to set it to quarantine or repair a file. Does it NOT do that - it just alerts me where they are, so I can delete them? Or did I miss something??!? Thanks. (and, btw, to "Look Bloody Young But I'm Just Backdated"... Looking at that laundry list, I do dump my temp files once a week, and every time I add software I scan the Add/Control to make sure nothing else got slammed in.... At least once, sometimes twice, a month, I scan my Task Manager Processes and make sure there's nothing running that shouldn't. But I will still get to that list! Thanks!) Quote I've been a loyal Norton user for years and years.... But find myself strapped for cash as my annual $ubscription runs out...I gather you have Norton System Works and that's where you NAV came from. Right? I'm not here to counter the usual Norton bashing, but, since you've been a long-time user of Norton utilities, you could just remove NAV and keep the Norton utilities installed. You do not need to install all components of SystemWorks. While regular updating of the anti-virus component of SystemWorks is obviously critical, the utilities do not fall under that same requirement.Thanks, soybean. I DID realize that after my initial post. I don't have anything against Norton, as I said, it's literally $60 to them right now or to the gas company. |
|
| 1440. |
Solve : Laptop that won't load explorer.exe? |
|
Answer» My wife's laptop will not display the desktop at all. No icons, no start button or task bar. I went into task manager and stopped the current explorer.exe that was runing and maunually went into the c: drive and started it that way. When I do that, everything appears to be working. However, the start button now appears in cursive and it KEEPS trying to load all kinds of pop-up windows. When I do that, everything appears to be working.again. Get HijackThis: http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html and post its log back here. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:27:42 PM, on 11/15/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\cisvc.exe C:\MSSQL7\binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\carpserv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\QdrPack\QdrPack9.exe C:\Program Files\QdrModule\QdrModule9.exe C:\Program Files\Digital Line Detect\DLG.exe C:\MSSQL7\Binn\sqlmangr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kristin\My Documents\My Music\From Internet\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\vtr.dll (file missing) O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe" O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe O4 - Global Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_2_3_0.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe (file missing) -- End of file - 7142 bytes Let me take a look..First of all, you need to get SP2 as soon as possible. Secondly, I can't see any firewall running. Is your Windows firewall up? Now... 1. Print out these instructions as we will need to close every window that is open later in the fix. 2. Download SmitfraudFix.exe from here and save it to your desktop: http://www.bleepingcomputer.com/files/smitfraudfix.php 3. Next, please reboot your computer into Safe Mode by doing the following: a. Restart your computer b. Start tapping F8 key c. A menu will appear d. Select the first option, to run Windows in Safe Mode. 4. Close all open Windows. 5. Now, double-click on the SmitFraudfix icon. 6. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen. 7. You will now see a menu. Press the number 2 on your keyboard and the press the Enter key to choose the option Clean. 8. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program. This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up a long time depending on your computer, so please be PATIENT. When it is complete, it will close automatically and you should continue with next step. 9. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the Enter key. 10. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A COUNTER will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot. 11. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Save that log to your desktop, and attach it to your next reply. Kyle...you need to start new topic with brief description of your problems. |
|
| 1441. |
Solve : redirect problem with google? |
|
Answer» The software said it was cleaned, but I am not sure. My Out look EXp seems to hang up and I have to run my anti spy thing, then it seems to work. I seem to get a lot of runtime errors also. Most of my software works though. |
|
| 1442. |
Solve : Trojan???? |
|
Answer» I'm using Mcafee Anti-VIrus...And it had detected and almost every WEEK that there's this Trojan from the source Download BCF... I tried using others Anti virus software like AVG and it did NOT detect such trojans...What I wanna know is why this trojan keep appearing?...It is because it had not been removed completely?...Also, |
|
| 1443. |
Solve : random freezes and lockout? |
|
Answer» sorry if this is a doublepost my puter froze so i don't know if my first one made it with that said my computer randomly freezes i ran avg ad-ware and superantispyware and came up with nothing other than some cookies. I tried to reinstall the os but i got a message that stated the one i had now was a newer version and the continue button was fadded and unclickable....with that being said my computer also doesn't accept me as the administrator yet i'm on the admin account and this is my home puter even in safe mode i'm not the admin with all that said if you can help it would be greatfull just ask and i will tell ya all that i know........should only take a couple seconds on that part......also it won't allow me to RESTORE if i try the window a) won't show up or b) show up with nothing in it....its like that in normal and safe modes |
|
| 1444. |
Solve : Someone told me to post this here.? |
|
Answer» Is your problem only happening in IE? Have you tried ANOTHER browser such as Firefox? |
|
| 1445. |
Solve : Think i have virus troubles.... :(? |
|
Answer» these are my log files. Also the start page i put there myself should i still remove it? If you want it there then it's OK. Uninstall and then reinstall anything that isn't working correctly. No malware.i found ism.exe which when i googled it says it's dangerous and i should GET rid of it. Should i? is so how? FBWhere was it found?i was looking through the processes on task manager. FBLook in add/remove programs for InternetSpeedMonitor and unisnstall it.i couldn't find internetspeedmonitor in the add/remove programs, i don't see anything unusual except "scansoft omnipage SE4" which seems to be genuine software just don't remember putting it on. probably came with some printer drivers. It's not a massive problem as i'm going to format the HDD soon. FB |
|
| 1446. |
Solve : Noticed Zlob folders scanned during Spybot scanSearch & Destroy? |
|
Answer» Hi - its been a while... I have located a XP Pro CD, but it is a SP2 version. I have a 5.1 version. Is this a PROBLEM? Windows XP - How to TELL which Service Pack is INSTALLED |
|
| 1447. |
Solve : Virus detected but it can't remove? |
|
Answer» Ok I have a question. This keep on questioning in my mind. Virus detected by Antivirus but the Antivirus can't remove it. |
|
| 1448. |
Solve : cant download/ or filepicker?? |
|
Answer» HI, at most times now when i TRY to DOWNLOAD SOMETHING from a site it either SAYS cant download to this area, choose another and when I do it says the same, and other times it says filepicker was unexpectedly closed by windows, please help i am baffled??? podlod Disable and or un-install filepicker...it causes problems with some browsers including FireFox. See if this changes things. |
|
| 1449. |
Solve : Could someone take a look @ the logs, still awaiting expert help as of25th feb.? |
|
Answer» Please help asap as i need my laptop for uni work. I have done scans with different software which seem to detect different things like rootkit, trojan, cookies. Is there a way of getting rid of all this? ok , i see you added them to your first post , you should always add them on a seperate post in your topic so the experts can see that its done You always attach them to your first post unless otherwise instructed.O , thats new on me I beg the experts to help me please. I need to meet university coursework deadline by next week and also need to MAKE a payment.Hello geist09. Sorry for the delay. Download random's system information tool (RSIT) by random/random from and save it to your DESKTOP.
[attachment deleted by admin]This should improve things greatly. Disable Windows Defender We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
After all of the fixes are complete it is very important that you enable real-time protection again. ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there)
Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Go to Add or Remove Programs and uninstall:
---------- Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart.
---------- Download the McAfee CONSUMER Product Removal Tool to your Desktop. Using McAfee Consumer Product Removal tool:
---------- Download the OTMoveIt3 by OldTimer Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :services :reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"=- "McAfeeUpdaterUI"=- "avast!"=- :files C:\ProgramData\McAfee C:\Program Files\AVG C:\Program Files\Common Files\Symantec Shared C:\Program Files\McAfee C:\Program Files\Alwil Software C:\Program Files\Symantec C:\Windows\tasks\Ad-Aware Update (Weekly).job :Commands [purity] [emptytemp] [start explorer] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or FOLDER cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. ---------- Please post the OTMoveIt3 log in the next reply. .ok problem using mcpr.exe. When the first command box appears it says: Mcafee Enterprise software detected cannot continue please contact mcafee technical support. What should I do? |
|
| 1450. |
Solve : guess this is the place to ask this...? |
|
Answer» If a machine is clean of viruses and spyware, malware, etc., and its defragged, and registry is clean/optimized...can cookies themselves slow it down?No. Cookies are simply tiny little text files. Around 100 to 500 bytes is all they are. It would take a whole, whole bunch to slow down a computer. |
|
