InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 101. |
Solve : Google redirects my webpage? |
|
Answer» Hi OrgName: Freedom Networks LLCis NOT your ISP, put a checkmark next to the following HJT entries: - O17 - HKLM\System\CCS\Services\Tcpip\..\{1F268CEC-6ADF-4F70-85A7-BC3096970FFD}: NameServer = 208.67.220.220,208.67.222.222 - O17 - HKLM\System\CCS\Services\Tcpip\..\{8CDAF9F3-5059-43CE-A6A6-FABF2F6FE89E}: NameServer = 208.67.220.220,208.67.222.222 - O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 - O17 - HKLM\System\CS1\Services\Tcpip\..\{1F268CEC-6ADF-4F70-85A7-BC3096970FFD}: NameServer = 208.67.220.220,208.67.222.222 - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 ***** If: Quote OrgName: RIPE Network Coordination Centreis NOT your ISP, put a checkmark next to the following HJT entries: - O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.109 - O17 - HKLM\System\CS2\Services\Tcpip\..\{1F268CEC-6ADF-4F70-85A7-BC3096970FFD}: NameServer = 85.255.116.158,85.255.112.109 5. Click on "Fix It" button. 6. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts) 7. Run Spybot (check for updates, first), and fix whatever it asks you to fix. 8. Open Windows Explorer. Go Tools>Folder Options, put a checkmark next to "Show hidden files, and folders". 9. Delete following files (if they still exist): nothing to remove 10. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 11. Restart in Normal Mode. 12. Turn System Restore on. 13. Run HJT again, and post back its log back here.Neither one should be my ISP (I dont think), especially the AMSTERDAM one.....should I delete them both anyway? Fix them all, then. Post back with new log.Ok.....hows this looking? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:21:29 PM, on 11/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weatheroffice.gc.ca/city/pages/mb-38_metric_e.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 4817 bytes Did Spybot remove anything? Are you still having problems?I think it was Zlob DNS changer it removed. tried it a dozrn or so times....so far so good!We should run another scan to be sure it is gone. Zlob is a trojan and can be well hidden. Please download Combofix by sUBs from either here or here Save Combofix.exe to your your Desktop. 1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter at the prompt) 2. When finished, it will produce a log for you. 3. Attach that log in your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause your computer to stall Your HJT log looks good. No more redirections?I have tried it again today and it still seems to be working good! Thanks for the help!Cool thing Stay safe Crap.....btcar.com and 22traffic.com are coming up again when I try and link to a page from google. Now what? I have been away for 8 hrs and things were good before I left!! Thanks |
|
| 102. |
Solve : (help!) you guys ARE my technical support group? |
|
Answer» *** STOP: 0X0000001E (0XC0000005,0X00000000,0X00000000,0X00000000) |
|
| 103. |
Solve : pc restarts when i connect to the net (dial up)? |
|
Answer» hey everyone, i hoep someone can help me, i have dial up, and as soon as i connect to the net my pc restarts, i have mcafee and it got rid of all the virus's but it still wont work, i also have that virus or whatever it is that freezes the pc, but its very rare and doesnt happen often, PLEASE help, i need my internet back, my last resort is to formatWelcome aboard |
|
| 104. |
Solve : Highjack this log- Virus? |
|
Answer» Hello everyone.
[saving disk space - old attachment deleted by admin]First lets get some antivirus protection on the computer. Download and install Avast! 4 Home Edition Free When you get done I will have some more instructions ready.Step 1 Complete this procedure completely including attaching the requested log before doing the second procedure. Download SmitfraudFix (by S!Ri) to your Desktop. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please attach that log in your next reply. Note: process.exe ( which is used my SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/processutil/processutil.htm Alright did both. [saving disk space - old attachment deleted by admin]Post a new HijackThis log please. Also how is the computer now? Well...The tray icon went away and such. But my interent is messing up abit. Like it will slow down on loading or it won't load at all it just sits there loading... I restart my computer and it will work. But i restarted my computer earlier and this thing poped up saying that a file hasn't closed yet...Press End Now or Close you know one of those things. The fille was called FFHook...Is that good or bad? [saving disk space - old attachment deleted by admin]The FFHook.dll is related to firefox but not malicious as far as I know. I will look into it further... The log isn't showing any malware but there some empty entries to fix. Open HijackThis and select "Do a system scan only" Place a check mark next to: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing) O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing) Close all windows and click "Fix checked" I will look around and see if I can come up with anything on the FFHOOK.dll Do you have the latest version of Firefox 2.0.0.9? Also have you ran a virus scan with Avast! yet? To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? It mentions many free programs so it is worth a look. yes i have 2.0.0.9 And yes I ran a scan with Avast...After I restarted my computer it ran and i also ran it after that.I suggest removing all traces of Firefox and reinstalling it fresh. It is most likely an extension or add-on that is corrupt. Use Mozbackup to backup any bookmarks, cookies or saved passwords. Just don't backup any extensions, you will need to add them back manually. Mozbackup is simple to use and only takes a second to run. http://mozbackup.jasnapaka.com/download.php To completely uninstall Firefox, then completely remove all traces of Firefox (save your bookmarks first): 1) Use Add/Remove Programs to uninstall Firefox 2) Delete the Mozilla/Firefox subdirectory in Program Files 3) Delete the Mozilla/Firefox subdirectory in your user profile 4) Reinstall Firefox |
|
| 105. |
Solve : msn click link virus? |
|
Answer» i have just accidently click the links in msn chat.. which link to a saved place..i saved it..but when the file has gone missing.
. Now we can start. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O13 - Gopher Prefix: Now, close all windows (including this one) besides HijackThis, then click Fix Checked. No malicious files are showing up. Do remember the name of the file you saved? Have you been experiencing any actual problems/symptoms?kk..i have fixed things you tell me to do.. yar..i forgot about the name of the file, it just disappear after i have saved it. My computer seems fine to me, no laggy, no pop-up .... and the spybot has help me fixed my computer. I just want to check is my computer are okay...for that stupid link i click in msn. (...lol..cool..ur first time vista log by ME..haha...cool..lolz)Well, as long as you keep your protection programs UPDATED and perform regular scans in Safe Mode, and as long as you're not experiencing any problems, I wouldn't be too concerned. My guess is that Spybot already picked up the file and cleaned it. However, if you would like, I can take a look at a ComboFix log for you. Just download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.i download combofix...then when i extract, theres one file and one program that was named as start..so i click start, just only a few seconds, the two things just disappear from my desktop... i check my c drive, but i didn't found any combofix.txt... i only found vundofix.txt VundoFix V6.4.2 Checking Java VERSION... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 8:51:03 AM 5/6/2007 Listing files found while scanning.... No infected files were found.That concerned me for a second, but I looked into it and it seems that ComboFix doesn't work with Vista yet. We'll just have to rely on HijackThis for now, it seems. I don't think you have anything to worry about, though. You may want to remove your older version of Java. All it's really doing is taking up space.o..kk..i will start removing it...thx...=)No problemo. If you need help with anything else, feel free to ask. |
|
| 106. |
Solve : rootkit revealer? |
|
Answer» Hello, |
|
| 107. |
Solve : Macfee Problem? |
|
Answer» I installed Macfee anti virus in my PC before finishing it automatically restarting continously .... may i know what is the problem |
|
| 108. |
Solve : winlogon.exe not found? |
|
Answer» Hello I'm new, I'm only 15-years-old and hope you guys could help "C:\WINDOWS\system32\ydtrlywft/winlogon.exe" That one was a virus, but it looks like it got removed. However, the virus probably left a startup entry in your registry which means that your system still looks for that file to start the trojan program up. You need to remove the entry. You could try this... Go to the Start Menu, and in the Run box, type MSCONFIG. When that runs, click the Startup tab and see if there is a checked entry for Winlogon.exe. If there is, uncheck it. After reboot, the problem should be gone. contrex's suggestion should help you out (you can also do this using one of the features of AVG Anti-Spyware). However, you might want to post a HijackThis log so we can see what TRACES (if any) are left. Also...I'm moving this to the appropriate area.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem. |
|
| 109. |
Solve : blank installshield icon? |
|
Answer» ???I'm running Windows XP and Internet Explorer browser. see attached pic. please reply if you know what this is and can get RID of it. thanks, gloria |
|
| 110. |
Solve : VNC HACKED!? |
|
Answer» OK, My home computer was hacked last night, I was working over VNC and I was sitting there taking a drink (of water..lol), and I noticed the task manager popped up, and the commandline popped up and this script started running... So I ripped out my wireless adapter, and tried to figure out what just happened... here is what I GOT. |
|
| 111. |
Solve : spyware bomb? |
|
Answer» is there a way to get rid of it permanantly ? the spyware bomb |
|
| 112. |
Solve : HiddenExpeanic? |
|
Answer» Hi |
|
| 113. |
Solve : Can't billpay online? |
|
Answer» Running Windows 2000 with DSL and wireless at home. Sorry, haven't done all the things you guys have recommended. Really busy and with the three day weekend, out of town.Well, when you're ready to work on this with us, come back and let us know so we can start crackin' at it.try using internet explorer that works betterInternet Explorer is better than what? Anti-virus protection software? Care to explain?i recommend firefox with IE tab ext.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem. |
|
| 114. |
Solve : HijackThis Log Help? |
|
Answer» I was wondering if anyone with some free time could take a look at this log and tell me if there is anything I should remove or fix. Logfile of HijackThis v1.99.1Quote R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.htmlThis isn't a full logfile. Because of forum restrictioons, you need to split your posts up into sections of less than 5500 characters and post them sequentially. Quote O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllQuote O18 - Protocol: bw80 - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllQuote O18 - Protocol: bwp0s - {674581ED-5129-4294-925D-E003B02B69B6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllArmando........Looking at your logfile and I note that for some reason you have not installed XP SP2...... It has a number of improved features and additional security . It also includes an newer IE than you are using ..... I also note you are using 2 anti virus apps ......... You would be better off with just one. Do you actualy use the apps that appear in your running processes ? Removing some of them would probably improve performance. Do you require ....... C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\WinRoll\winroll.exe ( this one could be a keystroke logger ) If this was my machine , I would MARK for removal the following.... O2 - BHO: (no name) - {3AF9102C-EB4E-47B5-8751-60550E872E39} - (no file) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {614BBBCC-5C08-30A8-2BB6-0495C885DCBC} - (no file) O2 - BHO: (no name) - {6449E3C9-575F-61AA-2BB6-0495C885DFEB} - (no file) O2 - BHO: (no name) - {FD704130-FFAA-C159-D0E9-A10FA1E64EB7} - (no file O2 - BHO: (no name) - {FD704140-FFDF-B258-D0EF-D00FD3954EC2} - (no file) O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file) O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) I would remove all of the 018 entries with the exception of this one ...... O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) Do you use this ...... O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) If you don't I would remove it. You should also consider doing a thorough cleaning of the unused items in your pc ....... You might also wish to D/l and install CCleaner ..... http://www.ccleaner.com/ Please try and answer the questions before you attempt to remove anything. dl65 Quote Armando........Looking at your logfile and I note that for some reason you have not installed XP SP2...... It has a number of improved features and additional security . It also includes an newer IE than you are using .....I've tried installing it numerous times but it always gives me an ERROR saying my verification key or validation code isn't genuine or something. It sends me to the Microsoft website and it tells me my Windows XP isn't genuine.. I've posted a thread about the problem before but all I heard was that I need to re-install Windows XP with a new disc, which I don't have. Quote I also note you are using 2 anti virus apps ......... You would be better off with just one.I use AVG antivirus, ewido security suite, and kerio personal firewall. Which do you recommend I remove? Quote Do you actualy use the apps that appear in your running processes ? Removing some of them would probably improve performance.Never used them, no idea what they are for. Quote Do you use this ......I used to but I don't anymore, so I should remove it. Quote You should also consider doing a thorough cleaning of the unused items in your pc .......I use it everyday. I've been using it for over 4 months now/.. Armando.... Quote I've tried installing it numerous times but it always gives me an error saying my verification key or validation code isn't genuine or something. It sends me to the Microsoft website and it tells me my Windows XP isn't genuine.. I've posted a thread about the problem before but all I heard was that I need to re-install Windows XP with a new disc, which I don't have.If you have a authentic original win XP disk and it has only been installed on that pc ...... you should be getting on the phone to M/S and get it sorted out . Quote I use AVG antivirus, ewido security suite, and kerio personal firewall. Which do you recommend I remove? I wouldnt suggest you remove any of those ..... however according to your running processes , you have eTrust EZ Antivirus installed and runniong ..... If you dont use it uninstall it . Quote Do you actualy use the apps that appear in your running processes ? Removing some of them would probably improve performance.Then I would remove them Quote Do you use this .......... Yes remove them ok ...lets start with those and then well will look at it again...... I think there are more that perhaps should be removed . How about these ..... C:\Program Files\YzShadow\YzShadow.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe If you dont know what they are ........remove them as well. ok .....deal with those and then post a new hijackthis logfile. dl65 Actually some more questions (sorry) The EZ Anti-virus my dad purchased so I can't really remove it otherwise he'll get angry. (yes, I know, it's not good at all, but he bought it.. *sigh*) SO then which one should I remove? C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe That's for a program that remembers all of my passwords and I click it and fills out my username and password for all websites I visit. I do use it. (Misc. question= Is it good? Should I get rid of it?) About the disk.. Installed it a LONG time ago.. Long lost disk. WHat should I do? Edit: Thank you so much for the help..Armando....... Quote The EZ Anti-virus my dad purchased so I can't really remove it otherwise he'll get angry. (yes, I know, it's not good at all, but he bought it.. *sigh*) SO then which one should I remove?C.A. Computer Associates is a well known company and while I have no first hand knowledge of its EZ Anti-virus , I would think that if it is current and updated ,it should be as good as AVG free ....... ( I would suggest using EZ anti-virus and simply disable AVG ....( dont remove it at this time ) Quote C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeOK , if it's something you use leave it ........ it doesnt appear to be a threat . Usually sites have a box to tick if you want to remember the password ........ I dont have a lot of faith in programs that offer to save that info ....... But thats a personal thing ......... Quote About the disk.. Installed it a LONG time ago.. Long lost disk. WHat should I do?It disturbs me when I hear the comment ...oh I lost the cd ....... How would you do a format and reinstall if required ? What about this one ...... C:\Program Files\YzShadow\YzShadow.exe dl65 Quote It disturbs me when I hear the comment ...oh I lost the cd ....... How would you do a format and reinstall if required ? Pardon me if I'm not the average American who thinks of these things when he gets a computer. I guess I'm just absent-minded Quote What about this one ...... C:\Program Files\YzShadow\YzShadow.exeDon't use it.. Armando...... Quote What about this one ...... C:\Program Files\YzShadow\YzShadow.exeThen /I would remove it .... While you were off line , I went back and checked some of your earlier posts ........ re the Xp SP2 issue ....... If I read correctly , your pc came with ME and the cd you were using was used to install XP on your Moms and Dads laptops ....... that would explain your issue . dl65 Armando... ok , lets mark for removal the items listed above in your hijacklog and then click fix checked and reboot and post a new logfile. dl65 Yes the CD was used to install XP on my stepmom's computer.. I did what you told me to and rebooted (I couldn't find how to check the Program Files so they could be fixed so those weren't changed) |
|
| 115. |
Solve : Norman Antivirus? |
|
Answer» I'm using Norman Antivirus. My employer, a medium sized Australian company, uses it and recommends it for employees working at home. They also provide it free of charge. |
|
| 116. |
Solve : Power supply units? |
|
Answer» OK you guys have been wonderful to me in the past. Now i'm back with probably a stupid question. I have to upgrade my power supply before I can install a new graphics card. Found a nice 450 watt thing. Says it's SATA supported. I have googled the *%$# for sata vs. IDE. I have an IDE. ( i should have bought an apple), Never did i think i would have to spend so much time just TRYING to update my darned computer. IF i don't have SATA on my system, and i have no idea how to tell except i ran a check and everything says IDE on it, will i fry my mother board? Please dumb it down. thanks. Cheriewintermoon... could you post a link to the psu you have found ? I would think its telling you that it will have output (s) for SATA ......... If its a ATX power supply it should be just fine ...unless you have a computer that requires a propriotory psu dl65 wintermoon... Would you happen to know what motherboard you have ? dl65 http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=5414 36&Sku=D15-1000 I have an AMD Sempron 3500+ 1 gig Ram 160 G hd Radeon PCI xpress 200 256 DDR it's a compaq presario 1750 NX with upgrades sheesh i love you guys. wintermoon .... Could you post the actual link to the page that the psu is on ....The link posted gets me to Tiger direct but not to the actual PSU you are interested in . dl65 http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=541436&Sku=D15-1000i keep trying. the url doesn't seem to fit into the frame work. Let me know if that one worked. if not. we can try something else. thank you.wintermoon.....is this the one ? Specifications AC INPUT 115V/230V 10A/6A 60/50Hz DC OUTPUT +3.3V +5V +12V -12V -5V +5VSB 550W Max Combined Watts 28A 40A 20A 0.8A 0.5A 2A 550W Connectors 1x Main Power 20-Pin 1x AUX Power 1x 12V (P4) [highlight]6x Peripheral [/highlight] you will use these to power the hard drive, but not all 6.... lol 2x Floppy 2x Serial ATA Features Serial ATA Ready Dual LED Fans (120mm and 80mm) Laser-Cut Fan GRILL Low Noise Short Circuit Protection Over Voltage Protection Overload Protection dl65 YES that's the one! |
|
| 117. |
Solve : Spyware Trouble? |
|
Answer» My desktop was replaced by a huge "warning infected cpmputer" image and an html keeps appearing on my desktop called "adware reviews" and the properties point to http://www.topadwarereviews.com/?adv=196&ads=b which I HAVE NOT clicked. ALSO, in the system tray I keep getting these 2 popup balloon alerts saying "critical system alert:spyware detected" |
|
| 118. |
Solve : Computer freezes - need help? |
|
Answer» The issue is - whenever any application attempts to connect to the internet, the machine freezes. I have already dropped the partition and reformatted, but the problem remains. The issue is - whenever any application attempts to connect to the internet, the machine freezes. I have already dropped the partition and reformatted, but the problem remains. Because you posted here , you must have been visited by a virus or a trojan ........ which one was it ? You have already been asked ..... You will need to post a LOT more information. when can we expect a response ? dl65 Thanks. This is what I know. Dell Dimension 2400 /w XP Home SP1 Integrated Broadcom NIC (comcast cable modem) Not sure how it started - turned it on in the morning and it froze up. I ran Norton AV, Spybot S&D and Xoftspy - removed what was there (not a whole lot - i keep it clean). Turned off Norton Firewall (just in case). Dropped the partition (twice) and reformatted (twice) - HD 37139 Mb Partitioned - 8 Mb unpartitioned. Reinstalled the os w/ sp1 (and all the necessary drivers) and Norton Firewall and AV Still the same - installed Xoftspy again and a couple of Dell's diagnostic programs - all turn up nothing Dropped the partition (twice) and reformatted (twice) again - reinstalled the os w/ sp1 (and all the necessary drivers) again and only McAfee AV - still the same That's where we stand at the moment. Please, if you need more info, let me know. Thanks. irastotle........ How long does it take before it locks up on you ? dl65 It takes about 3 sec from the time you see either the live update icon or the windows update icon in the tray or attempt to open IE.The first THING to do is install SP2 (Slipstreaming it would be better). What do you mean exactly by "dropped the partition"? Do the event logs show anything?Does your modem look OK in the Device Manager?I am working on OBTAINING a copy of XP SP2 as soon as I do I will install. I booted from the XP disk to reload to OS - deleted the partition, created a new partition and reinstalled the OS and drivers As far as the Device Mgr goes - everything looks fineXP SP2. Is the XP CD a copy? Is there existing data stored elsewhere on the system? If either is true, you may well be reinfecting yourself every time you reinstall.The XP CD is the factory CD from Dell. How do I know if there is existing data stored elsewhere?Ok, XP SP2 has been installed and it appears to be slightly better... IE opens and msn loads, but freezes in about 5-7 sec. Currently, McAfee is installed - not sure if that is causing a conflict or not. I have a few things to do this evening and may not have a chance to get back to the machine today... My NEXT plan of action is to start over from scratch again - deleting the partition/recreating it and installing only the OS, SP1, SP2 and the necessary drivers --- unless someone has a better idea?? Quote The XP CD is the factory CD from Dell. You have a restore CD rather than an XP CD? Do you have any other hard drives or partitions with any files etc on them? I quess it's a restore CD. Will that matter? There are no additional hard drives and the only two items that show up on the partition screen are the main partition (C:) 37139 Mb and unpartitioned space 8 Mb. So, I do not believe that there are any additional files on the pc.OK, so there's no risk of reinfection from stored files. Personally, I hate restore CDs as they reinstall the same old crud every time.
|
|
| 119. |
Solve : Malwares Plz help? |
|
Answer» Hi download.com is one of the most infected sites on the net! I have noticed that you have made that comment before .........What are you basing that on ........ I and many others have D/L utilities from that location on many occassions and have never had any issues. If you could site some reliable sources it would be helpful. dl65 This is the first link that I found via Google. There are sources which support my statement all over the internet: http://www.lifehacker.com/software/spyware-cleaners/downloadcom-congratulates-self-for-filtering-spyware-101399.php Those that have been security concious and aware of security issues for some time know well that downloaddotcom is/was an infected rats nest. The first rule of malware detection/prevention is to download anti malware utilities etc from the authors site or from trusted security sources only. Go anywhere else and you're asking for trouble.Thanks for the info. I never go there, but AdAware links to it on their site even!http://www.hijackthis.de/index.php?langselect=english Quote Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and [highlight]not[/highlight] HijackThis the program.The site has a direct download link to http://www.mmdirect.de/downloads/hijackthis_199.zipHijackthis.de has improved a little of late but do a search on it's history. I don't really care who links to what. Downloaddotcom is/was a cesspit and it's wise to avoid it. In both instances, it's a case of leopards and spots. As yourselves this question, would you trust someone who has continually conned you over the years? I repeat: The first rule of malware detection/prevention is to download anti malware utilities etc from the authors site or from trusted security sources only. Go anywhere else and you're asking for trouble.Backdated...... I appreciate your feedback as far as the link is concerned.......but......that referance was dated ....April 28th , 2005 Quote CNET’s Download.com has always been a dodgy place to get software, and today they’ve proved it. As of yesterday, Download.com STARTED testing their software for adware and spyware - and removed nearly 600 products from their index in the process......... yes perhaps there were issues in the past , however ...... it would appear they have the issue under control. I certainly have no connection to Download.com and as stated before ...... I and many others have D/L utilities from that location on many occassions and have never had any issues. I am giving you first hand experience ...re downloading from that site , not some year old comment . dl65 As I said, that was the first link I came across in Google. There are well documented accounts all over the net and I have had perhaps not first hand experience but I had to deal with a system that was heavily infected after a trojan downloader was included as an added extra in a file from ddcom. This was only about 2 months ago. As I said, leopards and spots. If you give advice to users regarding the subject of virus/malware removal and prevention, please direct them to trusted sources only if they need tools etc. It's not too much to ask is it? Backdated ......... Quote I have had perhaps not first hand experience but I had to deal with a system that was heavily infected after a trojan downloader was included as an added extra in a file from ddcom.I tend to offer advice or opinions based on first hand experience rather than he said , she said information. dl65 |
|
| 120. |
Solve : Firewall and MSN Messenger - probs a silly ques? |
|
Answer» hi, sorry if this is a really FOOLISH question |
|
| 121. |
Solve : looking for virus infomation? |
|
Answer» if you are interested in knowing about VIRUSES, then visit www.skillsheaven.com.. |
|
| 122. |
Solve : Can not change desktop? |
|
Answer» I am running a windows xp pro OS with an athlon 2200 and 1 gig of ram.There is a big black box with the words spyware infectionn in the center of my desktop.I am unable to change my desktop in anyway .I have run spybot,adaware,and ewido antispyware programs as WELL as NORTON antivirusto no avail.I have a hijack this log that will be posted belowAny help or hints will be greatly appreciated. |
|
| 123. |
Solve : Slow Outlook 2003 (Using Hotmail)? |
|
Answer» Hi, |
|
| 124. |
Solve : Problems removing NEWDOTNET? |
|
Answer» [size=14]Hi there... A while back I thought I had cleaned everything and apparently my HJT file looked good. Well, I was searching for a file the other day and noticed that NewDotNet still has a file on my computer. I tried running every free program listed here (and listed on another site) and the file is still there. I then tried to manually remove it and my computer wouldn't bring up windows after that. I did a system restore and am now back to where I was before. I reran all the cleaning/scanning programs and am here to see if you awesome folks might have an idea of what to do to get rid of this problem! Thanks so much in advance![/size] |
|
| 125. |
Solve : Fixing items in Hijackthis log? |
|
Answer» How would I go about deleting these items in my hijackthis log file? :-? O1 - Hosts: 127.0 O1 - Hosts: 12zsearchtoolbar.com O1 - Hosts: 12zsearchtoolbar.com O1 - Hosts: 12 O1 - Hosts: 127.0. O1 - Hosts: u.com O1 - Hosts: com O1 - Hosts: r.com O1 - Hosts: bar.com O1 - Hosts: olbar.com O1 - Hosts: toolbar.com O1 - Hosts: ertoolbar.com O1 - Hosts: wsertoolbar.com O1 - Hosts: rowsertoolbar.com O1 - Hosts: 127.0. O1 - Hosts: 127.0.0 O1 - Hosts: 1 O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab Is the following entry dangerous? My analysis said it was possibly dangerous, and I've heard it is a trojan. I just wan't to be sure so I dont screw anything up. C:\WINDOWS\system32\winlogi.exeWraith...... How about posting the full complete hijackthis log .........and then we will be able to give you a definitive response. Quote C:\WINDOWS\system32\winlogi.exeagain it may be an issue however the complete log is required . dl65 Logfile of HijackThis v1.99.1 Scan saved at 7:49:38 AM, on 2/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Apache Group\Apache2\bin\Apache.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Intel\Intel APPLICATION Accelerator\iaantmon.exe C:\Program Files\Apache Group\Apache2\bin\Apache.exe C:\Program Files\NORTON Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\PRISMSVR.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\MsMovies\MsMovies.exe C:\WINDOWS\system32\winlogi.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jay\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O1 - Hosts: 127.0 O1 - Hosts: 12zsearchtoolbar.com O1 - Hosts: 12zsearchtoolbar.com O1 - Hosts: 12 O1 - Hosts: 127.0. O1 - Hosts: u.com O1 - Hosts: com O1 - Hosts: r.com O1 - Hosts: bar.com O1 - Hosts: olbar.com O1 - Hosts: toolbar.com O1 - Hosts: ertoolbar.com O1 - Hosts: wsertoolbar.com O1 - Hosts: rowsertoolbar.com O1 - Hosts: 127.0. O1 - Hosts: 127.0.0 O1 - Hosts: 1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto O4 - HKLM\..\Run: [virtual-ie] winlogi.exe O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Desktop Macros] C:\Program Files\Desktop Macros\MacroS.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (ALTERNATIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B5B3DEDA-EF7F-40AE-81C8-EF9F78409863}: NameServer = 67.21.13.2,67.21.13.4 O20 - Winlogon Notify: accwms - C:\WINDOWS\system\accwms.dll (file missing) O20 - Winlogon Notify: infoap - C:\WINDOWS\system32\IAS\infoap.dll (file missing) O20 - Winlogon Notify: keyodbc - C:\WINDOWS\system\keyodbc.dll (file missing) O20 - Winlogon Notify: netcr - C:\WINDOWS\Config\netcr.dll (file missing) O20 - Winlogon Notify: svrmc - C:\WINDOWS\MICROS~1.NET\svrmc.dll (file missing) O20 - Winlogon Notify: sysodbc - C:\WINDOWS\Cursors\sysodbc.dll (file missing) O20 - Winlogon Notify: taskad - C:\WINDOWS\AppPatch\taskad.dll (file missing) O20 - Winlogon Notify: tasklog - C:\WINDOWS\AppPatch\tasklog.dll (file missing) O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto PROTECT Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing) Oh, nevermind I should have figured this out myself... :-/ EDIT 1: I deleted at least most of the malicious entries I believe.Found the fixit button eh? GOOD for you, take a look around in Hijackthis, there is some good stuff there.The following entries need attention: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O1 - Hosts: 127.0 O1 - Hosts: 12zsearchtoolbar.com O1 - Hosts: 12zsearchtoolbar.com O1 - Hosts: 12 O1 - Hosts: 127.0. O1 - Hosts: u.com O1 - Hosts: com O1 - Hosts: r.com O1 - Hosts: bar.com O1 - Hosts: olbar.com O1 - Hosts: toolbar.com O1 - Hosts: ertoolbar.com O1 - Hosts: wsertoolbar.com O1 - Hosts: rowsertoolbar.com O1 - Hosts: 127.0. O1 - Hosts: 127.0.0 O1 - Hosts: 1 O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto O4 - HKLM\..\Run: [virtual-ie] winlogi.exe O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab O20 - Winlogon Notify: accwms - C:\WINDOWS\system\accwms.dll (file missing) O20 - Winlogon Notify: infoap - C:\WINDOWS\system32\IAS\infoap.dll (file missing) O20 - Winlogon Notify: keyodbc - C:\WINDOWS\system\keyodbc.dll (file missing) O20 - Winlogon Notify: netcr - C:\WINDOWS\Config\netcr.dll (file missing) O20 - Winlogon Notify: svrmc - C:\WINDOWS\MICROS~1.NET\svrmc.dll (file missing) O20 - Winlogon Notify: sysodbc - C:\WINDOWS\Cursors\sysodbc.dll (file missing) O20 - Winlogon Notify: taskad - C:\WINDOWS\AppPatch\taskad.dll (file missing) O20 - Winlogon Notify: tasklog - C:\WINDOWS\AppPatch\tasklog.dll (file missing) O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing) Reboot to Safe Mode, search for and delete the following files or folders: C:\Program Files\MsMovies\ winlogi.exe It would be advisable to disable System Restore and flush any restore points and to carry out full AV and malware checks. |
|
| 126. |
Solve : Help requested regarding Zonealarm? |
|
Answer» Hi If Johnny would have obtained this CD legally, there would be no porblems. Unless of course it was a SonyBMG music CD. I'm not so sure what that is... A burnt CD? FlameOne of Sony's titles that incorporated a rootkit. Google for that story if you haven't heard it. http://www.boingboing.net/2005/11/17/sony_rootkit_roundup.html |
|
| 127. |
Solve : Quick question on AVG...? |
|
Answer» Does AVG Free Edition search for adware and spyware along with viruses?Not that I know of... If your computer is compatible, then USE Microsoft AntiSpyware BETA. Best spyware bloodhound out there Microsoft AntiSpyware BETA is free...Lets not forget what "beta" stands for. It is a program in the works and the users of beta programs are the field testers.......you take your chances, the same goes for "free programs" again field TESTING.qzqhk2 Quote do not forget what "beta" stands for. It is a program in the works and Your correct ......but antispyware actually works better than most ...... dl65 Quote QuoteHow long has the "beta" version been out now? It's been over a year, the first version was released January 6, 2005. So, I'd hardly consider that still "beta". Why they haven't dropped "beta", I have no idea, but it's clearly been used by MANY thousands of users by now, and it seems to have a good track record.Microsoft AntiSpyware BETA is free...Lets not forget what "beta" stands for. It is a program in the works and They will drop the 'beta' when they start charging money for it. Last time they MUTED that idea the public backlash scared them.... 'People Power' I think they're now between a rock & a hard place, they don't know what to do with it. No it does not. I use AVG and also use AdAware SE, SpyBotSD and SpywareBlaster all of which are freeware. FREEWARE |
|
| 128. |
Solve : New.Net Parasite? |
|
Answer» Any idea what New.Net is and how to get rid of it? It keeps coming up on my Spy Subtract log as a parasite in the windows registry and when I delete it it comes back. I am running XP. I have deleted it, SHUT off the system restore, rebooted and TURNED on the system restore and it comes back when I rescan with Spy Subtract. Ad Aware and MS Windows Defender don't seem to find it.Ewido is the flavour of the Month. |
|
| 129. |
Solve : Disgusted with Norton. Good alternatives?? |
|
Answer» I've always hated Norton. Wont that be out dated soon? since they no longer update the free version? Listen & learn Grasshopper. Thank you all for your excellent recommendations. I will check them all out. Any more suggestions... keep 'em coming! Soon, hopefully, I can become Norton-free.AVG Free. Norton is a horrible memory hog and it acts like a virus when you try to remove it. Don't forget Firefox..I would suggest paying for an alternative, but if you only want a freeware anti-virus I would highly recommend Avast!, unless you have an old computer (because it runs a little slow on older machines). If you want to purchase an AV I would suggest getting Trend Micro's PC-cillin. I also recommend Sygate as a personal firewall. Quote Wont that be out dated soon? since they no longer update the free version? I know many people who use an older version of ZoneAlarm from 2 or 3 years AGO because they like it better than the new ones. Links to all of these free utilities, plus plenty of anti-spyware ones, can be found on this page. with regards[/color] Quote AVG Free. Norton is a horrible memory hog and it acts like a virus when you try to remove it.AVG free found items that norton and mcafee missed. avgfree"www.grisof.com" both norton and mcafee caused me a lot of headachs.yeh, i hate norton (came preinstalled with this laptop). For antivirus i use McAfee (if you want a free one go for AVG) for firewall i am using kerio free. Who dug up this thread from a month ago? I have personally not heard much anything good of norton, I uninstalled everything on my machine with the words norton or symantec as soon as I plugged it in. I like McAfee, but I love Avast! personal edition(free), I use Zone Alrm personal firewall(free) and have no complaints about it at all. I also use adaware personal and microsoft anti spyware beta. I really like free stuff but I am very cautious about what I download. I personnally like to use the free shareware available for download at http://http://www.komando.com/I also used to have Norton. Never again. Bloated, resource hungry, invasive, not nearly as effective as they'd like you to BELIEVE. I use freeware exclusively to secure my systems. My main unit has been completely clean for over 3 years now, after dumping Norton. On the units I use for test purposes, freeware security apps have performed as well as the purchased ones, if not better. For the AV, I've settled on AntiVir. It doesn't have all the fancy extras the big names do. Doesn't use near as much disk space or system resources either. It's done quite well for me, especially against trojans. For the firewall, I use Kerio 2.1.5. Very small, strictly rule based, very configurable, no frills. For protection against malicious scripts, check out Script Sentry. It's caught things for me that everything else missed. For controlling ads and popups, Proxomitron is tops. If you need something to monitor your registry, especially the autostart areas, give RegistryProt a try. All these are high quality applications that are free, easy on disk space and resources and are very effective. All of them combined use far less disk space and resources than NIS does. RickBeen using Norton for over 3 years, and I'm satisfied with it. Bought Norton System Works (NSW) 2002 and Norton Personal Firewall 2002 as a package sometime near the end of 2002. At that time, my OS was Win 98SE. I installed NSW, which includes NAV, with Win 98SE. Subsequently, I started using Win XP; with it, I only installed the NAV component of NSW. I also installed Norton Personal Firewall 2002 with Win XP. Of course, I have renewed annual subsriptions to NAV so that I continue getting updates to virus DEFINITIONS. Never got infected with a virus while using NAV. And, going back 1 to 2 years or so ago, I actually received hundreds of virus-infected messages from junk mail coming in from a website I maintain. NAV stopped all of them. Works fine for me. Seems to be working fine for my son, who also has NAV and NPF on his computer. I'm not sure what version/year he has. One clear impression I've gotten from various forum discussions on Norton is the resource-hog complaints indicate that Norton got worse in 2003 and 2004 than in 2002, and then got better in 2005; by then, Symantec apparently decided too many users were complaining about that aspect of Norton. So, I'm glad I just kept renewing my subsriptions to NAV 2002 rather going out and buying the 2003 or 2004 version. |
|
| 130. |
Solve : AVG Flaws?? |
|
Answer» It seems like a LOT of you use AVG Free for ANTIVIRUS protection. I must know however, is there anything bad about it? Any flaws? Regrets? Never had a problem with AVG itself although I have had to re-install it once when I made a mess of the system. I had a similar situation. Although it got annoying sometimes, but I was generally well pleased with it. I especially liked how it would pick up objects that others scanners couldn't find. |
|
| 131. |
Solve : SPAM contains personal/VERY familiar info. W? |
|
Answer» I often get SPAM that contains my first or last name, my city or state, and sometimes the subject contains a word/topic/name that I have recently looked at or emailed regarding. E.g., I have a friend with a truly unique last name...trust me on that!...and it showed up a few days later in the hodge-podge random-word-generated subject line of a SPAM email in my box. Assuming I behave safely day to day on the web (no chats, no file sharing), is there anything else I can do to root out possible problems?Programs to run? I am NOT having any noticeable PC problems. Oh, yeah, and I am behind a wireless router. |
|
| 132. |
Solve : Is the Firewall protection in XP Pro SP2 any good?? |
|
Answer» I was reading in a post on down in this section, an opinion that the SP2 Firewall in XP may still allow problems. The best choice you ever made was switching from ME to XP. Come back and see us if you have any more questions. I may not post, but I am on here reading most everyday. This is a great web-site. |
|
| 133. |
Solve : Virus Warning!? |
|
Answer» Got this in my email this MORNING Note: forwarded message attached. Good for AVG!Sounds like they're on top of things... I'll have to give AVG a SHOT sometime... Flame |
|
| 134. |
Solve : Top 5 online virus scanners? |
|
Answer» Perhaps the best of all! This is a rating of the top 5 online virus scanners! We'll have some opinions on this one http://antivirus.about.com/cs/softwarereviews/tp/aaonline.htm ... What do you think of the results? Hey, try them! They're free! |
|
| 135. |
Solve : Kama sutra virus to hit Feb 3rd?? |
|
Answer» Hello everyone. Just heard over the news of this NASTY virus! Any major worries :-? Should all the major anti-virus software be updated for tlhis occurance? Any advice from the computet Gods??? Is it possible to get infected with a virus or worm if you don't open email attachments? Yes, plus there are the trojan, spyware and adware problems. You need a full supply of protection in your arsenal if you are using a Windows system. One program is NOT enough! |
|
| 136. |
Solve : Norton wont run, copy/paste quit, and so much more? |
|
Answer» About a week ago, Norton detected a virus on my computer and removed it. If I remember correctly it was called backdoor.formador. I am running windows 2000. I rebooted in safe mode, ran norton again, it detected the trojen and deleted it. I ALSO ran ewido, ad-aware and MICROSOFT spyware, just to be on the safe side. When I rebooted back into normal mode, the trouble began. Now, Norton antivirus will not open or run. I can no longer copy/paste no matter which method I use. I cannot open my add/remove program folder in the CONTROL panel. I have Real Rhapsody, that no longer works. These are just some of the things I have noticed. When I reboot my computer, it takes about 5 minutes to get going, about 3 times longer than it usually takes. Im at my wits end. if anyone can help me I would be so grateful. Just let me know what you need me to do. I do have Hijackthis if a log file is needed. |
|
| 137. |
Solve : Computer sending out spam/email???? |
|
Answer» Well I think I've either got a virus or some spyware on my computer. For the LAST two WEEKS every time I check my EMAIL I GET a ton of undeliverable, delivery STATUS failure, and returned mail from all kinds of people that I never sent anything to (at least that I know about). Is there any way to fix this? I would hate to think that my email is being used to spam millions of people. www.ccleaner.com |
|
| 138. |
Solve : Relax? |
|
Answer» :-? Greetings People.Just a quick question. My Start up sequence has been infected and adjusted by the Relax VIRUS. When I start my computer It says Relax as all your files are now being deleted. This HAPPENS befor it goes into windows.It says press any key to ccontineuw. I press the return key a few times and windows starts up. I don,t know where this came from and I sure as *censored* don,t know how to get rid of it. Could you please give me some suggestions. P,S Everybody have a happy new year.It sounds like a hoax, does anyone else have access to your computer? Download Hijackthis, run a scan & post the log file here.Quote The bottom of your scan is being cut off, you will have to post it in 2 or 3 sections.You can do it. |
|
| 139. |
Solve : Virus/trojan affecting mouse? |
|
Answer» I have a Dell Dimension 8100 512 MB of RDRAM running on Microsoft XP. |
|
| 140. |
Solve : Re: ADW_GAIN.H? |
|
Answer» It will be a variant. |
|
| 141. |
Solve : What is "american.exe"is it a trojen?? |
|
Answer» Hello, I'am the new kid on the block,and this is all new to me,I hope i'am the correct forum. |
|
| 142. |
Solve : Security Hole? |
|
Answer» Does anyone KNOW anything about the .WMF security hole ? I heard it's a hole created by Microsoft so that the government can spy on you for security reasons... Anyone know what the truth is? :-/ Does anyone know anything about the .WMF security hole ? I heard it's a hole created by Microsoft so that the government can spy on you for security reasons... Anyone know what the truth is? :-/ I noted this version at the first time we mentioned it at this forum if you remember. Can we test that if patch worked or not? I don't think MS updates are so reliable. Quote Windows Update does not show anything that has not been installed. I probably have it somehow... :-/ You can always download the Microsoft Baseline Security Analyzer. In addition to common security misconfigurations, it will identify security patches that have not been installed. http://www.microsoft.com/downloads/Browse.aspx?displaylang=en&productID=38DF6AB1-13D4-409C-966D-CBE61F040027 MBSA is about 2/3 down the page. Good luck. 8-) Another one to be added to Urban Legends. Strictly a rumor. If the government WANTS in your computer, they will get in, with or without any HELP from MS. |
|
| 143. |
Solve : IRC bot/Serv-u FTPD hack kit - Huh?? |
|
Answer» I'm told I could have a bug, virus, spy or something scary called an IRC bot/Serv-u FTPD hack kit that Running with restore turned off and in [highlight]SAFE[/highlight] mode. Safe Mode is F8 when the machine starts (before you see the Windows logo). You can tap the key several times as the machine is starting. System Restore info is here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam You have learned a great deal this week. Be sure and practice safe computing. We are glad you are up and running, though. Hi again, Thanks for the info GX1_Man, I spent some time trying to find the system control panel (I'm using the windows 'Classic' layout) but got there in the end. Also remembered the tapping of F8 for safe mode (thanks), haven't tried either yet but will do so later. In the meantime I have a HIGHJACK log - hope it helps - Logfile of HijackThis v1.99.1 Scan saved at 16:57:30, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\SLEE401.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Steganos Security Suite 5\spm.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe D:\Programs\Psuite.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Steganos Security Suite 5\steganos5.exe C:\Program Files\Steganos Security Suite 5\safe.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start PAGE = http://www.universal-archives.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\XIOD\XIOD3200U USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [SSS5SPM] "C:\Program Files\Steganos Security Suite 5\spm.exe" /booting O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401CYou will have to copy & paste your HJT log in 2 or 3 sections. Carry on from where it was cut off.Sorry [smiley=sad.gif] \EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE401.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe That's all - sorry I didn't spot that. Springbokspringbok........ Mark for removal : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phas e=6&key=SEARCH Then there are a number of questionable items ........ if you ARE NOT SURE WHAT THEY ARE remove them as well. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\XIOD\XIOD3200U USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm Now click on Fix Marked ...then reboot and see how things are . dl65 Hi dl65, Late comeback due to our different time zones. I didn't delete anything as yet, but one or two lines there I do recognise. First is - O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\XIOD\XIOD3200U USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" My broadband works via an EXTERIOR X10D modem. Because my 'out in the sticks' phone line is so bad I lose connection every few minutes. The X10D re-connects. (I think maybe that's what this O4 - HKLM\ line does). --------- O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe This Ghostsurf is one my stepson put on via a cd. The prog's not installed so I guess the line can be deleted. ---------- The two O9 - Extra button: Internet Download Accelerator lines. Download accelerator is associated with IE - so it fires up whenever I go to a download. If I remove the line will Download Accelerator still work? ---------- There's just one more thing - how or where do I find these lines to remove? I never saw them before I used hijackthis - and that only gave me a text list. Should I use 'search' to get them? Thanks for your help, Springbok Ps dl65, Yesterday I went to the Microsoft website, and got my PC checked for updates. Seemed I needed quite a few accociated with IE (and others). I let it download and install the lot - about 15 minutes worth. Mention this 'cos you asked about updates. Don't know why Auto Update missed them :-? SpringbokAhem, I er, found out how to delete from the registry. [smiley=rolleyes.gif] And I deleted R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phas e=6&key=SEARCH Just in case any of you guys would like to know, you just click Start, Run, type Regedit and click Ok! Ok, I'm going, I'm going . . . . [smiley=lolk.gif] Still need help, not an expert quite yet. Springbok When you run a HJT scan you can delete entries by ticking the checkboxes from within the program. Is your computer ok? |
|
| 144. |
Solve : To many to list.? |
|
Answer» Hi , I did notice a considerable difference in the screen refresh time once Spy Bot was installed?Tell us more about this, faster, slower, what SPybot options have you used? Quote My next hurdle is getting her pc and mine to both run using Verizon DSL. I'm glad all is well with that machine now. Are you planning on running wired or WIRELESS? We can help get you set up wih that as well. Do you have equipment yet? If you need help, just star a new thread in the Hardware Forum called "Need help with network setup" or something like that.Fed , The screen refresh time was slower once I installed Spy-Bot. Options? I pretty much used auto install for all the software don't know enough to do it manually. GX1_Man , I will be using Linksys Wireless-G equipment. It worked well when I had Comcast cable and we both had much older machines. Unless the install goes 1 2 3 , which never happens for me, you can bet you'll see a thread from me. lol Saves me a helluva lot of time. Thanks again. Do you have a small Spybot Resident Icon in the right hand side of your taskbar? If not, then spybot isn't even running and your slow refresh time is being caused by something else. Possibly Microsoft Antispyware is doing it as adaware doesn't run all the time & AVG is very easy on system resources.Fed, Your right there is no icon in the taskbar. There is one for each AVG and MS Antispyware but only a desk top for Spy-Bot. I'm using her PC now and it's not bad at all. Maybe DSL went slower with high usage? Just a guess.Open the Spybot main screen, then set it to Advanced Mode, then open the Tools Section and have a look around. There is a lot more to Spybot than meets the eye. Check out the Resident. |
|
| 145. |
Solve : What firewall is better?? |
|
Answer» I'm not LOOKING for the SUPPOSED BEST firewall, but of these two, which is better? :-? |
|
| 146. |
Solve : http://www.ix.se/? |
|
Answer» here's the scoop... i have windows xp pro, and i run spybot and symantec ANTIVIRUS. the problem is and it only happens the first time i log on to the web and open internet explorer. explorer OPENS and a SECOND pop up... http://www.ix.se/... i've run spybot and antivirus and neither has found this spyware or adware, and both programs are UPDATED and help would be great!Download and run AdAware after updating it Thanks for posting back. please let us know what worked. I'm glad everything is fixed! |
|
| 147. |
Solve : Norton Virus? |
|
Answer» Hi I installed Norton virus and now I cannot use yahoo messenger or aol messenger? I can use msn messenger. How can I fix this??Uninstall Norton? Seriously you have to give a few details about your system - specs, operating system, any spyware/adware solutions being used. what happened prior to this, specific error MESSAGES, etc. lovehopepeace..... Open up Norton Anti virus ......and click on options ....then in the Internet section ...click instant messenger ....... then make sure you put a tick in the box in front of AOL Instant messenger and Yahoo Instant messenger ......I'll bet MSN/Windows Instant messenger is already ticked ......that should do it ....... This is what I did and it worked. Thank you so much for your helpHi all , I'm new around here. Hello to you all. Happy New Year and Best Wishes for 2006 ! [smiley=shocked.gif] You still use Norton Antivirus ? Yikes , I don't want to ever INSTALL that one again. Neither do I recommend people to use Norton or Mcafee. Norton and Mcafee suck big time. I use Panda Platinum Internet Security 2005 and it works well here. I use Panda for a few years now. Never had any virus since then. Used Panda Antivirus Titanium 2004 before I switched to Panda Platinum Internet Security. At first I had some problems with it , but now I know what was causing that , the internal built-in firewall. It all works well now. Panda also has TruPrevent Technologies aboard , which looks for suspicious behavior of software and also checks the processes. PandaSoftware rules !!!!! Norton is fine usually, in our experience. Anyone having TROUBLE with their existing virus program might like to TRY the free AVG from Grisoft. Works well for us too. http://www.grisoft.com/doc/1 The Simple Security Team http://www.lulu.com/simplesecurity |
|
| 148. |
Solve : please help decipher hijack this log? |
|
Answer» The symptoms are slow internet and many pop-ups. I thought I had it cleaned out several times but keeps comming back. If one of you experts could let me know what needs to go I WOULD be grateful. Here is the log. I have windows xp pro and a hardware firewall. No antivirus software running. Thanks for your time. I thought I had it cleaned out several times but keeps comming back.what software do you use to clean out this crap....? dl65 Thanks for your reply dl65. I had tried using AdawareSE and the Yahoo antispyware tool. That didn't get me very far so I RAN adawareSE in safe mode and deleted some registry entries in the run section that I knew did'nt belong there. Things were fine for a few minutes but like I said it always found it's way back. I know Hijack this is a powerful tool for getting rid of these things but also have to UNDERSTAND what you are checking for removal. I'm not up on all that but I know where to come for good advice I will definately take your advice on the sp2 and updates and get anantivirus app installed. Again thanks for the help. By the way the computer infected is used by my 12 year old daughter and unfortunatly despite my preaching she will just click on about anything without a second thought. All the more reason to protect it properly. Spybot, AVG Free, CCleaner, and A2 come to mind as required items for this machine. gliss..... you have to understand that a unprotected pc can and usually does become infected with all sorts of nasties within minutes of being online . I would strong suggest that you do a bit of boning up on nasties and how to avoid them . And yes Hijackthis is a powerful tool ........but it does a great job . dl65 Is it fixed? [timestamp=1136437738] Quote By the way the computer infected is used by my 12 year old daughter and unfortunatly despite my preaching she will just click on about anything without a second thought. Make her user account "restricted." This will GREATLY lower the chance of her unintentionally installing something malcious, and it restricts the abilities of anything that does manage to get through. with regardsYes, I did as dl65 said and it worked like a charm. I will now take the rest of the advice offered here and get to work hardening the system against future threats. It sometimes takes a good "wake up" call like this to realize how important security is. Thanks to dl65 and all who replied. |
|
| 149. |
Solve : slow internet - adsl lights blinking like crazy? |
|
Answer» There was also some suspicious ilt.exe running.. I have removed that, but still... internet is REALLY slow! Please help! |
|
| 150. |
Solve : Need assistance with a virus I've got.? |
|
Answer» I'm new here so I want to first say hello. I'm an intermediate computer user but this virus I have has got me stumped. According to Norton it's the Trojan.Zlob virus. I've GONE through the removal for this particular virus step-by-step twice. The first time I ran the virus scan I had two infected files: |
|