InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 1551. |
Solve : I need help in locating viruses protection.? |
|
Answer» I need help locating a viruses protection for an old Dell lap top that I have not NEEDED to USE for some time. I now need to get it up and RUNNING. It has Windows ME on it. No one seems to sell any THING for ME any more.Avast! Home Free Edition <- Free and works with 98/ME |
|
| 1552. |
Solve : Windows Vista - Issues with Norton? |
|
Answer» That is all RELATIVELY HARMLESS. Shouldn't have ANYTHING ELSE to WORRY about. |
|
| 1553. |
Solve : How do I permanently delete Incredi-mail Icon from my desktop ?? |
|
Answer» First of all I want to warn you that I am BARELY computer literate. I can turn the computer on and do what I need to do. That being said, this Incredi-mail Icon turned up a few weeks ago. Everytime I boot up I get a message, Incredi-mail Icon is installed on my DESK top, this will MAKE it easier to install the program. |
|
| 1554. |
Solve : How would one detect "keystroke" spyware on one's computer?? |
|
Answer» Yep . . . . that's the question. WINDOWS XP / no network / home computer.are you saying you have a viral infecton or just a queston?I think AGP is WORRIED he/she might have a keylogger INSTALLED on the computer. |
|
| 1555. |
Solve : deefress site..? |
|
Answer» hello to all, I'm new to this world. Anybody there knows deefress, its a security software but I'm not familiar with it I just hear from somebody else. ANYONE can send me the link where to download the installer of this..?thanxI did a couple of searches and nothing came up. Deep Freeze ensures computers are absolutely bulletproof Remember that nothing is "bullet proof" when it comes to security. There are flaws in everything. It STILL takes safe internet practice to stay out of harms way no matter how tight your security measures. |
|
| 1556. |
Solve : Pls help to check Log files? |
|
Answer» My laptop just got infected with malwares and spywares. I followed the instructions on how to remove it. So far, It had been okay. I just want to make sure that I had removed all of it and there is no more infected files. Please help to check...Thanks =)
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates SITES on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 1557. |
Solve : tcp/ip filtering,i only want the bare minimum.? |
|
Answer» under the section of TCP/ip filtering it list the FOLLOWING,TCP ports, UDP ports, IP PROTOCOLS and the settings are set to allow all in all three CATAGORIES. my question is, are there a bare minimum i can set to allowed? and also is it possible to prevent my machine from responding to a ping request? i am using comodo firewall and do not see ANYTHING that would prevent this. i have checked with google on all that is litsted above and have been unsuccessfull in finding the answers. thanks for your time on this ! |
|
| 1558. |
Solve : icons and task bar are gone, can't right click on desktop...windows infected? |
|
Answer» I've tried removing it with add/remove programs when rebooted, F-secure was no longer on the add/remove list but the F-secure folder was still in my program files.
If it comes back let me know.ok that worked. Does this also clean the registryNo it doesn't. Now run CCleaner.
thank you for all your help!Glad it worked. Safe surfing.... |
|
| 1559. |
Solve : Heavily Infected Laptop w/o Internet Access? |
|
Answer» My son's Dell Inspiron 8600 laptop is heavily infected. I followed steps 1, 2 & 3. With Step 3, SAS could not UPDATE because the laptop cannot connect to the internet DESPITE a wireless modem that appears to be working fine with an excellent signal. So, I did a complete scan with definitions the program said were 45 days old. It still found 200+ viruses that it quarantined. After rebooting, I was hoping to regain internet access, update SAS, rerun it and continue with the remaining steps but that did not happen. |
|
| 1560. |
Solve : Spanish warning/IE temp files virus? |
|
Answer» I am in need of help. I have a virus I cannot get rid of at this time. First off I can detect with Norton Corp Edition, the following is the message:
Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.
C:\WINDOWS\system32\mscdexntp.exe_.exe EmptyTemp [start explorer]
Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway. ---------- How is everything now?Explorer killed successfully C:\WINDOWS\system32\mscdexntp.exe_.exe moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DF8572.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DF9361.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DFC6B6.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\~DFC6C3.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09102008_094552 Thanks for the help I need to reboot to see. I still cannot acees temp files. Then do not know about the other problem until detected. Will however take the advice on the virus protection.Download SDFix by AndyManchesta and save it to your desktop. When using this tool, you must use the Administrator's ACCOUNT or an account with Administrative rights
Open the SDFix folder and double click RunThis.bat to start the script.
[recovering disk space -- attachment deleted by admin] Quote Still no temp files What exactly do you mean by this? There is still two antivirus installed! Which one do you want to keep? McAfee SecurityCenter or Symantec AntiVirus. I will go with Symantec. I cannot get to the temp ie files without pathing it out through the run commandGo to add or remove programs and uninstall everything related to McAfee. Next install and run the McAfee Consumer Products Removal Tool. http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033 Be sure the computer has been restarted after it is finished. Now run a new HijackThis scan and post the log. Here you go. Here is the requested file. The Spanish warning has not come up all day Thanks [recovering disk space -- attachment deleted by admin]Do you use Verizon Broadband? If not then uninstall the Verizon Broadband Toolbar. Final steps. Download OTCleanIt.exe and save it to your Desktop.
---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain COOKIES from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 1561. |
Solve : I have a Trojan virus and need help? |
|
Answer» I have a virus and need some help with it. I have a Compaq Presario 2.8 GHz with 760 mb RAM and I'm running Windows XP service pack 2. I have followed all the guidelines on the forum and here are my logs.
---------- Download and install TrendMicro HijackThis.exe (HJT) Don't scan with it yet. ---------- Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. Okay Now it's going even further downhill. When I try to turn off my AVG it's not responding and I'm getting a message about a problem with rundll32. When I try to run Combo fix it POPS open but won't finish running. What do I do now? Thanks!Close all other browser windows. Go to Start > Run and copy/paste in the following: "%userprofile%\desktop\combofix.exe" /killall Press Enter and Combofix will begin to run. When finished, it will produce a log file located at C:\ComboFix.txt Post the contents of that log in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall.Sorry for causing so much trouble. When I do that I get a big blue box with a flashing curser that opens up and after 5 minutes of waiting it's still just a flashing cursor there. Is there supposed to be text or something? Lets try this instead. Download SDFix by AndyManchesta and save it to your desktop. When using this tool, you must use the Administrator's account or an account with Administrative rights
Open the SDFix folder and double click RunThis.bat to start the script.
SDFix: Version 1.223 Run by Administrator on Wed 09/10/2008 at 03:16 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\Documents and Settings\Administrator\Desktop\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : C:\WINDOWS\Fonts\*.zip - 1 File(s) 115,979 bytes - Deleted Folder C:\Temp\1cb - Removed Folder C:\Temp\tn3 - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 15:24:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "LoadAppInit_DLLs"=dword:00000001 "AppInit_DLLs"="avgrsstx.dll iqpfgl.dll" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:xpsp2res.dll,-22019" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:xpsp3res.dll,-20000" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\\Program Files\\Hasbro Interactive\\Scrabble v2.0\\Scrabble v2.0.exe"="C:\\Program Files\\Hasbro Interactive\\Scrabble v2.0\\Scrabble v2.0.exe:*:Enabled:Scrabble v2.0" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:xpsp3res.dll,-20000" Remaining Files : Files with Hidden Attributes : Sun 17 Aug 2008 196 A.SHR --- "C:\BOOT.BAK" Tue 23 Mar 2004 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS" Mon 8 Sep 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 11 Oct 2003 181 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\Desktop.ini.bak" Sat 11 Oct 2003 183 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Pictures\Desktop.ini.bak" Sun 24 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\BIT2.tmp" Wed 10 Sep 2008 444 ...HR --- "C:\Documents and Settings\Owner\Application Data\SecuROM\UserData\securom_v7_01.bak" Mon 8 Sep 2008 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak" Mon 8 Sep 2008 20 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak" Mon 8 Sep 2008 400 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:29:48 PM, on 9/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wuauclt.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\LimeWire\LimeWire.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: (no name) - {b7f87b37-9e16-0564-7445-1b76ddeb1a5e} - (no file) O2 - BHO: (no name) - {DA7183A7-47CC-4D34-87E2-3BC8AE37F160} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax6822.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 8080 bytes Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file) - O2 - BHO: (no name) - {b7f87b37-9e16-0564-7445-1b76ddeb1a5e} - (no file) - O2 - BHO: (no name) - {DA7183A7-47CC-4D34-87E2-3BC8AE37F160} - (no file) - O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) - O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "AlcxMonitor"=- Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry. Restart the computer. ---------- How is everything now?Seems to be working great now!! Thank you!!Final steps. Download OTCleanIt.exe and save it to your Desktop.
---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all CRITICAL updates. ---------- To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and SPAM. Safety ratings from McAfee SiteAdvisor are based on automated safety TESTS of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 1562. |
Solve : VIRUS ALERT in Timebar? |
|
Answer» Out of nowhere, my WINDOWS XP Comp won't let me ENTER my properties because it has "been disabled by administrator", wont let me enter the C Drive, or get into my programs or registry once again cuz "been disabled by administrator". i have hijack this and have uploaded my log. Please help!
Open the SDFix folder and double click RunThis.bat to start the script.
But still "virus alert" in time bar abd no "C:\" Heres my new log and report Thanks so far [recovering disk space -- attachment deleted by admin]Download Malwarebytes' Anti-Malware (MBAM)
---------- Now run a new HijackThis scan and post that log.I tried copying and pasting the MBAM Log but it exceeded the 2000 limit so i attached it instead [recovering disk space -- attachment deleted by admin]Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - R3 - URLSearchHook: (no name) - {F7301905-45EC-4459-9919-B6002ABD5102} - (no file) - R3 - URLSearchHook: ToolbarURLSearchHook Class - {E26029B4-C5E8-4645-9C02-E798715F8C0D} - (no file) - O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) - O2 - BHO: (no name) - {8CEF3531-5751-4AF4-8735-C87F2B767EFF} - (no file) - O2 - BHO: QXK Olive - {A17B7E0A-5C24-4164-AD85-7CA896C66F0F} - (no file) - O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll - O2 - BHO: {578ed15d-3cdb-50ca-6a94-2a8ed02cbc6b} - {b6cbc20d-e8a2-49a6-ac05-bdc3d51de875} - (no file) - O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file) - O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) - O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file) - O3 - Toolbar: fqbewlna - {75745753-36ED-47BC-B54B-CFCA6403B379} - (no file) - O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain - O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE - O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe - O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe - O4 - Startup: BoontyBox Play Toad.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe - O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll - O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) - O22 - SharedTaskScheduler: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file) - O22 - SharedTaskScheduler: discommodiousness - {33b8d257-07f6-4c06-8605-94bc21728635} - (no file) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and restart the computer to register the changes made by HijackThis. ---------- Download random's system information tool (RSIT) by random/random from and save it to your Desktop.
[recovering disk space -- attachment deleted by admin]Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. |
|
| 1563. |
Solve : Hjt log check plzz? |
|
Answer» Yes, I am back. |
|
| 1564. |
Solve : VIRUS ATTACK!!!! can anyone help pls??? |
|
Answer» Hi
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- To prevent unknown applications from being installed on your computer INSTALL WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.brilliant!!! you are my hero thanks Glad it worked. Safe surfing..... |
|
| 1565. |
Solve : Folder/Window spam at Startup? |
|
Answer» Did you try any of the file recovery programs in the link?Yes I'm trying Recuva and Undelete PLUS. |
|
| 1566. |
Solve : Re: task manager & programs button missing? |
|
Answer» Thank you evilfantasy for the info in this. I had been trying to REMOVE some malware w/trend_micro's stuff w/o any success. The other PLACE worked just fine and now I have my "windows task manager" back and the desktop is normal again. Keep up the GOOD WORK Welcome to CH. |
|
| 1567. |
Solve : I have not been able to connect. Now I can. Hijack This log.? |
|
Answer» I have not been able to connect and through some stroke of luck I was able to. I wanted to have the log looked at while I had the chance.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. |
|
| 1568. |
Solve : Does anyone know of a malware that does this?? |
|
Answer» As of now, I removed it... But there was a DLL file in my system32 folder trying to write the same file in the same place continually, and failing every time. I found it with process monitor because I was wondering why my computer was running slowly. When I forcefully deleted the DLL (It was in use, naturally...) it BSoD'd the computer. On reboot everything was fine. I've never had a problem with viruses/malware before yesterday, so I didn't know the procedures to deal with it. And I do..... If you don't post the combofix log I can't help. C:\combofix.txtlol evilfantasy I know this is random, but I just noticed that it says ur experience is "beginner" lol i thik ur a little bit better than that The more you learn, the less you know... Quote from: evilfantasy on September 13, 2008, 07:22:36 PM The more you learn, the less you know... LOL WHAT?! You just had me sitting here for like a minute trying to make sense of that haha lol ok ILL leave now...... Don't leave without meeee I write software and there's private stuff on that log, but don't worry, everything's running fine now. Quote The more you learn, the less you know... The more you learn about a subject, the more you realize you don't know about it. I write software, but don't know how to remove viruses, for instance, haha. I completely thought that one DLL was the only file, since it was the only one running, to be honest. ~ BaRR Quote I write software and there's private stuff on that log Nobody can see your code that you have written. Nothing in the log is harmful to you. That would defeat the purpose of what the malware forum is all about. Unless you remove it from the registry you are still infected. Removing DLLS isn't enough. Your choice though. Quote Removing dlls isn't enough Aye, I read on the internet how to remove everything. You were a big help, thanks. I wouldn't have known there was more left if you hadn't pointed it out. |
|
| 1569. |
Solve : Disabled AV? |
|
Answer» While doing research for my on-line COURSE I've noticed that most of the experts when they're cleaning a computer will advise the poster to disable their AV while running scans. My question is what's protecting the computer while the AV is disabled? I did this once last week while running a Kaspersky on-line scan but I was assuming that Kaspersky was protecting me at the time. Well, my guess is this: If you arent browsing the web while scanning the computer, you shouldnt RUN into any viruses. Just a guess thoNot sure I should answer. You pretty much already did maybe WITHOUT knowing it. Well, my guess is this: If you arent browsing the web while scanning the computer, you shouldnt run into any viruses. Just a guess thoWhile scanning with Kaspersky I'm quite sure I'm not browsing but I'm definitely on the web and my COMPUTERS are ALWAYS connected. |
|
| 1570. |
Solve : a bunch or errors in the command prompt...virus?? |
|
Answer» Hi
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.Hey evilfantasy! Thanks for the support. "Unfortunately" Kasper didn't find anything... here's the log: (What's next???) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, September 14, 2008 Operating System: Microsoft Windows Vista Ultimate Edition, 64-bit SERVICE Pack 1 (build 6001) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, September 14, 2008 19:42:53 Records in database: 1229478 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 98652 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 01:08:09 No malware has been detected. The scan area is clean. The selected area was scanned. Download ComboFix by SUBS from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.I downloaded ComboFix bit it didn't work. It says it's not compatible with my OS. I'm using 64bit Vista. How long has this been happening? How about restoring? Restoring Windows Vista to a previous StateThanks. I'm gonna try. pg |
|
| 1571. |
Solve : virus, trojans, malware oh my....? |
|
Answer» after the combofix restarted i got a mcafee waring about something called RemAdm-ProcLaunch!171 in folder c:\327882r2fwjfw\psexec.cfexe after the combofix restarted i got a mcafee waring about something called RemAdm-ProcLaunch!171 in folder c:\327882r2fwjfw\psexec.cfexe Yes that's part of ComboFix, which is why we suggest turning off the AV before running it. ComboFix uses scripts that are seen as malicious by antivirus. Kind of like the old saying "you have to fight fire with fire." Double click FindAWF.exe to start the tool.
"C:\Program Files\iTunes\bak\iTunesHelper.exe" "C:\Program Files\QuickTime\bak\qttask.exe" "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe" "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe" "C:\WINDOWS\SYSTEM32\bak\igfxpers.exe" "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe" "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe" "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe" "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe" "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe" "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe" "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe" "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
[recovering disk space -- attachment deleted by admin]Getting closer. Double-click FindAWF.exe to start the tool.
C:\PROGRA~1\ITUNES\BAK C:\PROGRA~1\MESSEN~1\BAK C:\PROGRA~1\QUICKT~1\BAK C:\WINDOWS\SYSTEM32\BAK C:\PROGRA~1\COMMON~1\WRUM\BAK C:\PROGRA~1\HP\HPCORE~1\BAK C:\PROGRA~1\INTEL\MODEME~1\BAK C:\WINDOWS\SYSTEM32\DLA\BAK C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK C:\PROGRA~1\COMMON~1\AOL\ACS\BAK C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
[recovering disk space -- attachment deleted by admin]Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Now download The Avenger by Swandog46 and save it to your Desktop.
Folders to delete: C:\PROGRA~1\COMMON~1\AOL\ACS\BAK
---------- Last step with FindAWF Double-click FindAWF.exe to start the tool.
Download ResetProtocolDefaults to your desktop. Double click ResetProtocolDefaults.reg and answer Yes to any prompts and allow it to merge into the Registry. ---------- Download OTCleanIt.exe and save it to your Desktop.
----- Go to:
When prompted select the C: drive and click OK. Check the boxes for:
Click OK or Enter ---------- Use the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator. Click on SCAN NOW Click on the Accept button and install any components it NEEDS.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.OTMoveIt has encountered a problem and needs to close. does it everytime i try to open it, about 1 sec into itIs this when you are trying to enter the text into it?no trying to launch itI know. There is two sets of instructions for OTMoveIt2. Did you do the first step in entering the text and clicking MoveIt or is it the second when trying to run the CleanUp option?I downloaded it, dbl click to open and it crashes, i never get to imput the textOk thats what I needed to know. I just edited the post with NEW directions to use another program.otcleanit will not launch when i dbl click it, same error mesg.Lets try one more. Download http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe Unzip it to the Desktop, open the folder and then open OTScanIt.exe Click the CleanUp button and start the cleanup process. Choose NOT to restart now. Close OTCleanIt and then re-open it and click the CleanUp button again and start the cleanup process. This time re-start the computer when prompted. |
|
| 1572. |
Solve : Im Not Sure Whats Going On...? |
|
Answer» SUPERAntiSpyware Scan Log Im Not Sure Whats Going On... Neither do I if you don't tell me...AVG POPS UP IT SAYS HEAL FILE OR SOMETHING ELSE AND THEN IT SAYS HEAL I CLICK HEAL AND IT SAYS FILE NOT FOUNDDownload Malwarebytes' Anti-Malware (MBAM)
|
|
| 1573. |
Solve : Help! Spyware/Malware on my computer? |
|
Answer» Here's the scan results list
----- Now do the same with Code: [Select]C:\Windows\system32\winlogon.exetermsrv.dll http://www.virustotal.com/analisis/8b221340fba35115dd354137262600e4 winlogon.exe http://www.virustotal.com/analisis/dfb0e869b9b69bacdec1c27511ca6a0dWith only 2 scanners (and the same ones) hitting on those files I am thinking false positive. They are running from the correct location so I would have to think they are legit. Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
---------- 1. Double click OTMoveIt2.exe to launch it. If using Vista Right-Click OTMoveIt and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
---------- Next: Set a New Restore Point to prevent possible reinfection from an old one. Please go to: Start -> All Programs -> Accessories -> System Tools -> System Restore -> System Restore Settings Click to add a check mark beside Turn off System Restore and click Apply When you are warned that all existing Restore Points will be deleted, click Yes to continue and wait a few moments to let System Restore clear. Uncheck "Turn off System Restore" Click "Apply," and then click "OK". You can find more detailed instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. ---------- How is everything now?I was messing around on here doing my daily stuff and all and it seems ok. I may have to reinstall wmp11 so that online videos work in wmp11 instead of mplayer2 The scan caught some out of date stuff but out of personal preferences, I'll keep what I have on here. Again, thanks a TON man you've been really awesome Try installing K-Lite to see if it clears up Media Player - http://filehippo.com/download_klite_codec_pack/ Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being INSTALLED on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to MAKE it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks, I'll keep this thread and site around for any future problems if they come up.just let us know if anything else comes up. Safe surfing..... |
|
| 1574. |
Solve : free downloads for antivirus won't intstall, please help? |
|
Answer» I'm trying to go through the steps of removing the biohazard screen saver virus from my computer, and in the steps I was following under STEP A it said to download one of the free anitvirus programs. Only when I try to download them off of my desk top, it says that the FILES are corrupt and won't let me download them. Not sure what to do, PLEASE HELP!You can leave the Anti-Virus for now, but you will need it later. |
|
| 1575. |
Solve : So I'm gonna give a go at this...? |
|
Answer» I downloaded a few new programs, and I am going to post a HJT log....... Now what can be removed on this list? Evilfantasy, I used the program online that you suggested, which removed a few startup items, but I feel like there are a few more I can do: Apple Mobile Device - Apple Inc.Click once on the service to highlight it. Click Stop Right-Click on the service. Click on 'Properties' Select the 'General' tab Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box From the drop-down menu, click on 'Disabled' Click the 'Apply' tab, then click 'OK' The service is now stopped and disabled. Also do the same for iPod Service - Apple Inc. Restart the computer.Ok I did it.... thank you! A few questions.... 1.) How come I had to disable webroot? 2.) If I plug in an ipod, will my comp recognize it? THANKS!1.) How come I had to disable webroot? Quote from: evilfantasy it may block the fixes if it's running. Quote from: evilfantasy You can re-enable it after we are done 2.) If I plug in an ipod, will my comp recognize it? Yes. And if you update iTunes it will also set itself to run as a service again. |
|
| 1576. |
Solve : Haunt.exe? |
|
Answer» An interesting LITTLE trojon, i have found and tested on my Virtual computer. If you see this file or have it on you computer, just DONT open it. It does some crazy *censored* to your computer.How informative.Indeed. I'm sure your Antivirus would pick it up first though.probably An interesting little trojon, i have found and tested on my Virtual computer. If you see this file or have it on you computer, just dont open it. It does some crazy sh*t to your computer. like im wondering wat it does? I used to have The OLD "OSDmm.exe" Which made my PC Look like it had a different OS on it. But that was 3 YEARS ago. Quote from: !~*:.Pink Floyd.:*~! on August 27, 2008, 06:45:24 AM Quote from: kizza1645 on August 27, 2008, 03:31:57 AMAn interesting little trojon, i have found and tested on my Virtual computer. If you see this file or have it on you computer, just dont open it. It does some crazy sh*t to your computer. messes around with stuff on your computer expanding itsself by downloading more rubbish onto your computer. |
|
| 1577. |
Solve : RTVSCAN.exe and Teatimer.exe? |
|
Answer» both use much memory causing my PC to run very slowly. I've read that teatimer.exe is essential to SPYBOT. Can I make it use LESS memory somehow? it would be interesting to hear what spybot has to say about Teatimer's relative worth vs. its hassle. That's a question they have addressed time and again. They seem to have little patience (understandably) for discussing pros and cons these days. They have said they improved it with the newer builds but I'm not going to try it and see. Turning it off will not effect the program at all. Just be sure to update and then run the Immunize feature about once a week. |
|
| 1578. |
Solve : Please help with spyware/virus? |
|
Answer» To prevent unknown applications from being installed on your computer install WinPatrol 2008 |
|
| 1579. |
Solve : been infected with antivirus xp 2008 can't get pass log in screen? |
|
Answer» All of a sudden I got this thing about antivirus xp 2008 found 1700 and some MALWARE things on my computer and I need to download this spy ware tried to delete this out through add/remove programs noway could I. next thing I know fire computer up come to loggin screen for xp and after putting in my pass word it goes to a blue screen with a banner in the middle saying I have been INFECTED with maleware and I can't get it to go no further just sets there with this screen upCan you get into Windows in Safe Mode?unless I was doing something wrong it took me to a black screen and that was it. I hope there is a way I can save some of my WIFES pics from here mission trip.Is this a LAPTOP or a Desktop Computer?this is a desk top with windows xpPress ctrl+alt+delete (all at the same time) Does open Task Manager open? |
|
| 1580. |
Solve : My computer got very slow.? |
|
Answer» Hi, I've had many viruses and I never knew how to get rid of them. I've been having virus or awhile now, and someone recommended me to go to this site. Is someone willing to help me and my problems? Thank you.
---------- Download JavaRa
---------- Restart the computer and let us know how things are now.Nice catch; I can't believe I overlooked BitDefender and the old Java. Shame on me. azncruboi, follow evilfantasy's above instructions. I can't say that it'll solve your problem, but you should definitely notice a difference.Hi, thanks for the help guys. EVIL Fantasy, I did as you said, and it has helped my laptop. Thanks for that. It is running a bit faster then before. Firefox seems to load faster, and the minimize does not go out of hand. Firefox still does freeze up at times. Carbon Dudeoxide, Windows XP Toshiba 1.60 GHz 504MB of RAM 74.2GB of space 10.1 GB of free space Also, what is your Hard Drive Capacity and Free Space? CBMatt, I posted the Superantispyware as follows. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/22/2008 at 01:20 PM Application Version : 4.15.1000 Core Rules Database Version : 3542 Trace Rules Database Version: 1460 Scan type : Complete Scan Total Scan Time : 11:20:46 Memory items scanned : 423 Memory threats detected : 0 Registry items scanned : 4854 Registry threats detected : 0 File items scanned : 116986 File threats detected : 0 EDIT: Just incase if needed. I don't know what most of the programs are and do. Uninstall list Adobe Flash Player 9 ActiveX Adobe Flash Player Plugin Adobe Reader 7.0 avast! Antivirus Bluetooth Stack for Windows by Toshiba CCleaner (remove only) DivX Codec DivX Converter DivX Player DivX Web Player DVD-RAM Driver High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Intel(R) Graphics Media Accelerator Driver Intel(R) PROSet/Wireless Software InterVideo WinDVD Creator 2 InterVideo WinDVD for TOSHIBA Java(TM) 6 Update 7 Malwarebytes' Anti-Malware mCore mDrWiFi mHelp Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft User-Mode Driver Framework Feature Pack 1.0 mIWA mLogView mMHouse Mozilla Firefox (2.0.0.16) mPfMgr mPfWiz mProSafe MSXML 4.0 SP2 (KB936181) mWlsSafe mXML mZConfig Office 2003 Trial Assistant QuickTime RealPlayer REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Rhapsody Player Engine SD Secure Module Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Sonic Encoders Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Controls TOSHIBA Direct Disc Writer TOSHIBA Disc Creator TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Saver TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA SD Memory Card Format TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA TouchPad ON/Off Utility TOSHIBA Utilities TOSHIBA Virtual Sound TOSHIBA Zooming Utility Touch and Launch Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update Rollup 2 for Windows XP Media Center Edition 2005 VeohTV BETA Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Media Center Edition 2005 KB888316 Windows XP Media Center Edition 2005 KB894553 Windows XP Media Center Edition 2005 KB895678 Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack 3 WinRAR archiver Your Uninstaller! 2006 Version 5 Process list saved on 3:26:11 AM, on 8/23/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) [pid] [full path to filename] [file version] [company name] 608 C:\WINDOWS\System32\smss.exe 5.1.2600.5512 Microsoft Corporation 688 C:\WINDOWS\system32\winlogon.exe 5.1.2600.5512 Microsoft Corporation 732 C:\WINDOWS\system32\services.exe 5.1.2600.5512 Microsoft Corporation 744 C:\WINDOWS\system32\lsass.exe 5.1.2600.5512 Microsoft Corporation 916 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation 1024 C:\WINDOWS\System32\svchost.exe 5.1.2600.5512 Microsoft Corporation 1088 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 10.5.0.20 Intel Corporation 1136 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 10.5.0.34 Intel Corporation 1516 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 4.8.1227.0 ALWIL Software 1596 C:\Program Files\Alwil Software\Avast4\ashServ.exe 4.8.1227.0 ALWIL Software 536 C:\WINDOWS\Explorer.EXE 6.0.2900.5512 Microsoft Corporation 1464 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.5512 Microsoft Corporation 1608 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 6.0.0.1 TOSHIBA CORPORATION 264 C:\WINDOWS\system32\DVDRAMSV.exe 3.0.0.0 Matsushita Electric Industrial Co., Ltd. 488 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 10.5.0.4 Intel Corporation 1368 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation 1320 c:\TOSHIBA\IVP\swupdate\swupdtmr.exe 808 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe 1.0.0.14 TOSHIBA Corp. 1904 C:\WINDOWS\system32\TODDSrv.exe 1.0.0.3 TOSHIBA Corporation 2616 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 4.8.1227.0 ALWIL Software 2692 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 4.8.1229.0 ALWIL Software 3404 C:\Program Files\Toshiba\Tvs\TvsTray.exe 1.0.0.7 TOSHIBA Corporation 3508 C:\WINDOWS\system32\TPSMain.exe 1.0.15.0 TOSHIBA Corporation 3556 C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe 3.22.0.0 TOSHIBA Corporation 3620 C:\WINDOWS\system32\TPSBattM.exe 1.0.2.0 TOSHIBA Corporation 3628 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 8.2.13.2 Synaptics, Inc. 3644 C:\WINDOWS\RTHDCPL.EXE 2.0.9.1 Realtek Semiconductor Corp. 3656 C:\toshiba\ivp\ism\pinger.exe 3.7.0.0 TOSHIBA Corporation 3660 C:\Program Files\Synaptics\SynTP\Toshiba.exe 8.2.13.2 Synaptics, Inc. 3700 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe 6.0.1.2 TOSHIBA CORPORATION 3728 C:\WINDOWS\ehome\ehtray.exe 5.1.2710.2732 Microsoft Corporation 3836 C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe 6.0.0.117 TOSHIBA CORPORATION 3884 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 0.1.1.45 RealNetworks, Inc. 3932 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe 6.0.70.6 Sun Microsystems, Inc. 3956 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 4.8.1227.0 ALWIL Software 3996 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.5512 Microsoft Corporation 800 C:\WINDOWS\system32\RAMASST.exe 1.1.0.0 Matsushita Electric Industrial Co., Ltd. 1844 C:\WINDOWS\eHome\ehSched.exe 5.1.2710.2732 Microsoft Corporation 1848 C:\WINDOWS\eHome\ehRecvr.exe 5.1.2715.3011 Microsoft Corporation 3044 C:\WINDOWS\system32\dllhost.exe 5.1.2600.5512 Microsoft Corporation 1884 C:\WINDOWS\eHome\ehmsas.exe 5.1.2710.2732 Microsoft Corporation 3236 C:\Program Files\Mozilla Firefox\firefox.exe 1.8.20080.4669 Mozilla Corporation 3276 C:\WINDOWS\system32\msiexec.exe 3.1.4001.5512 Microsoft Corporation 2080 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 2.0.0.2 Trend Micro Inc. C:\WINDOWS\system32\ntdll.dllHey, out of curiosity, why am I not getting any response?Sorry, sometimes replies slip by us and get forgotten. Not on purpose..... I don't think this is a malware issue. Post a new HijackThis log and we will see if there is anything we can do with it to try and speed up the PC.I agree with evilfantasy. So far, it seems that your computer is just struggling to handle all of the programs. And like he said, the lack of response was not on purpose. The problems in the SECTION are fairly involved, so we get busy easily. It also doesn't help that school is starting up, which eats away at a lot of my time. My apologies. Anyway, go ahead and post the new HJT log and we'll see what else we can do. Also, you should post as many computer specs as you can, such as CPU, RAM, hard drive (free space and total space), video card, etc.Computer specs: Windows xp media center edition version 2002 service pack 3 toshiba satellite Genuine Intel CPU t2050 1.60 GHz 504MB of RAM. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:29:59 PM, on 8/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe -- End of file - 6476 bytes None of these need to be running at startup. Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe - O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run - O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe - O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe - O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE - O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot - O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" - O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Go to Start > Run and type notepad.exe then click OK Copy the text in the Code box below and paste it into Notepad. Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "Tvs"=- "Pinger"=- "igfxtray"=- "ehTray"=- "Alcmtr"=- "TkBellExe"=- "SunJavaUpdateSched"=- "ctfmon.exe"=- In Notepad go to File > Save as... Next to File name: type fixme.reg Use the dropdown box next to Save as type: and select All files. Save it to the Desktop. There should now be a file on the Desktop that looks like this Double-click fixme.reg it and allow it to merge with the Registry. You may not see anything happen but give it a few seconds or so to finish. Now delete the fixme.reg file from the Desktop and restart the computer. ---------- Use the Secunia Software Inspector
That's all I can see. If there are still problems you may need to UPGRADE some hardware. |
|
| 1581. |
Solve : Virus help!? |
|
Answer» here you go
---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ----- How is everything now?hey ran otclean it but i dont think my problem is fixed beacuse my desktop backround is blue with box in the top left corner that has a red square green circle and blue triangle, when i go to reboot my normal backround pops up though what should i do?Try this. You might loose your current background but I think it needs to be reset as the virus changed the settings. Go to start > Control panel > Display > Desktop > Customize Desktop... > Web tab Make sure Lock desktop items is unchecked. Select everything you find in there (except for "My current home page") and press the delete button on the right. Hit OK below > apply in previous window. ---------- Now lets make sure everything is actually gone with a kaspersky scan. Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.Did the scan everything seems normal what do you think -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, August 28, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, August 28, 2008 21:44:06 Records in database: 1158226 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan statistics: Files scanned: 149241 Threat name: 5 Infected objects: 7 Suspicious objects: 0 Duration of the scan: 02:00:36 File name / Threat name / Threats count C:\Documents and Settings\Family\Desktop\Mom\NetTools5.0.70.zip Infected: not-a-virus:NetTool.MSIL.Sniffer.a 1 C:\Documents and Settings\Family\My Documents\Chase\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1 C:\Program Files\Cain\Abel.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1 D:\Installs\WorkFlow\GUI\actwin2.exe Infected: Trojan.Win32.Shutdowner.cq 1 D:\Setup\SST\Data\VNC\MotVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2 The selected area was scanned. I now also want to buy some antivirus software can you suggest the best product. Thanks for all your help.Do you use Cain & Abel? There are plenty of free reliable solutions for antivirus. Remember to only install one antivirus! 1) Avast! Home Free Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) Comodo Antivirus 5) PC Tools AntiVirus Free Edition Free firewalls 1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 2) Online Armor 3) Sunbelt/Kerio 4) Agnitum 5) PC Tools Firewall Plus i used cain and able a while back probley should delete it now, thanks for all your help.Also are the free antivirus programs just as good as the ones you buyAs long as you know Cain & Abel is there, and what it's for... Yes the free ones are just as effective. Another question. Is this PC set up to be accessed Remotely?I do not think so i have router for my famliys laptops but thats it.and yes i no cain and able is used for hacking i used it for some other things not hacking or cracking passwords. Quote from: ChazMcJazz on August 28, 2008, 06:51:53 PM and yes i no cain and able is used for hacking i used it for some other things not hacking or cracking passwords. Just wanted to know it was being used by you and not against you. Create An Uninstall List
|
|
| 1582. |
Solve : What anti-virus would you suggest? |
|
Answer» Quote from: moro on DECEMBER 17, 2010, 02:15:19 PM I'm with you i get updates from avast nearly everyday and i think its good its a wonder this topic has'nt been locked or moved because of the of topic posts Quote i get updates from avast nearly everyday and i think its goodThank you Mr.harry I was think that updates of avast need to be online only And I can not get them as updates independent ( like avg- kaspersky-avira ) Quote its a wonder this topic has'nt been locked or moved because of the of topic posts TRUE Quote from: moro on December 17, 2010, 03:05:54 PM
How do you get updates if you are not online, am i missing something?Avast with Malaware bytes I love Kaspersky it's BEST for me. Quote from: athelnstone on January 05, 2011, 08:49:19 AM Quick heal gives online protection. Half of the reviews i've read say otherwise - http://www.google.co.uk/search?client=firefox-a&rls=org.mozilla%3Aen-GB%3Aofficial&channel=s&hl=en&source=hp&q=Quick+heal&btnG=Google+Search#sclient=psy&hl=en&safe=off&client=firefox-a&hs=8iW&rls=org.mozilla:en-GB%3Aofficial&channel=s&q=Quick+heal+reviews&aq=0&aqi=g1&aql=&oq=Quick+heal+reviews&gs_rfai=&pbx=1&fp=de610b7113b09eab Out of 10 reviews on the first page, 4 people say its rubbish, i'm not saying it is, but i would not go for it!Don't be silly, reddevilggg, everybody knows that spam posts never PROMOTE spyware or malware infested products, and they always promote good, honest programs. ...and from what i've seen..........a few times in the last 10 mins. |
|
| 1583. |
Solve : ThinkPoint?? |
|
Answer» Quote Just to be sure, you recommend I keep SUPERAntiSpyware and Malwarebtyes Anti-Malware and run them frequently? Is this correct? Yes. Run them about once a week. You will see that SAS will pick up some tracking cookies, some good, some bad and MBAM will usually come up clean. You need to keep Avast because that is your Anti-Virus program. The others are to keep malware, spyware etc out. Quote "Your computer might be at riskIf you ran the AVG Removal Tool, it should be gone. You can try running it again. You should turn on your Windows firewall or download and install one of the free ones below. If it still gives you that error after you run the tool again, please do this: •Start HijackThis •Click on the Misc Tools button •Click on the OPEN Uninstall Manager button. •Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop. Copy and paste this file in your next reply. *********************************************** Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. |
|
| 1584. |
Solve : Rogue program: "Application cannot be executed."? |
|
Answer» That looks good. Let's do some cleanup. I've removed combo-fix manually (i.e. not through the Run box), although I was unable to delete QooBox folder. I keep getting the message that "Cannot delete: BackEnv. Access is denied." I've attempted deleting it in Safe Mode and after closing all applications. I can't get rid of it.Ok Clean all the files out of that folder that you can and leave it or you can download and install Unlocker and try deleting it with that. To turn off Windows XP System Restore: NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK. 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore" or "Turn off System Restore on all drives" 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. 8. Restart the computer and FOLLOW the instructions in the next section to turn on System Restore. To turn on Windows XP System Restore: 1. Click Start. 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." 5. Click Apply, and then click OK. This will give you a new, clean Restore Point. Quote Also, is additional work needed since ESET found all those trojans?No. ESET took CARE of all those infections. Excellent. Thank you for volunteering your expertise. I am extremely grateful for your guidance. My computer is as good as new!I will lock this thread. If you need it opened for any reason, please pm me. |
|
| 1585. |
Solve : Freshly reburied Storm zombies burst up out of graves again? |
|
Answer» Security watchers have spotted a malware-seeded SPAM RUN that bears all the HALLMARKS of a new GENERATION of the infamous STORM worm. |
|
| 1586. |
Solve : As soon as I boot Windows Explorer it crashes.? |
|
Answer» Thanks in advance. or switch to something different. for example: google chrome, mozilla firefox... He wrote "Windows Explorer", not "Internet Explorer". my MISTAKE |
|
| 1587. |
Solve : McAfee Security Scans blocked by Comodo? |
|
Answer» I downloaded the latest Adobe reader. I unchecked the (include McAfee) box. That looks good. Were you able to install a new AV? Yes. I installed Comodo Antivirus. I lost my firewall, but found out I could reinstall the firewall fairly easy. I reinstalled the firewall and all seems to be working fine. Quote Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt I couldn't find any C:\Combo "anything" folders. I could't find C:\WINDOWS\nircmd.exe I did delete any combo fix files, like logs, that I could find. Also, C:\QooBox had a Folder called BackEvn that SAID access denied when I tried to delete it. It SAYS make sure the disk is not full or write protected or to make sure the file is not in use. No problems with the restore step and the TFC steps. Quote Use the Secunia Software Inspector to check for out of date software. It asked me to update internet exporere, which I don't use. But just in case I might need to use it or another user would like to use it, I wanted to update it. Secunia gave me a link to Windows update and about 20 or so links showing me which updates I'm missing. But, when I ran the Windows Update from the Microsoft site, it said I wasn't missing any updates. What am I missing here, I must be missing something very obvious. Thanks Quote did delete any combo fix files, like logs, that I could find. Also, C:\QooBox had a Folder called BackEvn that said access denied when I tried to delete it. It says make sure the disk is not full or write protected or to make sure the file is not in use.Yes. That folder can't be deleted. Just clean out all the files that you can in the folder and leave it there. Quote What am I missing here, I must be missing something very obvious.You're running IE 6. You should download IE 8 |
|
| 1588. |
Solve : infected and cannot run any programs? |
|
Answer» please help. |
|
| 1589. |
Solve : Anti Keylogger software? |
|
Answer» Can you recommend a good anti keylogger program? My WOW account and email were hacked and now im having security problems with other things.Besides virus scans and CHANGING passwords, you need to think about identity THEFT. It is becoming more common and is a nightmare. |
|
| 1590. |
Solve : Incredimail problem? |
|
Answer» Quote Opened up in safe mode and problem with icons and dots on screen not there. Re-appeared when I opened in normal mode. Is this a clue?Yes. Something that's causing this is only running in Normal Mode. Quote Re-ran ComboFix and saved log. (You do not want it so why did I run the scan?)I didn't want you to re run ComboFix. I wanted you to run the script to fix some problems in the ComboFix log. Please follow the instructions in Reply # 13. Also, can you do a screen print of your desktop and include it in your next reply? How to post screenshots or images Quote Is the problem really a virus or is some software corrupted as a consequence of having and removing the virus?I sounds more like an infection because it doesn't run in Safe Mode. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Had run ComboFix with script fix just confused why you did not want log. Ran ESET and no threats found, Here is log [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17093 (vista_gdr.101017-1200) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=8cf6e57be4777547bce09df9449d7ee5 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-12-23 07:00:11 # local_time=2010-12-23 01:00:11 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 43919 43919 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16777189 100 75 0 22232430 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=99715 # found=0 # cleaned=0 # scan_time=5704 Also noted that when I ran video on Microsoft Media it had rectangular block blocks (0.25 inches tall 0.05 inches wide) on a regular pattern over screen. Different interference than the desk top. Also on Skype Hope I have done screen print correctly. Thank you. Quote Had run ComboFix with script fix just confused why you did not want log.It was just some minor housecleaning. Could you please run the ComboFix scan again the post the log. I think I may have MISSED something. From the looks of the screenshots, I think there's something wrong with your monitor or the Video card drivers. Is there any chance of hooking up a different monitor to that computer?Unfortunately Dave I can't get another monitor. Which dirvers should I uninstall and install - and how do I know what the drivers are?Last minute Christmas shopping to do, will run ComboFix when I come back. Annie OK here it is Dave, latest scan... ComboFix 10-12-23.02 - 12/23/2010 17:10:26.6.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.646 [GMT -6:00] Running from: c:\documents and settings\Desktop\Commy.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 ))))))))))))))))))))))))))))))) . 2010-12-23 22:36 . 2010-12-23 22:52 -------- dc----w- C:\commy 2010-12-22 04:38 . 2010-12-22 04:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Driver Whiz 2010-12-22 04:31 . 2010-12-22 04:31 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp 2010-12-22 04:28 . 2010-12-22 04:30 -------- dc----w- c:\documents and settings\Local Settings\Application Data\Conduit 2010-12-22 04:28 . 2010-12-22 04:28 -------- dc----w- c:\program files\Conduit 2010-12-22 04:28 . 2010-12-22 04:31 -------- dc----w- c:\documents and settings\Local Settings\Application Data\IncrediMail_MediaBar_2 2010-12-22 04:28 . 2010-12-22 04:28 -------- dc----w- c:\documents and settings\All Users\Application Data\Photo Notifier and Animation Creator 2010-12-22 04:28 . 2010-12-22 04:28 -------- dc----w- c:\program files\Photo Notifier and Animation Creator 2010-12-22 04:25 . 2010-12-22 04:25 -------- dc----w- c:\program files\IncrediMail 2010-12-21 03:12 . 2010-12-21 03:12 -------- dc----w- c:\program files\CCleaner 2010-12-21 02:54 . 2010-12-21 02:54 73728 -c--a-w- c:\windows\system32\javacpl.cpl 2010-12-21 02:54 . 2010-12-21 02:54 -------- dc----w- c:\program files\Java 2010-12-12 02:13 . 2010-12-12 02:13 -------- dc----w- c:\program files\Trend Micro 2010-12-10 04:17 . 2010-12-10 20:04 -------- dc----w- c:\program files\Common Files\PC Tools 2010-12-10 02:39 . 2010-12-10 02:39 -------- dc----w- c:\documents and settings\Application Data\SUPERAntiSpyware.com 2010-12-10 02:39 . 2010-12-10 02:39 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-12-08 03:41 . 2010-12-08 03:41 -------- dc----w- c:\documents and settings\Application Data\Malwarebytes 2010-12-08 03:41 . 2010-12-08 03:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-12-08 02:46 . 2010-12-21 02:54 472808 -c--a-w- c:\windows\system32\deployJava1.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-18 18:12 . 2003-08-14 03:06 81920 -c--a-w- c:\windows\system32\isign32.dll 2010-11-06 00:34 . 2004-02-06 23:05 832512 -c--a-w- c:\windows\system32\wininet.dll 2010-11-06 00:34 . 2004-08-04 07:56 78336 -c--a-w- c:\windows\system32\ieencode.dll 2010-11-06 00:34 . 2003-08-14 02:58 1830912 -c--a-w- c:\windows\system32\inetcpl.cpl 2010-11-06 00:34 . 2003-08-14 02:57 17408 -c--a-w- c:\windows\system32\corpol.dll 2010-11-03 12:25 . 2004-08-04 05:59 389120 -c--a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2003-08-14 02:58 40960 -c--a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2003-08-14 02:57 290048 -c--a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2003-08-14 02:58 1853312 -c--a-w- c:\windows\system32\win32k.sys 2010-10-19 20:51 . 2009-10-03 18:59 222080 -c----w- c:\windows\system32\MpSigStub.exe 2010-10-14 03:28 . 2010-03-13 21:24 9344 -c--a-w- c:\windows\system32\drivers\mfeclnk.sys 2010-10-14 03:28 . 2010-03-13 21:24 88544 -c--a-w- c:\windows\system32\drivers\mfendisk.sys 2010-10-14 03:28 . 2010-03-13 21:24 84264 -c--a-w- c:\windows\system32\drivers\mferkdet.sys 2010-10-14 03:28 . 2010-03-13 21:24 84072 -c--a-w- c:\windows\system32\drivers\mfetdi2k.sys 2010-10-14 03:28 . 2010-03-13 21:24 55840 -c--a-w- c:\windows\system32\drivers\cfwids.sys 2010-10-14 03:28 . 2010-03-13 21:24 52104 -c--a-w- c:\windows\system32\drivers\mfebopk.sys 2010-10-14 03:28 . 2010-03-13 21:24 313288 -c--a-w- c:\windows\system32\drivers\mfefirek.sys 2010-10-14 03:28 . 2010-03-13 21:24 152960 -c--a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-10-14 03:28 . 2010-01-06 00:04 95600 -c--a-w- c:\windows\system32\drivers\mfeapfk.sys 2010-10-14 03:28 . 2010-01-06 00:04 386840 -c--a-w- c:\windows\system32\drivers\mfehidk.sys 2007-08-02 18:41 . 2007-08-02 18:41 774144 -c--a-w- c:\program files\RngInterstitial.dll 2001-11-30 16:09 . 2004-05-26 00:45 49152 -c--a-r- c:\program files\Common Files\HDvAvi.dll . ((((((((((((((((((((((((((((( SnapShot_2010-12-23_22.49.33 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-23 23:02 . 2010-12-23 23:02 16384 c:\windows\temp\Perflib_Perfdata_858.dat + 2010-12-23 23:02 . 2010-12-23 23:02 16384 c:\windows\temp\Perflib_Perfdata_230.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbInc0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 -c--a-w- c:\program files\ConduitEngine\ConduitEngin0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] 2010-10-18 10:26 3908192 -c--a-w- c:\program files\IncrediMail_MediaBar_2\tbInc0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbInc0.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\tbInc0.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-08-16 36864] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "CTHelper"="CTHELPER.EXE" [2003-07-03 28672] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-22 282624] "VAIO RECOVERY"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMidi"="MIDIDEF.EXE" [2003-07-03 49152] c:\documents and settings\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-16 111376] wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-9-20 36864] CARD Monitor.lnk - c:\program files\Panasonic\Palmcorder\CARD LINK (for USB)\regcnt09.exe [2004-5-24 49152] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-15 809488] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248] Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-9-20 36864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 22:41 72208 -c--a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] ="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] ="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] ="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"= "c:\\Program Files\\Abacast\\Abaclient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/13/2010 3:24 PM 84072] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/15/2009 9:27 PM 10384] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2010 3:24 PM 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2010 3:24 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2010 3:24 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/13/2010 3:24 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [3/13/2010 3:24 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/13/2010 3:24 PM 55840] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/13/2010 3:24 PM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/13/2010 3:24 PM 88544] S2 gupdate1ca8311c753ab74;Google Update Service (gupdate1ca8311c753ab74);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 8:19 AM 133104] S2 mrtRate;mrtRate; S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/13/2010 3:24 PM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/13/2010 3:24 PM 84264] S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [12/20/2009 3:58 PM 91830] --- Other Services/Drivers In Memory --- *Deregistered* - mfeavfk01 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-11-05 c:\windows\Tasks\disketchShakeIcon.job - c:\program files\NCH Software\Disketch\disketch.exe [2010-11-01 15:04] 2010-12-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 20:45] 2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 14:18] 2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 14:18] 2010-12-23 c:\windows\Tasks\vtscheduletask.job - c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2010-11-18 20:25] . . ------- Supplementary Scan ------- . uStart PAGE = hxxp://www.google.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyServer = http=localhost:8080 uInternet Settings,ProxyOverride = uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: &ieSpell Options - d:\iespell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - d:\iespell\iespell.dll/SPELLCHECK.HTM IE: Lookup on Merriam Webster - file://d:\iespell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://d:\iespell\wikipedia.HTM Trusted Zone: internet Trusted Zone: mcafee.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - hxxp://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-23 17:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] Denied: (A 2) (Everyone) ="FlashBroker" "LocalizedString"="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] ="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] Denied: (A 2) (Everyone) ="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] ="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1112) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(172) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-12-23 17:22:16 ComboFix-quarantined-files.txt 2010-12-23 23:22 ComboFix2.txt 2010-12-23 22:52 ComboFix3.txt 2010-12-22 03:39 ComboFix4.txt 2010-12-21 03:48 Pre-Run: 1,650,237,440 bytes free Post-Run: 1,666,478,080 bytes free - - End Of File - - 24148E580DDE69CDADC0B41F011F8396 You should visit the site of the maker of your computer and look for Video card drivers. Uninstall the old driver and install the new one. Re-running ComboFix to remove infections:
Removed ATI Display Driver file containing Radeon 9800. Did not remove ATI Control Panel. Restarted computer as part of uninstall process. Dots still on startup images (e.g. MicroSoft Windows) but when booted up lines on screen ------ and icons llllll no longer there. Whooppee! Down loaded video driver from Sony Website, Radeon 9800. Restarted computer as required. Dots still on startup images (e.g. MicroSoft Windows) and lines on screen and icons, had returned. Did not run ComboFix in case this latest experience prompts new ideas. Should I have also removed ATI Control Panel? If I do, do I need to re-install it and if so how?When you removed the video card driver I suspect that the video card was running on the generic driver just as it did in Safe Mode. It looks like the problem is with the drivers and I really can't help you much with that. I think you should run the ComboFix script, we'll do some CLEANUP and you can get help for the driver problem in another one of forums dealing with such problems. You should start a new thread right now even while we're cleaning up here. I'm sorry we couldn't get this fixed before Christmas. |
|
| 1591. |
Solve : Several Different Problems? |
|
Answer» Quote When I start my computer up there's a MESSAGE that says "Please select operating system to start" along with otherThat's probably the Recovery Console that was installed when you installed ComboFix. This could be very useful if Windows has problems starting. Quote The "ASP.NET Machine" is still listed under user accounts as wellYou may have to go to another forum for help with this after we are finished with cleaning. Quote Also, Malwarebytes still can't finish running and will crash during its scan whenever I try to run it. Please post the log, if SUCCESSFUL.Please try running it in SAFE MODE. Quote I have been able to open my older Adobe Photoshop 7.0, but my tablet still isn't working. I downloaded the driver for it yet again and it seemed fine. I closed Photoshop and opened it again a few times and at first I have pen pressure, but when I restarted the tablet didn't WORK again.Again, you may have to search for help with this on another forum. It doesn't sound like an infection has caused this. |
|
| 1592. |
Solve : Trojan:DOS/Alureon.A? |
|
Answer» Quote from: SUPERDAVE on December 13, 2010, 04:50:23 PM A master boot record (MBR), or partition sector, is the 512-byte boot sector that is the first sector ("LBA/absolute sector 0") of a partitioned data storage device such as a hard disk. Did you just do a re-install without a reformat? okay i have two hard drive one IDE 250g and one SATA250g. before i installed my new motherboard i had my windows installation on the SATA drive and the IDE drive used to be the backup drive now that i upgraded to the EVGA nForce 780I motherboard i had to REINSTALL the os so i installed it on the IDE hard drive and the old windows installation is still on the SATA drive. Do you recommend me use the SATA or IDE hard drive? which one performs faster? and ill format it too. Quote Do you recommend me use the SATA or IDE hard drive? which one performs faster? and ill format it too.SATA would be your best bet for your main drive. If you do a full format, you should get rid of the MBR infection. Quote from: SuperDave on December 14, 2010, 12:29:30 PM SATA would be your best bet for your main drive. If you do a full format, you should get rid of the MBR infection. I found i solution to this. Eventhough i had formated both drives and reinstalled Windows 7 64bit everything was running just fine.. But after a week it came back and i could not remove it. So i did some searches and found out that Kasperky's TDSSKiller was the tool that remove these types of viruses. It removed it in les that 5 minutes. Thanks for the help though. |
|
| 1593. |
Solve : Google redirects virus, explorer.exe, winlogon.exe infected?? |
|
Answer» A couple of questions, if you please. Is your disk DRIVE the E: drive? If it is not, you will have to put the correct letter in the command. On my computer with two disk drives, they are D and H. Are you SURE that you typed the command exactly as I wrote it? Even a missed space would MESS it up.Hey Dave, interesting little UPDATE but I rebooted today when I GOT home from school and explorer.exe was back and running; taskbar and all but so was the google redirect. -head scratch- |
|
| 1594. |
Solve : Do you really need anti virus?? |
|
Answer» Hey, If so, can you make it so it doesn't scan for viruses or something? that would sort of defeat the purpose... And if it is finding viruses/showing alerts then it's doing it's job; apparently there is some shifty stuff on your friends USB drive. My college computer put an Autorun onto my USB drive, this is always flagged as a virus when i plug it in at home. Try TAKING the autorun off the usb.Alright, thanks for your help guys, I'll get avast in a tick. It's a family computer too, and I'll get my friend to check for any autorun stuff. MikeAnti-Virus software is very IMPORTANT, ESPECIALLY if you are running a Microsoft Windows Operating System. AVG has unfortunately become very bulky, similar to many paid, but not all, anti-virus software. If you are looking for a free anti-virus program that does not tax your system resources Avast! Anti-Virus is good. Another alternative is Microsoft Security Essentials (lightweight but not as good as Avast! in my opinion). I also recommend installing Malwarebytes Anti-Malware for basic computer scans. |
|
| 1595. |
Solve : Possible virus continued...my thread was locked??? |
|
Answer» I am not SURE why I was UNABLE to respond or continue my thread? Why WOULD it be locked in the middle of me trying to get HELP with something? |
|
| 1596. |
Solve : Browser HiJacked; Here are my 3 logs...PLEASE HELP? |
|
Answer» Hi SuperDave, |
|
| 1597. |
Solve : which antivirus? |
|
Answer» my earlier antivirus always blocked a PROGRAM - svchost.exe |
|
| 1598. |
Solve : Rundll32.xe problem. Definetly a virus? |
|
Answer» Hello, this is my first post and have read most of the things needed to aquire assistance, but it seems i have a bit of a problem. I did not install an anti-VIRUS program and my norton recently expired. |
|
| 1599. |
Solve : Which security programs to put on laptop?? |
|
Answer» My daughter bought a laptop and is running NORTON antivirus. I added CCcleaner and Malwarebytes Antimalware. I was GOING to add Spyware doctor but it came with an antivirus and didn't want to RUN 2. What other program (if any) should I install for her to run to make sure her system stays clean and safe? 1) Spyware Doctor is not an anti virus |
|
| 1600. |
Solve : Ransomware Trojan is back and badder than ever....? |
|
Answer» A RANSOMWARE Trojan threat is back – in an even more noxious form – two years after it last appeared. The malware only encrypts the start of media or Office files, but that's enough to make any data recovery process difficult if not impossible. I wonder why it restricts itself?superb self control |
|
