Explore topic-wise InterviewSolutions in .

This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.

1651.	Solve : AVG 8.0?
Answer» I downloaded the latest version of AVG at home, brought my LAPTOP to work, ran it and everything seemed fine. I can on occasion get a wireless connection at work so I tried to get on the internet and in my search bar no matter what I type in it says , http://search.yahoo.com/search?fr=ffds1&p=search.yahoo.com and I also noticed avg added a toolbar to my page and a yahoo toolbar? I really don't need either SINCE the one with Mazilla works just fine for me. AVG sometimes will have an option to install yahoo! toolbar with install (usually already TICKED). Just uninstall it from add/remove programs would be the easiest fix.Hmmm funny thing. There is no yahoo or avg toolbar listed in add remove ?This is what you've done (should be similar to latest version although it's a version that's a little older)? See screenshots on link below. When I last tried with AVG, no yahoo toolbar was installed http://coastalcomputerconnections.com/forum/viewtopic.php?f=5&t=6Good choice would be to dump AVG and download Avira AntiVir Personal.....free as well. http://www.avira.com/en/download/index.html or you can get free version of avast antivirus from http://avast.com/ and yes, it's also free like AVG or Avira AntiVir but just remember you'll have to fill out a form on their website to obtain a key so that the AVAST guys KNOW you are using their free edition. (But in any case, pick the one you like and ONLY HAVE ONE on your PC). I've personally never had problem with AVG, AVAST or AVIRA. Have tried all, they all do fine. Just I liked AVAST interface over AVG after a bit of playing around with the three major free antivirus softwares and it's here to stay Quote from: 2x3i5x on June 18, 2009, 10:57:50 PM This is what you've done (should be similar to latest version although it's a version that's a little older)? See screenshots on link below. When I last tried with AVG, no yahoo toolbar was installed http://coastalcomputerconnections.com/forum/viewtopic.php?f=5&t=6 Well heres what I wound up doing. I went into view , tool bars and unchecked yahoo and AVG. I can see tomorrow I will be uninstalling and custom installing AVG again. Thanks much, MP.Sure, let us know how it goes Yes, hiding the toolbar is a temporary fix for having the toolbars not show up, but it wont' get rid of it off your machine so we'll see how you do tomorrow.Removed 1st install of 8.5 reinstalled and no toolbar. Thanks much, MP.Glad that everything worked out for you Thank you for the time and effort.

1651.

Solve : AVG 8.0?

Answer»

I downloaded the latest version of AVG at home, brought my LAPTOP to work, ran it and everything seemed fine. I can on occasion get a wireless connection at work so I tried to get on the internet and in my search bar no matter what I type in it says , http://search.yahoo.com/search?fr=ffds1&p=search.yahoo.com and I also noticed avg added a toolbar to my page and a yahoo toolbar?

I really don't need either SINCE the one with Mazilla works just fine for me. AVG sometimes will have an option to install yahoo! toolbar with install (usually already TICKED).

Just uninstall it from add/remove programs would be the easiest fix.Hmmm funny thing.

There is no yahoo or avg toolbar listed in add remove ?This is what you've done (should be similar to latest version although it's a version that's a little older)? See screenshots on link below. When I last tried with AVG, no yahoo toolbar was installed

http://coastalcomputerconnections.com/forum/viewtopic.php?f=5&t=6Good choice would be to dump AVG and download Avira AntiVir Personal.....free as well.

http://www.avira.com/en/download/index.html
or you can get free version of avast antivirus from http://avast.com/

and yes, it's also free like AVG or Avira AntiVir but just remember you'll have to fill out a form on their website to obtain a key so that the AVAST guys KNOW you are using their free edition.

(But in any case, pick the one you like and ONLY HAVE ONE on your PC).

I've personally never had problem with AVG, AVAST or AVIRA. Have tried all, they all do fine. Just I liked AVAST interface over AVG after a bit of playing around with the three major free antivirus softwares and it's here to stay Quote from: 2x3i5x on June 18, 2009, 10:57:50 PM

This is what you've done (should be similar to latest version although it's a version that's a little older)? See screenshots on link below. When I last tried with AVG, no yahoo toolbar was installed

http://coastalcomputerconnections.com/forum/viewtopic.php?f=5&t=6

Well heres what I wound up doing. I went into view , tool bars and unchecked yahoo and AVG.
I can see tomorrow I will be uninstalling and custom installing AVG again.

Thanks much,
MP.Sure, let us know how it goes

Yes, hiding the toolbar is a temporary fix for having the toolbars not show up, but it wont' get rid of it off your machine so we'll see how you do tomorrow.Removed 1st install of 8.5 reinstalled and no toolbar.

Thanks much,
MP.Glad that everything worked out for you Thank you for the time and effort.

1652.	Solve : XEROX - NWWIA?
Answer» Hai, i am gopinath - please solve my problem in the given below. System Configuration Windows xp with server pack 3 / 512 MB ram / Chrome browser i can't delete the folder named as xerox in E:\program files\, and also have the sub folder in xerox named as nwwia, i want to know how to remove from my system. Regards GopinathIf the folder is in use ( such as PRINTER driver etc related to the Xerox is in service ) Windows will not delete and will state file in use etc. Have you tried to use the uninstaller that should be LOCATED under control pannel, add/remove programs? If uninstaller is bad you will have to find the service that is xerox and kill the service and then mark it not to automatic start the service, then REBOOT windows, then you might be able to remove it as long as you are the administrator of the system.

1653.	Solve : Vundo?
Answer» Just so I don't HIJACK that other THREAD anymore Looks like you were RIGHT, Kpac. SAS found 2 VUNDO FILES right off the bat. Still running scans, I'll get logs in here shortly.Okay, I'll be waiting.

1654.	Solve : What are the top free antivirus and spyware programs for my computer?
Answer» I have a reconditioned hp computer with windows xp and i would like to know what the best antivirus programs are to install to KEEP my computer clean and how many i need to install. Thank You. System: Microsoft Windows XP Professional Version 2002 Service Pack 3. Intel(R) Pentium(R) 4 CPU 3.20GHz 3.19Ghz, .099 GB of Ram.1. for antivirus -- get AVAST, AVG, or AVIRA (all three are free, get the one you like best ... only one antivirus is needed, DO NOT GET MORE THAN ONE!!) 2. Turn off the windows firewall, it's junk. get comodo firewall instead --> http://personalfirewall.comodo.com/ 3. Get superantispyware --> http://www.superantispyware.com/ 4. Get malwarebytes' anti-malware (http://malwarebytes.org/mbam.php, download link on left side) Superantispyware and malwarebytes' have free and paid version, no difference in either except in free version, you have to do EVERYTHING manually, like the scanning and the updating and there's no realtime protection. 5. I would have ccleaner and advanced systemcare on your pc. That is your pc army to keep your pc in good shape, in my opinion. And you list 0.099GB of ram> are you sure you have that number right> 0.099 GB is approx 99 MEGABYTES you know.go for avast and all of the above , all very good Thank you so much! I really APPRECIATE it. And it is .99gb not .099 (type o). I will come here for all my info needs. you will and can get all the advice you want , harryavast RUNS it-self you can stop it the odd night if you want to run ccleaner twice a week the other 3 , once a week , harryWell, just find an antivirus that you like, is automatically updating at least once a day and has realtime protection. (AVIRA, AVAST and AVIRA all do it and all three are free and fine for average user and so find the one you like best if you want to go the free way )

1655.	Solve : Computer is not working right??
Answer» My computer is not working right. I'm not exactly sure of what is GOING on with it but I know that there is something wrong. I really need help. I know I have not posted my logs yet but I will asap.Nobody is going to be ABLE to provide any help at all until you tell US exactly what the specific problems are.

1656.	Solve : Windows Security Alert problems...?
Answer» Well im pretty ure i have malware problems, I did the malware tutorial steps. after SUPERantispyware scanned my lap top, i made sure everything was checked and quarantined but after my lap top rebooted SUPERantipyware will no longer open. i get this "application cannot be executed. the file wltuser.exe is INFECTED. do you want to activate your antivirus software now?" and i keep getting pop UPS for antivirus soft.com and also some ADULTXXX websites. I have hit a wall and do not know what else to do. can someone please help??Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log back here.Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster Jaydragonmaster jay, I tried to download combofix, but when the window opens with the downloads from firefox it wont let me open combofix to install, it will open for a second then close and the little balloon at the BOTTOM right says application cannot be executed. Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to blackpudding.bat Navigate to Start --> RUN, and enter the FOLLOWING command exactly as shown: "%userprofile%\desktop\blackpudding.bat" /killall See if ComboFix will run now.

1658.	Solve : Possible Malware/Virus Problem?
Answer» Hi, i've been having regular PROBLEMS with my computer which I suspect is a virus/spyware/malware problem. Every time i try to open an application it says "Application cannot be executed. The file _______ is infected. Do you want to activate your antivirus software now?" Any help would be greaty appreciated.Try all of these please. Try not to restart the computer until one of the tools we use does it for you or tells you to. Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run. There are 4 different versions. If one of them won't run then download and try to run the next one. Vista and Windows 7 users need to right click Rkill and choose Run as Administrator You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus. * Rkill.com * Rkill.scr * Rkill.pif * Rkill.exe * Double-click on the Rkill desktop icon to run the tool. * If using Vista or Windows 7 right-click on it and choose Run As Administrator. * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran SUCCESSFULLY. * If not, delete the file, then download and use the one provided in Link 2. * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. * Do not reboot until instructed. * If the tool does not run from any of the links provided, please let me know. Once you've gotten one of them to run then try to immediately run the following. Download and run exeHelper * Please download exeHelper from Raktor to your desktop. * Double-click on exeHelper.com to run the fix. * A black window should pop up, press any key to close once the fix is completed. * A log file named log.txt will be created in the directory where you ran exeHelper.com * Attach the log.txt file to your next message. Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and POST the two logs together (they will both be in the one file). Please run TDSSKiller per the below steps: * Go to TDSSKiller and Download TDSSKiller.zip to your Desktop * Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any sub-folder of the Desktop. * Click Start > Run and copy/paste the following RED text into Run box and hit Enter on your KEYBOARD. "%userprofile%\Desktop\TDSSKiller.exe" -v * Follow the instructions to type in "delete" when it asks you what to do when if finds something. * When done, a log file should be created on your C: drive called 'TDSSKiller.txt' please add this log to your next reply.I ran rkill as requested and it worked but when i try to download the link you gave me for the exehelper it says "File not found Firefox can't find the file at http://www.raktor.net/exeHelper/exeHelper.com."The link works for me. It must be the malware. Skip down to TDSSKiller.TDSSKILLER runs for about 2 seconds before i get the "Application cannot be executed. The file tdsskiller.exe is infected. Do you want to activate your antivirus software now?" message and it closes.Try booting the computer into Safe Mode and then run TDSSKiller.

1661.	Solve : spyware/malware??
Answer» Thanks DMJ... couple things of note: 1) this is her work computer and although I was able to download and run the programs you have listed, we are unable to upgrade SPS, Office and a few of the other items...this is how the IT GROUP who manages their computers have them set up....not a thing i can do about that... 2) she KNOWS how she was infected - she opened an email she was expecting and it was infected... 3) she uses FF as is - i've convinced her long ago to abandon IE, but there are some sites that will only work in IE so she's not 100% FF... so, looking over everything posted here, does she LOOK to be free of spyware?Yes free of infection. For Firefox, and running sites that will not load correctly (unless in Internet Explorer), use this BROWSER add-on: IE TAB: https://addons.mozilla.org/en-US/firefox/addon/1419 It uses the IE engine, and helps with compatibility. Any other questions?nope, you got it all for me! thanks for the help...You're welcome.

1663.	Solve : ??? Web-Protection ????
Answer» While downloading somthing else Mc-Afee got installed on my computer.I just ran 1 scan with it and it says I have no internet protection,what do they mean with that ? I do have Avast.(I don`t run the 2 at the same time,I was curious and thought;Let`s see if it "can spot something Avast has missed).As I see it Avast is I-Net protection.Or do they mean there is no childrens lock installed ? And what exactly is a firewall ? I do run SpywareBlaster. Is Avast+SpywareBlaster enough ? If not what else must I install ? All the best,greetings : Eric..................Remember...Google is your friend. "While downloading somthing else Mc-Afee got installed on my computer." McAfee doesn't just "download" itself. It's not free so it's gonna cost. You don't say what you were downloading, your ISP or if you've run any scans. More info would be nice. Alan <>< I do not know exactly but it was one of these get a "free" scan actions.I did not look what I was doing and it got installed.I don`t even know what a ISP is,sorry... I just know when I downloaded something I did not "uncheck" one of the boxes(The ones that normally install a toolbar or so),and there is McAfee scan plus on my screen...But that is not the problem,it says I do not have I-Net security while I do run A-Vast and SpywareBlaster.I want to un-install Mc-A but why is it telling me I have no webprotection while I do run Avast and SpywareBlaster... To keep it easy:Is A-Vast and spywareBlaster enough for my computer or must I install anything else.And (if you know):what is the difference between a fire-wall and a anti-virus program ? Thank you for the quick reply:Eric..................You probably installed the McAfee Security Scan while updating or installing something. Just go to Add or Remove Programs and uninstall McAfee Security Scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, VIRUSES and UNRELIABLE shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ENSURE you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free CLEANING/maintenance tools to help keep your computer running smooth.Thank you VERY much.W.O.T.,I have allready installed(Thanks for the tip).And I am busy with the rest.I was one of those guys that was a freak in cleaning and ran much to much cleaning-programs.Now I know what I REALLY need I`ll keep it at that. If I encounter any problems with the other programs I`ll let you know.But I think all is all right now !!! Thanks a million : Eric............ PS : What is: Bumping a thread ??

1665.	Solve : Trojan caused Win Vista problems?
Answer» I'm new to this site, but I've been told it's the best place to go for help. I had AVG on my HP notebook for a very long time, however a trojan snuck past it and now I'm getting errors left and right. When I would double click on AVG, Mozilla, or any other program, I would get a box that said "Open With - Choose the program you want to USE to open this file: " and my only choices were Adobe Reader 8.1 or Firefox. By chosing Firefox (to open a web page) another box would pop up that says "Opening firefox.exe - You have chosen to open firefox.exe which is a: Application from C:\Program Files\Mozilla Firefox - Would you like to save this file?" and I would have the option to Save or Cancel. I had no option to "Always use the selected file to open this program" or I would have just checked that box and solved that problem... Going hand in hand with this minor inconvenience is a problem with my Windows program (the actual part I'm worried about). When I try to open things in my Control Panel I get the message "C:\Windows\system32\rundll32.exe Application not found ". Therefore, I am unable to navigate through several areas of my control panel (to my ability anyway). My COMPUTER came with Win Vista installed and I don't have any disks to use if that's what's required at this point. I would just really appreciate a hint or two as to where I should go from here with this problem. I'm clueless. I have run Kaspersky now that I had to take AVG off the computer from the error messages I kept getting and Kaspersky tells me that there are no more Trojans or other problems on my machine. Hijack This says : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:22:12 PM, on 2/2/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16982) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HJT\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O2 - BHO: HP PRINT Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [notepad] rundll32.exe C:\Windows\system32\config\SYSTEM~1\ntload.dll,[emailprotected] O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: scandisk.dll O4 - Startup: scandisk.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: HP Smart SELECT - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdcserv.exe O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NlsSrv32.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SName - Unknown owner - C:\Windows\system32\borCFileName.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6988 bytes Looking forward to what you think... Thanks Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when DONE, post the log back here.

1666.	Solve : avast help?
Answer» I use Avast Virus program and it is FREE But it keeps finding all of these Viruses so I scan and Fix all and run it in Safe Mode and do the same thing. It still wont get rid of them. Does anyone KNOW of a good FREE Virus program??? PS yes I did the updateFirst we need to know what Avast is complaining about. It's not good to do a BUNCH of changes to an INFECTED computer. Scan your computer with Panda ActiveScan * Once you are on the Panda site click the Scan your PC now button. * A new window will open...click the Scan Now button. * If it wants to install an ActiveX component allow it. * It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes) * You may get a warning from Internet Explorer that Panda is ready to install, please allow it. * The scan will BEGIN. Please be patient as it can take an hour or more to complete. * When the scan completes, if anything malicious is detected, click the Export to: button (LOOKS like a little Notepad). * Save the ActiveScan.txt to a convenient location like your desktop. * Note: You do not need to select any of the Disinfect options. We will remove any threats manually. * Post the contents of the ActiveScan report in your next reply.I did the scan like you told me to and it found 32 Infected Items. It was only at 20 percent and I had to stop because it was taking all day. I have no time left so I will have to get this out somehow. No problem.Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster JayI need a good free Mailware program Is SbyBot good and free or any of them??

1673.	Solve : C:\windows\system32\sshnas21.dll infected, Trojan Horse?
Answer» Hello! AVG is telling me that my C:\Windows\System32\sshnas21.dll is infected with Trojan horse PSW.Generic7.BGKK, and that it cannot be removed. Any help would be appreciatedThat's a malicious file and there are likely others. Start here and post the 3 logs when complete.All steps completed, here are the logs! SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/04/2010 at 10:55 AM Application Version : 4.33.1000 Core Rules Database Version : 4552 Trace Rules Database Version: 2364 Scan type : Complete Scan Total Scan Time : 11:14:47 Memory items scanned : 765 Memory threats detected : 3 Registry items scanned : 6288 Registry threats detected : 1 File items scanned : 67848 File threats detected : 14 Trojan.Agent/Gen-SSHNas[FakeAlert] C:\WINDOWS\SYSTEM32\SSHNAS21.DLL C:\WINDOWS\SYSTEM32\SSHNAS21.DLL Trojan.Dropper/Win-NV C:\WINDOWS\MSA.EXE C:\WINDOWS\MSA.EXE Trojan.Agent/Gen-CDesc[NewF] C:\USERS\VEGAR\APPDATA\LOCAL\TEMP\WFX.EXE C:\USERS\VEGAR\APPDATA\LOCAL\TEMP\WFX.EXE [BMIMZMHMFM] C:\USERS\VEGAR\APPDATA\LOCAL\TEMP\WFX.EXE Adware.Tracking Cookie C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt C:\Users\Vegar\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt -------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.44 Database version: 3688 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 04.02.2010 15:51:30 mbam-log-2010-02-04 (15-51-30).txt Scan type: Quick Scan Objects scanned: 100705 Time elapsed: 16 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. -------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:52:29, on 04.02.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\ASUS\Asus WebStorage\BackupService.exe C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ASUS\Eee Docking\Eee Docking.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe O4 - HKLM\..\Run: [liveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [HotKeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [IgfxExt] C:\windows\system32\IgfxExt.exe /RegServer O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETTVERKSTJENESTE') O4 - Global Startup: HotKeyMon.lnk = C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe O4 - Global Startup: SRS Premium Sound.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe -- End of file - 7023 bytes If you already have ComboFix be sure to DELETE it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, ETC) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix*Here is the Combofix-log: ComboFix 10-02-04.01 - Vegar 04.02.2010 22:32:22.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.2038.1085 [GMT 1:00] Kjører fra: c:\users\Vegar\Desktop\ComboFix.exe SP: SUPERAntiSpyware disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\temp c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotKeyMon.lnk c:\windows\system32\Thumbs.db Infisert kopi av c:\windows\system32\DRIVERS\atapi.sys ble funnet og desinfisert [translation: Infected copy of c:\...\atapi.sys was found and disinfected] Gjenopprettet kopi fra - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!System32!drivers!atapi.sys [translation: restored copy from - c:\...] . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-01-04 til 2010-02-04 ))))))))))))))))))))))))))))))))) . 2010-02-04 21:46 . 2010-02-04 21:46--------d-----w-c:\users\Default\AppData\Local\temp 2010-02-04 21:46 . 2010-02-04 21:48--------d-----w-c:\users\Vegar\AppData\Local\temp 2010-02-04 18:38 . 2010-02-04 18:38--------d-----w-c:\program files\Trend Micro 2010-02-04 16:21 . 2010-02-04 16:21--------d-----w-C:\JavaRa 2010-02-04 16:16 . 2010-02-04 16:16--------d-----w-c:\program files\Common Files\Java 2010-02-04 16:10 . 2010-02-04 16:09411368----a-w-c:\windows\system32\deploytk.dll 2010-02-04 16:09 . 2010-02-04 16:09--------d-----w-c:\program files\Java 2010-02-04 14:27 . 2010-02-04 14:27--------d-----w-c:\users\Vegar\AppData\Roaming\Malwarebytes 2010-02-04 14:26 . 2010-01-07 15:0738224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-04 14:26 . 2010-02-04 14:26--------d-----w-c:\programdata\Malwarebytes 2010-02-04 14:26 . 2010-01-07 15:0719160----a-w-c:\windows\system32\drivers\mbam.sys 2010-02-04 14:26 . 2010-02-04 14:26--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-02-03 22:23 . 2010-02-03 22:2352224----a-w-c:\users\Vegar\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-03 22:22 . 2010-02-03 22:22117760----a-w-c:\users\Vegar\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-03 22:19 . 2010-02-03 22:19--------d-----w-c:\programdata\SUPERAntiSpyware.com 2010-02-03 22:18 . 2010-02-03 22:18--------d-----w-c:\program files\SUPERAntiSpyware 2010-02-03 22:17 . 2010-02-03 22:18--------d-----w-c:\users\Vegar\AppData\Roaming\SUPERAntiSpyware.com 2010-02-03 22:15 . 2010-02-03 22:15--------d-----w-c:\program files\Common Files\Wise INSTALLATION Wizard 2010-02-03 22:02 . 2010-02-03 22:02--------d-----w-c:\program files\CCleaner 2010-02-03 21:03 . 2010-02-03 21:03691696----a-w-c:\windows\system32\drivers\sptd.sys 2010-02-03 21:00 . 2010-02-04 10:00--------d-----w-c:\program files\DAEMON Tools Lite 2010-02-03 21:00 . 2010-02-04 21:07--------d-----w-c:\users\Vegar\AppData\Roaming\DAEMON Tools Lite 2010-02-03 21:00 . 2010-02-03 21:00--------d-----w-c:\programdata\DAEMON Tools Lite 2010-02-03 20:31 . 2010-02-03 20:32--------d-----w-C:\OFFICE 2010-02-03 11:38 . 2010-02-03 11:38--------d-----w-c:\users\Vegar\AppData\Local\Diagnostics 2010-02-03 06:26 . 2010-01-30 21:14--------d-----w-C:\Microsoft Office 2007 2010-02-02 21:35 . 2010-02-03 06:30--------d-----w-c:\users\Vegar\Nedlastinger 2010-02-02 21:32 . 2010-02-02 21:32175----a-w-c:\users\Vegar\AppData\Roaming\Azureus\restart.bat 2010-02-02 21:27 . 2010-02-02 21:27--------d-----w-c:\programdata\Azureus 2010-02-02 21:27 . 2010-02-03 20:30--------d-----w-c:\users\Vegar\AppData\Roaming\Azureus 2010-02-02 21:24 . 2010-02-03 20:31--------d-----w-c:\program files\Vuze 2010-02-02 21:24 . 2010-02-02 21:24--------d-----w-c:\program files\Common Files\i4j_jres 2010-02-02 21:07 . 2010-02-03 06:45--------d-----w-C:\$AVG 2010-02-02 21:07 . 2010-02-02 21:0712464----a-w-c:\windows\system32\avgrsstx.dll 2010-02-02 21:07 . 2010-02-02 21:07360584----a-w-c:\windows\system32\drivers\avgtdix.sys 2010-02-02 21:07 . 2010-02-02 21:07333192----a-w-c:\windows\system32\drivers\avgldx86.sys 2010-02-02 21:07 . 2010-02-02 21:0728424----a-w-c:\windows\system32\drivers\avgmfx86.sys 2010-02-02 21:07 . 2010-02-04 16:55--------d-----w-c:\windows\system32\drivers\Avg 2010-02-02 21:07 . 2010-02-02 21:07--------d-----w-c:\program files\AVG 2010-02-02 21:07 . 2010-02-02 21:07--------d-----w-c:\programdata\avg9 2010-02-02 20:59 . 2010-01-14 10:12181120------w-c:\windows\system32\MpSigStub.exe 2010-01-31 12:33 . 1999-03-06 11:386144----a-w-c:\windows\system32\drivers\ASUSHWIO.SYS 2010-01-31 12:24 . 2009-09-10 05:52257024----a-w-c:\windows\system32\msv1_0.dll 2010-01-31 12:07 . 2009-10-29 07:222048----a-w-c:\windows\system32\tzres.dll 2010-01-30 23:35 . 2010-02-01 23:20--------d-----w-c:\program files\Microsoft Silverlight 2010-01-30 23:35 . 2009-08-05 21:4854632----a-w-c:\windows\system32\drivers\fssfltr.sys 2010-01-30 22:55 . 2010-02-03 17:08--------d-----w-c:\users\Vegar\Tracing 2010-01-30 22:55 . 2010-01-30 22:55--------d-----w-c:\users\Vegar\AppData\Local\Windows Live Writer 2010-01-30 22:55 . 2010-01-30 22:55--------d-----w-c:\users\Vegar\AppData\Roaming\Windows Live Writer 2010-01-30 20:48 . 2009-10-31 05:452614272----a-w-c:\windows\explorer.exe 2010-01-30 20:48 . 2009-10-28 06:17285696----a-w-c:\windows\system32\winlogon.exe 2010-01-30 20:48 . 2009-08-29 06:5734816----a-w-c:\windows\system32\msasn1.dll 2010-01-30 20:48 . 2009-10-02 04:06728648----a-w-c:\windows\system32\drivers\dxgkrnl.sys 2010-01-30 20:48 . 2009-09-03 07:041320960----a-w-c:\windows\system32\CertEnroll.dll 2010-01-30 20:48 . 2009-08-19 07:20507568----a-w-c:\windows\system32\winload.exe 2010-01-30 20:48 . 2009-08-19 07:20442920----a-w-c:\windows\system32\winresume.exe 2010-01-30 20:48 . 2009-08-29 06:5412625408----a-w-c:\windows\system32\wmploc.DLL 2010-01-30 20:47 . 2009-10-19 14:10108544----a-w-c:\windows\system32\t2embed.dll 2010-01-30 20:47 . 2009-10-19 14:1070656----a-w-c:\windows\system32\fontsub.dll 2010-01-30 20:47 . 2009-07-30 04:44293888----a-w-c:\windows\system32\atmfd.dll 2010-01-30 20:45 . 2009-12-19 09:02977920----a-w-c:\windows\system32\wininet.dll 2010-01-30 20:28 . 2010-01-30 20:28--------d-----w-c:\users\Vegar\AppData\Local\Mozilla . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-02 20:32 . 2009-07-14 04:52--------d-----w-c:\program files\Windows Sidebar 2010-02-02 20:32 . 2009-07-14 02:37--------d-----w-c:\program files\Windows Mail 2010-02-02 20:32 . 2009-07-14 04:52--------d-----w-c:\program files\Windows Photo Viewer 2010-02-02 20:32 . 2009-07-14 07:49--------d-----w-c:\program files\Windows Journal 2010-02-02 20:32 . 2009-07-14 04:52--------d-----w-c:\program files\Windows Defender 2010-02-02 20:31 . 2009-07-14 04:52--------d-----w-c:\program files\DVD Maker 2010-02-02 17:37 . 2009-06-20 18:5574124----a-w-c:\windows\system32\perfc014.dat 2010-02-02 17:37 . 2009-06-20 18:55448210----a-w-c:\windows\system32\perfh014.dat 2010-02-02 06:12 . 2009-12-25 10:0379136----a-w-c:\users\Vegar\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-01 16:32 . 2009-08-31 14:13--------d-----w-c:\programdata\Microsoft Help 2010-01-31 12:22 . 2009-08-31 14:15--------d-----w-c:\program files\Microsoft Works 2010-01-30 23:34 . 2009-12-25 10:10--------d-----w-c:\program files\Windows Live 2009-12-25 10:14 . 2009-12-25 10:10--------d-----w-c:\program files\Microsoft 2009-12-25 10:13 . 2009-12-25 10:13--------d-----w-c:\program files\Microsoft Sync Framework 2009-12-25 10:12 . 2009-12-25 10:12--------d-----w-c:\program files\Microsoft SQL Server Compact Edition 2009-12-25 10:10 . 2009-12-25 10:10--------d-----w-c:\program files\Windows Live SkyDrive 2009-12-25 10:07 . 2009-12-25 10:07--------d-----w-c:\program files\Common Files\Windows Live 2009-06-10 21:26 . 2009-07-14 02:049633792--sha-r-c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42396800--sha-w-c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . Merk tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-06-10 21:23278864----a-w-c:\windows\System32\mscoree.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-06-10 21:23278864----a-w-c:\windows\System32\mscoree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-08-25 402608] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512] "HotkeyService"="AsusSender.exe" [2009-09-11 33768] "SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-07-31 947472] "LiveUpdate"="AsusSender.exe" [2009-09-11 33768] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248] "HotKeyMon"="AsusSender.exe" [2009-09-11 33768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-15 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-15 354840] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SRS Premium Sound.lnk - c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2009-8-31 156880] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [02.02.2010 22:07 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [02.02.2010 22:07 360584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.07.2009 00:52 48128] R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [31.08.2009 15:09 219136] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [02.02.2010 22:07 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [02.02.2010 22:07 285392] R3 igd;igd;c:\windows\System32\drivers\igdkmd32.sys [10.10.2009 09:04 635552] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\System32\drivers\L1C62x86.sys [18.08.2009 14:24 51712] S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [31.01.2010 00:35 54632] S3 fsssvc;Windows Live Tryggere for familien-tjenesten;c:\program files\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408] S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [03.02.2010 22:03 691696] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://asus.msn.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Vegar\AppData\Roaming\Mozilla\Firefox\Profiles\9qgas2eo.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.startsiden.no/ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - TOMME PEKERE FJERNET - - - - Toolbar-Locked - (no file) SafeBoot-dmboot.sys SafeBoot-dmio.sys SafeBoot-dmload.sys SafeBoot-dmadmin SafeBoot-dmserver SafeBoot-SRService AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(5348) c:\program files\ASUS\Asus WebStorage\LogicNP.EZShellExtensions.dll c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\taskhost.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conhost.exe c:\windows\system32\conhost.exe c:\program files\Asus\LiveUpdate\LiveUpdate.exe c:\program files\EeePC\HotkeyService\HotkeyService.exe c:\program files\EeePC\SHE\SuperHybridEngine.exe c:\program files\EeePC\HotkeyService\HotKeyMon.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************ . Tidspunkt ferdig: 2010-02-04 22:53:38 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-02-04 21:53 Pre-Run: 82390867968 byte ledig Post-Run: 82298265600 byte ledig - - End Of File - - CE42D1426E38CAF7B033CA8EDCAC9AE0 Download Security Check by screen317 from one of the following links and save it to your desktop. Link 1 Link 2** * Unzip SecurityCheck.zip and a folder named Security Check should appear. * Open the Security Check folder and double-click Security Check.bat * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt * Post the contents of that document in your next reply. Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.This is the resulting log: Results of screen317's Security Check version 0.99.1 Windows 7 (UAC is enabled) `````````````````````````````` Antivirus/Firewall Check: AVG Free 9.0 WMIC entry does not exist for antivirus; attempting automatic update. `````````````````````````````` Anti-malware/Other Utilities Check: SUPERAntiSpyware Free Edition CCleaner Java(TM) 6 Update 18 Java Auto Updater Out of date Java installed! Adobe Flash Player 10 Adobe Reader 9.1 MUI `````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe AVG avgemc.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` Looks good. If there are no more malware issues we can finish up now. Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done. * Click START then RUN * Now type Combofix /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter. The above procedure will: * Delete: ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- Use the Secunia Software Inspector to check for out of date software. * Click Start Now * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. ---------- Go to Microsoft Windows Update and get all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thank you very much Your welcome. Safe surfing...

1681.	Solve : Help! Removal of Trojan.Packed.NsAnti virus ~ log attached?
Answer» HI My business desktop installted with enterprise version of Symantec antivirus program is infected with Trojan.Packed.NsAnti virus. It is triggering manual scan the entire day, quarantining LOTS of tmp files. Have ATTACHED the log generated using Micro Hijack this. Pls advise asap. [Saving space, attachment deleted by admin]Is this business desktop belonging to an organization or company?Yes, it belongs to an organisation. IT do not support virus removal, I need to reimage my PC to get rid of the virus.I'm sorry to turn down the help, but we help home users for free, but for BUSINESSES we will not help. We are here for home users, sorry.

1667.	Solve : Recomended Antivirus and Firewall.?
Answer» As I recall there was a page somewhere here that listed the latest and greatest antivirus and firwalls. I cannot seem to find it, if it still exists. I am working on a 1ghz dell laptop with 256mb ram. ANYTHING not to heavy you can recomend? Thanks!Microsoft Security Essentials is very lightweight and protects very well. http://www.microsoft.com/Security_Essentials/ As for a FIREWALL. If you aren't doing any online banking, PayPal etc, then the WINDOWS firewall will be sufficient. Any third party firewall will likely slow down the computer.Thanks for the reply. The computer will be used for online banking and such other things.You might try a few of these and see which one works the best with your setup. 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo HopSurf..", Ask.com search provider" and "Make Comodo HopSurf.com Search my homepage" 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus Comodo or Online Armor might be the ONES to try first.Thank you very MUCH for the speedy replys!!Your welcome.

1668.	Solve : How can I get a back trace to catch a hacker?
Answer» Last night a hacker got into my MAIN computer and changed all my SETTINGS and DISABLED my devices and is now trying to communicate with me thru yahoo messenger. He disabled his username he says was for my protection. I had Zone Alarm FIREWALL, AVG antivirus, and Threat fire antivirus but he was still able to get into my computer. My ZoneAlarm doesn't have the back trace feature and I can't find any info who to CONTACT to do a back trace if he attempts to contact me thru messenger again. Any help appreciated. THANKSPlease go to this link and follow the directions and post the required logs.

1669.	Solve : anti-virus question?
Answer» If I'm using AVG Free version, and I've got RESIDENT Shield enabled, should it be disabled before I run a scan with say, Malwarebytes?I don't disable mine. Alan &LT;>< Yes, i used to have two different sorts of anti-virus scanners that WOULD detect the other as viruses if they were both active, so i simply turned one off and it seemed to work fine don't know if it will absolutely work in this case, but it is worth a tryUse AVAST ! Be SMART Get Better Results Than AVG AVAST USER You do not have to turn off your protection to run MBAM

1674.	Solve : Application cannot be executed. The file "" is infected. HALPHALPHALP?
Answer» I need help getting rid of this virus/malware/rogue. It's ruining my life.ok a couple of questions to get a clearer IDEA of the problem do you have anti-virus software installed? if so what program? is it up to date? when does this message appear, on STARTUP (GUI) or on trying to access a specific file? does this appear when you boot into safe mode in windows? (if not use msconfig or windows defenders "software explorer" to disable 3rd party applications from STARTING at system boot and re-enable one at a time until you encounter this error again). ALTERNATIVELY if you know what program this error is referring to try to repair the installation to see if that does anything OR un-install then re-install the program. try malwarebytes anti-malware OR spybot search & destroy to scan for malware etc. See if they find anything. If you need anti-virus there are plenty of programs out there (free and subscription). I'm no security expert but i don't think there's much of a DIFFERENCE between the free one(s) and pay-for-use anti-virus programs.that sounds really familiar. sounds like "internet Security 2010" infections. its a tricky one but running combofix can really give you a good start. here is a tutorial on how to use it http://www.bleepingcomputer.com/combofix/how-to-use-combofix maybe after thats done i suggest a malwarebytes scan with eset online scan. keep posting

1675.	Solve : Virus Concern?
Answer» Hi Jay. I will most certainly update this PC and unload and make sure that the programs that you SUGGESTED are used. I can't thank you enough for your patience ,diligence and expertise in these virus matters. Without your help I don't know where I WOULD have gone or what else I would have done? Sure HOPE that I don't have to bother you again for a long, long time. This was a terrible SITUATION for me but you made it a very LEARNING experience, and I think that you made this whole situation as easy for me as you possibly could have. Thank you, thank you ,thank you, overthehill You're welcome.

1677.	Solve : Adware.Zango?
Answer» I can't SEEM to duplicate it. I have MBAM on with IP protection and it's not happening here. STRANGE.I have had no more IP's blocked. I wonder if it had summit to do with the update of MBt's. not sure, but yes strange, thanks for the help with the other problems i had. PC is working sound. It's 2 in the morning here in ENG so it's time for sum zzzzzzzzz's cheers EFYour welcome. Safe surfing...

1680.	Solve : Hello I cant use any other search engine but search.com cant remove problem?
Answer» THANK you so much evil my COMPUTER hasnt RUN this well in a very long time AWSOME easy to FALLOW advice thank you againYour welcome. Safe surfing.

1683.	Solve : Application cannot be executed... My case, pls help?
Answer» Hi, I have read all posts with the same issue. I also TRIED Combofix. But I cannot run any application. After I downloaded, I opened it to run but the warning "application cannot be executed. ...exe file is infected" popped up and the application closed. I also have Antivirus warning and AUTOMATICALLY opened IE to xxx web site . Any help is highly appreciated. Please. I still need help. Pls. I am receiving Application cannot be executed" warning and I can do nothing with it. I've tried downloaded many SOFTWARE that I've read in other posts but after DOWNLOADING, I could not run it because the popup would prevent me to do so and close the application right away. I also received warning from Antivirus Soft and it keeps opening IE to xxx websites. Anyone pls help me...Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log BACK here.

1690.	Solve : PC Infected with 'popup' virus?
Answer» AVG will work fine with those. EVERYTHING I suggested in that last post is "PASSIVE protection" and won't interfere with AVG or the performance of your computer.

1694.	Solve : Atapi.sys Google Redirect Problem?
Answer» You're WELCOME.

Explore topic-wise InterviewSolutions in .

Solve : AVG 8.0?

Solve : XEROX - NWWIA?

Solve : Vundo?

Solve : What are the top free antivirus and spyware programs for my computer?

Solve : Computer is not working right??

Solve : Windows Security Alert problems...?

Solve : Orange Email problem?

Solve : Possible Malware/Virus Problem?

Solve : Autorun Infections on USB Drives?

Solve : Please review- Help !!! 3 Different problems !?

Solve : spyware/malware??

Solve : New AV?

Solve : ??? Web-Protection ????

Solve : help! cannot open any programs. keep getting virus alerts?

Solve : Trojan caused Win Vista problems?

Solve : avast help?

Solve : Recomended Antivirus and Firewall.?

Solve : How can I get a back trace to catch a hacker?

Solve : anti-virus question?

Solve : Internet Explorer very hard to open?

Solve : here are my logs as requested?

Solve : riddled with viruses please help?

Solve : C:\windows\system32\sshnas21.dll infected, Trojan Horse?

Solve : Application cannot be executed. The file "" is infected. HALPHALPHALP?

Solve : Virus Concern?

Solve : Malware - Can't open any program or get online...?

Solve : Adware.Zango?

Solve : corrupted exes (control.exe mmc.exe)?

Solve : Re: logon.exe, is it a virus/trojan??

Solve : Hello I cant use any other search engine but search.com cant remove problem?

Solve : Help! Removal of Trojan.Packed.NsAnti virus ~ log attached?

Solve : Virus prevents computer from booting normally?

Solve : Application cannot be executed... My case, pls help?

Solve : AntiVirus Plus etc?

Solve : I've got a trojan hourse (or two) and can't get shot of it. "psw.generic7.bemv"?

Solve : Virus effect hep with explorer / file manager?

Solve : Someone please help.. :-(?

Solve : UACd.sys Trojan?

Solve : Regarding "Read this before requesting malware removal help"?

Solve : PC Infected with 'popup' virus?

Solve : need help removing virus?

Solve : Need Help Removing Malware?

Solve : A few problems with my computer?

Solve : Atapi.sys Google Redirect Problem?

Solve : System infected.?

Solve : Struggling with slow m/c, LONG re-boot and lost HDD space?

Solve : Google Redirection and Others?

Solve : NvCplDaemon?

Solve : HP Pavillion ZD7000 has a virus, trojan?! Help!?

Solve : computer slow & hanging up in internet...had a trojan (see below)?

1696.	Solve : Struggling with slow m/c, LONG re-boot and lost HDD space?
Answer» Hi, hope you can help me. The machine is a small but crucial laptop - Dell Inpiron 2600 - long in tooth but still vital to me. Runs XP with SP2, Celeron 1066Mhz, 382 Mb RAM, 830M graphics controller, 20G HDD (with 5G free space but more about this later). Have struggled for a long time (years?) with slow processing and a 30+ minute re-boot time. Get lots of HDD chattering until eventually I get to do some work. What prompts this cry for help is that in last few days I created 5Gb free space by deleting stuff, removing stuff and compressing the drive during Disk Cleanup and then within a few days the 5Gb disappeared and shows me having just 156Mb free space! This afternoon, have CAREFULLY followed the clearing up stages shown on thread 46313 and now have the 5Gb back - but the processing is still really slow. Please can someone have a look at the attached logs and see if there is a visible cause for the slow processing and any possible ACTION I could take? I would really APPRECIATE any help you can give as I have a large job to do on here and I dread the slow processor. Thanks in anticipation Grody [SAVING space, attachment deleted by admin]Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log back here.

1697.	Solve : Google Redirection and Others?
Answer» Hi, and sorry if I previously posted to another thread. I didn't realize that I wasn't supposed to do that. I started out with Antivirus Live problems. Using research on the web, I seemed at first successful at getting rid of it by going into the registry, removing all references to what it seemed to call itself (becusysguard.exe), and then deleting the folder it put in my c:\documents and settings\myname\local settings\application data\random dir\becusysguard.exe. Also, I took out the proxy settings from IE that it put in on its behalf. This worked for about two weeks, but I keep getting hit with similar "You have a virus blah blah blah" infection - similar to Antivirus Live, but a different infection. In these later cases, the infection locks me out of just about everything, and the only way I can resolve is to boot the Windows XP CD into repair mode and then copy a bare bones registry from c:\windows\repair, and then boot into safe mode and then PICK a RESTORE point before infection. These are temporary fixes. Within a few days, I get hit with something else. At one point, I downloaded and installed McAfee, and since then I haven't gotten the "Antivirus Live" type of issues, but now I have what seems to be the Google Redirection issue. The computer also seems to be doing funky things - screen vibrates, scroll bars advance on their own - almost as if someone is remoted in. So, I went through all the Read Me First posts and did all the scans. I will attach the logs here. In Add / Remove Programs, the only thing I don't recognize is WindowsLive OneCare Safety Scanner. I didn't see this on any list of viruses or malware, and I don't suspect it's a problem, but I mention it here. So thank you for all of your kind help, and I hope that we can get rid of this thing. Is it possible that my IP Address is open to someone, so that even though I clean my machine, they can continue to re-enter and infect? Would they be getting through my firewall if that were the case? [Saving space, attachment deleted by admin]Please go to Jotti's malware scan (If more than one file needs scanned they must be done separately and logs posted for each one) * Copy the file path in the below Code box: Code: [Select]C:\Documents and Settings\Stu\Start Menu\Programs\Startup\SUN.EXE* At the upload site, click once inside the window next to Browse. * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. * Next click Submit file * Your file will possibly be entered into a queue which normally takes less than a minute to clear. * This will perform a scan across multiple different virus scanning engines. * Important: Wait for all of the scanning engines to complete. * Once the scan is finished, Copy and then Paste the link in the address BAR into your next reply. ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixCombofix froze while running unattended. I let it be for a few hours. I went into task manager to do an orderly shutdown, and that froze too. After a hard power reset, the machine just rebooted itself during startup even when attempting safe mode. Going into the recovery console and copying a bare bones registry from c:\windows\repair into c:\windows\system32\config did not resolve this. Neither did fixboot, chkdsk, or any other utility I could find. I did a repair install of Windows XP which got me running again, but at this point, I'll say that the machine is unstable enough to validate a clean install from scratch. So, I'll get started on that, and after many hours of updates, plus driver installs, etc... I'll come back in and say hello. Oh, and that Sun.EXE is a legit program that sits in the systray. It just tells you sunrise and sunset times and is more than ten years old. You can check this out at www.sunrisesunset.com The Jotti's malware scan didn't pick up anything for this... http://virusscan.jotti.org/en/scanresult/8962ed2bc3277daa3b0ef278cb96291145f51ac9 All OK as per above, but I'm having trouble reinstalling McAfee Security. After downloading and installing, it says I have remnants of Enterprise. I don't see how this is possible with a newly formatted HD, but nonetheless, I can't find the McAfee Enterprise Removal Tool to try and get rid of it. Anyone know where I may get this?Sorry I somehow missed your prior reply... Try this for the McAfee errors. Download the McAfee Consumer Product Removal Tool to your Desktop. Using McAfee Consumer Product Removal tool:** * Double click the MCPR.exe * A Command Line window will be displayed, and then close automatically. * Wait for a second Command Line window to be displayed. Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear. * After the second window appears, the program will BEGIN the cleanup. * Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n] * Press Y on the keyboard. * Wait for the computer to restart. * All McAfee products are now removed from your computer.

1698.	Solve : NvCplDaemon?
Answer» I am running MSI/SpywareBlaster and web of TRUST and I have Comodo registry cleaner after running registry cleaner I clicked on the startup tab and noticed this NvCplDaemon what is it ? Do I need to get rid of it? How?Please ignore this post I overreacted done some checking and found out I my computer runs this at start up has SOMETHING to do about setting clock speed.Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance. There are a number of them available and some are more safe than others. Keep in MIND that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. WITHOUT research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated METHOD to cause problems with the registry. For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great. Further reading: XP Fixes Myth #1: Registry Cleaners

1699.	Solve : HP Pavillion ZD7000 has a virus, trojan?! Help!?
Answer» I was useing my Hp laptop last week and i download a torrent it was windows Chicago which was made in 1993 (so they say) and i used Bit Torrent to fully download it. the next DAY i boot it up and the welcome screen loads longer and the following ERROR shows up: "Security Warning! Worm. Win32. Netsky detected on your machine. This virus is distributed via the internet though e-mail and active-x objects. The worm has it's own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. viruses can damage your confidential data and work on your computer. Continue working in unprotected mode is very dangerous. Type: virus system affected: windows 2000, Nt, Me, Xp, vista, 7 security risk(0-5): 5 Recomendations: It is necessary to perform a full sytem scan. then when i click ok the computer finishes loading and instead of my desktop it shows a green screen with the words Your system is infected and some more............ then it does a scan through antivirus plus and finds: SecurePCCCleaner Dialer.trafficjam trojan.poision.j win32.delbot and it goes on and on My system has: 3 GHz processor 512 mg RAM 80 Gb hdd Dvd burner any HELP PLEASE!? Is there anything i can do WITHOUT wiping out the Hdd?Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log back here.