InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 2101. |
Solve : download to stop spam? |
|
Answer» has anyone USED or heard of "AKISMET " spam blocker |
|
| 2102. |
Solve : Help with Virus Removal? |
|
Answer» Hi - I am learning the hard way why a person should keep their antivirus s/w up to date. I'm having the same problem but without the casino icon thing. speckulizer, if you can't get to a site to download something, try looking for it on download.com, that's how I downloaded Spybot Search & Destroy after my virus wouldn't let me get to the official site.If you have the same problem, PLEASE start a new topic. |
|
| 2103. |
Solve : Invalid registry entry ShellExecuteHook Typ DLL? |
|
Answer» My Security Task Manager test version is reporting again invalid registry entry 5AE067D3-9AFB-48E0-8532-EBB7F4A000DA. |
|
| 2104. |
Solve : Annoying "Talking" Virus? |
|
Answer» This thing is really starting to piss me off... It'll start up some .sys file (changes almost every time I see it) and start playing me some COMMERCIALS or some ads or something. This is a shared computer in my office, so I don't know who/what/when/etc. happened. One thing I do know though... this thing has created a user account in windows with administrative access... I've deleted it, changed it's password, changed it's rights... just keeps coming back. User name is IUser_Admin. Someone please help. Thanks! We need permission from the IT department before advising any further as this is a work machine... I spoke with the Desktop Support Manager about trying this and he said he's sick of pulling his hair out, so if I can find other answers I can do it as long as I don't upgrade to SP3 (some of our software hasn't been tested with it yet) or upgrade to IE7 (some of our web based applications don't appear to work with it - yet). Also, I am in the IT department (I work in the NOC), but I mostly deal with the mainframe and Novell and Linux based servers, so Windows and I don't get along...Got it. In the meantime i'm going to move this to the Virus and Spyware section... One of our Specialists should be along shortly. Best of Luck and Welcome Aboard !Thanks... and sorry for posting in the wrong board. I look forward to whatever help y'all can give me... :-)This is a severely infected computer. I see at least 5 rootkits installed. If you know anything about rootkits then you know just how dangerous they can be to a computer, not to mention a shared office computer. My suggestion is to flatten the drive and reinstall. Read the below information and let me know what you want to do. One or more of the identified infections was related to a rootkit componet. Rootkits are very dangerous because they use advanced techniques as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? Although the rootkit was identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because a rootkit has been removed the computer is secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Please read When should I re-format? How should I reinstall? and Reformatting the computer or troubleshooting; which is best?. Wow... that was not happy news... Thanks for the input. I'll let my Desktop Support guy know what's going on... could you please tell me which ones are "rootkits" so that I can give him a better report? Great... I have used this computer for banking needs too... *sigh* Thanks again...These are the ones that are showing. Remember HijackThis only shows some forms of malware and running processes. It doesn't see hidden nasties. I have helped in cleaning this type of infection before but it isn't easy and can easily stretch into a few days or more (depending on your and my schedules). These are the ones that are easily identified. This particular rootkit will often install 2 or 3 drivers for each rootkit service it installs so there is definitely much more going on then what I can see now. O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe ---------- Lets go ahead and maybe see just how bad it is. Sometimes they will go away without a huge fight. Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web BROWSERS. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. Best way out of this is too wipe the hard drive clean, its going to take a lot of time to remove all infected files. Quote from: kizza1645 on September 16, 2008, 03:40:07 AM Best way out of this is too wipe the hard drive clean, its going to take a lot of time to remove all infected files. That may be the easiest way for you.... Would you like to learn to fight malware?Quote from: evilfantasy on September 16, 2008, 10:10:12 AM Quote from: kizza1645 on September 16, 2008, 03:40:07 AMBest way out of this is too wipe the hard drive clean, its going to take a lot of time to remove all infected files. No, i dont, its just so easy to wipe it. why bother searching for the littbe buggers.Quote from: kizza1645 on September 17, 2008, 12:06:36 AM
Then leave it for those of us that do.... |
|
| 2105. |
Solve : Keylogger ?? |
|
Answer» My cousin downloaded a game (Eudemons, free server)
---------- Run this online scan. Requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply |
|
| 2106. |
Solve : Cant download files, Lemmy, oduxftw.exe and more? |
|
Answer» After rebooting there is no more ie running in the background, or any other noticable problems, should I still FINISH these STEPS?Post a NEW HIJACKTHIS log please. |
|
| 2107. |
Solve : Don't know where to start:(? |
|
Answer» I was on here last week with a virus. I got that removed and everything worked fine for a few days. Now everything is so super slow on my computer. My internet TAKES forever to load a page and my programs won't respond or take forever to respond. |
|
| 2108. |
Solve : HiJack This log. Possible infection?? |
|
Answer» Hey everyone. |
|
| 2109. |
Solve : HELP!!! windows quick system eraser problem? |
|
Answer» hi,
---------- How is everything now?combofix is uninstalled now. let me shut down my computer and start new. i'll reply you soon.i think that the problem with windows quick system eraser is solved now. it doesn't appear when i start the computer. i have checked this two times with shut down and once with restart. the only problem is that each time i woudl shut down the computer i receive an error message about dwwin.exe.Thats the Dr. Watson for Windows (Drwtsn32.exe) Tool - See here for more information http://support.microsoft.com/kb/308538 You might try seeing if something is needing to be updated. Use the Secunia Software Inspector
the main problem is fixed. i can't thank you enough, i owe you so much! big cyber hug!!!! |
|
| 2110. |
Solve : What is the latest link to a Symantec removal tool?? |
|
Answer» Running two antivirus programs is a distinct system problem. Can you give me the best (LATEST) link to access the Symantec Antivrus program removal tool. We will write BACK and confirm a problem has been fixed. One firewall and only one A/V program.
It did download to my desktop. I accepted the license. I typed in the ltrs and #'s. This is the response: SymNRT: Invalid signature - this file is not signed so it won't run. http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039 |
|
| 2111. |
Solve : Re: Virus Alert Clock, No C: or D:, selective internet activity, no control panel.? |
|
Answer» Can you CHECKOUT my LOGS and tell me ANYTHING else i have to do please, Ive REMOVED all the problems but i am still left with the redirecting of LINKS ? |
|
| 2112. |
Solve : viewpoint media player? |
|
Answer» jusy saw that my brand new hp laptop has viewpoint media player should i uninstall this?Not NECESSARY, and if the laptop is new, you don't need the extra HDD space.Viewpoint is adware, I would REMOVE it if I were you.Adware? |
|
| 2113. |
Solve : GoogleUpdate.exe? |
|
Answer» Evilfantasy, Unfortunately I cannot get rid of GoogleUpdate.exe. [kill explorer] 3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste 4. Click the red Moveit! button. 5. Copy everything in the Results window (under the green bar) and paste it in your next reply. 6. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway. ---------- Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "Google Update"=- Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry. Interesting experience, I have to say. Explorer killed successfully C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe moved successfully. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09212008_004132OTMoveIt2 is a powerful little tool. It will move registry keys and even entire folders. Nice tool but to be USED with caution. If you want to get rid of it and it's backups just open it and click CleanUp. It is self destructing...Haha, a self destruct? Nice. So is the GoogleUpdate.exe gone?Yep! Thanks.w00t |
|
| 2114. |
Solve : Please help, I use my comp at work and hit by Antivirus 2008, all logs included? |
|
Answer» I have it too. I have already run through the entire "start here" post. I have attached the logs below.
ComboFix 08-09-20.05 - Julie 2008-09-22 21:09:46.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.636 [GMT -7:00] Running from: C:\Documents and Settings\Julie\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Julie\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 ))))))))))))))))))))))))))))))) . 2008-09-21 20:45 . 2006-01-23 16:29106,496--a------C:\WINDOWS\system32\ssPlantasia.scr 2008-09-21 12:49 . 2008-09-21 12:49d--------C:\Documents and Settings\Julie\Application Data\Malwarebytes 2008-09-21 12:48 . 2008-09-21 12:50d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-09-21 12:48 . 2008-09-21 12:48d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-21 12:48 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-21 12:48 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys 2008-09-20 23:30 . 2005-11-03 00:29163,840--a------C:\tmdbg20.dll 2008-09-20 23:30 . 2005-11-03 00:30127,049--a------C:\LogServer.exe 2008-09-20 22:52 . 2008-09-20 22:52d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\SUPERAntiSpyware 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\Common Files\Wise Installation Wizard 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Documents and Settings\Julie\Application Data\SUPERAntiSpyware.com 2008-09-20 22:50 . 2008-09-20 22:5049--a------C:\OfcDebug.ini 2008-09-20 21:41 . 2008-09-20 23:29d--------C:\WINDOWS\SxsCaPendDel 2008-09-20 21:08 . 2008-09-21 11:21d--------C:\Program Files\Enigma Software Group 2008-09-20 19:50 . 2008-09-20 19:50d--------C:\Program Files\CCleaner 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\scripting 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\en 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\bits 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\l2schemas 2008-09-03 08:58 . 2008-09-03 08:58d--------C:\WINDOWS\ServicePackFiles 2008-09-02 09:18 . 2008-09-02 09:18d--------C:\WINDOWS\Twain32 2008-09-01 19:33 . 2008-09-17 22:32d--------C:\Documents and Settings\All Users\Application Data\NeoEdge Networks 2008-09-01 13:55 . 2008-09-01 17:22d--------C:\Program Files\Plantasia_at 2008-09-01 00:23 . 2008-09-01 00:23d--------C:\Program Files\ReflexiveArcade 2008-08-31 23:17 . 2008-09-19 21:46d-a------C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-26 12:30 . 2008-08-26 14:54d--------C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-21 20:27---------d-----wC:\Program Files\Trend Micro 2008-09-21 20:23---------d-----wC:\Program Files\Java 2008-09-21 04:42---------d-----wC:\Program Files\WildTangent 2008-09-20 15:21---------d--h--wC:\Program Files\InstallShield Installation Information 2008-09-20 15:21---------d-----wC:\Program Files\NetWaiting 2008-09-20 07:37---------d-----wC:\Program Files\Yahoo! Games 2008-09-20 07:37---------d-----wC:\Program Files\Buildcity 2008-09-19 05:27---------d-----wC:\Documents and Settings\All Users\Application Data\HipSoft 2008-09-13 03:12---------d--h--wC:\Documents and Settings\Julie\Application Data\Move Networks 2008-09-12 04:01---------d-----wC:\Documents and Settings\Julie\Application Data\PlayFirst 2008-09-11 06:11---------d-----wC:\Program Files\PlayFirst 2008-09-05 04:21---------d-----wC:\Documents and Settings\Julie\Application Data\Mind Control Software 2008-09-03 18:15---------d-----wC:\Program Files\MSN Messenger 2008-09-02 00:230----a-wC:\Program Files\temp01 2007-10-18 17:19774,144----a-wC:\Program Files\RngInterstitial.dll 2007-07-21 05:5547,360----a-wC:\Documents and Settings\Julie\Application Data\pcouffin.sys 2007-03-06 23:240----a-wC:\Documents and Settings\Julie\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( [emailprotected]_20.27.46.91 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 03:02:28163,328----a-wC:\WINDOWS\erdnt\subs\ERDNT.EXE + 2005-11-03 07:30:32172,099----a-wC:\WINDOWS\temp\HF359B.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-13 143360] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 102400] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-11-03 372813] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 118784] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 77824] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024] "MsmqIntCert"="mqrt.dll" [2008-04-13 C:\WINDOWS\system32\mqrt.dll] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP40"= SP40_32.DLL "VIDC.SP41"= SP4X_32.DLL "VIDC.SP42"= SP4X_32.DLL "VIDC.SP43"= SP4X_32.DLL "VIDC.SP44"= SP4X_32.DLL "VIDC.SP45"= SP4X_32.DLL "VIDC.SP46"= SP4X_32.DLL "VIDC.SP47"= SP4X_32.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= S3 ACRUSBTM;ACRUSBTM;C:\WINDOWS\system32\drivers\ACRUSBTM.SYS [2007-08-02 28672] S3 AVC1100;Adaptec AVC-1100 Video Capture;C:\WINDOWS\system32\DRIVERS\CA506AV.SYS [2002-07-21 175042] S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);C:\WINDOWS\system32\drivers\ca506aaf.sys [2002-07-21 14273] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-22 21:14:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... C:\WINDOWS\explorer.exe [3148] 0x86086BC0 scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe?[emailprotected]? ?^???`[emailprotected]?[emailprotected] scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\msdtc.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\temp\HF359B.EXE C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\ComboFix\pv.cfexe . ************************************************************************** . Completion time: 2008-09-22 21:20:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-23 04:20:10 ComboFix2.txt 2008-09-23 03:55:25 ComboFix3.txt 2008-09-23 03:28:15 Pre-Run: 13,617,418,240 bytes free Post-Run: 13,606,670,336 bytes free 191--- E O F ---2008-09-11 06:49:48
---------- Delete temporary files Go to:
When prompted select the C: drive and click OK. Check the boxes for:
Click OK or Enter ---------- Run this online scan. Requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. ---------- Run a new HijackThis scan and post the log. Let me know how everything is now.ok, my eyes have gone blurry, will follow up in the morning, thanks for all your help tonight. will let you know.No problem, I'm about done for tonight as well. |
|
| 2115. |
Solve : Java acting up again? |
|
Answer» Hey ya'll, back with the same issue as before with my Java not working although I've reinstalled it, run Mozilla in safe mode, and everything else suggested. Here are my logs. Thanks for all the help.
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code BOX by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: TDSSSERV TDSSserv 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze Here it is man. You're the bomb as always! Hope it looks good now. [Saving space - attachment deleted by admin]
---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
Delete ATF Cleaner. Important: Restart the computer before continuing. ---------- Run this online scan. Requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the TERMS of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply Here it is man [Saving space - attachment deleted by admin] Looks great. Next: Set a New Restore Point to prevent possible reinfection from an old one. Please go to: Start -> All Programs -> Accessories -> System Tools -> System Restore -> System Restore Settings Click to add a check mark beside Turn off System Restore and click Apply When you are warned that all existing Restore Points will be deleted, click Yes to continue and wait a few moments to let System Restore clear. Uncheck "Turn off System Restore" Click "Apply," and then click "OK". ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. ----- Learn more about how to protect yourself while on the Internet from the following link. So how did I get infected in the first place? by Tony Klien. Thanks for everything bro. You're the *censored* and anytime someone has trouble with their computer I always tell them about this site cause of all your hard work and the others. Appreciate it bro Thanks!! Glad it worked. |
|
| 2116. |
Solve : Is reading email on the web site a way to avoid viruses?? |
|
Answer» We have been warned to delete email unopened, for which the source is unknown and which has an attachment so as to avoid a virus. |
|
| 2117. |
Solve : Google and other sites behaving oddly - Help?? |
|
Answer» I've gotten rid of a majority of the ill effects of a virus I recently made the mistake of getting (a few years of being clean doesn't mean you should start foregoing scanning things before installing them). Programs menu disappearing from my start menu as well as all of the other things on it, Task Manager Disabled, registry editing disabled, etc. Most of it was really no problem. But I'm STUCK on this one group of effects left. |
|
| 2118. |
Solve : Black screen after system restore, other problems before system restore? |
|
Answer» This is my brother in laws Dell notebook running Vista. He was having problems with desktop icons not opening the program they shortcut to. |
|
| 2119. |
Solve : Help, Trojan.....? |
|
Answer» This scanner works with INTERNET Explorer only Scan with the BitDefender Online Scanner Click I Agree to the license and then install the ActiveX control. Please DO NOT change the Scanning Options. That will make your logs huge and we don't need to see clean files. Select START Scan to begin. This scan can take a while so please be patient and let it complete. Once Bitdefender completes the scan: Click-on the Detected Problems tab. Then select Click here to export the scan report This will save a file named bdscan.html I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later) You will have to upload the file online. The forums will not accept HTML. Upload the file to Savefile.com There is no need to Register Select Browse and locate the file. Fill in the Title, Description and security code then click Upload Copy the link next to Your link to the file: and post the link back here.http://www.savefile.com/files/1810253Keep screwing around with keygens and you will eventually have to REINSTALL or buy a new Hard Drive... How is EVERYTHING now?Everything seems fine, but I STOPPED installing keygens a while ago and I thought I deleted all of them too.....Well you already have all of the security you need so you might just want to clear your restore points, it will free up some space but shouldn't be done too often. Run CCleaner again. Also... I would also recommend that you Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware. You can use the built in Windows Defrag or a faster FREE program. Defraggler is very effective and easy to use. Be sure to clean out temp files and restart the computer just before using this. |
|
| 2120. |
Solve : Unable to install Superantivirus during "read this before..."? |
|
Answer» 1. Click Start, click Run, type msconfig, and then click OK.
"The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not currently installed. Contact your support personnel for assistance" (I just tried again to be sure) Installing new Windows is the only option now right?No a Repair install can be tried first.I have a desktop with icons! Welcome to avast! screen is present. Press OK?And how did this come about?I followed the most recent directions: I removed all viewpoints from add/remove programs ErrorSmart gave me the error I mentioned I deleted all ISeeYouXPs you told me to from the desktop I downloaded and ran OTCleanIt following all the directions I rebooted when prompted then came to the desktop screen with the avast! window. I clicked OK. The avast! screen disappeared but nothing else happened. Currently, I am able to maneuver the cursor but am not able to click anything. Nor does CTRL ALT DEL work. So you are back to the Repair install method. If that won't work then a reinstall is all thats left.What about the original win32: patched-cr[trj] I spoke about in the following files: c:\windows\system32\explorer.exe c:\windows\system32\lsass.exe c:\windows\system32\services.exe c:\windows\system32\svchost.exe c:\windows\system32\winlogon.exe. Those files have been fixed by Dr Web. I'm back I had some difficulty with the repair install. I borrowed a Windows XP CD from work but could not figure out how to get to the proper boot screen. I modified the Bios to select the cd-rom drive first, but it proceeded to go to the desktop/no icon/cursor screen. In my attempt to proceed I discovered a "Last Known Good Configuration" process--which I performed. I (slowly) GOT the desktop icons back and was able to access programs and CTRL/ALT/DEL etc. I was able to get online as well. I ran SpyBot - no threats were detected. I ran CCleaner. I also started to add/remove programs that I couldn't while in safe mode. In order to completely remove some of the programs I removed I needed to restart. When I restarted I couldn't get online. Then I decided to start the "read this before..." process in order over again. I shut down SpyBot and TeaTimer. I downloaded ResetTeaTimer.zip and ran that. I ran avast and it found the same win32: patched-cr[trj] in the same files I mentioned before. It asked me to stop and run a boot TIME scan--I chose no and quit. (If you remember that's what happened to cause me to lose the desktop icons before) Then I ran Superantispyware. It found a few threats. When the machine restarted I got an error message: Windows - No Disk Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c. Then it asks Cancel/Try Again/Continue. Not sure how to proceed. Is this because of the Bios I tried to change? Look here for the error http://www.consumingexperience.com/2007/11/windows-no-disk-exception-processing.html Thanks. Renaming the drives worked. Attached are the logs to check my system. I'm still not able to get online with that machine. I'm on my laptop. **Update I realized that my router has a timer setting to it and this computer was blocked after a certain time. I removed the block and IE is so far working fine now [Saving space - attachment deleted by admin]Everything lokks OK now. Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart.
OK Some loose ends to tie up: I was concerned that avast kept finding this win32:patched-ck [trj] trojan even after all we've gone through, so I uninstalled the whole program. Restarted and reinstalled again. When I restarted again, it asked to run a boot time scan--I chose no for now. Then a flash screen came up asking for registration, click OK. When I clicked ok the pc froze. I restarted. It froze again after clicking ok. I restarted in Safe mode and removed avast all together. I re-ran Dr. Web (which is what you said already removed the trojan) and it came up clear! So, I would like to know what antivirus scanner is recommended- one that is going to update itself so she isn't left unprotected again. I use avast on my own computers but I don't like how it just reacted with mom's. This next thing is a VERY MINOR problem, but I'd like to get rid of it so my mom doesn't get herself into trouble entering something she shouldn't When I load windows now, after the black "setup" screen another screen comes on asking me to select Windows XP Professional or Window XP Home edition. Pro is highlighted and there is a countdown timer that says something like "the highlighted item will be selected in XX seconds or press enter". How can I bypass that? How can I re-enable SpyBot Tea timer? What programs should we run routinely to keep the computer safe. I personally run SpyBot, Ad-Aware, Advanced WindowsCare and avast! Are they sufficient? Thanks again for your help. |
|
| 2121. |
Solve : new hp protection?? |
|
Answer» just bought an hp laptop a week AGO,its got symantec 60 day protection came with it,any other downloads i should add to my system for protection?I would suggest getting rid of Symantec once the trial runs out. There are better free solutions to use.
Remember to only install one antivirus! 1) Avast! Home Free Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) Comodo Antivirus 5) PC Tools AntiVirus Free Edition Remember to only install one FIREWALL! 1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 2) Online Armor 3) Sunbelt/Kerio 4) Agnitum 5) PC Tools Firewall Plus ---------- Go to Microsoft WINDOWS Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX PROGRAMS to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.thanks |
|
| 2122. |
Solve : Start up fix please?? |
|
Answer» All right, that would be OK. Yep. Can't be too careful.What virus SOFTWARE do you guy's use?Quote from: thebroons on September 23, 2008, 07:42:34 AM I have to go find another ribbon cord, can't attach slave on ribbon cord, so could yo let me know next steps please, in case i cant get hold of you when i start this procedure?Heh, talk about not getting hold of me. Sorry about that. What exactly are you asking? Have you started by the way?Question 1 was which Av do you pro's use? Q.2 can I use a machine that has 98 on it instead of my other machine that has xp? still trying to locate another ribbon cable with piggy backI use Kaspersky Antivirus. It's not FREE, but its one of the tops. Good free antiviruses include Avira and Avast. As for you next question, I'm not sure, but I would go for the XP Machine.Thanks for the heads up.............. anything that is half good yo have to pay for I am still looking for this piggy cable, can you advise the next step once i have completed virus check on dodgy hard drive please? We will have to go from there first, I'm afraid.Ok, I'll give u a shout when i have the cable. cheers All right. Good Luck! |
|
| 2123. |
Solve : serious error recovery? |
|
Answer» I apologize if this is posted in the wrong section. |
|
| 2124. |
Solve : Oh shoot, help again please?? |
|
Answer» Well I dont know how I did it but someone helped me here a few weeks ago and everything has been great til last night. I am posting my logs and hoping someone can help me.
When prompted select the C: drive and click OK. Check the boxes for:
Click OK or Enter ----------
Becca |
|
| 2125. |
Solve : Best way and best software to protect my system from malware and Internet?? |
|
Answer» > I am using sify ISP with limited data tarnsfer package. Before anyone tells you that, it may be that someone connected to your internet connection, via wireless? This is certainly a likely explanation. Do you have a router set up, bspkumar? Someone could simply be hijacking your bandwidth.I agree that someone could be using your internet connection I just wanted to add that if you don't have anything protecting your computer for viruses check out AVAST I have been using it for a long while and it has done a really great job and is free to DOWNLOAD... www.avast.com |
|
| 2126. |
Solve : Windows is telling me i dont have any antivirus?? |
|
Answer» I have avast anti virus and its working fine and has been for the past 8months. But just now windows is telling me i dont have any anti virus or spyware protection, which is weird because i have avast working just fine. Plus i have got spybotSD for spyware.Where is it saying this? |
|
| 2127. |
Solve : runtime error 21? |
|
Answer» I'm not sure where i got this from, but last website i visited before i got this runtime error 21 pop up was when i logged on to facebook. It keep popping up runtime error 21 two times in a roll. I used spysweeper, and found this troj/agent-HIP. I deleted it from spysweeper but keeps coming back. Now it seems this virus is preventing me from downloading other spy virus removal program. Is blocking my access to download them and also having trouble accessing some of the help sites. I did a hijackthis scan and the log came up like this below. Hope someone here can help me, thanks. By the way, I did system restore and didnt work.
Open the SDFix folder and double click RunThis.bat to start the script.
Download Malwarebytes' Anti-Malware (MBAM) http://rapidshare.com/files/148053910/mbam-setup.exe.html
There is usually more hiding when it comes to this malware and it is better to get it all now so it doesn't come back later and cause more problems. |
|
| 2128. |
Solve : Not sure what it means...? |
|
Answer» 8)Well, it isn't quite a year YET, but as I came here on another matter I thought I'd leave an update. |
|
| 2129. |
Solve : log files? |
|
Answer» SUPERAntiSpyware Scan Log
3Planesoft Screensaver Manager 1.1 Ad-Aware SE Plus Adobe Creative Suite Adobe Flash Player ActiveX Adobe Premiere Pro Adobe Reader 6.0.1 Adobe SVG Viewer 3.0 AMP Font Viewer AOL Instant Messenger Apple Mobile Device Support Apple Software Update Canon EOS 5D WIA Driver Canon EOS-1Ds Mark II WIA Driver Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.0 Canon Utilities EOS Utility Canon Utilities Original Data Security Tools Canon Utilities PhotoStitch Canon Utilities WFT-E1/E2 Utility Canon Utilities ZoomBrowser EX CC_ccProxyExt ccCommon CCleaner (remove only) ccPxyCore Conexant HD Audio Customer Experience Enhancement DGOControls DivX Content Uploader DivX Web Player Easy Internet Sign-up Eye Candy 4000 GemMaster Mystic Google Earth HDAUDIO Soft Data Fax Modem with SmartCP HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB909095) Hotfix for Windows XP (KB912436) Hotfix for Windows XP (KB915326) Hotfix for Windows XP (KB926239) HP Customer Participation Program 10.0 HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 HP Game Console and games HP Help and Support HP Imaging Device Functions 10.0 HP Photosmart Essential 3.5 HP Photosmart Premier Software 6.0 HP Photosmart, Officejet and Deskjet 7.0.A HP PSC & OfficeJet 5.3.B HP Quick Launch Buttons 6.00 E2 HP QuickPlay 2.1 HP Smart Web Printing HP Solution Center 10.0 HP Update HP User Guides 0011 HP User Guides--System Recovery HP Wireless Assistant 2.00 E1 Intel(R) PRO Network Connections Drivers iTunes Java(TM) 6 Update 7 Koi Pond 3D Screensaver (CD Version) 1.0 KPT(R) effects(TM) LimeWire 4.18.3 LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Logitech Gaming Software Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Macromedia Flash Player 8 Macromedia Flash Player 8 Plugin Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Microsoft Combat Flight Simulator Microsoft Money 2006 Microsoft Office 2000 Premium Microsoft User-Mode Driver Framework Feature Pack 1.0 Mozilla Firefox (2.0.0.16) MSRedist MSXML 6.0 Parser (KB933579) Musicmatch® Jukebox muvee autoProducer 4.5 NetWaiting Norton AntiSpam Norton AntiVirus 2006 Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security 2006 (Symantec Corporation) Norton Protection Center Norton SystemWorks 2003 Norton WMI Update Norton WMI Update NVIDIA Drivers Office 2003 Trial Assistant OpenOffice.org Installer 1.0 Quicken 2006 QuickTime Rhapsody Player Engine Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Shop for HP Supplies SmartAudio Sonic Audio Module Sonic Copy Module Sonic Data Module Sonic Express Labeler Sonic MyDVD Plus Sonic Update Manager SonicAC3Encoder SonicMPEGEncoder SPBBC SPORE™ Creature Creator Stickies Super DVD Ripper v1.90 SUPERAntiSpyware Free Edition Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. TourSetup Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Viewpoint Media Player Vongo Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows XP Hotfix - KB873333 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885464 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888402 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890546 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892559 WinRAR archiver Wireless Home Network Setup Update Firefox to the new version. Mozilla Firefox 2.0.0.17 Go to Add or Remove Programs and uninstall Viewpoint Media Player Run CCleaner. How is everything now?Everything is good now! THANK YOU once again!!! You ROCK!!!Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. |
|
| 2130. |
Solve : how to get rid antivirus 2009? |
|
Answer» When you put the CD in if it does not start automatically you need to go into Computer or My Computer from the Desktop and start the CD that way.pulled it the disc up on my computer but dont know where to go from here I found another repair option to look at. |
|
| 2131. |
Solve : Re: Read this before requesting malware removal help? |
|
Answer» I was directed to your POST by another user and read all the details, I started with the C CCleanup and realized I have no idea if there are any cookies that I would need to keep or why. In following the rest of the steps I realized that the remedy is way too beyond my computer capabilities. I'm hoping, if I can describe for you what I am encountering, you may recognize it and what possible malware may have infected me. |
|
| 2132. |
Solve : I am having problems with IE7 and java? |
|
Answer» I am having problems with IE7 and java. Anything with a javascript will not open on the websites. I am at a loss for what to do next. I have tried to install and uninstall java several times and still no luck. I am running win XP media center with IE7 and firefox. Please help. thank you in advance.
---------- How is it now?Still nothing works with java related material.Open a web page, click tools, internet options, click delete browsing history, delete all, tick the box for add ons. Click advanced, click reset Close then open IE |
|
| 2133. |
Solve : Computer not working - Help with virus please!? |
|
Answer» Hi, I'm new to the boards and didn't want to sift through all the past threads since I need my computer fixed quickly and I don't understand any of this stuff.
|
|
| 2134. |
Solve : Google link virus? |
|
Answer» I have been infected by a virus which affected Firefox and Internet explorer. I am not able to do a proper search using google or msn as it will re-direct me to some random sites. I am also not able to access anti-virus sites and all the links posted in this forum.
Open the SDFix folder and double click RunThis.bat to start the script.
Cheers! [Saving space - attachment deleted by admin]Did you see the part about using two ANTIVIRUS? The logs look OK except for that. |
|
| 2135. |
Solve : Suspected Virtumundo? |
|
Answer» It all began when I ran an executable called keygen.exe... Yes, I know, stupid. If any of you are familiar with it, it's the sort that comes with crack.exe in the same archive as a text file. If it's pertinent, I'll post the link where I got it. I've done a lot of crap on my system, trying to fix it myself, so I haven't done anything else on the "Before you post" thread in case it'll make my system worse. I'll describe what's wrong with my system, then I'll give a list of the things I did, in the order I did them. *********** I ran VirtumundoBeGone.exe but the log said: Quote [09/28/2008, 12:16:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\leon\Desktop\VirtumundoBeGone.exe" ) Next I ran FixVundo.exe which ran a lengthy full scan of my computer. After a while, the window SIMPLY went gray and froze, and I had to forcibly end it. I rebooted my system and tried VirtumundoBegone again but nothing appeared still. -Then, I ran f-vmonde.exe from another source and it simply said no traces were detected either. As of now, the "Automatic Updates" notification no longer appears, but the same webpage problem persists.read this once you've followed those steps- you can post the logs here.Quote from: BC_Programmer on September 28, 2008, 06:54:58 PM read this Alright, after doing all that, I ran into a few hitches, but otherwise my system appears TOTALLY normal now (Except one time my firefox crashed, which was a bit worrying, but that was before I finished everything else). When I was running Super Antispyware, it froze the first time as it was completing, so I ran it three more times, the third time completing the entire full scan. Here are all the logs. [Saving space - attachment deleted by admin]Here is the final SUPERAntiSpyware log that I couldn't get in (it only lets me do 4) [Saving space - attachment deleted by admin]Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart.
---------- Download Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the Desktop. ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O20 - Winlogon Notify: mlJApNDw - mlJApNDw.dll (file missing) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and run CCleaner. How is everything now?Everything works perfectly (to my knowledge). Thank you very much Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2136. |
Solve : How to create? |
|
Answer» How do i create my own VIRUS to see how it works. |
|
| 2137. |
Solve : new infection? |
|
Answer» downloaded something i thought was an e-card from a realative, turns out otherwise. slow performance and "Task Manager" button unavailable upon CTRL+ALT=DEL. i've run AVG, NAV, and AdAware several times each with no hits. everything's updated accordingly. oddly enough, NAV DETECTED TROJAN activity twice but found nothing in the scans.
---------- Now run a new HijackThis scan and post the log.thanks. the "Application Data\yjmtydez\gvmjinyj.exe" line that seemed to be the issue looks like it was removed. if you see anything else that needs attention, please let me know. MBAM REPORT: Malwarebytes' Anti-Malware 1.28 Database version: 1217 Windows 5.1.2600 Service Pack 3 9/28/2008 2:13:14 AM mbam-log-2008-09-28 (02-13-14).txt Scan type: Quick Scan Objects scanned: 49353 Time elapsed: 6 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 22 Registry Values Infected: 3 Registry Data Items Infected: 1 Folders Infected: 5 Files Infected: 69 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{4349E812-0311-51BF-A08A-091922CF8CD5} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glzh3a8zpz (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\uicfgmnt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\349168 (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Application Data\yjmtydez\gvmjinyj.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\wmgtzqf\uicfgmnt.dll (Trojan.FakeAlert.H) -> Delete on reboot. C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Drivers\RSVTRRNO.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\[emailprotected]k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HiJackThis 2nd log on next reply...HIJACKTHIS 2nd REPORT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:22:30 AM, on 9/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\CTHELPER.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\2Wire Wireless Manager\2Wire.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sprint Instinct Applications\MEMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AABRQNRI] %systemroot%\AABRQNRI.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - S-1-5-18 Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe (User 'Default user') O4 - Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193266776421 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193273452609 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9547 bytes Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O4 - HKLM\..\Run: [AABRQNRI] %systemroot%\AABRQNRI.exe Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "AABRQNRI"=- Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry. Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work. Delete the fixme.reg from the Desktop. ---------- Run this online scan. Requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. Also let me know how everything is now.reg addition was successful. connection still seems slow but that's likely the network. everything else seems fine. ESET Log: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3481 (20080929) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=048ed1922d508249a7da7870d4fe045d # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-09-30 08:28:18 # local_time=2008-09-30 01:28:18 (-0800, Pacific Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=712317 # found=2 # scan_time=10424 C:\Documents and Settings\Johnny H. Christ\Local Settings\Temp\inst2_297.exeWin32/Srizbi.NBR trojan (unable to clean - deleted)00000000000000000000000000000000 C:\Documents and Settings\Johnny H. Christ\Local Settings\Temp\mmm(2).exeWin32/Spy.Goldun.NDM trojan (unable to clean - deleted)00000000000000000000000000000000 thank you.Download CCleaner Slim and save it to your Desktop. When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program. Complete the installation then:
---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Be sure to close all browser windows before beginning the install. Remove the old version(s)
How is everything now?everything seems to be okay. re0installed java, though it said the latest version was already installed. but for the most part everything is back to normal. thanks!Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from GETTING infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2138. |
Solve : Hey, my computer has slowed down tremendously.? |
|
Answer» Hey CH, sorry that I'm back again to bother you guys. I've been experiencing very slow internet connections, my laptop can only get 36 mbps from my own router. Also firefox has been freezing on me a lot lately. I did a complete scan with SuperAntiSpyware and it hasn't found any problems. I then tried scanning with Malwarebytes which did me no good either. |
|
| 2139. |
Solve : Problem with winlogin.exe? |
|
Answer» + 2008-04-14 00:12:2413,312------WC:\WINDOWS\ServicePackFiles\i386\lsass.exe |
|
| 2140. |
Solve : google and search engine virus.? |
|
Answer» I seemed to have picked up a virus possible from a rapidshare file. whenever i try and click a link found from google i am redirected to spyware/advertisment site. Everytime i restart my computer my windows file wall is disabled. interent explorer does not load at all it just freezes my computer. i have tried to open both spy bot and ad aware but they wont work it says they cant connect to server. also when i try and acess the site to download them again it will not let me on to any antivirus/spyware website. I have a basic understanding of computers but this is a little over my head. any help would be areally appreciated. if i reformat the disk what are the chances of the virus still being there. I am using a fujisiemens computer running xp. thanks for you help emilyi have done a malwarebytes scan and this is the results
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:40:35, on 30/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\StkASv2K.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\sm56hlpr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\update\update.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/iplayer R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing) O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7509 bytesDownload ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. Also let me know how things are now.here is the report. thinks seem to be running better no longer have the problem with google. what do you think the problem was? ComboFix 08-09-28.03 - e 2008-09-30 2:16:31.2 - NTFSx86 Running from: C:\Documents and Settings\e\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\TDSSadw.dll C:\WINDOWS\system32\TDSSerrors.log C:\WINDOWS\system32\tdssl.dll C:\WINDOWS\system32\tdsslog.dll C:\WINDOWS\system32\TDSSserf1.dll C:\WINDOWS\system32\tdssservers.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_TDSSserv ((((((((((((((((((((((((( Files CREATED from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-09-30 01:43 . 2008-09-30 01:43d--------C:\Program Files\SUPERAntiSpyware 2008-09-30 01:42 . 2008-09-30 01:42d--------C:\Program Files\Common Files\Wise Installation Wizard 2008-09-30 01:39 . 2008-09-30 01:39d--------C:\Program Files\Trend Micro 2008-09-30 01:39 . 2008-06-10 02:3273,728--a------C:\WINDOWS\system32\javacpl.cpl 2008-09-30 01:24 . 2008-09-30 01:2461,440--a------C:\WINDOWS\system32\drivers\sbalb.sys 2008-09-30 00:04 . 2008-09-30 02:16d--------C:\WINDOWS\system32\CatRoot_bak 2008-09-28 18:29 . 2008-09-28 18:29d--------C:\Program Files\Ares 2008-09-28 12:52 . 2008-09-30 02:0054,156--ah-----C:\WINDOWS\QTFont.qfn 2008-09-28 12:52 . 2008-09-28 12:521,409--a------C:\WINDOWS\QTFont.for 2008-09-24 09:00 . 2008-09-24 09:00d--------C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-09-17 15:45 . 2008-09-17 15:45d--------C:\Program Files\Cucusoft 2008-09-17 15:45 . 2008-09-17 15:45d--------C:\ConverterOutput 2008-09-17 15:45 . 2003-03-30 20:08372,736--a------C:\WINDOWS\system32\xvid.ax 2008-09-17 13:45 . 2008-09-17 15:36d--------C:\Documents and Settings\e\Application Data\Creative 2008-09-17 13:35 . 2006-10-05 23:1753,248---------C:\WINDOWS\Ctregrun.exe 2008-09-17 13:34 . 2008-09-17 13:34d--------C:\Program Files\Audible 2008-09-17 13:34 . 2008-09-17 13:34417,792--a------C:\WINDOWS\system32\awrdscdc.ax 2008-09-17 13:33 . 2008-09-17 13:43d--------C:\Documents and Settings\All Users\Application Data\Creative 2008-09-17 13:31 . 2008-09-17 13:33d--h-----C:\Program Files\Creative Installation Information 2008-09-17 13:31 . 2008-09-17 13:35d--------C:\Program Files\Creative 2008-09-17 13:31 . 2008-09-17 13:31d--------C:\Program Files\Common Files\Creative 2008-09-17 13:31 . 1999-12-12 18:0144,032---------C:\WINDOWS\system32\CTSVCCDA.EXE 2008-09-17 13:31 . 1999-11-17 18:0025,088---------C:\WINDOWS\system32\CTSVCCTL.EXE 2008-09-17 00:36 . 2008-09-17 00:36d--------C:\Program Files\Alwil Software 2008-09-16 22:41 . 2007-05-02 09:51d--------C:\Documents and Settings\Administrator\Application Data\InterVideo 2008-09-16 22:41 . 2008-09-16 22:54d--------C:\Documents and Settings\Administrator 2008-09-16 17:17 . 2008-09-16 17:17d--------C:\Program Files\NCH Software 2008-09-16 11:09 . 2008-09-29 23:45d--------C:\Program Files\a-squared Free 2008-09-16 10:59 . 2008-09-16 10:59d--------C:\Documents and Settings\All Users\Application Data\PC Tools 2008-09-16 10:59 . 2008-04-24 16:5212,608--a------C:\WINDOWS\system32\drivers\TfKbMon.sys 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\e\Application Data\Malwarebytes 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-16 10:58 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-16 10:58 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys 2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\e\Application Data\SUPERAntiSpyware.com 2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-16 10:31 . 2008-09-16 22:56d--------C:\Documents and Settings\All Users\Application Data\avg8 2008-09-10 18:01 . 2008-09-17 15:11d--------C:\Program Files\FlashGet 2008-09-10 17:31 . 2008-09-17 15:10d--------C:\downloads 2008-09-10 17:31 . 2008-09-10 17:58d--------C:\Documents and Settings\e\Application Data\Orbit 2008-09-10 17:31 . 2008-09-10 17:43d--------C:\Documents and Settings\e\Application Data\GrabPro 2008-09-09 11:58 . 2008-09-09 11:58d--------C:\Program Files\7-Zip 2008-09-09 10:04 . 2008-09-09 10:04d--------C:\Program Files\uTorrent 2008-09-09 10:04 . 2008-09-27 12:04d--------C:\Documents and Settings\e\Application Data\uTorrent 2008-09-08 18:18 . 2008-04-08 00:169,200---------C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-09-08 18:18 . 2008-04-08 00:169,072---------C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-09-08 18:17 . 2008-09-08 18:17d--------C:\WINDOWS\system32\IOSUBSYS 2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Program Files\Siber Systems 2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Documents and Settings\All Users\Application Data\RoboForm 2008-09-08 14:46 . 2008-09-08 16:35d--------C:\Documents and Settings\e\Pavark 2008-09-07 14:32 . 2008-09-07 14:35d--------C:\Program Files\JkDefragGUI 2008-09-07 14:32 . 2008-08-31 21:47238,592--a------C:\WINDOWS\system32\JkDefragScreenSaver.exe 2008-09-07 14:32 . 2008-08-31 21:4798,304--a------C:\WINDOWS\system32\JkDefragScreenSaver.scr 2008-08-29 18:18 . 2008-08-29 18:182,302,017--a------C:\WINDOWS\system32\GPhotos.scr 2008-08-15 18:07 . 2008-08-15 18:0731,232--a------C:\WINDOWS\system\vdremote.dll 2008-08-15 18:07 . 2008-08-15 18:0725,088--a------C:\WINDOWS\system\vdsvrlnk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 01:21---------d-----wC:\Documents and Settings\All Users\Application Data\Kontiki 2008-09-30 00:39---------d-----wC:\Program Files\Java 2008-09-29 22:45---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-20 18:53---------d--h--wC:\Program Files\InstallShield Installation Information 2008-09-16 23:16---------d-----wC:\Documents and Settings\e\Application Data\Skype 2008-09-16 23:13---------d-----wC:\Documents and Settings\e\Application Data\skypePM 2008-09-16 22:24---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP 2008-09-16 22:24---------d-----wC:\Program Files\SpywareBlaster 2008-09-16 22:03---------d-----wC:\Program Files\RegScrubXP 2008-09-16 09:32---------d-----wC:\Program Files\DivX 2008-09-16 09:28---------d-----wC:\Program Files\Yahoo! 2008-09-16 09:25---------d-----wC:\Documents and Settings\All Users\Application Data\Grisoft 2008-09-08 17:17---------d-----wC:\Program Files\Google 2008-09-07 11:49---------d-----wC:\Documents and Settings\e\Application Data\DNA 2008-09-06 14:40---------d-----wC:\Program Files\DNA 2008-03-11 23:2132----a-wC:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "vidc.CDVC"= cdvccodc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD] --a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool] --a------ 2006-12-01 18:10 286720 C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck] --------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun] --------- 2006-10-05 23:17 53248 C:\WINDOWS\Ctregrun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-01-04 15:43 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] --a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] --a------ 2006-11-02 13:43 472632 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-01-04 15:42 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2005-11-10 04:44 557056 C:\WINDOWS\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] --a------ 2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] --a------ 2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SSScsiSV"=3 (0x3) "avg8wd"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\WINDOWS\\system32\\java.exe"= "C:\\Program Files\\Ares\\Ares.exe"= R1 aswSP;avast! SELF Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 24576] R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504] S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ] S3 Mouqmmr;Mouqmmr;C:\WINDOWS\system32\blastcln.exe [2004-08-04 71680] S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 242139] S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 4772] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe MSConfigStartUp-ThreatFire - C:\Program Files\ThreatFire\TFTray.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\o83xzkld.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/ FF -: plugin - C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\o83xzkld.default\extensions\[emailprotected]\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll FF -: plugin - C:\Program Files\Google\Picasa3\npPicasa3.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 02:21:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-30 2:28:22 ComboFix-quarantined-files.txt 2008-09-30 01:28:15 Pre-Run: 20,696,715,264 bytes free Post-Run: 21,159,137,280 bytes free 214--- E O F ---2008-09-29 23:07:00 Quote what do you think the problem was? Clicked a bad link...opened an infected email attachment...bad codec.... the possibilities are many. Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: TDSSSERV TDSSserv 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezehere is the results ComboFix 08-09-28.03 - e 2008-09-30 2:50:14.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.184 [GMT 1:00] Running from: C:\Documents and Settings\e\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\e\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-09-30 01:43 . 2008-09-30 01:43d--------C:\Program Files\SUPERAntiSpyware 2008-09-30 01:42 . 2008-09-30 01:42d--------C:\Program Files\Common Files\Wise Installation Wizard 2008-09-30 01:39 . 2008-09-30 01:39d--------C:\Program Files\Trend Micro 2008-09-30 01:39 . 2008-06-10 02:3273,728--a------C:\WINDOWS\system32\javacpl.cpl 2008-09-30 01:24 . 2008-09-30 01:2461,440--a------C:\WINDOWS\system32\drivers\sbalb.sys 2008-09-30 00:04 . 2008-09-30 02:16d--------C:\WINDOWS\system32\CatRoot_bak 2008-09-28 18:29 . 2008-09-28 18:29d--------C:\Program Files\Ares 2008-09-24 09:00 . 2008-09-24 09:00d--------C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-09-17 15:45 . 2008-09-17 15:45d--------C:\Program Files\Cucusoft 2008-09-17 15:45 . 2008-09-17 15:45d--------C:\ConverterOutput 2008-09-17 15:45 . 2003-03-30 20:08372,736--a------C:\WINDOWS\system32\xvid.ax 2008-09-17 13:45 . 2008-09-17 15:36d--------C:\Documents and Settings\e\Application Data\Creative 2008-09-17 13:35 . 2006-10-05 23:1753,248---------C:\WINDOWS\Ctregrun.exe 2008-09-17 13:34 . 2008-09-17 13:34d--------C:\Program Files\Audible 2008-09-17 13:34 . 2008-09-17 13:34417,792--a------C:\WINDOWS\system32\awrdscdc.ax 2008-09-17 13:33 . 2008-09-17 13:43d--------C:\Documents and Settings\All Users\Application Data\Creative 2008-09-17 13:31 . 2008-09-17 13:33d--h-----C:\Program Files\Creative Installation Information 2008-09-17 13:31 . 2008-09-17 13:35d--------C:\Program Files\Creative 2008-09-17 13:31 . 2008-09-17 13:31d--------C:\Program Files\Common Files\Creative 2008-09-17 13:31 . 1999-12-12 18:0144,032---------C:\WINDOWS\system32\CTSVCCDA.EXE 2008-09-17 13:31 . 1999-11-17 18:0025,088---------C:\WINDOWS\system32\CTSVCCTL.EXE 2008-09-17 00:36 . 2008-09-17 00:36d--------C:\Program Files\Alwil Software 2008-09-16 22:41 . 2007-05-02 09:51d--------C:\Documents and Settings\Administrator\Application Data\InterVideo 2008-09-16 22:41 . 2008-09-16 22:54d--------C:\Documents and Settings\Administrator 2008-09-16 17:17 . 2008-09-16 17:17d--------C:\Program Files\NCH Software 2008-09-16 11:09 . 2008-09-29 23:45d--------C:\Program Files\a-squared Free 2008-09-16 10:59 . 2008-09-16 10:59d--------C:\Documents and Settings\All Users\Application Data\PC Tools 2008-09-16 10:59 . 2008-04-24 16:5212,608--a------C:\WINDOWS\system32\drivers\TfKbMon.sys 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\e\Application Data\Malwarebytes 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-16 10:58 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-16 10:58 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys 2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\e\Application Data\SUPERAntiSpyware.com 2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-16 10:31 . 2008-09-16 22:56d--------C:\Documents and Settings\All Users\Application Data\avg8 2008-09-10 18:01 . 2008-09-17 15:11d--------C:\Program Files\FlashGet 2008-09-10 17:31 . 2008-09-17 15:10d--------C:\downloads 2008-09-10 17:31 . 2008-09-10 17:58d--------C:\Documents and Settings\e\Application Data\Orbit 2008-09-10 17:31 . 2008-09-10 17:43d--------C:\Documents and Settings\e\Application Data\GrabPro 2008-09-09 11:58 . 2008-09-09 11:58d--------C:\Program Files\7-Zip 2008-09-09 10:04 . 2008-09-09 10:04d--------C:\Program Files\uTorrent 2008-09-09 10:04 . 2008-09-27 12:04d--------C:\Documents and Settings\e\Application Data\uTorrent 2008-09-08 18:18 . 2008-04-08 00:169,200---------C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-09-08 18:18 . 2008-04-08 00:169,072---------C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-09-08 18:17 . 2008-09-08 18:17d--------C:\WINDOWS\system32\IOSUBSYS 2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Program Files\Siber Systems 2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Documents and Settings\All Users\Application Data\RoboForm 2008-09-08 14:46 . 2008-09-08 16:35d--------C:\Documents and Settings\e\Pavark 2008-09-07 14:32 . 2008-09-07 14:35d--------C:\Program Files\JkDefragGUI 2008-09-07 14:32 . 2008-08-31 21:47238,592--a------C:\WINDOWS\system32\JkDefragScreenSaver.exe 2008-09-07 14:32 . 2008-08-31 21:4798,304--a------C:\WINDOWS\system32\JkDefragScreenSaver.scr 2008-08-29 18:18 . 2008-08-29 18:182,302,017--a------C:\WINDOWS\system32\GPhotos.scr 2008-08-15 18:07 . 2008-08-15 18:0731,232--a------C:\WINDOWS\system\vdremote.dll 2008-08-15 18:07 . 2008-08-15 18:0725,088--a------C:\WINDOWS\system\vdsvrlnk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 01:55---------d-----wC:\Documents and Settings\All Users\Application Data\Kontiki 2008-09-30 00:39---------d-----wC:\Program Files\Java 2008-09-29 22:45---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-20 18:53---------d--h--wC:\Program Files\InstallShield Installation Information 2008-09-16 23:16---------d-----wC:\Documents and Settings\e\Application Data\Skype 2008-09-16 23:13---------d-----wC:\Documents and Settings\e\Application Data\skypePM 2008-09-16 22:24---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP 2008-09-16 22:24---------d-----wC:\Program Files\SpywareBlaster 2008-09-16 22:03---------d-----wC:\Program Files\RegScrubXP 2008-09-16 09:32---------d-----wC:\Program Files\DivX 2008-09-16 09:28---------d-----wC:\Program Files\Yahoo! 2008-09-16 09:25---------d-----wC:\Documents and Settings\All Users\Application Data\Grisoft 2008-09-08 17:17---------d-----wC:\Program Files\Google 2008-09-07 11:49---------d-----wC:\Documents and Settings\e\Application Data\DNA 2008-09-06 14:40---------d-----wC:\Program Files\DNA 2008-03-11 23:2132----a-wC:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((( [emailprotected]_ 2.27.54.32 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-30 01:53:5016,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_564.dat + 2008-09-30 01:53:5716,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_7cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "vidc.CDVC"= cdvccodc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD] --a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool] --a------ 2006-12-01 18:10 286720 C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck] --------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun] --------- 2006-10-05 23:17 53248 C:\WINDOWS\Ctregrun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-01-04 15:43 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] --a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] --a------ 2006-11-02 13:43 472632 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-01-04 15:42 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2005-11-10 04:44 557056 C:\WINDOWS\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] --a------ 2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] --a------ 2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SSScsiSV"=3 (0x3) "avg8wd"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\WINDOWS\\system32\\java.exe"= "C:\\Program Files\\Ares\\Ares.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 24576] R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504] S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ] S3 Mouqmmr;Mouqmmr;C:\WINDOWS\system32\blastcln.exe [2004-08-04 71680] S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 242139] S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 4772] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 02:54:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Completion time: 2008-09-30 3:01:14 - machine was rebooted [e] ComboFix-quarantined-files.txt 2008-09-30 02:01:05 ComboFix2.txt 2008-09-30 01:28:24 Pre-Run: 21,082,935,296 bytes free Post-Run: 21,078,179,840 bytes free 205--- E O F ---2008-09-29 23:07:00 thanks for your help so far
---------- Remove the old versions of Java
---------- If you don't have CCleaner... Download CCleaner Slim and save it to your Desktop. When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program. Complete the installation then:
---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SAFETY ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. yes i think it is all working again now thanks very much for your help No problem. Safe surfing.... |
|
| 2141. |
Solve : Help with viruses needed!? |
|
Answer» Everything looks pretty good, thank you so much for you help!
---------- 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup PROCESS?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I SUGGEST using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth."Windows cannot find combofix" Do I need to install this first?To change military time to standard time Go to Start > Control Panel > Regional and Language Options Click the Customize button Select the Time tab In the Time Format area use the down arrow to select: h:mm:ss tt Click Apply Click OK Click Apply Click OK Restart the computer. |
|
| 2142. |
Solve : Virus in start up?? |
|
Answer» seems to WORK a lot faster and less sluggish.
Windows XP System Restore GUIDE or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. |
|
| 2143. |
Solve : VIRUS ALERT! Next to time in system tray. Help Please? |
|
Answer» As said in topic title the first thing I noticed was VIRUS ALERT! Next to time in SYSTEM tray. Then I noticed that I do not have many of my START MENU items such as My Computer, Run, My Documents ect. Here are my logs. I think I almost have it solved. |
|
| 2144. |
Solve : virus/malware help needed logs attatched? |
|
Answer» For some reason it seems like my computer has been bogged down and I have ran CCleaner and it still is VERY slow.
Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection. ---------- Run this online scan. Requires Internet Explorer or Firefox using the IE Tab Add-on Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. ---------- Now run a new HijackThis scan and post the log.Okay thanks! Also, when i try to delete bitdefender it says: xcommsvr.exe cannot be deleted access is denied make sure that the disk is not full or write-protected and that the file is not currently in use (which it is not because I deleted it a long time ago) [Saving space - attachment deleted by admin]If you don't use it go to add/remove programs and uninstall Ask Search or anything with Ask in the name. ---------- Open HijackThis and select Do a system scan only then place a check mark next to: R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/player/Install3.0/Installer.exe ---------- Download OTMoveIt2 by OldTimer and save it to your Desktop. Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator. 1. Double-click OTMoveIt2.exe to run it. 2. Copy the lines in the codebox below. Code: [Select][kill explorer] C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe EmptyTemp [start explorer] 3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste 4. Click the red Moveit! button. 5. Copy everything in the Results window (under the green bar) and paste it in your next reply. 6. Close OTMoveIt2 ---------- Use the BitDefender Antivirus Removal Tool: http://www.bitdefender.com/uninstall After running it you will need to reboot your computer for the changes to take effect. ---------- How is everything now?ok thanks! but when I try to remove the Ask toolbar thing it gives me that same access is denied thing. Also, When I ran OTmoveit2 for the first time (and ran the code) it froze and I had to restart the program so I dont know if that would affect what the log says but here it is anyways: _______________________________________ __________________________ Unable to kill explorer.exe File/Folder C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe not found. < EmptyTemp > Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09292008_160026 _______________________________________ __________________________ Also, do you have any suggestions or programs that would boost my computer speed besides getting more RAM because I have already tried that option lol Download ComboFix by sUBs from one of the below LINKS. Be sure top save it to the Desktop. LINK #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.ok [Saving space - attachment deleted by admin]Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL - O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) - O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: File:: C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=- [-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezethanks! [Saving space - attachment deleted by admin]
. The above procedure will:
---------- 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you WANT to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2145. |
Solve : Computer Viruses and? |
|
Answer» Logfile of Trend Micro HijackThis v2.0.2 |
|
| 2146. |
Solve : Computer acting extremely strange? |
|
Answer» Restart manually.
Some cleanup and then a (hopefully) final scan to make sure nothing else is hiding.
---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
Note that your system will run slower for a reboot or two after having used this tool so don't panic. ---------- Download OTCleanIt.exe and save it to your Desktop.
Important: Restart the computer before continuing. ---------- Run this online scan. Requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.Yea it seems to be working much better. I haven't gone through the final step from your LAST post yet but will here shortly. AVG has popped up a couple times saying that there is a threat detected in E:\System Volume Information\_restore...etc. Is this just trojan files that are present in the restore files I assume?# version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3478 (20080928) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=61ea1c437661b948b4fdb06f9b362522 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-09-28 03:01:37 # local_time=2008-09-28 11:01:37 (-0500, Eastern Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=318220 # found=0 # scan_time=2600 Quote from: 20Deep on September 28, 2008, 07:49:06 AM
Yes and we will take care of that now in the final steps. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor RATES sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Awesome. I can't explain how much help you have been. Glad it worked out for the good!! |
|
| 2147. |
Solve : cannot access system restore or internet explorer? |
|
Answer» oops sorry doing that now its scanningok scanned for along time and then just disappearedUmmm....What? Windows Registry Editor Version 5.00 LOCATE fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry. Accept any warnings. |
|
| 2149. |
Solve : My dvd player with usb reader infected by autorun.inf? |
|
Answer» I have a dvd PLAYER with USB reader (just INSERT a flash drive with a movie file and you can view it). Unfortunately, my FRIEND flash drive has an autorun.inf virus that when he inserted his flash drive to my dvd player it became infected with this virus. Can anybody help me how I can remove this virus from my dvd player? I will APPRECIATE any technical advice that is given. Thanks in advance. |
|
| 2150. |
Solve : malwarebytes' anti-malware not open? |
|
Answer» I have updated "MALWAREBYTES' anti-malware" today.But when complete the UPDATING PROCESS a message show: |
|
