InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 2451. |
Solve : avg 8.0 help? |
|
Answer» when i run avg it comes back nothing found , but with 135 warnings , i have tried to get into avg to find out what they are but i can't get in to it135 warnings. Most likely that's just TRACKING cookies are ad related stuff that are just low threat to your SYSTEM. thank you is there no way to make it faster or should i ask that on the avg forum You can set scanning to 'slow', 'automatic' (Recommended) and 'fast' If you set it to fast, you won't be able to do much else on your computer. processor speed , x86 family 15 MODEL 3 stepping 3 genuine , 2412 mhz windows XP home total physical memory 1,280.00 mb avaiable "" "" 852.32 mb total virtual memory 2.oo gb avaiable "" "" 1.96 gb page file space 1.41 gb i have a feeling this is wrong above there is a file below as well Quote from: Carbon Dudeoxide on December 20, 2008, 07:58:40 PM Slow?Well, a virus scanner demands a lot of hard drive access so your system will slow down. Only the slow-, automatic- and fast slider will allow you to either slow things or down or speed htem up. have a look at this file it might give you more imforationQuote from: Carbon Dudeoxide on December 20, 2008, 07:58:40 PM Slow? [attachment deleted by admin]Sorry, I'm not exactly sure what you're asking of us anymore.. carbon asked for my pc specs this is all i can find i am going to leave avg speed as it is as your said the faster it GOES it will slow the work on the pc downYeah, I'd just leave it at 'automatic'. I think it keeps track of what you're doing and tries to adjust to that. ok thank you |
|
| 2452. |
Solve : start up to windows message occurred...? |
|
Answer» EVERYTIME i open my computer when starts window a message was display... Message: Windows Script Host Can not find script file "C:\WINDOWS\auto.vbs". said of my friend it is a VIRUS, a new virus, that only AVG can detect that kind of virus... OS: Windows XP Professional PROCESSOR: INTEL R pentium R dual CPU E2140 @ 1.60 GHz MEMORY: 1024 RAM |
|
| 2453. |
Solve : Can't get access to programs? |
|
Answer» I get this when I try to open GIMP, bittorrent, or foobar. I have full admin access. What can I do? Can't read that. Can you type it out please? Also do you think this is a malware issue?Not sure what it is. I just reinstalled windows today. It GIVES me that when I try to open Foobar, gimp or avg too. Read this carefully and rename the tool before running it. Download Deckard's Association File Tool (DAFT) and save it to your desktop.
How is everything now?It says everthing is ok. Is this a LEGAL copy of Windows?.......NOTHERE isn't much we can do then. Helping you get an illegal copy of Windows to work would make this web site liable. Thank you for your honesty though. Note that Microsoft has recently started taking new measures that is making it HARDER and harder for an unregistered copy of Windows to run. Your best bet is to contact MS and get is registered. Then you won't have to worry about things like this happening. Go to the link for more information. http://www.microsoft.com/genuine/downloads/Validate.aspxIt says that it is validate? It's there any way I can delete the PROGRAMS using a program? Then reinstall But you know it isn't actually valid. Please do the following: 1. Download this diagnostics tool MGADiag.exe and save this to your Desktop. 2. Double-click on MGADiag.exe and click Continue 3. When the program has finished, click on Copy 4. Post the results in your next reply.Diagnostic Report (1.7.0110.1): ----------------------------------------- WGA Data--> Validation Status: Validation Control not Installed Validation Code: 0 Online Validation Code: N/A Cached Validation Code: N/A Windows Product Key: *****-*****-3R89F-D2KXW-VPK3J Windows Product Key Hash: Ro/Y7HENE9CfW7lW+QtlNbYQEE8= Windows Product ID: 55274-640-8365391-23693 Windows Product ID Type: 1 Windows License Type: Volume Windows OS version: 5.1.2600.2.00010100.2.0.pro ID: {BFBC335D-5C6B-40DA-B9B4-2B2771B3B85E}(3) Is Admin: Yes TestCab: 0x0 WGA Version: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: N/A Architecture: N/A Build lab: N/A TTS Error: N/A Validation Diagnostic: 025D1FF3-171-1 Resolution Status: N/A WgaER Data--> ThreatID(s): N/A Version: N/A WGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 WGATray.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: B4D0AA8B-648-80070002_025D1FF3-171-1_FA827CE6-153-8007007e_FA827CE6-180-8007007e Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: {BFBC335D-5C6B-40DA-B9B4-2B2771B3B85E}1.7.0110.15.1.2600.2.00010100.2.0.prox32*****-*****-*****-*****-VPK3J55274-640-8365391-236931S-1-5-21-583907252-1202660629-682003330HP Pavilion 061DM181A-ABA a305w 3.21 20030716000000.000000+000116D3C3F0184207204090409Pacific Standard Time(GMT-08:00)03 109 Licensing Data--> N/A HWID Data--> N/A OEM Activation 1.0 Data--> BIOS string matches: yes Marker string from BIOS: 12E2B:Hewlett-Packard Company|C191:HITACHI, Ltd|C191:HITACHI, Ltd|C191:HITACHI, Ltd|40A0:TriGem Computer Inc Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005 OEM Activation 2.0 Data--> N/A Quote Validation Status: Validation Control not Installed It's not legal. Get a legal copy and install that. Problem solved. |
|
| 2454. |
Solve : CARNIVOR? |
|
Answer» Here is a possibility to FIGHT Carnivor or DCS-1000, Echelon, or what ever they called this thing. The spyware is reaching your computer on its own frequency, different from dial-up, DSL or cable. It could be filtered out by relatively simple electronic devices, but the Big Brothers do not allow selling these filters, so you have to make them for your self. The simplest one is just a capacitor 0.01-0.03 uF range, like this in RadioShack store: 0.01µF 500V 20% Hi-Q Ceramic Disc Capacitor Pk/2 Model: 272-131 | Catalog #: 272-131. Echelon cannot be stopped... LMAO. A new twist to the plot. Nice article!! I can't help but wonder if this is somehow related to the grain conspiracy...Shhhhhhhh.........Of course you can stop it. If you prove yourself worthy, I'll let you join the revolution. Oh, bring kool-aid. |
|
| 2455. |
Solve : Hijack this logfile help please.? |
|
Answer» I have a logfile here. Logfile of Trend Micro HijackThis v2.0.2 |
|
| 2456. |
Solve : Trojan help - please? |
|
Answer» Hi - I have followed some of the threads on here and I think I have the same Trojan virus that others have suffered with over the last couple of days.
Open the SDFix folder and double click RunThis.bat to start the script.
|
|
| 2457. |
Solve : My computer is sick and needs CPR! Windows XP? |
|
Answer» Windows XP home SP2 (had SP3 but installed because of problems) on a home wireless network |
|
| 2458. |
Solve : Got something, logs included...? |
|
Answer» I have something because I keep GETTING those stupid Antivirus popups. I have included the logs in the attachments. Thanks!!!! |
|
| 2459. |
Solve : Spyware guard 2008 keep coming up.? |
|
Answer» My computer got virus. (That's keep coming up with spyware guard 2008.) |
|
| 2460. |
Solve : Having ctxfihlp mfc error probs might be from malware? |
|
Answer» I have been having a ctxfihlp mfc error popping up. Since the ctxfihlp error I have had no sound; when checking the sounds tab in the control panel, no audio device or mixer is detected even after all the drivers have been reinstalled. |
|
| 2461. |
Solve : I would REALLY love someones help :)! (A Trojan problem)? |
|
Answer» Reset Settings in Internet Explorer 7 Follow these steps to use the Reset Internet Explorer Settings feature from Internet Explorer 7: 1. In Internet Explorer 7, click the Tools menu, and then click Internet Options. 2. On the Advanced tab, click Reset. 3. In the Reset Internet Explorer Settings dialog box, click Reset. 4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times. 5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7. How is it now?yep that worked! cheers! Everything else seems fine! Thanks for your help. If i have anymore problems i will come back to you! thanks for all your hard work!Glad it worked. A few more tips to look at. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with ADBLOCK Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from MALICIOUS software I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and MALWARE * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2462. |
Solve : Unable to view videos longer than ~1 minute on internet? |
|
Answer» Using the following browsers I am unable to view videos (news or YouTube, etc.) longer than 1 minute. The buffering starts and the video plays until the play mode catches up to the buffer and the program stops. |
|
| 2463. |
Solve : Trojans, Gadcom.exe SHeur2.GAS csrssc.exe - Please help? |
|
Answer» The only steps I could complete was running CCleaner and updating Java. All of the links provided all give me the same message "Internet Explorer cannot display" message. I tried using google to get to the sites and was redirected to a random site. I was finally able to download the programs needed by using cut and paste to arrive at the sites needed. When I try to run them for install, it says "Program has encountered an error and needs to close". So I am unable to supply the logs required in steps 3, 4, and 6.
I am now able to get updates and run my anti-virus programs. I was also able to get MBAM to run by renaming the exe file. I am now running SUPERAntiSpyware. Reports to follow soon. Thanks and I love you.Glad it worked Here are the reports. [attachment deleted by admin]Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html - O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\SYSTEM32\CBXQIJBA.DLL (file missing) - O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\SYSTEM32\TYSHB36RFJDF.DLL (file missing) - O2 - BHO: (no name) - {F1D26A44-CC06-47E6-908D-B4AD07C96AA2} - C:\WINDOWS\system32\xxyaxuvv.dll (file missing) - O4 - Startup: PowerReg Scheduler V3.exe - O20 - AppInit_DLLs: avgrsstx.dll reniix.dll - O20 - Winlogon Notify: cbXQiJba - cbXQiJba.dll (file missing) - O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\SYSTEM32\TYSHB36RFJDF.DLL (file missing) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. Run CCleaner and then restart the computer. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. For Windows XP SYSTEMS install the Recovery Console: - If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes. - If for some reason your Internet is not working click No. - If you are not using Windows XP, you will not be prompted. - When prompted to accept the EULA click OK. - Accept Microsoft's EULA (Click Yes). - When you are told that the RC is installed correctly click YES to continue scanning for malware. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.The log is attached below. Pictures are still not showing up unless I right click -> show. Is this of any major concern or any easy fix? Thanks. [attachment deleted by admin]What pictures? Download the OTMoveIt3 by OldTimer Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :files c:\docume~1\DEVAST~1\LOCALS~1\Temp\efipsk.sys :Commands [purity] [emptytemp] [start explorer] [Reboot] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.Quote from: evilfantasy on December 21, 2008, 10:45:28 PM What pictures? Any pictures on any website, the picture for your avatar for example or the pictures for any of the little smiley faces. In place of the pictures are text, if I right click -> show picture they appear as the picture and not text. Its probably something very simple, but I just dont know what it is. It started after I got the virus. Anyway, thanks again. Log posted below. [attachment deleted by admin]Try this. Internet Explorer right? Reset Web Settings & Default Security Settings Open Internet Explorer and choose Tools > Internet Options > then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings. Restart IE and see if it is back to normal.PERFECT! I am now completely free of the plague that existed on my PC. THANK YOU!! What a wonderful service you provide here on this site. Praise be to you and the others that help troubled people and their computers. I could not be happier at this moment. I hope everyone appreciates you as much as I. I really cant thank you enough. Its so nice to have things back to normal here. Have a happy holiday!!
---------- 1. Double click If using Vista Right-Click OTMoveIt and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2464. |
Solve : Can only boot to safe mode? |
|
Answer» I'm helping a friend and his pc can only boot to safe mode. In safe mode I ran Malwarebytes and pulled out two vundo trojans and REMOVED them. Ran AVG in the command mode and nothing found but several files were locked and were not checked. Ran spybot and removed another trojan. Don't remember the name of that one. W32 something. When you ask the pc to boot normal, it tries to boot, you GET the windows XP window but goes back to the menu for safe mode. If I go to the safe mode with networking, I can get on the internet. Can't run superantispyware remover because I can't install it int the safe mode. He's running on Win XP SP3. Ran HJT. Log attached. Not sure if I should be here or in the spyware,virus, malware forum. Should I open a thread in each forum?Nope, you just put it in one board : ) More than one is against the rules, a lot of people do that anyways... we just lock them. THANKS! I don't see it in the other forum. Does it take awhile to transfer there?Quote from: cojack on January 05, 2009, 04:11:04 PM Thanks! I don't see it in the other forum. Does it take awhile to transfer there?Stupid me : ) I forgot to move it *slaps self on HEAD* |
|
| 2465. |
Solve : BOOT UP from other forum? |
|
Answer» Ok I posted this topic under software a couple of days ago and was reruted to this forum by broni. Broni had me do somwthings and post a Hijack this log and then found out my laptop was infected. |
|
| 2466. |
Solve : Malware/Spyware Problems? |
|
Answer» Hi, Sorry for the long wait. We are VERY backed-up right now! You had a couple of small infections, but nothing to worry about. You should uninstall Wanadoo, however. If you still require assistance, please post new logs and we'll see what we can do. Hi Matt, Thanks for the reply, no worries on the timescale as it's not exactly the best time of year for such things is it. I am wary of uninstalling Wanadoo as this was the only way I could get my laptop to connect to the wireless box. I am happy to do it if you can advise a way of doing it without losing my wireless connection as I would then be totally helpless without a connection to come back on here for further instructions. Many thanks RalphGood thing you didn't listen to me! Heh. I'm sorry, but I made a small error in my previous post. I meant that you should uninstall the Wanadoo Toolbar, not Wanadoo itself. The toolbar isn't necessarily malicious, but it can be a pain for some people and I think you're better off without it. Of course, it's your decision entirely. |
|
| 2467. |
Solve : win32:patched-ck just can't get rid of it!!? |
|
Answer» I know this thread is old, but I know what happened here because it just happened to me. Explorer.exe got deleted and it's hung because it doesnt have a shell to load. If you GO into safe mode and do the crtl-shift-esc (I think thats it...it MAY be crtl-alt-esc) to pull up the taskmgr.exe the FILE explorer.exe is gone. |
|
| 2468. |
Solve : Help needed - Rootkit? |
|
Answer» 'The Problem started a week ago, I got many Norton Anti-Virus 'email failure notification'
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. After encountering some problems, here is the log. Yoav [attachment deleted by admin]Do you know what that is? _ati3fbxx_.sys.zipA search for a file under that name got the results as written in the log: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_ati3fbxx_.sys.zip One of the AVG notification showed an infection in a file called ati3fbxx. By the way, I just had another AVG infection notice about another file.
Download Alternate download link Note: Vista users must use Run As Administrator
---------- Download OTCleanIt.exe and save it to your Desktop.
---------- Let the computer run for a bit and let me know how it is running now. Any virus alerts please note the file location and post it here. |
|
| 2469. |
Solve : Getting my logs to you? |
|
Answer» I see it running in the Service but I don't see it in the Processes, and it should be.
DonnaIt's me again, I just went back to Hijack this and the things (only a couple were on there in the first place that you told me to check-well they are not on there now, so I am sending you what is on there now. Do I go ahead and do the next stuff you said to do or wait until I hear from you? I'll wait. Donna I can't send it to you-it won't let me highlight it.;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584] R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304] R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240] R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-14 6144] R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-19 7468128] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064] R3 rt61x86;Linksys Wireless-G PCI ADAPTER Driver; C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496] S1 DTC328X;DTC328X; C:\Windows\System32\drivers\DTC328X.SYS [] S1 EPPSCSIx;EPPSCSIx; C:\Windows\System32\drivers\EPPSCSI.SYS [] S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem; C:\Windows\system32\DRIVERS\BEFCMU10V4XP.sys [2004-07-05 14336] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 UNDPX2A;UNDPX2A; \??\C:\Windows\system32\drivers\UNDPX2A.SYS [] S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\Windows\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429] S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-12-08 45056] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 lxdc_device;lxdc_device; C:\Windows\system32\lxdccoms.exe [2007-05-25 537520] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-19 118784] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624] S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [2007-05-25 99248] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184] -----------------EOF----------------- xt LOGFILE of random's system information tool 1.05 2008-12-23 09:03:48 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Media Player-->msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008} Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008} Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24} ebgcRes-->MsiExec.exe /X{5380B111-5047-413D-A6E5-70D69391D08E} ebgcSDK-->MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5} Graboid Video 1.3-->C:\Program Files\Graboid\uninst.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Lexmark 1300 Series-->C:\Program Files\Lexmark 1300 Series\Install\x86\Uninst.exe Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Vista Upgrade Advisor-->MsiExec.exe /I{C6AA3FB7-804F-4808-AD91-B62D6ED9B788} Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\common\unyt.exe YOU DON'T KNOW JACK Volume 3-->c:\windows\ydkjv3\unwise.exe c:\windows\ydkjv3\jack3.log =====HijackThis Backups===== R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Donna\AppData\Local\Temp\Low\~DFF343.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFF22A.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF156E.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF12A2.tmp C:\Users\Donna\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Donna\AppData\Local\Temp\Low\~DFBD71.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFBD5A.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFADDA.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFAD2C.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF5B72.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF5B68.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF28F8.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF2789.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFD81.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF6E8F.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF63B0.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF4C7F.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF4C72.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF3A O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Donna\AppData\Local\Temp\Low\~DFF343.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFF22A.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF156E.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF12A2.tmp C:\Users\Donna\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Donna\AppData\Local\Temp\Low\~DFBD71.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFBD5A.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFADDA.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFAD2C.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF5B72.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF5B68.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF28F8.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF2789.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFD81.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF6E8F.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF63B0.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF4C7F.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF4C72.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF3A O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Donna\AppData\Local\Temp\Low\~DFF343.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFF22A.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF156E.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF12A2.tmp C:\Users\Donna\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Donna\AppData\Local\Temp\Low\~DFBD71.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFBD5A.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFADDA.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFAD2C.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF5B72.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF5B68.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF28F8.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF2789.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFD81.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF6E8F.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF63B0.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF4C7F.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF4C72.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF3A O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Donna\AppData\Local\Temp\Low\~DFF343.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFF22A.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF156E.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF12A2.tmp C:\Users\Donna\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Donna\AppData\Local\Temp\Low\~DFBD71.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFBD5A.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFADDA.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFAD2C.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF5B72.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF5B68.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF28F8.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF2789.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DFD81.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF6E8F.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF63B0.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF4C7F.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF4C72.tmp C:\Users\Donna\AppData\Local\Temp\Low\~DF3A O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) ======Security center information====== AS: Windows Defender System event log Computer Name: Bruce Event Code: 7036 Message: The TPM Base Services service entered the stopped state. Record Number: 284478 Source Name: Service Control Manager Time Written: 20081223135150.000000-000 Event Type: Information User: Computer Name: Bruce Event Code: 537 Message: A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer. TBS could not be started. Record Number: 284479 Source Name: Microsoft-Windows-TBS Time Written: 20081223135150.174147-000 Event Type: Information User: NT AUTHORITY\LOCAL SERVICE Computer Name: Bruce Event Code: 7036 Message: The Security Center service entered the running state. Record Number: 284480 Source Name: Service Control Manager Time Written: 20081223135204.000000-000 Event Type: Information User: Computer Name: Bruce Event Code: 7036 Message: The Windows Update service entered the running state. Record Number: 284481 Source Name: Service Control Manager Time Written: 20081223135259.000000-000 Event Type: Information User: Computer Name: Bruce Event Code: 18 Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ?Wednesday, ?December ?24, ?2008 at 3:00 AM: - Security Update for Internet Explorer 7 in Windows Vista (KB960714) Record Number: 284482 Source Name: Microsoft-Windows-WindowsUpdateClient Time Written: 20081223135346.148147-000 Event Type: Information User: NT AUTHORITY\SYSTEM Application event log Computer Name: Bruce Event Code: 302 Message: Windows (2388) Windows: The database engine has successfully completed recovery steps. Record Number: 110490 Source Name: ESENT Time Written: 20081223134958.000000-000 Event Type: Information User: Computer Name: Bruce Event Code: 0 Message: Record Number: 110491 Source Name: iPod Service Time Written: 20081223135003.000000-000 Event Type: Information User: Computer Name: Bruce Event Code: 1003 Message: The Windows Search Service started. Record Number: 110492 Source Name: Microsoft-Windows-Search Time Written: 20081223135113.000000-000 Event Type: Information User: Computer Name: Bruce Event Code: 1 Message: The Windows Security Center Service has started. Record Number: 110493 Source Name: SecurityCenter Time Written: 20081223135209.000000-000 Event Type: Information User: Computer Name: Bruce Event Code: 5 Message: Unsupported service control request (see data below) Record Number: 110494 Source Name: LightScribeService Time Written: 20081223140344.000000-000 Event Type: Information User: Security event log Computer Name: Bruce Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name:\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 87849 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081223140334.462147-000 Event Type: Audit Failure User: Computer Name: Bruce Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name:\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 87850 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081223140334.561147-000 Event Type: Audit Failure User: Computer Name: Bruce Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name:\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 87851 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081223140334.639147-000 Event Type: Audit Failure User: Computer Name: Bruce Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name:\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 87852 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081223140334.719147-000 Event Type: Audit Failure User: Computer Name: Bruce Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name:\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Record Number: 87853 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081223140334.782147-000 Event Type: Audit Failure User: ======Environment VARIABLES====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=5f02 "NUMBER_OF_PROCESSORS"=1 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip -----------------EOF----------------- DID I DO IT RIGHT?? DonnaHello----Did I do it right? I'm sorry I could not do it right away-but my grandmother was put in the hospital. So I did it today. Is that O.K.?? DonnaYour Java is out of date. Older versions have vulnerabilities that MALICIOUS sites can use to infect your system. First install the new Sun Java Runtime Environment Be sure to close all browser windows before beginning the install. Remove the old version(s) Download JavaRa
I don't think that McAfee is installed right. It's not showing in the Security Center. Do you have a disk so you can re-install it?don't have a disk to re-install McAfee. Like I said it came with comcast and I just downloaded it from the web-site as best as I can remember. Thank-you. Now what? DonnaIf it's provided by your ISP then I would contact them. They will either send a disk or let you know how to re-install it. |
|
| 2470. |
Solve : Spyhunter?? |
|
Answer» Hello. I have an AMD athalon, xp sp3 with a 100 gig + 200 gig+200 gig drives. About the C:, Most of the programs are loaded there by default (and yes I know I can set it to load elsewhere), so, Can I increase the size of the drive partition without affecting the the programs? You will be best off asking that in the Windows forum. |
|
| 2471. |
Solve : am I good to go?? |
|
Answer» My goodness gracious. It has been a maddening past few days trying to figure out what is wrong with my poor laptop, and I am so thankful to have come across your "read this before asking for malware removal help" thread. O2 - BHO: WormRadar.com IESiteBlocker.NavFilter..etcYour desire to help is appreciated, but please refrain from assisting in the removal of HijackThis entries unless you have received proper training. Thank you. |
|
| 2472. |
Solve : Anti - Spyware/Trojan/Worm/Virus...? |
|
Answer» Before asking people to SPEND time answering my personal Trojan/Worm issues, I was wondering if you could point me towards the best Anti- Spyware/Trojan/Worm/Virus... programme. I've installed Kaspersky recently but it seems unable to get rid off some of them (trojan csrssc.exe, HEUR.worm, trojan clicker, backdoor.win32.tdss.atb etc etc...) so was wondering if there was ANYTHING better available (prior to Kaspersky, tried Norton but was unable to COMPLETE installation....) |
|
| 2473. |
Solve : YIKES & now what? |
|
Answer» I have followed the instructions in the FORUM except for Step #2 as the following error came up: Ccleaner.exe-corrupt file/$mft. Broni was helping me (very patient) with some other folks and told me to uninstall and try again. I did and the same thing happened. I went to Step#3 and followed the rest. Now when I restart my comuter I get: |
|
| 2474. |
Solve : Possible virus with Task bar? |
|
Answer» Hi |
|
| 2475. |
Solve : fails to boot after infection? |
|
Answer» Hey guys, i'm in a bit of a pickle, |
|
| 2476. |
Solve : need virus help? |
|
Answer» picked up trojan horse that I thought I had cleaned off but obviously not fast enough. |
|
| 2477. |
Solve : System32 Virus Suspected? |
|
Answer» Hey again, |
|
| 2478. |
Solve : Task Manager, Registry Editor, msconfig and DVD Combo not working!? |
|
Answer» My Computer is seriously infected. |
|
| 2479. |
Solve : Virus Help Needed - Trojans and other problems? |
|
Answer» I really hope you guys will be able to help me out. I'm not sure how I got infected, I've had malware/virus problems in the past few months but since I recently re-formated my laptop over the break I've tried to be really careful. Anyhow, the infections appeared after I rebooted my computer and my boyfriend was using my laptop last Friday. I have no idea what websites he went to, but a whole slew of infections have shown up and I'm not sure what to do. |
|
| 2480. |
Solve : Anti-Virus Problem and Computer Suddenly running about 10 times slow? |
|
Answer» It still loads really slow, but the Personal Firewall problem is fixed again.You might want to Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware.
I figured out what the problem with the Personal Firewall is. Mozilla Firefox and TREND Micro do not agree with each other for what ever reason and by having Mozilla on the computer, Trend Micro disables the Personal Firewall. I do not know why. I do know that I need Mozilla for a class I'm taking. |
|
| 2481. |
Solve : re occuringpop ups hijack this? |
|
Answer» Hi hope you can help i downloaded hijack this did a system scan and saved LOG file as follows. |
|
| 2482. |
Solve : Trojan.Smitfraud Variant-Gen/Bensorty? |
|
Answer» Been having a bit of trouble ridding myself of this. I've run all types of spyware/virus cleaners and it seems to get rid of it, until I reboot. I'm UNABLE to find what is re-installing it. Here are requested logs. |
|
| 2483. |
Solve : YEA IT WORKED? |
|
Answer» I just finished doing all the steps for REMOVING spyware/malware and my computer is free! Thank you for your HELP. |
|
| 2484. |
Solve : Re: Trojans, Gadcom.exe SHeur2.GAS csrssc.exe - Please help? |
|
Answer» I'm trying to run through the STEPS to get rid of this virus but most of the NAMES in my log don't match. I've attached a copy of the log. Which ones am I supposed to check off to get rid of it? Thank you for your help. |
|
| 2485. |
Solve : SHeur2.GAS? |
|
Answer» my internet is going pretty CRAZY. i keep getting random popups, even when IM not surfing the web, and i get randomley redirected to sites for virus protection software and other things. also, AVG has found a whole slew of viruses, most prominently SHeur2.GAS, which KEEPS coming up as csrssc.exe, as well as a bunh of other trojan horses. spybot wont run, and this virus kept redirecting me to a different page when i tried to download the recommended software. i disabled TDSSserv.sys, and that seemed to fix that problem, so i downloaded and ran all of the scans, and ATTACHED the logs. |
|
| 2486. |
Solve : radz services still on internet explorer? |
|
Answer» i followed the instructions given in this THREAD after finding a radz virus. i completed it up to the last step. i saw on the AVAST report that radz was ALREADY dealt with. im not sure if it has really been fixed but everytime i open my internet explorer, "Radz Services and Internet Cafe" STILL appears. |
|
| 2487. |
Solve : Internet Properties Cookies Reset? |
| Answer» NEVERMIND, I MANAGED to FIX the PROBLEM myself. | |
| 2488. |
Solve : removing avg8? |
|
Answer» Hello
As i mentioned this was for a freind of mine, who is now using kaspersky, the one you buy that can be installed on three computers. I Myself, am using nortonQuote As i mentioned this was for a freind of mine, who is now using kaspersky, the one you buy that can be installed on three computers.Oh all right. Quote I Myself, am using nortonHmmmm.....Not the best antivirus software out there to say the least.... There are a couple better free alternatives if you're interested. |
|
| 2489. |
Solve : Check out Open DNS VIdeo. Avoid DBS attack!? |
|
Answer» Instead of a virus inside YOUR computer it may be a DNS atttack! |
|
| 2490. |
Solve : Spyware Guard 2008 blocking anti-virus software downloads? |
|
Answer» Scan is running and I reckon about another hour or so to completion (30% in last 25 mins).
Now go to the Content.IE5 folder and delete everything in it. It might not let you delete the items from today but that should be OK. Double click My Computer on your desktop and then open C:\. Keep opening the folders from the file path until you get to the Content.IE5 folder. C:>WINDOWS>system32>config>systemprofile>Local Settings>Temporary Internet Files>Content.IE5 Empty the Recycle Bin once it's deleted. Let me know when you get that done.All these steps completed and no problems. Sounds good. As long as everything is running OK now we can finish up. Use the Secunia Software INSPECTOR to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Hi EF. Ran another K scan with one trojan remaining. Should I still follow your last instructions or something else first? Hope you're well and ever grateful as ever.... K scan log as follows: KASPERSKY ONLINE SCANNER 7 REPORT Saturday, January 3, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, January 03, 2009 16:49:04 Records in database: 1554307 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ K:\ Scan statistics: Files scanned: 121515 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 01:14:59 File name / Threat name / Threats count C:\dataInfected: Trojan-Downloader.Win32.IstBar.nh1 The selected area was scanned.Delete this folder C:\data Also look to see if any of these folders are on the computer, deleting them if found. C:\Program Files\ISTsvc C:\Program Files\SideFind C:\Program Files\YourSiteBar Then run this tool: http://majorgeeks.com/Symantec_Adware.IstbarTrojan.ISTsvc_Removal_Tool_d4784.html ---------- It's odd that that showed up like that. I think we should run another scan. This scanner requires Internet Explorer Scan with the BitDefender Online Scanner Click I Agree to the license and then install the ActiveX control. Please DO NOT change the Scanning Options. That will make your logs huge and we don't need to see clean files. Select Start Scan to begin. This scan can TAKE a while so please be patient and let it complete. Once Bitdefender completes the scan: Click-on the Detected Problems tab. Then select Click here to EXPORT the scan report This will save a file named bdscan.html I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later) You will have to upload the file online. The forums will not accept HTML. Upload the file to Savefile.com There is no need to Register Select Browse and locate the file. Fill in the Title, Description and security code then click Upload Copy the link next to Your link to the file: and post the link back here.http://www.savefile.com/files/1953087 Here ye go..... Haven't opened it but let me know what you think. Many thanksWell I'm pretty sure everything is gone, at least I hope so. How is the computer running now?Everything is running really well. Have added all the software you suggested. Do I also need to load a firewall and more general anti-virus? I keep getting a windows security box saying that I need one. Any last recommendation or do I already have all I need having loaded the "stuff" in your earlier advice? Your website is a GODSEND and I can't thank you enough for all the excellent, specific and easy to follow guidance you have given to me. It's a huge relief to have this sorted and also to have a high performing computer again. Live long and prosper!Yes you need to install a good antivirus. Choose one of these that are free. I personally prefer Avast. Remember to only install one antivirus! 1) Avast! Home Free Edition 2) AVG Free Edition 3) Avira AntiVir Personal |
|
| 2491. |
Solve : THANK YOU!!!!? |
|
Answer» I was actually kind of embarassed to have to find this site!!! Im normally the one people call when they have a computer issue. I had a narley Vundo virus I was unable to catch for a while *censored* babysitters anywayz!!! But it turned my windows updates off, I could not turn them back on for nothing >< It prevented me from updating my ad aware, AVG was seeing it, but unable to remove it. It got into my system restore and deleted all the checkpoints from before i got the virus. It caused pop-ups EVERY 30 seconds when I would try to use the internet for anything. It made walking through the steps that more frustrating >< It was nasty, I have spent the last week trying to remove it. hours into it I thought i was gonna have to re-do windows Followed the steps, and it was the SUPERantispyware program that finally got rid of it It stored itself on my memory and in my registry's but its gone now, thanx to Evilfantasy's steps (almost sounds like Im in an aa meeting now, lol) Didnt want to just come in here, learn what to do, and bail without saying a word, so THANX!!!! Lots of work and very frustrating, but a good learning expierence anywayz SUPERAntiSpyware Scan Log |
|
| 2492. |
Solve : Trojan, I think it's winloggn.exe?? |
Answer»
Download Alternate download link Note: Vista users must use Run As Administrator
---------- Download OTCleanIt.exe and save it to your Desktop.
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider USING Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's EASY and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Everything seems to be great now, thank you for all the help. Now I know where to go whenever I get stuck on some sort of CRAPPY malware/virus :] Thank you!Your welcome. Safe surfing... |
|
| 2493. |
Solve : Antiirus 2008 or 2009? |
|
Answer» A couple of weeks ago I got this virus. I thought I had it REMOVED by using AVG, Malwarebites, Spybot and Adaware. And maybe this problem is not related, but from time to time while on the computer some kind of error occurs. Or what I will CALL an error. The computer will make the "dong" sound just as if you were trying to click out of something that you shouldn't. It does this without my doing ANYTHING. I have no warnings actually come up. |
|
| 2494. |
Solve : I Followed The Directions but....!!!!? |
|
Answer» Run the Kaspersky Online Scanner
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble VIEWING the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. |
|
| 2495. |
Solve : Computer Hijacked, Can't update software, starting to panic.? |
|
Answer» My computer has been hijacked. My browser redirects, I can't update anti-virus software and no amount of malware or anti-virus software seems to help. |
|
| 2496. |
Solve : Tough Hijacker - can't run Spybot, SAS, or MBAM, and HJT log looks clean? |
|
Answer» I've got a tough one for you. It's a HIJACKER of some sort, it blocks me from accessing sites like AVG, superantispyware.com, spybot, etc. It also won't let me run Spybot, SAS, MBAM, etc... when I try to run them the computer just processes for a few minutes, and nothing happens, even when I try in Safe Mode. |
|
| 2497. |
Solve : Browser not working but Internet is? |
|
Answer» Ok, so 2 nights ago my computer was working fine, I checked the usual stuff before going to bed and turned of my computer. Are you also having this issue in safemode with networking? by the way what type of internet connection do you have?well what do u suggest bro? |
|
| 2498. |
Solve : Malware removal logs for followup? |
|
Answer» HI -- First, God bless you for this site! I just went through the malware removal process because of a nasty FAKE virus alert that hijacked my internet, too. All seems well now, but I am posting the LOGS as REQUESTED for review. Thank you so much for your help! [attachment deleted by admin] |
|
| 2499. |
Solve : A virus that can't be detected by an anti vi and its hiding your files? |
|
Answer» the question is how do i get rid of it? Backup spur data if you can. or 20-30 minutes with rootkit REVEALER and RECOVERY console... Assuming one knows what they are doing, of course. beladona- could you follow the steps here and post your logs in this thread? Our malware experts are good at what they do, even when dealing with ROOTKITS. |
|
| 2500. |
Solve : Internet Security. A Waste of Money?? |
|
Answer» Internet Security. A Waste of Money? |
|
