InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 2851. |
Solve : Fake Antivirus Virus Help Please Thanks =D? |
|
Answer» Ok so i got hijackthis and superantispyware logs |
|
| 2852. |
Solve : Re: Fake Antivirus Virus Help - Jtquad? |
|
Answer» No problem, except i can get a super anti spyware log it wont let the program run - JTI moved this into a new THREAD so we can work from here.
Download SDFix.exe and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Now then reboot your computer in Safe Mode by doing the following:
|
|
| 2853. |
Solve : what is svchost.exe?? |
|
Answer» Also, running time for AVG, Superantispyware, and Malwarebytes can easily exceed 1 hour. Nothing strange here.Well, I'll be dipped in chocolate and painted green....THAT downloaded! |
|
| 2854. |
Solve : An even newer laptop...? |
|
Answer» I hate bringin OLD TOPICS back, but id RATHER do this than start a new one... |
|
| 2855. |
Solve : hijack this... desktop and toolbar not showing? |
|
Answer» Can anyone check and help me get my desktop icons and toolbars back? Banking and credit card institutions should be notified of the possible security breach.I strongly suggest you take that seriously.Yes reformatting and reinstalling is the best way to eliminate this type of threat. Note that I see many PC's with trojans on them but rarely do I give that particular speech. The nature of the infections that are on your PC are some of the worst known. Consider your private information stolen! Read the instructions and follow through with contacting everyone ASAP. Especially follow through with the below instructions and contact your bank so they are AWARE that your account may be compromised. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. P.S. I should add to contact any Credit Card company ASAP as well. Credit Cards are easy targets because there are less "hoops" to jump through when using one online. Someone can easily be in another country and use one within a matter of seconds after getting the card number. |
|
| 2856. |
Solve : HiJackThis log and virus and spyware help? |
|
Answer» I'm on my other computer which I never use, but my brother does, and he hardly knows how to turn a computer on, let alone keep it clean. So here I am, on it and it is not going as well as it should.
Now click Empty Selected When you get the Done Cleaning message, click OK Firefox users click Firefox on the menu bar Click on Select All, then click Empty Note: If you want to keep your saved PASSWORDS click No on the prompt. Opera users click Opera on the menu bar Click on Select All, then click Empty Note: If you want to keep your saved Passwords click No on the prompt Important: Restart the computer before continuing. Note that your system will run slower for a reboot or two after having used this tool so don't panic ---------- Delete temporary files Go to:
Check the boxes for:
---------- Now run a new HijackThis scan and post the new log.ok thx I'll try it my brother is being as stupid as a 3 year old on a sugar rush. (he needs to grow up) so this is going to be a lo0ng clean upLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:38:28 PM, on 22/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6535 bytes That took care of the two entries that might have caused problems. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Be sure to close all browser windows before beginning the install. Remove the old version(s)
---------- Use the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command.
There is no option to clean/disinfect, HOWEVER, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply.okay, my brother settled dpwn so this might get easier.The Kaspersky scan will take a while, probably around an hour, so he can use the computer while it's running. Just be sure to get the log from it.well, he is playing his xbox 360, so is there anything else that needs done in the mean time?Nope. Kaspersky will let us know what to do next....if anything.alrighty then, thank you very much for your help, evilfantasyok the scan is finally done, but i don't know how ot save it. It says that there are no infections and no threats though.i got it to save! -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, July 22, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, July 22, 2008 23:34:08 Records in database: 987374 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan ARCHIVES: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 53253 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 01:49:16 No malware has been detected. The scan area is clean. The selected area was scanned. Excellent! No malware. Use the Secunia Software Inspector to check for out of date software.
----- Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Use only trusted security software like the programs listed on this page. Trusted security tools & resources Let me know if you have any more questions.ok. All is good now. I can't thank you enough!No problem. Safe surfing... |
|
| 2857. |
Solve : Best AntiSpyware And Malware?? |
|
Answer» Quote from: evilfantasy on July 22, 2008, 11:43:17 PM Hmm, I THOUGHT it added to the Hosts file but the more I read on it I'm realizing it doesn't. Looks like it adds changes to the Registry. Thanks! Btw, what's your opinion on Spyware TERMINATOR?I've never had any problems with it. I like that you can ADD clamwin to it and scan for virus and spyware. I don't recommend it to people because some of the settings can be confusing. It gives almost too much information lol. It's a GOOD program from what I know.Quote from: evilfantasy on July 22, 2008, 11:52:31 PM I've never had any problems with it. I like that you can add clamwin to it and scan for virus and spyware. I don't recommend it to people because some of the settings can be confusing. It gives almost too much information lol. It's a good program from what I know. Thanks. I've been using it for some time now and never had a problem with it. |
|
| 2858. |
Solve : my computer has a trojan? |
|
Answer» *JS_REDIR is a Java Script Redirector Trojan. These usually sit in your temporary internet files folder. If you purge this folder or if the software quanartined it, its likely GONE. If you do a rescan and nothing detected, I'd say it may have removed it on its own. |
|
| 2859. |
Solve : complete browser hijack? |
|
Answer» From ZA website. There is a FIX with an update I think. |
|
| 2860. |
Solve : Winoldap and random-number programs slow/stop computer? |
|
Answer» older computer, 386 RAM, ME OPER. SYSTEM. Only when I go online using dialup AOL as ISP, as I retrieve my email, programs start running that slow the system. When i CONT/ALT/DEL to check what is running, there are many "winoldap" programs, plus a program identified only by 9 numbers. When I highlight the 9-number program and click "end task" - very SHORTLY, a different 9-number program comes on. As I keep trying to end the programs by clicking cont/alt/del and end task, the programs start multiplying, more and more 9-digit and even 10-digit number programs show up, and sometimes a program called "lcf", and rarely, a program called . |
|
| 2861. |
Solve : SYSTEM32 message;virus,malware or other?? |
|
Answer» Several days ago,I received a windows update notice for SP3;as normal,I complied and thought no more about it.Since then,I am constantly recieving a warning box stating "DLL C:\WINDOWS\system32\MSACM32.dll". It makes a reference to some windows image being unable to load,and states that I need to match it up against some diskette.At the same time,I have lost all audio.I have checked and rechecked wires,plug-ins,sound card,mixer settings,etc;nothing seems amiss.The only info I found out about MSACM32 on the net was that it might be some kind of audio compression file.HELP! Is this a bug,or do I need to get in a different topic.Any reply is greatly appreciated...Thanks...CNReddMSACM32.dll - msacm32.dll is a module containing functions for audio compression for 32-bit applications.
Have you tried sytem restore? Ok,Egghead,give me a bit and I'll have that for you.As for the last post,I'm unsure and uninformed on deleting SP3,so I won't unless I hear otherwise.As far as a restore,I tried several restore points,going back nearly a month,and my system will not allow it.I'v had this problem before,too,and I don't understand why it will not allow a restore.Ok,dude...here my grocery list..... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:25:42 AM, on 7/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\PROGRA~1\Comodo\CBOClean\BOC427.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe C:\Program Files\BigFix\BigFix.exe C:\WINDOWS\system32\sol.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Program Files\Common Files\AOL\1165668632\ee\aolsoftware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.197.97.135:80 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll F3 - REG:win.ini: load= F3 - REG:win.ini: run= O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI ROBOFORM\roboform.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RCSystemTray] "C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe" O4 - HKLM\..\Run: [MagicSpeed] "C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe" /autorun O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165668632\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE" /FU "C:\WINDOWS\TEMP\E_S6BBA.tmp" /EF "HKCU" O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner" O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Iolo Macro Magic.lnk = C:\Program Files\iolo\Macro Magic\Macros.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v46/solitairerush/solitairerush.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200135186109 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 11440 bytes Thanks in advance,manI'm moving this thread to the Computer viruses and spyware forum. Go here HERE and do the SCANS. Post the logs when complete. |
|
| 2862. |
Solve : Does this have to Malware?? |
|
Answer» ever SINCE that's popped up (which has been like 20 mins) My PC has been running super slow. Anyway Im running a scan just in case. Can SOMEONE confirm that's something to do with Malware?We won't know until you present logs.all I know for sure is my computer is running severely slow. Its taken me 3 mins to type this phrase. Could this VIRUS completely KILL my computer?We don't know, if it's a virus, yet. You have to try running prescribed programs. Don't waste your time for replying. |
|
| 2863. |
Solve : Infected? |
|
Answer» Hi all,
How is everything running?Thanks for the reply. I removed the Hijack This entries, then ran the scans again. SuperAntiSpyware found some tracking cookies, which i had it remove, then scanned it again, and it was fine. All other scans came up clean. I updated Java too. I use the Windows Firewall, which has always seemed to do the job OK for me. Everything seems to be running pretty smoothly again. I've attached a final Hijack This log. [recovering disk space -- attachment deleted by admin]Looks clean to me. Feel free to fix these two entries if you wish... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) Nothing malicious; they're just taking up extra space in the registry. If you want to use Windows Firewall, that's fine, but I should inform you that it only offers very basic protection and doesn't monitor most OUTGOING connections (or any incoming). If you decide to upgrade to a better firewall, you may be surprised to see just how many connections are coming and going to your computer. Your log is still showing an older version of Java. Did you scan before or after updating it? Also...you might want to make sure your clock has the right date. I know UK is ahead of us by several hours, but judging by the time that your scan was made, it seems to me that it still should've been the 22nd and not the 23rd. But I'm tired, so I could be wrong. |
|
| 2864. |
Solve : NEED SERIOUS HELP PLEASE!!? |
|
Answer» Press Ctrl+Alt+DELETE (all at once) |
|
| 2865. |
Solve : monitor control pops-up & adjusts randomly by itself, is this a virus?? |
|
Answer» i'm using WINDOWS XP, downloaded a malware once that triggered a trojan-outbreak ... had to reformat my PC. while Windows was already installing the monitor's brightness option kept popping-out and adjusts itself. i even deleted, created, & reformatted the partitions...it's still there, during start-ups til i shut down!
ok, done. what next? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:01 PM, on 7/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\SERVICES.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe C:\WINDOWS\system32\HotfixQ0306270.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TSE_PLUtil] C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 4351 bytesI don't see any malware and the symptoms you describe don't sound like it either. I see you have SUPERAntiSpyware installed, have you done a scan with it? Quote Now the 'brightness' control's the only one that pops-out, from start-ups til shut-down I don't understand what you mean by this. Quote Now the 'brightness' control's the only one that pops-out, from start-ups til shut-down i took pics from the PC next to it... am still scanning SUPERAntiSpyware ... so far it's detected 8 Adware.Tracking Cookies ... [recovering disk space -- attachment deleted by admin]I'm not sure that this is malware related. Let's see if Superantispyware finds anything.Cookies are nothing to worry about. I'm with evilfantasy on this one...it doesn't sound like a malware issue. By the looks of it, your monitor is probably on the fritz. Your graphics card could also be the culprit, but I think that's not as likely. Do you have another monitor you can try? And can you hook your monitor up to a different computer? This is always the first thing you want to try when having significant monitor problems.I found some information on this in the links below. Sounds like it may just be a dust problem. Why does my brightness control on my monitor keep coming up Monitor Problems Quote If the menu keeps coming up the monitor thinks you pressed a button. A button is just a way of completing an electrical circuit. If dust accumulates on a circuit it can cause the circuit to act strangely. Purchasing some canned air from your local office supply store can solve this problem in most cases. Just blow the air in all the vent holes of the monitor to blow the dust out. Be sure to FOLLOW the directions on the can.[/qoute]Quote from: CBMatt on July 22, 2008, 11:34:41 PM Cookies are nothing to worry about. yes, i know the cookies are less of a threat...but...uhm, sure, once i get someone to lift the monitors for me ^^; everyone's busy... the video card's new, GeForce... i may try that thoughQuote If the menu keeps coming up the monitor thinks you pressed a button. A button is just a way of completing an electrical circuit. If dust accumulates on a circuit it can cause the circuit to act strangely. Purchasing some canned air from your local office supply store can solve this problem in most cases. Just blow the air in all the vent holes of the monitor to blow the dust out. Be sure to follow the directions on the can.[/qoute]Yes I think you need to get inside of the monitor and clean it out. Don't worry about the cookies, they are just .txt files so they can't do anything malicious.Quote from: evilfantasy on July 23, 2008, 12:14:20 AM Yes I think you need to get inside of the monitor and clean it out. K, i'll update you when am done... brb... i almost forgot, the same thing happens even if the screen-saver's already on, and even when i'm in safe-mode. I dusted the monitor carefully but i may have to do it again, it's still in the middle of the screen. does that mean i can use my tablet on this computer? it's the only one i could borrow. we're short on cash, can't replace it at the moment. I also want to ask about PREVENTING hardware-hacking, is AVG & SUPERAntiSpyware enough? |
|
| 2866. |
Solve : Can't open any web browser except Internet Explorer! And can't open SOME exe/ink? |
|
Answer» Hi! Thankies for clicking! Once again, .exe files don't work, so i cant download Hijack this or Malware Bytes Download Deckard's Association File Tool (DAFT) and save it to your desktop.
Now try to download and run the scans. |
|
| 2867. |
Solve : Is My Computer Functioning?? |
|
Answer» I have attached SAS/MBAM/HiJack logs.
---------- What is Wpsetup? Is this the WinPatrol setup file? If so DELETE it.here it is winptr deleted [recovering disk space -- attachment deleted by admin]You can delete FindAWF. Use the Kaspersky Online Scanner You must use Internet Explorer.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As...
Copy and paste the Kaspersky Online Scanner Report in your next reply.Can't do it....I used your link. It will not let me hit accept....it keeps saying I need Java 1.5 or later...I verified...and already have version 7.Hmm, I just tried it in IE and Firefox and it works. Try this. How do I enable Java in my web browser?Here is the scan....I didn't find the scan settings...only scan options...hopefully this wasn't a problem. [recovering disk space -- attachment deleted by admin] I didn't find the scan settings...only scan options...hopefully this wasn't a problem. Yes they have recently updated the site and a few things are different. I didn't even know until I went there to try it when you couldn't get it to load. Another canned speech I need to do some tweaking on..... The good news is that there are only a few files to take care of and you will be malware free! Download OTMoveIt2 by OldTimer
C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-3357f2a4.zip C:\Documents and Settings\Trent Berger\DoctorWeb\Quarantine\pkill.exe C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe EmptyTemp [start explorer]
---------- Next post add OTMoveIt log Also let me know how things are now. Was I supposed to check off Unregister Dll's and Ocx's and Zip Files After Move? I didn't...here are the results File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\HCCMP.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\ichk2.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\iChkSA.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\IWGen.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\kave.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\lha.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\L_llio.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\mdb.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\minizip.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\MKavIO.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\msoe.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\nfio.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\prKernel.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\prLoader.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\PrUtil.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\rar.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\ScanningProcess.exe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\sfdb.PPL scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\TempFile.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\thpimpl.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\UniArc.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\jkos-Trent Berger\binaries\WDiskIO.ppl scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6c4.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_021423 It deleted the temp files like it was supposed to but not the other ones. Open OTMoveIt again and copy then paste just these 3 lines to be moved. C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-3357f2a4.zip C:\Documents and Settings\Trent Berger\DoctorWeb\Quarantine\pkill.exe C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exeFile/Folder C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-3357f2a4.zip not found. File/Folder C:\Documents and Settings\Trent Berger\DoctorWeb\Quarantine\pkill.exe not found. File/Folder C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe not found. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_025238OK looks good. How is everything now? 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a week minimum. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Using Winpatrol to protect your computer from malicious software Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. *Using SpywareBlaster to protect your computer from Spyware and Malware *If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.These are the results from cleaning on moveit2...I wanted you to see them before I go on with the rest of what you said. [recovering disk space -- attachment deleted by admin]Looks good. Everything is scheduled to be deleted on reboot.OK...so on my computer I have -AVast Anti-virrus -CCleaner -SAS -Malwarebytes Anti-Malware -SpywareBlaster -Win Pattrol -Site Advisor Is this all I need? Am I all set with proper programs meaning if I update/scan I should be alright? I don't need Hi-Jack this on the computer? Thanks. |
|
| 2868. |
Solve : Re: Can you help me please?? |
|
Answer» i'm facing de same problem with Kain's and trying to solve it by following evilfantasy's method:
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ---------- Now run a new Hijackthis scan and post that log along with the MBAM log. Also let me know how the computer is now.Thaks for your rapid reply. Before i proceed with Hijackthis, there r a situation of my p c & afew few Qs i think i shld consult:- 1) Started frm yesterday - upon boots-up my pc, ther's an allert msg pop-up: [ D:\WINDOWS\System32\wjjbrcvj.dll The Specified module could not be found " Ok" ] . ....i just press "Ok" & my pc cotinue booting and nothing strange happens so far, but i wonder would thr be any interuption in the future when i intend to open or run a software needs that "specified module" ( actually wt is this module for?) P.S.> I chked the Voult report frm my Avg and found that these in the Voult : \WINDOWS\System32\wjjbrcvj.dll (INFECTION:Trojan Horse BHO.EQL) \WINDOWS\System32\778670\778670.dll (Infection:Trojan Horse BHO.EPL) and \WINDOWS\System32\hgGyvsqp.dll (Infection:Trojan Horse BHO.EPM) Q1: DO I NEED TO RESTORE THEM BEFORE I RUN Hijackthis ? Q2: DO I NEED TO CLOSE AVG BEFORE I RUN Hijackthis ? Q3: DO I NEED TO DISCONNECT MY I NTERNET BEFORE I RUN Hijackthis ? Thank you and look forward to your valuable advice. Just follow all of the instructions I give exactly as the are written and we will get everything back to normal. Just done all you advised and here are the 2 logs report for your advice: 1) Hijackthis(2nd scan) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:59:14 AM, on 7/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Unlocker\UnlockerAssistant.exe D:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\Program Files\Messenger\msmsgs.exe D:\PROGRA~1\MICROS~3\wcescomm.exe D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe D:\PROGRA~1\MICROS~3\rapimgr.exe D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe D:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\PROGRA~1\AVG\AVG8\avgemc.exe D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.my/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet 0.98\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MICROS~3\wcescomm.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet 0.98\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet 0.98\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet 0.98\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet 0.98\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\aaa\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 8371 bytes 2) mbam-log Malwarebytes' Anti-Malware 1.20 Database version: 938 Windows 5.1.2600 Service Pack 2 2:06:37 AM 7/12/2008 mbam-log-7-12-2008 (02-06-37).txt Scan type: Quick Scan Objects scanned: 38829 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: D:\WINDOWS\system32\778670 (Trojan.BHO) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected) P.S. > The alert mentioned earlier dose not appear anymore when i restart my p c. and everythg seems find at this momment. Thank you Looks good. We will run another scan to be sure everything is gone. Delete TEMPORARY FILES Go to:
When prompted select the C: drive and click OK. Check the boxes for:
Click OK or Enter ---------- Use the Kaspersky Online Scanner You must use Internet Explorer.
There is no option to clean/disinfect, HOWEVER, we need to analyze the information on the report. To obtain the report: Click on: Save Report As...
Copy and paste the Kaspersky Online Scanner Report in your next reply. after i click "accept" in Kaspersky Online Scanner, my p c start to hang while Kaspersky Online Scanner starts varifying ...... What shld i do? try clearing Internet Explorers cache then try again. You may also want to restart the computer before trying. Empty the IE cache The first thing to do when Internet Explorer is misbehaving is empty your Internet Explorer cache. Often the cache is not corrupt or damaged – it is simply too large. 1. Click Tools, then Internet Options, and then click the Delete Files button. 2. A Delete Files window will appear. Select the option to Delete all offline content, and then click OK. 3. Click Settings and reduce the size of your cache to, say, 50 to 100 MB (more if you routinely download very large files). This will invariably fix the dreaded red x, View, Source, and sometimes "Page cannot be displayed" errors. Same thing happens - han g,hang,hang Run this online scan. Requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply EsetOnlineScanner Log Tax: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3263 (20080711) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=5d701be7a6df3b42b28279589a4742c3 # end=stopped # remove_checked=true # unwanted_checked=true # utc_time=2008-07-12 06:42:17 # local_time=2008-07-12 02:42:17 (+0800, Malay Peninsula Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=158820 # found=1 # scan_time=1623 E:\Favorites\ÊÕ²Ø.urlprobably a variant of Win32/Agent trojan (unable to clean - deleted)00000000000000000000000000000000 Looks good. Final steps. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a week minimum. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I would suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Before i proceed, u think i need to re-scan my pc as i suspect that the first scanning process has been interrupted as i saw - "end=stopped" in the Log Tax as my internet connection had been disconnected when i chked the scan; AND... "scanned=158820"........ which i think shld be more than that. Will post a Log Tax again once the scan is completed successfully. Thank you All rite, This is the complete one: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3263 (20080711) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=5d701be7a6df3b42b28279589a4742c3 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-07-12 10:00:44 # local_time=2008-07-12 06:00:44 (+0800, Malay Peninsula Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=433998 # found=0 # scan_time=4271 Please advise. Thank you It looks OK. |
|
| 2869. |
Solve : What is better Avast or Avira?? |
|
Answer» Hey EVERYONE, |
|
| 2870. |
Solve : unknown process? |
|
Answer» and here's a fresh log of HJT now i know what she was doing....... god *censored* BEEAAATCCCHHHHLOOOOOOOOOOOOOOOL Delete Windows Vista Ultimate Keygen.exe file from G:\ drive, whatever G is. When done... Your computer is clean 1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program 6. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html 7. Let me know, how your computer is doing. thx a million guys , I couldn't have done it without you guys totally sorted !!!! 1 more thing , the programs you have recommended to download and install are they all OK to leave on my system or should i save 'em somewhere where i have easy access to 'em ( on a stick )I'm glad, your computer is back to normal Did you talk to your neighbour, yet?...LOL Leave those programs on your computer. You may occasionally run a scan with Superantispyware, and Malwarebytes. Do NOT touch HJT, though, unless asked to. If you PLAY with it, you may end up with unbootable computer. |
|
| 2871. |
Solve : Malware removal help (dkinfl)- all steps followed? |
|
Answer» I have/had a virus/spyware/malware PROBLEM and upon doing an internet search I found your forum. I have followed the steps in "Read this before requesting malware removal help".
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a WEEK minimum. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Using Winpatrol to protect your computer from malicious software Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. *Using SpywareBlaster to protect your computer from Spyware and Malware *If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.I had a problem when trying to run cleanmgr. I did not get a "more options" tab. I got a select drive window.Turn off system restore, restart the computer and turn it back on. Windows XP System Restore Guide http://www.bleepingcomputer.com/forums/tutorial56.html |
|
| 2872. |
Solve : vanishing text, stretching windows.. WHAT IS THIS??? |
|
Answer» Not sure if this is where i need to be.. Perhaps you could redirect me if i you cannot help me, |
|
| 2873. |
Solve : Am I infested? No symptoms noted but . . .? |
|
Answer» I was on a fan forum for my favorite online game when I clicked on an outside link that supposedly had humour on it. When the site started to load a popup window came up that said something like: Your internet has been running slower than usual install Microsoft Vista Anti-Virus to scan for problems. There were two BUTTONS "OK" and "Cancel". (more or less the message, wish I written it down) I panicked because my father said he got something similar and had (I think) chosen "Cancel" but still ended up with a huge virus that Microsoft had to help him quarantine (but couldn't remove completely). Instead of hitting any of the buttons I touched nothing and powered down my computer completely using the on/off button waited a bit, powered it back on and immediately ran my CCleaner, AVG Free, and Ad-Aware. It found nothing, but worried, I still found your site and followed your instructions down to and including installing and running HijackThis, SuperAntiSpyware, and Malwarebytes. SuperAntiSpyware and Malwarebytes found no problems either but Hijackthis came up with the following log:
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a week minimum. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Done, thank you!! Just as a side note, when I run CCleaner, is it necessary to check any of the subheadings under Advanced (where it says Old Prefetch Date and such)? I clicked them all when I first installed it over a year ago on my old computer and, when I got this computer 2 months ago and installed CCleaner on it, I just did the same and left them clicked. I really don't know whether that is overkill or something I should have even touched. (Oh to the ignorant who click things when they do not know what they do, lol) I usually leave the Advanced settings alone just to be on the safe side.Thank you. Your site was recommended by another player on the online game fan forum I use. You all HELPED him with some Malware he'd picked up browsing the internet. I'll have to let him know it worked for me too. I'll have to recommend you to my father as well. Maybe it will save him a call to Microsoft if something happens again. Now that my worry over my new computer is over, I'm going to bed as it's after 1:30 am here .Glad we could help. We're much cheaper then MS help is... Safe surfing..... |
|
| 2874. |
Solve : How do I stop false positives with AVG?? |
|
Answer» Hello, Do you have AVG 8.0? If you do, id reccommend either downloading avast or avira free antivirus in place of it. But, if you do like AVG, id say wait for a malware specialist to help you out The reason I say replace it is because I have heard that a lot of problems have risen since AVG came out wih 8.0 I had Avast but I don't know how to use it to scan my computer. I did have AVG 8.0 installed.Is AVG completely uninstalled? And yea, IM not a computer genius, I had trouble finding how to scan the comp with that antivirus too hahaFirst, do you have a problem with false positives? SECOND, you need to look at the link that you provided; 'ePSXe' is the program that the poster in your link knew was ok but AVG falsely identified it as a threat. You won't have this file (program) on your computer. If the answer to my first question is "No," then don't tinker with AVG's settings. If you are comfortable with AVG and don't have any problems, keep it. |
|
| 2875. |
Solve : weird pattern on my screen when booted up? |
|
Answer» hi I have a Compaq computer and it is running office 2000. Something really strange happened, one day I booted it up and there was this really weird Aztec looking background and as soon as it got to the screen where all my icons are my regular display screen came back to normal. However, my web browsers are not working and i cant install any software. An error message comes up something about kernel. I am really confused. I have AVG free edition for anti virus could i still have gotten a virus? Any help would be appreciated. Post exact error message.okay I should have explained this a BIT better. I am still connected to online through a router and it will let aim come up. However the message when the web BROWSER pops up is webpage you request is not available offline. The other message that popped up was when i tried to install windows live on care and I cant remember what it was because I am using a different computer right now and the computer that has these problems is in someones room which i dont have access to at the moment. (if needed I will try to get this info. for you) Also when i ran avg a new thing came up that said wsock32.dll but it just changed it. I dont know if that is something to be concerned with or not. This is the error message I'm talking about: An error message comes up something about kernelKernel error message is always important, so it MAY help, if we know what it says, exactly. Just in case... Download HijackThis: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download Click on Download HijackThis Installer Post HijackTHis log.Here is the error message for when i try and install windows live one care.....The procedure entry point attach console could not be located in the dynamic link library kernel32.dll As for the hijack this log its to hard for me to dl something when i cant get online because the web browser is mest up. I can only get online from this computer. Can you download it from the comp you are using to post with and put it on a jump drive or cd and then install it on the other comp?Are you sure about "attach console" part? I can't find any reference to it. Also, proceed with mroilfield's advice. You may also, go Start>Run, and TYPE in: sfc /scannow Click OK. Have Windows CD handy.Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:53:09 AM, on 7/9/2008 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\acs.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\AIM\aim.exe C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\braun2go\Desktop\HJTInstall.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: @msdxmLC.dll,[emailprotected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dcsm] "C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe" O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170625035390 O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- End of file - 6439 bytes There are some infections... Using same method transfer, and run.... Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. PHYSICALLY DISCONNECT FROM THE INTERNET Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are SEVERAL logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RECONNECT TO THE INTERNET RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Post new HijackThis log.Here is the information that you requested. [recovering disk space -- attachment deleted by admin]*** You need to update Java: http://java.sun.com/javase/downloads/index.jsp Java Runtime Environment (JRE) 6 Update 7 Uninstall all previous versions of Java through Add\Remove. *** Go to Add\Remove, and uninstall NetRatingsNetSight, and DriveCleaner Free Uninstall any of the following programs associated with Viewpoint: * Viewpoint Manager * Viewpoint Media Player * Viewpoint Toolbar This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc. 1. Print this post out, since you won't have an access to it, at some point. 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases [marked with *], no actual program will be removed): - O4 - HKLM\..\Run: [dcsm] "C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe" - O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe - *O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" - *O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" - *O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl - *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - *O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') - *O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - *O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE - O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe 4. Click on Fix checked button. 5. Restart computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears) 6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders. 7. Delete following files/folders (if present): - DriveCleaner Free folder from C:\Program Files\Common Files - NetRatingsNetSight, and Viewpoint folders from C:\Program Files 8. Restart in Normal Mode. 9. Post new HijackThis log.Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:37:06 AM, on 7/12/2008 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Safe mode Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: @msdxmLC.dll,[emailprotected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170625035390 O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- End of file - 4301 bytes I need HJT log from Normal, not Safe Mode. |
|
| 2876. |
Solve : Can someone check this for me please?? |
|
Answer» This is a log, not of my own computer but of someone else's.
There is no AV installed right now as I removed AVG, he's dead set on reinstalling Norton despite my best efforts. I'll remove NoPops, I did wonder if that was legit or not but didn't have time to research yesterday. I'll run MBAM in a few minutes, and will edit this post with the log when it's done (I have to disconnect this computer to plug in the other one you see so I can't do it right now). Edit: Sorry, took longer than I thought because I had some other things to do. Here it is, it found Hotbar and successfully removed it, the next scan was clean. Malwarebytes' Anti-Malware 1.20 Database version: 932 Windows 5.1.2600 Service Pack 3 11:22:21 10/07/2008 mbam-log-7-10-2008 (11-22-21).txt Scan type: Quick Scan Objects scanned: 39593 Time elapsed: 3 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Hotbar\Hotbar.log (Adware.Hotbar) -> Quarantined and deleted successfully. Looks like you got rid of everything.Cool, thanks for the help. Now I just need to get hold of the guy to give his computer back . . . |
|
| 2877. |
Solve : HELP: Cannot access certain websites? |
|
Answer» Hello. Let me start out by saying that I am not the most Tech-Savy guy out there, but I do know a bit about computers. My computer is custom built and has not had any major problems until now. |
|
| 2878. |
Solve : Item in Spybot S&D? |
|
Answer» Everytime I run Spybot S&D, I GET this item. should I FIX it or not? |
|
| 2879. |
Solve : Computer shuts off when scanning for virus........? |
|
Answer» I've fixed all my problems. I just downloaded sum malware software removal tool.......fixed my problem. Thanks for all you guyz help.Well...we're glad your problem seems to be RESOLVED on your end. I just downloaded sum malware software removal tool.......fixed my problem.Without SEEING all logs, there is no guarantee, the INFECTION is completely gone. |
|
| 2880. |
Solve : Re: Computer shuts off when scanning for virus........? |
|
Answer» Uh instead of starting a new topic, I'll just use this one I PRETTY much have the same problem as he had, but I can't finish a scan with MalwareBytes, or SuperantiSpyware. I did do the HijackThis scan though, and thus far it seems to be the only one that finishes without the blue screen appearing. I'm currently in Safe Mode with Networking, so that I can try to figure out how to get it off. I don't know if it helps, but I know the approximate location of where it is located, but every time I try to access/delete the file the blue screen pops-up.
Now close all windows except for Hijackthis and click Fix checked Exit Hijackthis and run CCleaner. ---------- Extra cleaning... Delete TEMPORARY FILES Go to:
Check the boxes for:
---------- Download FixWareout by LonnyRJonesfrom one of the two below links and save it to your desktop.
After rebooting (restart) back into normal boot mode. Make sure you have all web browsers closed.
---------- Download SDFix.exe and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Now then reboot your computer in Safe Mode by doing the following:
If SDFix won't run or you get errors, follow the link for instructions on running SDFix. How to use SDFix ---------- Before running HJT please install and rename the new version. Download and rename TrendMicro HijackThis.exe (HJT) ---------- Next post add fixwareout log SDFix log New HJT logIt doesn't seem to have worked. The blue screen keeps coming up. Heres the FixWareOut log. ~~~~~ Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.115.59 85.255.112.133" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{012B82A0-78A8-4153-8FED-9AD0B15B07F9} "nameserver"="85.255.115.59,85.255.112.133" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5662E96D-9C96-43F6-A6DC-939C5998F76B} "nameserver"="85.255.115.59,85.255.112.133" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6B86BE84-DF68-4669-AF92-F283A0FA8B24} "nameserver"="85.255.115.59,85.255.112.133" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{950BAE7D-BAD5-4015-9AEC-1E59874A9BF2} "DhcpNameServer"="85.255.115.59,85.255.112.133" Could not flush the DNS Resolver Cache: Function failed during execution. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "VirtualDrive"="\"C:\\Program Files\\FarStone\\VirtualDrive\\VDTask.exe\" /AutoRestore" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\"" "StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "RAMDrive"="\"C:\\Program Files\\FarStone\\VirtualDrive\\VHD\\RDTask.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\"" "MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe" "Motive SmartBridge"="C:\\PROGRA~1\\ALLTEL~1\\SMARTB~1\\MotiveSB.exe" "Maplom"="\"C:\\Program Files\\SlySoft\\Game Jackal\\GameJackal.exe\" /silent" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\"" "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "Corel Photo Downloader"="\"C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe\"" "AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" "BOC-426"="C:\\PROGRA~1\\Comodo\\CBOClean\\BOC426.exe" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "cnfgCav"="\"C:\\Program Files\\Comodo\\Comodo AntiVirus\\CMain.exe\"" "cavUPSDBMaker"="\"C:\\Program Files\\Comodo\\Comodo AntiVirus\\UPSDBMaker.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ I'm not sure, but this seems to be the SDFix report. tchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-11 14:31:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden files ... IPC error: 2 The system cannot find the file specified. scan completed successfully hidden files: 0Quote from: nightscout on July 11, 2008, 02:21:51 PM It doesn't seem to have worked. The blue screen keeps coming up. This is going to take multiple steps, so we are likely far from complete. The SDFix log is incomplete. Install the new version of Hjackthis but don't run it YET. Instead now run DSS and post the logs. Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Vista users Right click DSS and Run as Administrator.
Heres the first half of the main one. Deckard's System Scanner v20071014.68 Run by Glen on 2008-07-11 16:41:36 Computer is in Safe Mode with Networking. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Unable to create WMI object; The operation completed successfully. Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Glen.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 4:43:14 PM, on 7/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City.exe C:\Program Files\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Glen\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\Glen.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Maplom] "C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" /silent O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" O4 - HKLM\..\Run: [cavUPSDBMaker] "C:\Program Files\Comodo\Comodo AntiVirus\UPSDBMaker.exe" O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second O4 - HKLM\..\RunOnce: [SDFix] C:\SDFix\RunThis.bat /second O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?972760012750 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138820922273 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4661/mcfscan.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.59 85.255.112.133 O17 - HKLM\System\CS1\Services\Tcpip\..\{012B82A0-78A8-4153-8FED-9AD0B15B07F9}: NameServer = 85.255.115.59,85.255.112.133 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.115.59 85.255.112.133 O17 - HKLM\System\CS4\Services\Tcpip\..\{012B82A0-78A8-4153-8FED-9AD0B15B07F9}: NameServer = 85.255.115.59,85.255.112.133 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing) O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe O23 - Service: DomainService - - C:\WINDOWS\system32\hcekpaim.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) -------------------- backup-20080711-135433-149 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL backup-20080711-135433-369 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL backup-20080711-135433-452 R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com backup-20080711-135433-492 O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - (no file) backup-20080711-135433-500 O2 - BHO: (no name) - {554A64A5-4E29-48F0-A729-BDF50CE38199} - C:\WINDOWS\system32\pmkhe.dll (file missing) backup-20080711-135433-608 O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL backup-20080711-135433-745 O2 - BHO: Colej_uk Design Toolbar Helper - {54F3259F-8CF4-496a-9ECC-857410855A50} - C:\Program Files\Colej_uk Design Toolbar\v2.0.0.5\Colej_uk_Design_Toolbar.dll (file missing) backup-20080711-135433-752 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) backup-20080711-135433-793 O2 - BHO: Seekmo /fleok=1D8A83A5C5E3147799AB6B2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file) backup-20080711-135433-822 O2 - BHO: MSVPS System - {2D42D689-4B94-4734-92C2-606FC5F4C15D} - C:\WINDOWS\oprevtdp.dll backup-20080711-135434-105 O3 - Toolbar: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file) backup-20080711-135434-154 O3 - Toolbar: (no name) - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file) backup-20080711-135434-203 O3 - Toolbar: Colej_uk Design Toolbar - {7E895BD9-C3B7-4bc2-A7B8-758531866F00} - C:\Program Files\Colej_uk Design Toolbar\v2.0.0.5\Colej_uk_Design_Toolbar.dll (file missing) backup-20080711-135434-244 O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing) backup-20080711-135434-270 O2 - BHO: Video BHO - {681147C4-D615-461A-960F-655871E315C3} - C:\WINDOWS\pnop64.dll backup-20080711-135434-282 O3 - Toolbar: (no name) - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - (no file) backup-20080711-135434-317 O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll (file missing) backup-20080711-135434-340 O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file) backup-20080711-135434-382 O3 - Toolbar: (no name) - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - (no file) backup-20080711-135434-574 O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) backup-20080711-135434-593 O20 - Winlogon Notify: fccyvuu - fccyvuu.dll (file missing) backup-20080711-135434-676 O9 - Extra button: (no name) - Software - (no file) backup-20080711-135434-679 O2 - BHO: Colej_uk Design Toolbar Helper - {A62CB71D-6EC8-4065-8EEC-07B224364A2B} - C:\Program Files\Colej_uk Design Toolbar\v2.0.0.5\Colej_uk_Design_Toolbar.dll (file missing) backup-20080711-135434-720 O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) backup-20080711-135434-743 O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\fccyvuu.dll (file missing) backup-20080711-135434-810 O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing) backup-20080711-135434-822 O2 - BHO: (no name) - {DE965520-995B-40B9-B0BA-840F79BCCCC7} - (no file) backup-20080711-135434-840 O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - (no file) backup-20080711-135434-849 O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll backup-20080711-135434-987 O3 - Toolbar: Colej_uk Design Toolbar - {A45D8289-FFA3-4cd8-B83A-F84F7173B2CE} - C:\Program Files\Colej_uk Design Toolbar\v2.0.0.5\Colej_uk_Design_Toolbar.dll (file missing) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2 atksgt - c:\windows\system32\drivers\atksgt.sys 1 AvgLdx86 (AVG Free AVI Loader Driver x86) - c:\windows\system32\drivers\avgldx86.sys (file missing) 1 AvgMfx86 (AVG Free On-access Scanner Minifilter Driver x86) - c:\windows\system32\drivers\avgmfx86.sys (file missing) 2 AvgTdiX (AVG Free8 Network Redirector) - c:\windows\system32\drivers\avgtdix.sys (file missing) 3 BW2NDIS5 - system32\drivers\bw2ndis5.sys (file missing) 3 catchme - c:\docume~1\glen\locals~1\temp\catchme.sys (file missing) 0 Cavasm - c:\windows\system32\drivers\cavasm.sys 3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing) 3 L2XPSR - c:\progra~1\effici~1\tangom~1\app\l2xpsr.sys (file missing) 2 lirsgt - c:\windows\system32\drivers\lirsgt.sys 3 nenum13E - c:\docume~1\mawmaw\locals~1\temp\nenum13e.sys (file missing) 2 npkcrypt - c:\program files\triglowpictures\pristontale\npkcrypt.sys (file missing) 1 OMCI - c:\windows\system32\drivers\omci.sys 1 oreans32 - c:\windows\system32\drivers\oreans32.sys 0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys 0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe 2 avg8emc (AVG Free8 E-mail Scanner) - c:\progra~1\avg\avg8\avgemc.exe (file missing) 2 avg8wd (AVG Free8 WatchDog) - c:\progra~1\avg\avg8\avgwdsvc.exe (file missing) 2 Comodo Anti-Virus and Anti-Spyware Service - c:\program files\comodo\common\cavaspy\cavasm.exe 2 DomainService - c:\windows\system32\hcekpaim.exe 4 gusvc (Google Updater Service) - c:\program files\google\common\google updater\googleupdaterservice.exe (file missing) 2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe 4 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe And heres the second half. -- Device Manager: Disabled ---------------------------------------------------- Unable to create WMI object. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-01 01:00:02 352 --a------ C:\WINDOWS\Tasks\McQcTask.job 2007-12-29 18:10:15 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job -- Files created between 2008-06-11 and 2008-07-11 ----------------------------- 2008-07-11 16:18:38 0 d-------- C:\Program Files\Virtual Villagers - The Secret City 2008-07-11 16:07:39 0 dr-h----- C:\Documents and Settings\Glen\Recent 2008-07-11 14:29:08 0 d-------- C:\Program Files\Trend Micro 2008-07-11 14:24:15 0 d-------- C:\WINDOWS\ERUNT 2008-07-11 14:16:33 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-11 14:16:32 0 d-------- C:\Documents and Settings\Glen\Application Data\SUPERAntiSpyware.com 2008-07-11 13:58:06 0 d-------- C:\Program Files\CCleaner 2008-07-11 10:26:22 186400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-11 10:02:51 0 d-------- C:\Documents and Settings\Glen\Application Data\Malwarebytes 2008-07-11 10:02:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-11 10:02:40 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-11 09:24:28 0 d-------- C:\Documents and Settings\Glen\Application Data\MailFrontier 2008-07-11 09:06:13 73728 --a------ C:\WINDOWS\system32\CavEmLSP.dll 2008-07-11 09:06:07 102400 --a------ C:\WINDOWS\system32\drivers\cavasm.sys 2008-07-11 09:06:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2008-07-11 09:05:58 216576 --a------ C:\WINDOWS\system32\monln.dll 2008-07-11 09:03:52 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-07-11 09:03:46 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-07-11 09:02:56 0 d-------- C:\WINDOWS\system32\ZoneLabs 2008-07-11 09:02:04 0 d-------- C:\WINDOWS\Internet Logs 2008-07-11 08:54:01 0 d-------- C:\Documents and Settings\All Users\Application Data\BOC426 2008-07-11 08:53:54 0 d-------- C:\Program Files\Comodo 2008-07-10 10:31:43 45056 --a------ C:\WINDOWS\system32\Fsinst32.dll 2008-07-10 10:31:43 86016 --a------ C:\WINDOWS\system32\Dversion.dll 2008-07-10 10:31:43 110592 --a------ C:\WINDOWS\system32\DVC.dll 2008-07-10 10:31:41 5120 --a------ C:\WINDOWS\system32\Fsinst16.DLL 2008-07-10 09:34:22 0 d-------- C:\Program Files\AVG 2008-07-10 09:34:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-25 22:17:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor 2008-06-25 22:16:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-06-15 12:31:40 0 d-------- C:\Program Files\FunWebProducts 2008-06-15 12:26:57 0 d-------- C:\Documents and Settings\MawMaw\Application Data\DNA 2008-06-15 01:13:41 8704 --a------ C:\WINDOWS\system32\tdidrv32.sys 2008-06-15 01:13:37 0 d-------- C:\WINDOWS\system32\162123 2008-06-15 01:13:13 0 d-------- C:\Program Files\NetProject 2008-06-12 11:11:21 0 d-------- C:\Program Files\Common Files\Stardock -- Find3M Report --------------------------------------------------------------- 2014-09-22 00:00:00 56320 --a----c- C:\WINDOWS\gendel32.exe 2008-07-11 16:35:26 0 d-------- C:\Documents and Settings\Glen\Application Data\BitTorrent 2008-07-11 09:57:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-10 15:47:06 0 d-------- C:\Documents and Settings\Glen\Application Data\LimeWire 2008-07-10 14:35:18 0 d-------- C:\Program Files\Steam 2008-07-10 10:37:09 0 d-------- C:\Documents and Settings\Glen\Application Data\DNA 2008-07-10 09:16:52 0 d-------- C:\Documents and Settings\Glen\Application Data\Adobe 2008-07-09 20:19:41 0 d-------- C:\Program Files\DAEMON Tools Pro 2008-06-16 14:03:29 0 d-------- C:\Documents and Settings\Glen\Application Data\SiteAdvisor 2008-06-14 21:51:46 13312 --a-s---- C:\WINDOWS\system32\kfcpnd.dll 2008-06-12 11:11:21 0 d-------- C:\Program Files\Common Files 2008-06-12 11:07:53 0 d-------- C:\Program Files\Stardock 2008-06-11 08:09:43 0 d---s---- C:\Program Files\Xfire 2008-06-11 01:06:46 0 d-------- C:\Documents and Settings\Glen\Application Data\Xfire 2008-06-10 07:48:29 0 d-------- C:\Program Files\GameSpy Arcade 2008-06-09 18:03:11 0 d-------- C:\Documents and Settings\Glen\Application Data\FarStone 2008-06-09 17:54:55 0 d-------- C:\Program Files\Alcohol Soft 2008-06-09 17:49:49 261 --a----c- C:\inVHDDrvLog.dat 2008-06-09 17:45:07 0 d-------- C:\Program Files\FarStone 2008-06-09 16:14:28 0 d-------- C:\Documents and Settings\Glen\Application Data\DAEMON Tools Pro 2008-06-09 14:37:36 0 d-------- C:\Program Files\MagicISO 2008-06-09 13:26:40 0 d-------- C:\Program Files\AdVantage 2008-06-09 12:48:55 0 d-------- C:\Documents and Settings\Glen\Application Data\DAEMON Tools 2008-06-09 11:49:06 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-09 10:52:27 0 d-------- C:\Documents and Settings\Glen\Application Data\InstallShield 2008-06-08 17:25:23 0 d-------- C:\Program Files\BitTorrent 2008-06-04 10:58:05 0 d-------- C:\Documents and Settings\Glen\Application Data\Sun 2008-06-04 10:35:22 0 d-------- C:\Program Files\LimeWire 2008-06-03 07:17:30 0 d-------- C:\Program Files\SiteAdvisor 2008-05-30 17:03:56 0 d-------- C:\Program Files\DNA 2008-05-30 13:14:33 0 d-------- C:\Documents and Settings\Glen\Application Data\teamspeak2 2008-05-29 18:05:44 0 d-------- C:\Documents and Settings\Glen\Application Data\Macromedia 2008-05-23 17:56:31 0 d-------- C:\Documents and Settings\Glen\Application Data\WinRAR 2008-05-16 20:04:49 0 d-------- C:\Program Files\Common Files\Motive 2008-05-16 19:57:19 0 d-------- C:\Program Files\Yahoo! 2008-05-16 19:57:17 0 d-------- C:\Program Files\Weather Studio 2008-05-16 19:57:14 0 d-------- C:\Program Files\QuickTime 2008-05-16 19:57:12 0 d-------- C:\Program Files\McAfee 2008-05-16 19:57:11 0 d-------- C:\Program Files\Google 2008-05-16 19:57:10 0 d-------- C:\Program Files\DivX 2008-05-16 18:34:59 0 d-------- C:\Documents and Settings\Glen\Application Data\Mozilla 2008-05-16 18:32:21 0 d-------- C:\Documents and Settings\Glen\Application Data\ATI 2008-05-16 18:31:51 0 d-------- C:\Documents and Settings\Glen\Application Data\Webroot 2008-05-16 18:31:39 0 d-------- C:\Documents and Settings\Glen\Application Data\Sonic 2008-05-16 18:31:13 0 d-------- C:\Documents and Settings\Glen\Application Data\Identities 2008-04-30 16:52:22 53858 --a------ C:\WINDOWS\system32\dcads-remove.exe 2008-04-30 07:34:20 433664 --a------ C:\WINDOWS\system32\nsh1DB.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "VirtualDrive"="C:\Program Files\FarStone\VirtualDrive\VDTask.exe" [07/18/2007 12:55 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 02:01 AM] "RAMDrive"="C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/08/2006 01:14 PM] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 08:47 PM] "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [08/31/2007 12:08 PM] "Motive SmartBridge"="C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [] "Maplom"="C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" [] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 04:45 PM] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 03:54 PM] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [02/09/2006 05:34 PM] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 04:41 PM] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 05:40 PM] "BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [04/10/2008 11:08 AM] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07/09/2008 09:05 AM] "cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [07/11/2008 09:05 AM] "cavUPSDBMaker"="C:\Program Files\Comodo\Comodo AntiVirus\UPSDBMaker.exe" [07/11/2008 09:05 AM] "SDFix"="C:\SDFix\RunThis.bat /second" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "SDFix"=C:\SDFix\RunThis.bat /second [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln] monln.dll 07/11/2008 09:05 AM 216576 C:\WINDOWS\system32\monln.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkhe.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] AutoRun\command- I:\NoAutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] AutoRun\command- J:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] AutoRun\command- K:\NoAutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] AutoRun\command- L:\NoAutoRun.exe -- End of Deckard's System Scanner: finished at 2008-07-11 16:44:08 ------------ Heres the first half of the Extra. Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Unable to create WMI object. Architecture: X86; Language: English Percentage of Memory in Use: 35% Physical Memory (total/avail): 638 MiB / 414.02 MiB Pagefile Memory (total/avail): 1561.62 MiB / 1361.68 MiB Virtual Memory (total/avail): 2047.88 MiB / 1938.12 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 38.28 GiB total, 21.42 GiB free. D: is CDROM (CDFS) E: is CDROM (No Media) F: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. Unable to create WMI object. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Glen\Application Data CLIENTNAME=Console COLLECTIONID=COL8143 CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=JIMMY-ZMTCUWPG3 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Glen ITEMID=dj-22741-15 LANG=1033 LOGONSERVER=\\JIMMY-ZMTCUWPG3 NUMBER_OF_PROCESSORS=1 OS=Windows_NT OSVER=winXPH Path=C:\WINDOWS\SYSTEM32;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\;C:\PROGRAM FILES\SMART PROJECTS\ISOBUSTER;C:\PROGRA~1\FARSTONE\VIRTUA~1\;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\FARSTONE\VIRTUALDRIVE\VDP;C:\PROGRA~1\FARSTONE\VIRTUA~1\DVDCRE~1; PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G SAFEBOOT_OPTION=NETWORK SESSIONID=1165343229926htx60566ef76f:10f53de9c73:-7196 SESSIONNAME=Console SWUTVER=1.0.22.20030804 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Glen\LOCALS~1\Temp TIMEOUT=0 TMP=C:\DOCUME~1\Glen\LOCALS~1\Temp TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm tvdumpflags=8 UPDATEDIR=C:\DOCUME~1\MawMaw\LOCALS~1\Temp\rad3674A.tmp USERDOMAIN=JIMMY-ZMTCUWPG3 USERNAME=Glen USERPROFILE=C:\Documents and Settings\Glen VERSION=3.0.5.001 windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Owner (admin) Glenn (admin) Glenn (admin) MawMaw (admin) Glen (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\ssupload.dll --> C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\vclnr.dll --> C:\PROGRA~1\ACCELE~1\ANTI-V~1\WS_UNI~1.EXE -s --> C:\PROGRA~1\ALLTEL~1\bin\CustomUninstall.exe ALLTEL --> C:\PROGRA~1\COMMON~1\EACCEL~1\SysSnap\syssnap.exe -UnregServer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Total War\Medieval - Total War (Demo Version)\Uninst.isu" --> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D5DFD1A-5B25-48B7-B4D5-E04778BDC676}\Setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,[emailprotected] Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log AdVantage (Powering DAEMON Tools) --> "C:\Program Files\AdVantage\AdVUninst.exe" /r DAEM /d "AdVantage (Powering DAEMON Tools)" /m "AdVantage is safe advertising software that supports Freeze.com.\nAdVantage is certified by TRUSTe as a Trusted Download.\n\nAre you sure you want to uninstall AdVantage support for DAEMON Tools?" AGEIA PhysX v7.07.09 --> MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6} AIM 6 --> C:\Program Files\AIM6\uninst.exe Alltel DSL Installer Agent --> "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent_Remove.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden AntiSpyCheck 2.1.0 --> C:\Program Files\AntiSpyCheck\uninst.exe Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[emailprotected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257} Avernum 2 --> C:\WINDOWS\iun504.exe C:\Program Files\Avernum 2\irunin.ini AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL BitComet 0.63 --> "C:\WINDOWS\BitComet_Toolbar_Uninstaller_7296.exe" -hu _?=C:\Program Files\BitComet Toolbar BitComet Toolbar --> "C:\WINDOWS\BitComet_Toolbar_Uninstaller_7296.exe" _?=C:\Program Files\BitComet Toolbar BitTorrent --> C:\Program Files\BitTorrent\uninst.exe Black & White® 2 Battle of the Gods --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10631C28-62E5-477C-9B40-40C5EA8219BE}\setup.exe" -l0x9 -removeonly BOClean --> C:\WINDOWS\UNBOC.EXE Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033 Browser Optimizer Dcads --> C:\WINDOWS\system32\dcads-remove.exe CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CIF USB Camera (2110A) --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\DC2110a.ini Comodo AntiVirus Beta 2.0 --> C:\Program Files\Comodo\Comodo AntiVirus\UninstallCAVS.exe Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354} Cry of the Infected Demo --> C:\Program Files\Cry of the Infected Demo\Uninstal.exe Cult II - Federal Crime --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Cult II - Federal Crime\ST5UNST.LOG" CureROM Pro 1.3.0b --> C:\Program Files\CureROM\uninst.exe Dawn of War - Winter Assault Demo --> MsiExec.exe /X{F72C032A-A0FB-49A9-86A1-188E4724EF1D} Dcads Advanced Toolbar --> C:\Program Files\Dcads Advanced Toolbar\uninstall.exe Dcads Games Collection --> C:\Program Files\Dcads Games Collection\uninstall.exe Dealio Toolbar --> MsiExec.exe /X{3F896597-76C2-4136-97B2-03CA9B04D6AD} Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" Desktop Weather by The Weather Channel --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL eAcceleration --> C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe -AddRemove EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu" Enhancement Browser Tools Superiorads --> C:\WINDOWS\system32\superiorads-uninst.exe Fantasy Mod v 0.7.7 for 0.808 --> C:\Program Files\Mount&Blade\Modules\Fantasy_Mod\uninst.exe Feeding Frenzy(TM) --> C:\PROGRA~1\SHOCKW~1.COM\FEEDIN~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\FEEDIN~1\INSTALL.LOG Free Download Manager 2.1 --> "C:\Program Files\Free Download Manager\unins000.exe" Free Download Manager Archive Pack --> "C:\WINDOWS\unins000.exe" Galactic Civilizations II - Gold Edition --> C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG Galactic Civilizations II - Gold Edition Demo --> C:\PROGRA~1\Stardock\TOTALG~1\GC2GOL~1\UNWISE.EXE C:\PROGRA~1\Stardock\TOTALG~1\GC2GOL~1\INSTALL.LOG Game Jackal v3.0.1.6 (32 bit) --> "C:\Program Files\SlySoft\Game Jackal\unins000.exe" GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Unload DLL Patch --> MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD} HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} HP Wireless Rechargeable Optical Mouse --> Pmuninst.exe MouseSuite98 IExplorer Security Plug-in --> "C:\Program Files\Video ActiveX Access\iesunst.exe" IGN Download Manager 2.1.2 --> C:\Program Files\IGN\Download Manager\uninst.exe Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Leylines --> C:\WINDOWS\iun504.exe C:\Program Files\Leylines\data\irunin.ini LimeWire 4.18.1 --> "C:\Program Files\LimeWire\uninstall.exe" Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe Messenger Service --> "C:\Program Files\Video ActiveX Access\imsunst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft DirectX Media 6.0 SDK --> undxmsdk.exe Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12 Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall MostFun Game Player --> MsiExec.exe /I{2BD2069A-A865-432A-86B8-1151BB0526CC} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} My Web Search (Webfetti) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe Nethergate --> MsiExec.exe /X{05A17FEA-ED98-40F3-A9D8-6AB1E56F5FCF} Notification Utility --> OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC} PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Red Faction --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47E6B460-04BA-4215-9F5D-3858BF920D07}\setup.exe" anything Sam and Max - Situation Comedy 1.0 --> C:\Program Files\Telltale Games\Sam and Max - Situation Comedy\Uninstall Sam and Max - Situation Comedy.exe Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly Heres the second half. Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly Star Wars Empire at War Forces of Corruption --> C:\Program Files\InstallShield Installation Information\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}\setup.exe -runfromtemp -l0x0009 -removeonly Stardock Central --> C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG Starscape V1.6 --> "C:\Program Files\Starscape\unins000.exe" Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe" TF2 --> "C:\Program Files\Team Fortress 2\unins000.exe" v1.0.26d --> "C:\Program Files\PT\unins000.exe" VideoCap ActiveX Control --> "C:\Program Files\VideoCap ActiveX Control\unins000.exe" Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Virtual Villagers - The Lost Children (remove only) --> C:\Program Files\Virtual Villagers - The Lost Children\Uninstall.exe Virtual Villagers - The Secret City 1.0 --> C:\Program Files\Virtual Villagers - The Secret City\uninst.exe WarGames --> C:\WINDOWS\IsUninst.exe -fC:\WarGames\Uninst.isu Wazzal --> "C:\Program Files\Wazzal\Uninstall.exe" "C:\Program Files\Wazzal\install.log" Weather Services --> C:\WINDOWS\system32\control.exe C:\WINDOWS\system32\wxfw.cpl,4 Weather Studio 3.3.2.0 --> C:\Program Files\Weather Studio\WeatherStudioUninstall.exe Web Application --> "C:\Program Files\NetProject\scu.exe" Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Worm Wars III 1.0 --> "C:\WINDOWS\Colej_uk_Design_Toolbar_Uninstaller_9062.exe" -hu _?=C:\Program Files\Colej_uk Design Toolbar Worm Wars III Colej_uk Design Toolbar --> "C:\WINDOWS\Colej_uk_Design_Toolbar_Uninstaller_9062.exe" _?=C:\Program Files\Colej_uk Design Toolbar Worm Wars IV 1.0 --> C:\Program Files\Worm Wars IV\uninst.exe Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe" XML Paper Specification Shared Components Pack 1.0 --> XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe" Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- Application Event Log ------------------------------------------------------- No Errors/Warnings found. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ No Errors/Warnings found. -- End of Deckard's System Scanner: finished at 2008-07-11 16:44:08 ------------ You just installed Virtual Villagers - The Secret City? Plese do as little on the PC as possible until we can get this cleared up. Ok....You have two antivirus installed. This is never advised and could be a big part of the problems. We will also uninstall Zone Alarm as there have been internet connection issues with it lately. Go to add/remove programs and uninstall: AntiSpyCheck 2.1.0 <- This is a rouge program and should not be trusted. Comodo AntiVirus Beta 2.0 Enhancement Browser Tools Superiorads HijackThis 1.99.1 <- Please install the new version - TrendMicro HijackThis.exe (HJT) My Web Search (Webfetti) Viewpoint Media Player WildTangent Web Driver ZoneAlarm ---------- Restart the computer now and see if you can get to normal boot mode and run Malwarebytes. If you can't get to normal boot mode then try to run it anyway and post the log when complete. ---------- After you are done with MBAM run a new Hijackthis scan and post the log from it along with the MBAM scan log. |
|
| 2881. |
Solve : Computer continually locks up? |
|
Answer» This actually may be good news, because it means "sfc" found some corrupted files. Next copy your Windows XP CD to your hard drive. Just create a folder (I used \XP-CD), and copy all the contents of your Windows XP CD in that folder.Yes. I assume it meas to just copy the files.Yes.I followed the guide from the link you provided and successfully burned a slipstream SP2 disc. I still have a PROBLEM though. It still will not except the disc. I'm thinking its because the XP disc I used was a XP Home disc. It wants an XP Professional one instead. I do not have any XP Professional discs, only Home ones. Will I have to just buy one instead? Thanks again for your continued help on this.Quote I'm thinking its because the XP disc I used was a XP Home disc. It wants an XP Professional one instead.You're correct. To run "sfc", it has to be exact version, and exact SP. Maybe, you can borrow one. Nothing ILLEGAL here.No one that I know of has an XP Professional SP2 disc. They either have a Mac, a different version of Windows, or no disc at all. I guess I'll have to look on Amazon or eBay where I can hopefully get XP Professional SP2 pretty cheap. Strangely, I was able to get the system to run normally for about a 1.5 days without problem. Now I'm back in safe mode again. Thanks for all the help provided.Call the PC manufacturer or go to their web site. Have your Product ID ready. They will be able to ship you your install disk. They may charge shipping but it's cheaper then buying a new OS.Can it be guaranteed that it will be SP2? I don't see why it wouldn't be.Depends on what was SHIPPED on the PC I think. |
|
| 2882. |
Solve : Nod 32 or Bitdefender?? |
|
Answer» Here is some interesting trivia: I have installed trial versions of Bitdefender and Nod32 on my systems. I only run one at a TIME. I know you are not supposed to run two AV's at the same time, but does this also mean not having two installed on my system at the same time?Yes. Even disabled antivirus programs may still run some services, which may interfere with another antivirus.Ok I have taken Nod off my system, and everything goes. Seems a bit slow though but I'm not sure if this is because of me fiddling around or Bitdefender. I will do another antispyware/malware run then defrag and see what happens. Scan times are 48 mins for Nod, nothing discovered, and 1:05hr for Bitdefender, and its always finding stuff.based on my experience comparing nod32 and bitdefender , bitdefender is the best your using trial version at this moment and yet, you can see it runs perfectly what if you're already using bitdefender(not trial version) . im using this almost 2 1/2 yrs and it runs perfectly.In my opinion, any antivirus program, as long, as it's not called Norton, or McAfee, is fine. I tried number of them, and I see no difference. Oh, don't get me started on any ratings "thingy". They're more, or less worthless.Lol, yeah thats why I wanted to test the AV's myself. I found that bitdefender was slower than Nod 32 so I'll Nod to Nod That sorts out this stage of my computers development. Thanks everyone for your help! |
|
| 2883. |
Solve : automatic updates turning of automatically? |
|
Answer» Windows XP automatic updates is turning off automatically. I get a message, please turn automatic updates on manually. I do so, and it changes for a few seconds, then turns off again. No viruses. dowload hijackthis program from here http://download.hijackthis.eu/HJTInstall.exe and run. copy and paste your LOG hereJust post them hereThanks for the intended help. I installed MICROSOFT LiveCare and it found a trojan and removed the problem. Thanks againIf you don't WANT us to make sure your computer is 100% clean, thats fine. Quote copy and paste your log here - then ANALYZEPlease, do NOT advice anyone to analyze HJT log by themselves! It's dangerous!Quote from: Broni on July 07, 2008, 10:51:37 PM QuoteNoted, thanksNo problemcopy and paste your log here - then analyzePlease, do NOT advice anyone to analyze HJT log by themselves! It's dangerous! |
|
| 2884. |
Solve : Can you help me please?? |
|
Answer» I had a trojan virus (perhaps multiple I don't know much about these things) on my computer. A friend told me about this site so I am asking for help.
---------- Next post add SDFix log. Also let me know how everything is now.I have done as you said and have attached the relevant logs to this post. Everything seems to be working much better now and Windows even updates again! Yay! lol. Thank you for your help so far and please let us know if I need to do anything more. PS: Also, can you let me know if I need to leave these programs (CCleaner, SuperAntiSpyware, MalwareBytes etc.) on my computer or can they be uninstalled after the problem is fixed? [recovering disk space -- attachment deleted by admin]Keep CCleaner and run it every other day or so to keep the PC clean of clutter. SuperAntiSpyware and MalwareBytes are good to keep and run every other week or so to make sure nothing nasty has gotten into your PC. Be sure to update each program before running them. ---------- Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. 1. Double click OTMoveIt2.exe to launch it. If using Vista Right-Click OTMoveIt and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
---------- Go to:
When prompted select the C: drive and click OK. Check the boxes for:
Click OK or Enter ---------- Use the Kaspersky Online Scanner You must use Internet Explorer.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As...
Copy and paste the Kaspersky Online Scanner Report in your next reply. --------------- Next post add Kaspersky log Here is the Kaspersky scan report. [recovering disk space -- attachment deleted by admin]
Download
C:\Documents and Settings\Martin\Desktop\Martin\Install Files\Copy of iMeshV7.exe C:\Documents and Settings\Martin\Desktop\Martin\Install Files\iMeshV7.exe EmptyTemp [start explorer]
---------- How is everything now?My computer is running much better now thank you. Everything seems to be fine which is a big relief. Also, I have attached the log for OTmoveit2. Once again, thanks. [recovering disk space -- attachment deleted by admin]1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other SECURITY threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a week minimum. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Using Winpatrol to protect your computer from malicious software Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. *Using SpywareBlaster to protect your computer from Spyware and Malware *If you don't know what ActiveX CONTROLS are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2885. |
Solve : Hope!? |
|
Answer» To all with a computer PROBLEM, stay with this site and follow the instructions given to you. I had a problem, and thought it was not FIXABLE, but, to my amazement, it was FIXED!!! I recommend you all stick with it and have patience. Take care and GOOD luck to you all.Thank you for accolades |
|
| 2886. |
Solve : All of my Icons and my tool bar are missing from my desktop "start" is gone(2)? |
|
Answer» Hi!!! I'm having the exact same problem!!! |
|
| 2887. |
Solve : No toolbar or desktop icons? Please help!? |
|
Answer» Yesterday morning, I woke up to the computer being turned off (in my house, it's almost always left on). When I turned it on and logged onto the main account, the toolbar and desktop icons flashed on and then were gone. I tried unplugging and restarting the computer, alas neither worked. I'm at a loss for what to do! What information should I add when submitting a question? Ah! I'm terribly sorry. D: The computer is a Dell, Dimension E510 and it runs on Microsoft Windows XP. I don't know anything about RAM or CPU. Sorry. As for the problem, it began Wednesday morning. No new software was installed that I know of. As I said before, I turned on the computer, logged in, and the toolbar and desktop icons were there, but soon disappeared. The only thing that appears is the wallpaper. I can run certain things by bringing up the Windows Task Manager and running programs like Firefox and iTunes, but I can't open folders or the control panel. If there's anything else you need to know, please tell me!hi, i have the same problem with ONE of my computers, i know how to restore the icon etc, press ctrl+alt+delete, then click file, click run, and then type control and enter. this is as far as i have gotten, i plan to just run a malware seacher to REMOVE the virus. let me know how you go! charlieQuote I can run certain things by bringing up the Windows Task Manager and running programs like Firefox and iTunes,Using the same technique here, run Explorer.exe Try that and post back. Quote from: blasterrider on July 04, 2008, 06:07:20 PM hi, i have the same problem with one of my computers, i know how to restore the icon etc, press ctrl+alt+delete, then click file, click run, and then type control and enter. this is as far as i have gotten, i plan to just run a malware seacher to remove the virus. let me know how you go! My gosh! That worked! You're brilliant! The only thing is, now it kind of "blinks" on and off. I can't have My Documents or any folder like that open for more than a few seconds. Do you SUPPOSE there is some kind of malware manifesting somewhere?Was it the Explorer.exe thing that got it working?Quote from: Carbon Dudeoxide on July 04, 2008, 07:58:46 PM Was it the Explorer.exe thing that got it working? Both "Explore.exe" and "Control" seem to have worked the same.All Right. Quote from: Carbon Dudeoxide on July 04, 2008, 08:10:00 PM All Right. Call me dumb, but I don't understand why the toolbar and icons disappear when I have a My Documents or other folder up. Is there any way I can fix this?Wait, so it HAPPENS every time?Quote from: Carbon Dudeoxide on July 04, 2008, 08:14:23 PM Wait, so it happens every time? Every time I'm in some type of folder? Yes. Can you try doing a System Restore to a date before this problem started happening?Sure! Could you tell me how to do that? I'm not exactly what you'd call computer wise.Go to Start --> All Programs --> Acessories --> System Tools --> System Restore. Then basically follow the steps. |
|
| 2888. |
Solve : Virus? Port 1214 oddness to 15.192.45.139? |
|
Answer» Hello, Any suggestions to why HP would use port 1214 and what for when the browser is not open to the HP site? Any suggestions on any better network probes other than Wireshark? You will probably be better off taking this question to the Networking forum. Keyfinders use "covert" methods that some AVs will flag as suspicious or even malicious. Why it took 2 years I'm not sure but I would think it's a false positive. Do you mind saying the name of the keyfinder? Kazaa is adware and you are right it could have easily been bundled with the fresh install. I wouldn't worry to much about it as it can usually be removed in add/remove programs. What you can do is go to UploadMalware.com, follow the directions to have the keyfinder file analyzed by the team there. |
|
| 2889. |
Solve : virus or spyware?? |
|
Answer» My task manager Is showing that I have Isass.exe running. Is this Bad, relative to being a virus or SPYWARE. Are you sure it's Isass and not Lsass.Hmmm, I think your on to something. It Is Lsass ( SHOWS up like this-lsass). So Is lsass good or bad?Lsass is good. |
|
| 2890. |
Solve : Computer mouse sets off alarm? |
|
Answer» since it's so LATE TONIGHT, i'll have to finished the scan tomorrow. but as soon as i do i'll send you the new log. THANKS so MUCH for all your HELP!!No problem |
|
| 2891. |
Solve : Malware Removal completed? |
|
Answer» Go to add/remove programs and uninstall: |
|
| 2892. |
Solve : AVG Update Promblem?? |
|
Answer» Yesterday and today I have not been able to update AVG. I try to do so by right clicking the icon in the taskbar, left click update (Same as usual!). But after a few minutes a box comes up telling me the update failed saying: |
|
| 2893. |
Solve : The Trojan Horse Agent 2JCS? |
|
Answer» First of all, THANK YOU for this website and I have LEARNED so much from this experience although this virus STUFF has alarmed me, as I use all freebies with virus protection. |
|
| 2894. |
Solve : I hate being redirected...can you help?? |
|
Answer» Everytime I click a click on a link from Google I get redirected to some advertisement. I can mange to open the links in a new window by right clicking on them and opening them in a new window/tab. I do not get redireted when I'm using Yahoo. And I seem to have another symptom...random out of no where popups. This started in Firefox and I was still able to USE IE. But after I ran my AVG and restarted my computer IE started doing the same thing. I downloaded Superantispyware and malwarebytes, but neither of them will run. HijackThis worked, though. Here is the log from that: |
|
| 2895. |
Solve : something about files..? |
|
Answer» Well what am I supposed to click so i can check that when Hijackthis comes up?Say again, please. I'm not sure, I understand your question.You want me to check those things in Hijack this to get fixed. Well, when I open up Hijack this, what do I click so I can do that? These are the things I get: |
|
| 2896. |
Solve : windows in XP shake rapidly when opened (maximized)? |
|
Answer» I have a laptop running XP Pro. I suspect that there is a virus/spyware that has gotten passed me in my hunt to fix this problem. I have installed Trend Micro anti-virus the latest version and run several scans, ran HJT and fixed what I thought to be APPROPRIATE issues, and ran a free version of AVG anti-spyware and rid the system of them. After all that any windwo that I open up will start to SHAKE rapidly like its trying to maximize but cant do it successful. |
|
| 2897. |
Solve : HijackThis wants to use svchost to connect to web. Why?? |
|
Answer» Depending on which version of HijackThis you've been using, the activity might be harmless.To further elaborate on CBMATT's reply... Other DEVELOPMENTS include an “AnalyzeThis” function that allows users to see how prevalent the THREATS detected on their PC’s are when compared to other HijackThis users. So, basically...it's like a tool within HijackThis that AIDS Trend Micro and HijackThis users by comparing logs. This is probably why you're getting that warning from Comodo...and again...like CBMatt stated...it's probably harmless and depends on what version of HijackThis you're using. |
|
| 2898. |
Solve : Super Bowl Malware redirect? |
|
Answer» StoryThose sites seem to be gone, by now: [file cleanup - saving space - attachment deleted by admin]I found one that's still active and there's probably more. Their RANKINGS are just so low that no one is EVER GOING to ACTUALLY visit them. This is not mentioned in the Trend Micro article but the EXPLOIT is Javascript based (as usual) so Firefox users with NoScript installed will be safe (as usual). |
|
| 2899. |
Solve : Need help, CPU infected!? |
|
Answer» First off, Im not too familiar with computers so I starting searching and found evilfantasy's step-by-step tutorial. I ran all programs listed and attached the logs to my post. If anyone can please help it would be greatly appreciated. |
|
| 2900. |
Solve : Unhappy computer adventure.. Please help!? |
|
Answer» -------------------------------------------------------------------------------- |
|