InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 2951. |
Solve : Hijackthis report? |
|
Answer» Could someone please look at my hijack this report and tell me if there is anything I need to delete. Thanks. You are infected. Start HERE That's it for now.Sorry, Randy. I thought you weren't coming back. You're in good hands with Evil. |
|
| 2952. |
Solve : Is this a virus or a trojan or something?? |
|
Answer» Hi....
Hi evilfantasy .... I posted HJT log so please check it. I hope my computer is all clean now so that I may go about doing what I was doing Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:00:22 PM, on 6/25/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\WINDOWS\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Ad Muncher\AdMunch.exe C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\SOUNDMAN.EXE C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Windows\MSAgent\agentsvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Groove GFS BROWSER Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe windig32.rom,FFdRun O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing) O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O13 - Gopher Prefix: O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- End of file - 9736 bytes ------- [recovering disk space -- attachment deleted by admin]Open Hijackthis and select Do a system scan only. Place a check mark next to the following entries: (if there)
Important: Close all windows except for Hijackthis and then click Fix checked. Exit Hijackthis. ---------- Download, install and run CCleaner # Double click the CCleaner shortcut on the desktop to start the program. # On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit). # If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla. # Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours." # Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program. # After CCleaner has completed its process exit CCleaner. ---------- Download Malwarebytes' Anti-Malware from here or here Double Click mbam-setup.exe to install the application.
---------- Next post add MBAM log A NEW Hijackthis log1. I booted my computer a few minutes ago and I see some drvbock.dll detected by AVG and AVG says it's a possible unwanted program or something like that and I pressed move to vault. 2. ok. I have done the Hijackthis system scan. Both entries you mentioned existed, so I fixed all as you recommended. 3. I have done the CCleaner cleanup. 4. I have not yet done the Malwarebyte check.... will do that later. I'm moving this to the Computer viruses and spyware forum. drvbock.dll is an unknown virus which is why AVG isn't fixing it. If MBAM doesn't get it we will go to more powerful tools. Don't worry, we'll get it!!! I scanned with spybot S&D program and I see MSDSip registry entries detected under VIRTUMONDE error. I will double check TOMORROW with the MBAM program and also with Spybot. Spybot said some of the virtumonde errors can't be fixed as they are detected to be in use in the memory and now I have to restart and have Spybot scan and clean before computer loads otherwise it might fail again. Also, like I said, drvbock.dll came up this time. drvriw.dll came up last time and if this problem still goes on, it might report a different dll is problematic. I think AVG isn't fixing the dll problems. But it knows it's problematic which is why i think the dll can't run error comes up-- AVG blocks it. Without following through on my instructions we will end up making this a very long process when it doesn't need to be. You'll notice that with every step I request it produces a log to be posted. Without "seeing" whats going on it's all just debate and guess work. I have to find the location of the infected file(s) to be able to know how to get rid of them.Hi evilfantasy, sorry I did not follow your directions. After all, you're the PC doctor and now, hopefully, we can get my computer healthy and back to sanity again, Anyway, here are a few things for you: 1. a MBAM Log (MBAM found 2 trojans) 3. new HJT log. 3. a AVG threat popup that appeared when MBAM scan completed. (I provided screenshot for you to look at and I clicked on 'move to vault' already) All three are attached with this message.... so check the attachments included [recovering disk space -- attachment deleted by admin]OK, we need to do another more thorough scan. This one won't take long. Download Combofix by sUBs from one of the below links. Important! Combofix.exe MUST be saved to and ran from the Desktop.
---------- Next post add Combofix logcombofix wouldn't run on my computer. But anyway, I have reinstalled windows and all is okay now. Thanks for all the help earlier.Thanks for the update. I was curious why combofix would not run. I had double clicked it like any normal proram and the loading bar appeared and it stopped there, nothing going on but I could use my computer as noirmal. Anyhow, yeah no problem. thanks again evilfantasy for your help and I am happy that my computer is all good again |
|
| 2953. |
Solve : Hijack This Log Help? |
|
Answer» Any change with CCleaner?
no, no change with ccleaner. i downloaded the atf cleaner, and that has HELPED somewhat, thanks. but things still run horrifically slow at times. most of the time actually. don't know if this has anything to do with anything, but checking the task manager, when things are running at or near 100%, the main taker is a program "svchost.exe" - what is that and can i just get rid of it? and last (and again, could be completely unrelated), as i am a goof and have somehow managed to lose my cellphone recharger, today i plugged my phone into my computer via a usb cable to recharge it that way. then i noticed my phone started making calls! forgive my complete naivetè, but was that some spyware thing trying to phone home? thanks so much. Download Malwarebytes' Anti-Malware from here or here Double Click mbam-setup.exe to install the application.
---------- Also let me know how things are now.here's the malwarebyte's log: Malwarebytes' Anti-Malware 1.18 Database version: 875 0.36.11 25/06/2008 mbam-log-6-25-2008 (00-36-11).txt Scan type: Quick Scan Objects scanned: 39982 Time elapsed: 30 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I find it really hard to believe it didn't find anything....things are not so good. I'm constantly getting kicked offline, and when I try watch a video or something like that, things get really slow. I'm praying to win something on a lottery ticket, so I can just go out and buy a Mac, and be done with this silliness... perhaps I was impulsive by doing this, but I've found that after I run Fixwareout, things run exceptionally well...for a little while. I just ran one now, and here's the log for that too, if this helps: Username "user" - 25/06/2008 0.48.51 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Svuotata la cache del resolver DNS. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "DSLSTATEXE"="C:\\Program Files\\Hamlet\\Adsl\\dslstat.exe icon" "DSLAGENTEXE"="C:\\Program Files\\Hamlet\\Adsl\\dslagent.exe" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ ciao and thanks Run this online scan. Requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the BOX next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next replyhi again did the eset scan, and because i'm an idiot or for some other reason i can't pull up the log file. when i try it says that file is non-existent. at any rate, the scan said that after searching over 21,000 files, nothing harmful was found. in other news, i plugged my phone into the computer last night before going to bed, and when i woke, it had dialed 16 different numbers before morning.... what is that??? as always, thanks for your enduring patience and generous assistanceInstall the a-squared Anti-Dialer (freeware) Downlaod link > http://download6.emsisoft.com/a2AntiDialerSetup.exe Homepage > http://www.emsisoft.com/en/software/antidialer/ ----------- Use the Secunia Software Inspector to check for out of date software.
---------- How are things now? |
|
| 2954. |
Solve : Something New From AVG? |
|
Answer» Security is no LAUGHING matter, but AVG Technologies (http://www.avg.com) knows how to have fun with a serious topic. The company RECENTLY launched its “Hugs for Hackers” CAMPAIGN, aimed at educating IT pros about current Web threats. At the Hugs for Hackers Web site (http://www.hugsforhackers.org), you can find out about top threats, learn how to avoid getting hacked, and watch some videos that ILLUSTRATE recent hacks—for example, the Major League Baseball Web site hack, and ALICIA Keys’ MySpace site hack. The entire Hugs for Hackers site is rather tongue-in-cheek, but the message isn’t: Hackers are constantly trying to break into networks and steal information, and you need to protect yourself and your organization more than ever before. |
|
| 2955. |
Solve : userinit.exe - application error? |
|
Answer» Hi,
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a week minimum. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Using Winpatrol to protect your computer from malicious software Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also STOP certain cookies from being added to your computer when running Mozilla based browsers like Firefox. *Using SpywareBlaster to protect your computer from Spyware and Malware *If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for TIPS and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks, all sorted now. |
|
| 2956. |
Solve : Error messages during startup? |
|
Answer» I've just returned the PC to my friend, as I have tested it whole day since the last post, and it seems to work just fine, except a video controller issue, which I leave it to the shop where she bought the PC from, since it's still under warranty. |
|
| 2957. |
Solve : Preventing Virtumonde? |
|
Answer» Is there any programme that can sucessfully prevent Virtumode and its variations there seems to be plenty of advice on removing these pests but I am looking for s programme that prevents them in the first place. I run XP Pro with PC Guard, Spyblaster,Spybot.Spyhunter,Trojanhunter,WINDOWS Defender. They all find parts of Virtumonde but none seems to prvent it.I think you're looking for an Antivirus software, not Antispyware software. |
|
| 2958. |
Solve : Monthly Check.? |
|
Answer» I scanned with hijackthis in normal mode , if you would like one done in safe mode let me know . Theres currently no anti virus installed on my system im still trying to find the right one . |
|
| 2959. |
Solve : Pop ups please help? |
|
Answer» I did a AVG scan and Symanatc.
Next post please add the OTMoveIt log. I copy and pasted the under the green. Is that what you meant by my log? DllUnregisterServer procedure not found in C:\WINDOWS\system32\ybsehhnh.dll C:\WINDOWS\system32\ybsehhnh.dll NOT unregistered. C:\WINDOWS\system32\ybsehhnh.dll moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05232008_182632 Download Malwarebytes' Anti-Malware from here or here Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be PRESENTED with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. How is everything now?It appears that the pop ups have stopped. Thanks for your help. Which virus scan should i get rid of? Symantac or AVG? Here is my Malaware log: Malwarebytes' Anti-Malware 1.12 Database version: 783 Scan type: Quick Scan Objects scanned: 37453 Time elapsed: 9 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 13 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\oiiotefd.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7069579c (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM735a6400 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\logXv01 (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\oiiotefd.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\dfetoiio.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kewdecsi.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. Quote Which virus scan should i get rid of? Symantac or AVG? Avast or AVG Free...use the Norton Removal Tooll to get rid of Symantec. EF will let you know when you are finished even though the popups have stopped...follow thru to the end of the process. But you can take care of your AV situation in the meantime...Following patios advice... Download ATF Cleaner by Atribune. Note: Vista users must use Run As Administrator
---------- 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list DOWNLOADED, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Use the Secunia Software Inspector to check for out of date software.
Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2960. |
Solve : bigtime virus/trojon/downloader problem? |
|
Answer» Some stubborn ones to get rid of.
Registry values to delete: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jdgf894jrghoiiskd HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\plyrihnpsoi HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rdpdd HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wintelupdate Note: the above instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
---------- Your Java is out of date. Older versions of Java have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version(s) of Java components and update. Step 1 - Get the new version
---------- Also uninstall Viewpoint Media Player See Viewpoint to Plunge Into Adware ---------- Next post add Avenger log Hopefully the boot times will start to improve. Let me know how everything is now.Boot time was a little improved but I think a scan is running every time I boot up. In the task manager it's called DoScan? After doing the avenger, on the reboot several pop up errors with the title of "no disk" kept appearing which was very odd. Here's the log... ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 2) Sun May 25 01:12:33 2008 01:12:10: Error: Invalid syntax in command: "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jdgf894jrghoiiskd" Skipping line. (Registry value deletion mode) 01:12:12: Error: Invalid syntax in command: "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd" Skipping line. (Registry value deletion mode) 01:12:13: Error: Invalid syntax in command: "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\plyrihnpsoi" Skipping line. (Registry value deletion mode) 01:12:21: Error: Invalid syntax in command: "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rdpdd" Skipping line. (Registry value deletion mode) 01:12:22: Error: Invalid syntax in command: "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates0" Skipping line. (Registry value deletion mode) 01:12:24: Error: Invalid syntax in command: "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA" Skipping line. (Registry value deletion mode) 01:12:25: Error: Invalid syntax in command: "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wintelupdate" Skipping line. (Registry value deletion mode) ////////////////////////////////////////// Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Completed script processing. ******************* Finished! Terminate. [recovering space - attachment deleted by admin] Look here for information on the DoScan. For some reason the reg values aren't going away with any of the tools used....yet! ---------- Open Hijackthis and select Do a system scan only. Place a check mark next to the following entries: (if there) - C:\WINDOWS\system32\ScsiAcc.exe - R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.133.248.230:80 <<--Unless you did this yourself - O2 - BHO: (no name) - SOFTWARE - (no file) - O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm - O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) - O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAcc.exe Important: Close all windows except for Hijackthis and then click Fix checked. Exit Hijackthis. ---------- Download OTMoveIt2 by OldTimer
---------- Next post add OTMoveIt log Here's the log: C:\WINDOWS\system32\ScsiAcc.exe moved successfully. < HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jdgf894jrghoiiskd > Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jdgf894jrghoiiskd\\ deleted successfully. < HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd > Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd\\ deleted successfully. < HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\plyrihnpsoi > Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\plyrihnpsoi\\ not found. < HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rdpdd > Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rdpdd\\ not found. < HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates0 > Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates0\\ deleted successfully. < HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA > Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA\\ deleted successfully. < HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wintelupdate > Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wintelupdate \\ not found. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05252008_131353 Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done. .
. The above procedure will:
1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Use the Secunia Software Inspector to check for out of date software.
How is everything now? |
|
| 2961. |
Solve : Help! Obvioulsy infected with something? |
|
Answer» yama. now what? Secunia report Detection Statistics: 14 Applications DETECTED in Total 0 INSECURE Versions Detected 14 Secure Versions Detected Running For: 1 Minute, 6 Seconds Errors Detected: 0 Errors Detected Enable thorough system inspection Enable the Secunia ONLINE Software Inspector to search for software installed in non-default locations. Did you find this scan useful? Then you might find it even more useful to run our POWERFUL installable programs, capable of conducting very thorough and indepth scans. Personal Edition (free) | Business Edition Status / Currently Processing: Detection completed successfully Good job! Everything running OK now?Everything seems tip top. The pop-ups have disappeared. Are there any other steps I need in the process?Looks good to me, you can read through the other links when you get a chance. Other than that.....Safe SURFING Thank you very much, evilfantasy you were a great help |
|
| 2962. |
Solve : Internet Explorer &-infections!? |
|
Answer» I've been using internet explorer 7 for quite some time now.A few weeks ago I reset it and evreything is RUNNING much better.The only thing is, whenever I do a scan,there are more infections than there were before.I've checked the privacy etc settings which are the same as previously,I'm visiting the same sites as I was before and I haven't altered my virus protection settings or anything like that. |
|
| 2963. |
Solve : The logs from my computer? |
|
Answer» ok i have windows xp sp2 and i followed all the steps and i've attached my logs...all the popups have finally stopped.
If needed, see this Combofix tutorial with screenshots that will detail the downloading and running of combofix more thoroughly. ---------- Next post add Combofix logthanks and sorry it took so long but i had to go to sleep then to work I have attached the combofix log below. [recovering space - attachment deleted by admin]Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad.
Code: [Select]KillAll:: Folder:: C:\WINDOWS\astctl32.ocx C:\WINDOWS\rundll32.vbe C:\WINDOWS\system32\vntiho06 C:\WINDOWS\system32\hI2 C:\WINDOWS\system32\at1 C:\WINDOWS\system32\1064a C:\temp\vtmp2 File:: C:\WINDOWS\system32\spywarewarning2.mht C:\WINDOWS\system32\beep.sys C:\WINDOWS\system32\hljwugsf.bin C:\WINDOWS\system32\vntiho06\vntiho061083.exe 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse BUTTON while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to freezeok here is that log: [recovering space - attachment deleted by admin]Next: Go to Start > Control Panel > Internet Options In the General tab, Temporary Internet Files, click:Delete Files When prompted, check:Delete all offline content You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.) Click OK Then, go to Start > Run and enter: cleanmgr Select the drive to clean: C:\ Check the following boxes and then press OK to remove:
Next: Download ATF Cleaner by Atribune and save it to your Desktop Follow the instructions for the browser you use. Read the instructions about the cookies. Delete what you do not need. Double click ATF-Cleaner.exe to run the program. Check the boxes to the left of:
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK. If you use the Firefox or OPERA browsers, you can use this program as a quick way to tidy those up as well. When you have finished, click on the Exit button in the Main menu. How is everything now?okay, everything seems to be working fine now thanks a bunch! i appreciate your help Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done. .
. The above procedure will:
Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Use the Secunia Software Inspector to check for out of date software.
Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2964. |
Solve : Espynow 200? |
|
Answer» I ran dss and for some reason after it was done it only gave me the main.txt LOG |
|
| 2965. |
Solve : Slow cmputer/ breaking sound... help guys!!!!? |
|
Answer» Well, computer still running slow but not as before, sound still breaking...!!! What else you think can be happening???
. The above procedure will:
Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Use the Secunia Software Inspector to check for out of date software.
Let me know how things are now.Hello again: I really appreciate all your the help, thank you so much!!!! . I run the updates that the computer needed , but even do, still with the sound problem... I don't know what else to do... Do you have more suggestions???I'm not sure what it could be. Maybe make a post in the Software forum. |
|
| 2966. |
Solve : Background issue? |
|
Answer» My background changed to a spyware warning so I ran a virus and spyware scan and I got rid of something, but I can't seem to change my background back. I tried the usual way. What should I do?Print these instructions out. |
|
| 2967. |
Solve : Hijack this log..... do i need this?? |
|
Answer» Logfile of Trend Micro HijackThis v2.0.2
Now go in and delete this folder C:\Program Files\Verizonso is the verizon stuff USEFUL? i still use verizon I don't know if you need it or not. The process Verizon Servicepoint Application belongs to the software Verizon Servicepoint or Verizon Online Help and Support by Verizon.File/Folder C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe not found. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05252008_235848 I went into program files b4 this and got rid of it.... iahd to go into task manager and cancel servicepoint, then I deleted it....now will delete the folder Anything else I can remove from the following list? it was faster at first, but seems a little bit slower now.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:09 AM, on 5/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\wltray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7182 bytes Looks like it is gone now.is there anything else i can remove from the log to make my start-up a little bit quicker?Have HJT fix these. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe\" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe thank you |
|
| 2968. |
Solve : Request for assistance with virus/malware/who knows what? |
|
Answer» I am NEW to this site after a recommendation from a friend.
Next post please add SDFix logThank you for your quick response. In answer to your question "Is this a business machine?". the answer is "No, this is not a business machine". requested log to follow. Thanks again DonAs requested, SDfix.log is attached. Thanks again Don [recovering space - attachment deleted by admin]Use the Kaspersky Online Scanner
There is no option to clean/disinfect, however, we need to analyze the information on the report. To OBTAIN the report: Click on: Save Report As...
Please copy and PASTE the Kaspersky Online Scanner Report in your next post.[/list] |
|
| 2969. |
Solve : Randomly got infected? |
|
Answer» No idea how it happened. Kaspersky started popping up randomly and I blocked everything. Then I did a scan with it, and it FOUND nothing. Now, I did a scan with superantispyware and it found 4 things: Adware.Tracking Cookie, Adware.Vundo-Variant/J, Trojan.Dropper/MSPrint-Fake, and Trojan.Unclassified/GTS. Hijackthis log attached. I should clear all system restore points after malwarebytes'?As PATIO said...Logs attached. [recovering space - attachment deleted by admin]1. Print this post out, since you won't have an access to it, at some point. 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed): - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE - O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background - *O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') - *O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') - *O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') - *O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') - O4 - Global Startup: 802.11g Wireless Client Utility.lnk = ? 4. Click on Fix checked button. 5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears) 6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders. 7. Delete following files/folders (if present): - ALCMTR.EXE file from C:\Windows 8. Restart in Normal Mode. 9. Post new HijackThis log.Done. I didn't delete the MSN entry because I use that a lot. [recovering space - attachment deleted by admin]I missed one unnecessary startup: - *O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe Click "Fix checked". Other, then that.... Your computer is clean 1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program 6. Read So how did I get infected in the first place?: http://www.castlecops.com/postlite7736-.html 7. Let me know, how your computer is doing. I already have ccleaner, system restore cleared. The computer is doing well, Kaspersky hasnt popped up. Very well |
|
| 2970. |
Solve : HELP! Vundo!? |
|
Answer» I've located a Vundo TROJAN in my system32 directory. It's taken me awhile to figure out what and where it was but now that I've located it, I'm not sure if I can fix it! Moving it to the vault causes my computer to shut itself down. I'm worried that if I download a Vundo remover it will do the same but irreversibly. |
|
| 2971. |
Solve : very bad computer infection!!! HELP!!? |
|
Answer» the first two have the error message that says I cant rename them before they even get put on the desktop Download Combofix by sUBs from ONE of the below links. You don't need all three, multiple links are given in case one doesn't work. Delete all but one and try to run it. I KNOW, I tried to download the first link it when to download and I tried to click "run" and thats when the error mesage popped upHave you tried double clicking it to see if it will run that way?it never makes it to the desktop the error message pops up before the shortcut is created Lets do this. Download Deckard's System Scanner (DSS) and save it to your Desktop.
[recovering space - attachment deleted by admin]You need to enable all of AVG's services. You aren't protected running so few. Copy this file path C:\WINDOWS\etkq.exe (highlight and press ctrl+C) Go to www.viruschief.com Paste the file path in the window under QUICK Scan: (press ctrl+V on the keyboard to paste) Click Scan. You will see a message: ENG: It can take up to 1 minute before your scan starts, please wait! GER: Es kann bis zu einer Minute dauern bis Ihr Scan startet, bitte warten! Once the scan is complete, copy the text in the window under BB Code and paste it into the next post. Heres that BB code Info Antivir: Nothing found ArcaVir: Nothing found Avast: Nothing found AVG: Nothing found BitDefender: Nothing found F-Prot: Nothing found Norman: Nothing found Rising: Nothing found VirusBlokAda32: Nothing found VirusBuster: Nothing found Report overview Scanned by viruschief.com Delete this folder C:\Program Files\Antivirus 2008 PRO ---------- Your Java is out of date. Older versions of Java have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version(s) of Java components and update. Step 1 - Get the new version
---------- Run CCleaner. ---------- This scanner works with Internet Explorer only Go to the BitDefender Online Scanner Click I Agree to the license and then install the ActiveX control. Please DO NOT change the Scanning Options. That will make your logs huge and we don't need to see clean files. Select Start Scan to begin. This scan can take a while so please be patient and let it complete. Once Bitdefender completes the scan: Click-on the Detected Problems tab. Then select Click here to export the scan report When the window comes up to save the report, change the Save as type: box to: Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save This will save a file named bdscan.txt. I WOULD suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later) This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us Post the bdscan.txt in the next post. |
|
| 2972. |
Solve : Avast Virus alert? |
|
Answer» My chum just CALLED me in quite a panic. Two pop-ups appeared on his monitor and he didn't know what to do. I had him do a screen PRINT and send it to me so I could try to figure out what he was talking about. First of all, he has a SuperAntiSpyware alert stating that it has detected and blocked a potential harmful application from running. The second is a Avast Virus alert stating that a virus was found. The File name is C:\Program files\ SuperAntiSpyware\SuperAntiSpyware.exe. The MALWARE name is Win32 Trojan-gen and the Malware type is Virus/Worm. I won't be able to check it until sometime tomorrow but I was wondering why a Virus/Worm would show up in this particular file or is Avast being too aggressive?It's a false positive with Avast and SUPERAntiSpyware 4.0. Make sure he has the NEW version of SUPERAntiSpyware 4.1. More info HERE this problem is solved with the last VPS afaik..I know that he gets the updates for Avast but I'll DL the new SuperAntiSpyware and see what happens. Thanks, guys. |
|
| 2973. |
Solve : isass.exe? |
|
Answer» According to Process Library, isass.exe is a virus. States: "issass.exe is REGISTERED as the Optix.pro virus which carries in it's payload the ability to disable firewalls and local security protections and a BACKDOOR capability." |
|
| 2974. |
Solve : Very bad Vundo-variant attack!? |
|
Answer» The computer seems to be working fine, thank you very much!
Add it as an attachment or host it online and post it in the thread. http://www.screenshots.cc/ ---------- To change military time to standard time Go to Start > Control Panel > Regional and Language Options Click the Customize button Select the Time tab In the Time Format area use the down arrow to select: h:mm:ss tt Click Apply Click OK Click Apply Click OK You may need to restart the computer to take effect.I purchased my Windows XP as an upgrade version. The computer was originally bought as a rebuilt with Windows 2000 already installed, so I don't know where that Windows came from. I can attach the "Failed Validation" screenshot if needed. [recovering space - attachment deleted by admin]Let's try to get the clock straightened out. 1. Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below. Do not change anything. Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Software Notifier] "InstallationID"=- [HKEY_CURRENT_USER\Control Panel\Colors] "Background"="0 78 152" [HKEY_CURRENT_USER\Control Panel\Desktop] "WallpaperStyle"="0" [HKEY_CURRENT_USER\Control Panel\Desktop] "TileWallpaper"="0" [HKEY_CURRENT_USER\Control Panel\Desktop] "Wallpaper"=" " [HKEY_CURRENT_USER\Control Panel\Desktop] "OriginalWallpaper"="" [HKEY_CURRENT_USER\Control Panel\Desktop] "ConvertedWallpaper"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmona"=- [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srservice] "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sr] "Start"=dword:00000000 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR"=dword:00000000 [HKEY_CURRENT_USER\Control Panel\Desktop] "SCRNSAVE.EXE"=- [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General] "WallpaperFileTime"=- "WallpaperLocalFileTime"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispAppearancePage"=- "NoDispBackgroundPage"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"=- "NoControlPanel"=- "DisableLocalMachineRun"=- "DisableLocalMachineRunOnce"=- "DisableCurrentUserRun"=- "DisableCurrentUserRunOnce"=- "NoControlPanel"=- "NoWindowsUpdate"=- "NoFind"=- "NoRun"=- "HideClock"=- "NoTrayContextMenu"=- "NoTrayItemsDisplay"=- "NoSetFolders"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"=- "NoControlPanel"=- "DisableLocalMachineRun"=- "DisableLocalMachineRunOnce"=- "DisableCurrentUserRun"=- "DisableCurrentUserRunOnce"=- "NoControlPanel"=- "NoWindowsUpdate"=- "NoFind"=- "NoRun"=- "HideClock"=- "NoTrayContextMenu"=- "NoTrayItemsDisplay"=- "NoSetFolders"=- [HKEY_CURRENT_USER\ControlPanel\International] "sTimeFormat"="h:mm:ss tt" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktopChanges"=- "ForceActiveDesktopOn"=- Open a new Notepad It must be Notepad. (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and enter (including quotation marks) as the filename: "Fixreg.REG". Exit Notepad. Double click your new file and agree to the registry merge when asked. You can then delete this new file. Let me know if this worked.OK, I had to check a few different places on this one. You have a very new form of malware. Go HERE to get your Product ID issue straightened out (scroll down a bit). It also has another method for fixing the clock. Let me know if you have any questions and when you get done post a fresh Hijackthis log so we can see what all needs to be done to finish up. Also let me know how things are after the fixes are done.Miekiemoes' blog completed the last few minor repairs. The machine seems to be running fine. Thank you for all of your time and help. Your breadth of knowlege is staggering. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:28:22 PM, on 5/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on DISH] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P39 "Auto EPSON Stylus CX3800 Series on DISH" /O15 "\\DISH\EPSONSty" /M "Stylus CX3800" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: ConferenceRoom Java Client - http://java.financialchat.com:8000/java/cr.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://coop.mlxchange.com/Control/FileCruiser.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {13D448F2-4D80-40BD-B1D7-25A9B7CB1474} (PMSImage Control) - http://24.75.126.108/install/PMSImage.ocx O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://coop.mlxchange.com/Control/Specfile.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://coop.mlxchange.com/Control/SISC.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} (MaxisMakinMagicTeleX Control) - http://thesims.ea.com/teleport/makinmagic/MaxisMakinMagicTeleX.cab O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://coop.mlxchange.com/Control/MultiSelectComboBox.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://support.rexplorer.net/iftw_install//iftwclix.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://coop.mlxchange.com/Control/MLXClientUtils.cab O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://coop.mlxchange.com/Control/LiteGrid.cab O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} (IRCWwwPrint Class) - http://coop.mlxchange.com/Control/IRCWebPrint.cab O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://ctmls.mlxchange.com/4.2.06.26/Control/IRCSharc.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?AuthParam=1211955591_0bef0b16a370840ba69aa7314db5214e&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab&File=jinstall-6u6-windows-i586-jc.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B151B524-F451-4036-9663-B3944FA710DF} (ExecuteAgent2p Class) - http://www.ct-mls.com/dss/ENUclientPro.cab O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} (Cerebus Class) - http://coop.mlxchange.com/Control/WebDog.cab O16 - DPF: {BC8E0F3E-2A7F-11D4-A0F2-0001022F24B8} (LIte Class) - http://coop.mlxchange.com/Components/OutlookXtract.cab O16 - DPF: {C7E73900-EF7C-4E63-B36E-E8EEE1CD7DA5} (MPGridControl Class) - http://coop.mlxchange.com/Components/MPGridControl.cab O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://coop.mlxchange.com/Control/AspCustomCtrls.cab O23 - SERVICE: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O24 - Desktop Component 4: (no name) - http://ctmls.mlxchange.com/ -- End of file - 8999 bytes This was a real head twister. That was a new infection that i haven't seen before. Looks like we both learned some new tricks today ---------- Run Hijackthis and have it fix this entry unless you set it yourself. O24 - Desktop Component 4: (no name) - http://ctmls.mlxchange.com/ ---------- Final cleanup steps. Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done. .
. The above procedure will:
Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working STATE if needed.
Now run CCleaner. Use the Secunia Software Inspector to check for out of date software.
Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. Using SpywareBlaster to protect your computer from Spyware and Malware Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Let us know if anything else comes up. |
|
| 2975. |
Solve : Windows XP Program Files? |
|
Answer» what is programfiles\commonfiles\paretologic\uus2\uus.dll this has been coming up on a daily basis 2-3 times a day for the last month. Thank you.You possibly have a spyware infection. |
|
| 2976. |
Solve : Another issue with AVG 8.0? |
|
Answer» I just found this one: http://windowsbbs.com/showthread.php?t=73794 I RECENTLY downloaded the new free avg 8.0 and ever since when my security CHECK is being carried out ,at the end it says . The system has detected tampering with your registered product type, this is a violation of your software license, tampering with product type is not permitted.Sounds like they have an illegal copy of something installed.the only thing i can think of is you messed around with regedit but i dont know if that would cause a problem. and i really dont recommend AVG i had problem after problem when i used that. http://support.microsoft.com/kb/260525well AVG worked well with my system and I have no complaints about it. Maybe you uninstall the old AVG first and clear out all traces of it in the registry and then get the new one installed?My friend just brought me his XP computer today. He installed AVG 8.0 last night, and his computer got stuck on Compaq logo screen. I tried to help him last night over the phone, but he's not to computer savvy, and nothing worked. Finally, I was able to get to Safe Mode, and uninstall it from there. I restarted in Normal Mode, but the computer was very slow. Surely enough there was a bunch of registry leftovers. It toook me some time to trace all of them. Installed 7.5, and things are back to normal.Quote from: Broni on May 27, 2008, 06:35:46 PM My friend just brought me his XP computer today. He installed AVG 8.0 last night, and his computer got stuck on Compaq logo screen. I tried to help him last night over the phone, but he's not to computer savvy, and nothing worked. The makers of AVG will stop supporting AVG 7.5 starting on May 30th, 2008. So if you want AVG, then you'll have to upgrade to the AVG 8.0 version. I suppose that you can try clicking the upgrade link in the message box telling you that AVg 7.5 will expire and install it as then. Maybe'll it work smoother and who knows? By the way, I had not installed AVG 7.5 prior to installing the AVG 8.0 since I had reformatted computer once before.Ever since I upgraded to AVG 8.0 I've been having problems. First it was freezing up and then I was getting a weird error message and now tonight I can't use my email program. Any solutions?Quote The makers of AVG will stop supporting AVG 7.5 starting on May 30th, 2008. So if you want AVG, then you'll have to upgrade to the AVG 8.0 version. I suppose that you can try clicking the upgrade link in the message box telling you that AVg 7.5 will expire and install it as then. Maybe'll it work smoother and who knows? AVG 7.5 support was recently extended to the end of this year... I believe this product ( both FREE and Paid ) was rushed to market prematurely...Quote you can try clicking the upgrade link in the message box telling you that AVg 7.5 will expire and install it as thenThis is exactly what my friend did, and got fried. pepper Uninstall, and go back to 7.5. As patio said, updates will run until the end of the year, and maybe longer, if Grisoft won't CLEAN up 8.0 problems, SOON. |
|
| 2977. |
Solve : WHEN DO VIRUSES GET IN?? |
|
Answer» sorry to keep going but I can't use secunia because the START button on the website is Java, and my browser wont let me use any java buttons, even though its updated, clean, and enabled>??Download the SECUNIA PSI - https://psi.secunia.com/Thanks for the diligent help EvilFantasy, but still not working- I cant get secunia PSI to work, just keeps saying "Interface is Loading"- hours. I dont know if all the problems are going back to the one problem, but if its gone from a malware problem to a software problem I can switch threads- you're the boss, whatever you say I'll do. I wonder if I let ccleaner's reg cleaner take out a vital peice of a program without saving a backup? CCleaner is normally very safe, I have used it fo ryears with no problems.
If you want to see what was replaced, right-click My Computer and click on Manage. In the NEW window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.--OK I loaded the xp cd in and ran it LIKE you said, but it everything is as before. I'll post the log from the action just in case, its weird to read going from log.file to txt. I also cut it down to only actions with todays date 5-25 Here are a list of things I've come across without actually searching that aren't working anything "Java" "search" in start menu "user accounts" in control panel in search and user accounts, window comes up but are just blank [recovering space - attachment deleted by admin]Not sure whats going on. I will do some looking around also and see if I can find a possible solution.thanks man- I'll pop over and drop a post in the software spot too and see what they say I feel you pain man HOPE you get it fixed. After I download something I scan it firstThats a pretty loud signature there Pink Please see his sigI'm doing some of the last minute cleanup that you asked but I'm not sure what to do with the results that I get from Secunia. I have 1 end-of-life, 6 insecure, and 49 patched. The total score is 87%. Scroll down the page and it will show what needs updated. |
|
| 2978. |
Solve : I downloaded limewire basic and I see problems.? |
|
Answer» I will go over the spyware blaster material again. |
|
| 2979. |
Solve : slow computer and "security checking" box at start up? |
|
Answer» I have been through the 6 steps on malware removal, GREAT success. do I need to keep the 3 spyware programs? Hijack, Super spyware & Malware removals, the logs are attached I have been through the 6 steps on malware removal, great success. do I need to keep the 3 spyware programs? Hijack, Super spyware & Malware removals, the logs are attached [recovering space - attachment deleted by admin]The logs look fine. You can keep MBAM and SAS, they are free and good to run now and then to check to see if anything has crept in. Use the Secunia Software Inspector to check for out of date software.
Here are some great tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To PREVENT unknown applications from being installed on your computer install WinPatrol 2008 Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ACTIVEX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. Using SpywareBlaster to protect your computer from Spyware and Malware Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2980. |
Solve : Malware scan logfiles? |
|
Answer» SUPERAntiSpyware Scan Log
---------- How is everything now?Everything is running better than ever! Thank you!Final steps... Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Use the Secunia Software Inspector to check for out of date software.
Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Another thing I would SUGGEST installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. Using SpywareBlaster to protect your computer from Spyware and Malware Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2981. |
Solve : Another malware problem...? |
|
Answer» Here are the scan logs you need:
SDFix: Version 1.186 Run by Erick on Wed 05/28/2008 at 02:08 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted C:\WINDOWS\system32\spywarewarning2.mht - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-28 14:22:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb" "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray" "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" @="" "C:\\Program Files\\Vongo\\VongoService.exe"="C:\\Program Files\\Vongo\\VongoService.exe:*:enabled:VongoService" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 29 Jun 2006 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS" Wed 21 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 20 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\BIT47.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:42:26 PM, on 5/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Vongo\VongoService.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Vongo\Tray.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210812860062 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe -- End of file - 12703 bytes The log looks OK now, are you still having any problems?every thing seems to be good now! THANK YOU!!! ONCE AGAIN!!!Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Use the Secunia Software Inspector to check for out of date software.
Here are some GREAT FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to MAKE it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. Using SpywareBlaster to protect your computer from Spyware and Malware Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2982. |
Solve : wcmdmgr...cant find entry point? |
|
Answer» a window comes up with this or two other alerts every 10 min. i have a non licenced version of windows xp.(that MIGHT be the problem) ill write down the alerts and post them. help!!!!!!!!!!!The only thing we can recommend is for you to obtain a licensed copy of your operating sytem.Unless it's a virus of some SORT.... |
|
| 2983. |
Solve : Avast Downloaded: Suggestions?? |
|
Answer» Hi, |
|
| 2984. |
Solve : new computer; various problems!!!? |
|
Answer» Download OTMoveIt2 by OldTimer
C:\Users\All Users\guqwlhse C:\ProgramData\xkhgzgvk C:\ProgramData\guqwlhse HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvxttdix
well here is what I got after the steps you requested. Hope it helps you help me. Then maybe we can fix my other problems and I can enjoy using my computer. [recovering space - attachment deleted by admin]Use the Kaspersky Online Scanner
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As...
Please copy and paste the Kaspersky Online Scanner Report in your next post.finally found this text , IE put it in temp files and had to learn how to find it. Sorry it took so long, hope this helps you. P.S Trojan.WIN32.Blackbird still on desktop even though report says no infection, Is that not one? [recovering space - attachment deleted by admin]Can you ATTACH a screenshot of the desktop? How to take a screen shot
Yeah for the other stuff too. here is the attachment. after combofix I still haven't gotten bac regular time and my regular goggle toolbar with access to browse my timeline , where I can see the sites my kids have visited. That was a important bar for me. it did not return after did the system restore point just a quick mention. If this is something that we will tackle after wards, sorry for the mention. [recovering space - attachment deleted by admin]Right click it and choose Properties. Take a screenshot of the properties box and post it here. [recovering space - attachment deleted by admin]I hope this is what you mean or I lost. [recovering space - attachment deleted by admin]It's just a picture file. Right click it and choose delete. Then run CCleaner. ---------- Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done. .
. The above procedure will:
---------- 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Clear your infected System restore points. See HERE for instructions. ---------- Use the Secunia Software Inspector to check for out of date software.
Here are some great tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Another thing I WOULD suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. Using SpywareBlaster to protect your computer from Spyware and Malware Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Let me know how everthing is now. OK did I misunderstand, did you say you wanted this properties screenshot or was the one I attached in post #37 correct. [recovering space - attachment deleted by admin]Well did the Secunia scan, results say needed the macromedia flash player 9, but looked for it site only says adobe flash player. Are adobe and macromedia the same. tried to install, not successful. still no toolbar to browse timeline sorry I think It's called the google toolbar, has the icon to seach web pages and browse timeline throug google desktop.Use the Adobe Online Uninstaller to get rid of all old remnants. Then install a Fresh Version Try reinstalling the Google toolbar or Google desktop, or both. That last screenshot is different from the first. Is the shortcut still there? I have Adobe Flash Player ActiveX Adobe Reader 8.1.2 and Adobe Shockwave Player do I get rid of these? got bac my google tool bar and have desktop, you're the best Evilfantasy. shortcut of TrojanWIN32Blackbird still there, will use cleaner to rid and also delete it.Just do these two steps and everything will be OK. Adobe Online Uninstaller Then install a Fresh VersionEvery thing seems to be OK you truly have been a tremendous help to me Evilfantasy. I'm so extremely happy I found this site, had those pesky files on my desktop for weeks, did'nt know what it meant but thankful for the help Will carefully go throug your tips and try to stay safe. Do I keep the other programs on the desktop and run how often , not sure? Super-anti spyware , Mallwarebytes and ccleaner? Should I also delete logs on desktop? Are you done with me ? do you have suggestions for hooking up printer or should I continue to search data base? You're truly the BEST!!!!!! MORE THANX FOR YOUR HELP. |
|
| 2985. |
Solve : Computer Infected with Vista Antivirus Malware? |
|
Answer» Do I restart after I fix checked on hijack this?If it asks you to then yes.Logfile of The Avenger Version 2.0, (c) by Swandog46
Files to delete: C:\WINDOWS\system32\cnuxtest.dll C:\WINDOWS\system32\CatRoot_bak Note: the above instructions were created specifically for this user. If you are not this user, DO NOT follow these DIRECTIONS as they could damage the workings of your system
---------- Go to Start > Run and type notepad.exe then click OK Copy the text in the Code box below and paste it into Notepad. Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "QuickTime Task"=- "TkBellExe"=- "iTunesHelper"=- "IgfxTray"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 In Notepad go to File > Save as... Next to File name: type fixme.reg Use the dropdown box next to Save as type: and select All files. Save it to the desktop. There should now be a file on the Desktop that looks like this Double-click fixme.reg it and allow it to merge with the Registry. You MAY not see anything happen but give it a few seconds or so to finish. Now delete the fixme.reg file from the desktop. ---------- To change military time to standard time Go to Start > Control Panel > Regional and Language Options Click the Customize button Select the Time tab In the Time Format area use the down arrow to select: h:mm:ss tt Click Apply Click OK Click Apply Click OK Restart the computer. ---------- Let me know how everything is now.Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\system32\cnuxtest.dll" deleted successfully. Error: "C:\WINDOWS\system32\CatRoot_bak" is a folder, not a file! Deletion of file "C:\WINDOWS\system32\CatRoot_bak" failed! Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directory Completed script processing. ******************* Finished! Terminate. I screwed that up. Please run The Avenger one more time and input these lines. Code: [Select]Folders to delete: C:\WINDOWS\system32\CatRoot_bakLogfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Folder "C:\WINDOWS\system32\CatRoot_bak" deleted successfully. Completed script processing. ******************* Finished! Terminate.Thanks, and sorry about that!Thank you so much, you completely repaired my computer, it is working so much faster and I just hope I can protect it using the tools you helped me acquire. Do you have any written instructions for maintaining the files and preventing malware and virus entries? I cannot thank you enough, you put so much time into helping me. I will refer this site to all of my friends and family... Take care...You did finish the rest of the instructions? Final cleanup and advice. Let me know if you have any questions. Delete ALL temporary files Go to:
Check the boxes for:
---------- Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Use only trusted security software like the programs listed on this page. Trusted security tools & resources |
|
| 2986. |
Solve : Computer freezing up!? |
|
Answer» Hi Guys |
|
| 2987. |
Solve : %systemroot%\system32\cmd.exe? Policies Changed/locked Out Of Installing/cpu Hi? |
|
Answer» I have been attempting to troubleshoot this for a week USING your guides. Here is the log in normal boot from today. The initial reference safe-mode Hijack log is attached. Please let me know how I can clean up and find leaks in my system. I tried to run Deckard earlier this morning, but I feared changing anything else in fear of damage. Thank you. |
|
| 2988. |
Solve : Problem with comodo firewall apparently?? |
|
Answer» The attatched image shows what I mean. Why does it say that? I click run diagnostics but nothing is fixed-it just says that defense is not functioning properly?!? Also, How do I viw recent events-like when it ASKS for ALLOWING internet and stuff? I have clicked all the "event" things I could find, but none shows what I'm looking for.(the requests and what my answer was). |
|
| 2989. |
Solve : How many wrong things can happen for having facebook?? |
|
Answer» Well anyone that have ideas would be greatly accepted!! I use facebook but Im new with it. When I did start using it I saw warnings about people actually peoples names. And it cross my mind theft identity. But here is a problem the news or post that you read aren't exactly accurate to tell what is wrong or symptoms to sound more LIKE a doctor All I know for now is that if a friend or you have a friend called Luisa Ledezma. That hacker that horrible person will format your PC and stole your mail password. And can do it to their friends. It almost sounds like a jackpot for a thief of identities. I sincerely don't think a hacker can be that dumb. So lets start discussing just how many things can happen with hackers on the loose inside FACEBOOK. Thanks to anyone who wants to share info!! I have absolutely no idea what you mean. hat hacker Angry that horrible person will format your PC and stole your mail password.Through Facebook? What?Ok I gather some more info. Sorry that the first reply is not clear enough but is what I first got. I also dont understand. Even I wrote it n I say.. w th #$! Here is what happens a hacker from facebook becomes your friend or becomes a friend to any of your friends. After that I still dont know what happens. Merlin said that I should read more about Activex. It help a lot so Merlin THANK you If you use IE or the person that have this hacker as a friend and uses IE(Internet Explorer) it allows the hacker to let a spyware get in the persons PC. Still sounds tricky but that is all I got. Basic you get spyware if you or your friend allows the hacker to be your friend. Just for using IE. Facebook is a breeding ground for malware. Keep your antivirus up to date and use a good firewall if you visit social sites like facebook or myspace. Use the same rules you do with regular email. Don't open anything if you don't know what it is. Hackers Exploiting Facebook, MySpace Plug-ins - http://blog.washingtonpost.com/securityfix/2008/02/hackers_exploiting_facebook_my.html Secret Crush: First Serious Facebook Hack? - http://mashable.com/2008/01/04/secret-crush-first-serious-facebook-hack/ http://mashable.com/2007/07/10/facebook-malware/ Social sites a breeding ground for malware: report - http://www.theregister.co.uk/2006/08/10/social_sites_breed_malware/ Storm (worm) spoofs FBI via Facebook - http://www.securecomputing.net.au/News/118229,storm-spoofs-fbi-via-facebook.aspx Thanx for the HEADS up, my wife lives on facebook, and I have noticed an increase in malware and such on her computer, no matter what protection I have I cant seem to keep it off her computer....Quote from: fullbug on July 30, 2008, 06:51:00 PM no matter what protection I have I cant seem to keep it off her computer.... Antivirus protection is rendered almost useless when you click on malware links. Some malware WRITERS design it to not install until the PC is shutting down or as it starts up. Basically it doesn't install except for whenever the antivirus isn't running so it can't be stopped.FEDS Combing Facebook for Terrorists, Storm Says Quote Can it be true that even terrorists are hooked on Facebook? And that the Feds are scouring the social networking site looking for them? Full Story |
|
| 2990. |
Solve : Help EvilFantasy please(sorta)? |
|
Answer» Quote from: Mr. Google on July 31, 2008, 11:29:30 AM Ok, I'm going to remove them because I need to hurry...Nevermind. None of them are there, so I'm presuming the virus is destroyed...Log looks fine. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- PLEASE keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less EFFECTIVE. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Use only trusted security software like the programs listed on this page. Trusted security tools & resourcesThanks, I am back at my own pc, but-luckily I did most of those things already. So thanks alot for your help!!No problem Hmmmm...I came here because, from the TITLE, I thought that Evil needed help; obviously not!lolBa -doom - pishhh Yeah, well, I was a bit concerned with the "sorta." |
|
| 2991. |
Solve : Log Reports...RE: Computer Runs slowly and freezes up.? |
|
Answer» Evilfantasy,
[kill explorer]
The log you requested. Explorer killed successfully C:\Documents and Settings\Michelle Thomas\Application Data\vmntoolbar\vmntoolbar_151.zip moved successfully. C:\Documents and Settings\Michelle Thomas\Incomplete\T-328472-02 - sun eyed girl _192kbps_ 29.wma moved successfully. C:\Documents and Settings\Michelle Thomas\Shared\(1) evernescence 16.wma moved successfully. C:\Documents and Settings\Michelle Thomas\Shared\beck sun eyed girl.wm moved successfully. C:\Program Files\vmntoolbar\VMNTOO~11.old moved successfully. C:\WINDOWS\system32\bdeinsta3.dll NOT unregistered. C:\WINDOWS\system32\bdeinsta3.dll moved successfully. C:\WINDOWS\system32\cashbar.dll unregistered successfully. C:\WINDOWS\system32\cashbar.dll moved successfully. C:\WINDOWS\system32\cexwxfst.sys moved successfully. C:\WINDOWS\system32\SS001.dll unregistered successfully. C:\WINDOWS\system32\SS001.dll moved successfully. C:\WINDOWS\system32\sxwand.sys moved successfully. C:\WINDOWS\system32\tmpxr_184699820684.bk moved successfully. C:\WINDOWS\system32\wfallsfreems.exe moved successfully. File/Folder C:\WINDOWS\system32\wfallsfreems.exe not found. C:\WINDOWS\system32\yaxcnxd.sys moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp10D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp115.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp126.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmp127.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\tmpD8.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\~DF8411.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\~DFFC3F.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\~DFFC4C.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\History\History.IE5\MSHist012008073120080801\index.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\HQEB7EJ6\all[2].htm scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07312008_173152 Looks good. The next log won't be needed. I think you are finally malware free Final steps. Let me know if you have any questions. 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor RATES sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Use only trusted security software like the programs listed on this page. Trusted security tools & resourcesEvilfantasy, Thank you sooooo much for getting me to this point but I do have a question. After I created the New restore point you say to Go to Start > Run and type Cleanmgr Click OK When I do this I do not get an option to Click More Options tab Instead I get a pop up box that says: Select the Drive you want to clean up: What do I do here? Thank You No problem. It's a little different for XP Home. Disable the System Restore Utility to prevent re-infection from an old one 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button.Evilfantasy, Thank You I disabled and re-enabled the system restore per your instructions. So if I need to go back to a clean working state I will have my Restore point that I created. Hopefully I won't need it though....But I will definitely utilize all your suggestions to keep my computer clean from the bad stuff. I will definitely recommend this site to all my friends and I think you all do a wonderful thing here in helping all of us out who would not know any better. Thank YouNo problem. Glad we got you cleaned up! Safe surfing.............@mthomas: Now back to the original problem - is your computer running faster?My computer is running faster indeed....I still need to use the compressed air to clean out the inside....That is definite, but Internet explorer moves faster from website to website and just an overall great improvement on speed. I have another issue but I will post a new thread for this one. Thank You |
|
| 2992. |
Solve : Computer virus and spyware? |
|
Answer» Which ones? There should be HJT, MBAM and SAS. You can uninstall HJT but keep MBAM and SAS and run scans with them occasionally. here is a list, Software inspecter, Malware bytes, Moa2008use.exe, Superantispyware, Windowsxp-kb884020-x86-enu.exe, software inspector, Tinsetup, CCleaner, Noscript. I am prevented from using youtubr and similar sites How are you prevented? What EXACTLY happens? the tinsetup ia winpatrol. I have avast antivirus will any of these other programs malwarebytes or superantispyware conflict.This is the message I get. I know I have the latest version of flash player. Sorry This is the message I get "Hello, you either have JavaScript turned off or an old version of Adobe's Flash Player. " I have the problem under control now. Everything seems to be fine It was the firefox no script. I had to learn how to allowstuff. Thanks again. You have been awsome . I am telling people good things about this site. Have a great life Quote from: Robinhood on July 29, 2008, 08:38:52 AM the tinsetup ia winpatrol. If you have any old setup files on the desktop you can safely delete them. The programs will not conflict with Avast!.Everything is still good. Thanks so much. |
|
| 2993. |
Solve : Java really slow!?!?!?? |
|
Answer» For some reason, after I installed the new java-it's been REALLY slow and it's making the whole computer freeze up when its running. Does anyone know how I can fix this??
Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Go to Start > Run and type notepad.exe then click OK Copy the text in the Code box below and paste it into Notepad. Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "iTunesHelper"=- "QuickTime Task"=- "TkBellExe"=- "SunJavaUpdateSched"=- "RoboForm"=- "PeerGuardian"=- "ares vista"=- "Picasa Media Detector"=- In Notepad go to File > Save as... Next to File name: type fixme.reg Use the dropdown box next to Save as type: and select All files. Save it to the Desktop. There should now be a file on the Desktop that looks like this Double-click fixme.reg it and allow it to merge with the Registry. You may not see anything happen but give it a few seconds or so to finish. Now delete the fixme.reg file from the Desktop. Restart the computer and let me know how things are now. Thanks alot, that made the reboot amazingly faster. But mozilla still takes a bit long to open up. The internet is supr fast. But the initial startup of mozilla takes a while. But thanks alot! The Firefox issue is a known one. Everybody suffers the same wait when they launch it. Not much you can (safely) do to fix that. |
|
| 2994. |
Solve : A-Squared Anti-Malware FREEE? |
|
Answer» Is this a good software?? It's free TODAY from: Is this a good software?? Seems to be. I RUN command line version occasionally on-demand. Quote from: evilfantasy on August 02, 2008, 12:15:22 PM With all that you already have it really isn't necessary. Alright, cool. Sidewinder, that's thef ree version. This ONE's the paid version. |
|
| 2995. |
Solve : task manager & programs button missing? |
|
Answer» My CLOCK shows TIME as
---------- Download and rename TrendMicro HijackThis.exe (HJT)
---------- Next post please add MBAM log HijackThis log |
|
| 2996. |
Solve : Winspyware protect removal tool? |
|
Answer» NONE that I am aware of, machine has only been used sparsley today, mainly per instructions. We are able to log onto mail accounts and ONLINE banking as before. I thank you very much for your knowledge, patience and especially your help.Final steps to help secure everything and some advice. Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! BUTTON. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once COMPLETE exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and SPAM. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Use only trusted security software like the programs listed on this page. Trusted security tools & resourcesI have created a new restore point, I will continue with the remainder of your advise.......tomorrow, bedtime now. I do however wish to take a moment and thank you for your knowledge, patience and especially your help in this issue. I would have sat and watched my system get corrupted beyond repair on my own. Therefore I am left with nothing but thanks to you and the other specialists who administer this site, great job.....I'm glad everything worked out and thank you for hanging in there Let us know if anything else comes up. Safe surfing............. |
|
| 2997. |
Solve : Virus and Reboot issues? |
|
Answer» I am in desparate need of help! I spent 10 hours over the weekend on the phone with Dell and Charter Communications (internet & security suite). I have VIRUS and after 4 hours Dell said they couldn't help - to CONTACT Charter Security Suite since their security allowed the virus. After 5 hours and 5 different people with Charter they said I needed to run their virus scan - it wouldn't let me. They said to uninstall Charter Security Suite, and McAfee and Symantec - they said I had fragments of McAfee & Symantec LEFT in my computer from probably a free trial or something. Well since I couldnl't get into the internet to get the "uninstall tool". Anyway - long story short - my brother told me to just reboot the computer and it would start "ANEW" and it would be like having a "new computer again" All problems would go away. WRONG!!! I rebooted the computer - went thru several testings and now my screen is b&W asking for my password. I am not able to type in a password or do anything. Computer is frozen. I've turned off & on -no luck. I tried inserting my reinstall disk from Dell - it does nothing. Is my computer a goner? Please help me. I am at my wits end!!! I ended up in tears. I Please explain further I can't explain their explanation..... Do you have your Install CD?Yes I tried to use it and it did nothing.I means please explain what SP1 and SP2 are? SP = Service Pack. They are Windows updates. Have you tried a Repair Install. Instructions here: http://www.michaelstevenstech.com/XPrepairinstall.htm Note: A Repair Install will replace the system files with the files on the XP CD used for the Repair Install. It will leave your applications and settings intact, but Windows updates will need to be reapplied. No I don't think I've tried this - will it work even if the computer/keyboard is frozen at this point?You will need to follow the guide starting HERE and see if it works. Hopefully the keyboard will work while the computer is booting up.THANK YOU FOR ALL YOUR HELP - I WILL TRY IT - I will be on vacation until Monday and depending if I get it running at home - I will keep you posted.!!! |
|
| 2998. |
Solve : Modems, Drivers and Internet Security? |
|
Answer» What are the current issues with your computer?AVG is showing a "Threat Detected !" box.
C:\\WINDOWSS\System32\0qamSHR6.exe EmptyTemp [start explorer]
As my OTMoveIt2 results appeared, Spybot Search and Destroy asked my permission to allow a change detailed as follows --> Category = System startup global entry Change = Value added Entry = OTScanIt New Data = C:\Document and Settings\Username\Desktop\OTMoveIt2.exe I am yet to click on the "Allow Change" box but this information appeared in the green Results section : Explorer killed successfully C:\\WINDOWS\System32\0qamSHR6.exe moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\PORTAB~1\LOCALS~1\Temp\~ROMFN_00000F88 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_704.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07302008_222342 The PC is prompting me to re-boot to remove these files. I haven't told AVG Anti-Virus how I would like it to respond to the Downloader.Generic7.AACU Should I tell AVG to "Ignore" it, "Allow change" at Spybot Search and Destroy and then re-boot the machine ? Allow the change with Spybot. Reboot to register the changes made by OTMoveIt2. Just ignore AVG for now and see if the warning returns after restarting the computer. Post a new HijackThis log after the reboot please.Upon re-booting I was immediately automatically presented with an OTMoveIt2 Log stating --> --------------------------------------------------------------------------------------------------------------------------------------- Explorer killed successfully C:\\WINDOWS\System32\0qamSHR6.exe moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\PORTAB~1\LOCALS~1\Temp\~ROMFN_00000F88 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_704.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07302008_222342 Files moved on Reboot... File C:\DOCUME~1\PORTAB~1\LOCALS~1\Temp\~ROMFN_00000F88 not found! File C:\WINDOWS\temp\Perflib_Perfdata_704.dat not found! ----------------------------------------------------------------------------------------------------------------------------------- Does this mean it was unable to delete the files that it wanted to because it could not find them ? Might there be an issue with the truncated file path names ? -------------------------------------------------------------------------------------------------------------------------------------- I have run a new HiJackThis Scan. It shows --> Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:58:23, on 30/07/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Wacom_Tablet.exe C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\System32\Wacom_Tablet.exe C:\WINDOWS\notepad.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\WLANSTA.EXE C:\WINDOWS\System32\TPWRTRAY.EXE C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE C:\WINDOWS\System32\TFNF5.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\System32\TDispVol.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\WINDOWS\System32\00THotkey.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Comodo\CBOClean\BOC425.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\CrazyTalk.dll,DllServeMediaFile O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03 O4 - HKLM\..\Run: [tdispVol] TDispVol.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra CONTEXT menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\ O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\lib\LicenseServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\System32\Wacom_Tablet.exe O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe -- End of file - 8724 bytes ---------------------------------------------------------------------------------------------------------------------------------- Thank you for looking at this.Quote C:\\WINDOWS\System32\0qamSHR6.exe moved successfully. Thats the file that was important to be deleted and it was. Quote File C:\WINDOWS\temp\Perflib_Perfdata_704.dat not found! That is not important. It's just a Temporary file that was either deleted when Windows shut down or was over written and renamed. No big deal either way. ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Go to Start > Run and type Notepad.exe then click OK. Copy and paste the following text within the code box into the new Notepad file. Code: [Select]@ECHO OFF sc stop Automatic LiveUpdate Scheduler sc delete Automatic LiveUpdate Scheduler exit In Notepad select File and Save as Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files. Next double click fixservice.bat to run it. A black box should open and close after a short time, this is normal. Do not continue until the black box has closed Delete fixservice.bat from the Desktop. ---------- Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart.
You are using an outdated version of Internet Explorer. Go to http://www.windowsupdate.com/ and check for updates. You don't have to update to IE 7 but the version of IE 6 you are using is old. ---------- Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply.Hi I have just completed the Kaspersky Online Scan. Before running it, I closed BOClean, Spybot and AVG from my Task Bar. Earlier I had followed your steps to try to FULLY remove Norton. I made the fixme.bat (which kept the name fixme.bat - I never saw anything that said fixservice.bat), ran that and went through the Tool process twice. The Norton Removal Tool took about ten minutes to show its first screen after I pressed "Setup" each time. Upon re-booting after each attempt I was sent to a Symantec web-page that wanted me to Reinstall their latest product. I'm mentioning all of this as background to my Kaspersky results which have shown that I am INFECTED. The Threat Name is : Trojan-Dropper.Win32.joiner.fa Here is the text from the Report ----> -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, July 31, 2008 Operating System: Microsoft Windows XP Home Edition (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, July 31, 2008 10:08:13 Records in database: 1033103 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 132419 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 02:57:49 File name / Threat name / Threats count C:\System Volume Information\_restore{A9C47B8A-3CBA-4B5E-AC85-6D30CE725E70}\RP3\A0000125.exeInfected: Trojan-Dropper.Win32.Joiner.fa1 The selected area was scanned. --------------------------------------------------------------------------------------------------------------------------------- Thanks again for your assistance. It's wonderful to find a community of kind people here who know so many angles to approach these problems from. The Kaspersky report shows an infected restore point which is EASY to cure. Turn OFF System Restore
Restart your computer Turn ON System Restore
System Restore will now be active again ---------- 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Use the Secunia Software Inspector to check for out of date software.
---------- How is everything now? Hi I've given things a couple of days so as not to jump ahead of myself with an over-hasty "all clear" - although things are certainly far, far better now ALL thanks to the help I have recieved at this brilliant forum. T H A N K Y O U I am now able to type this message from the computer that was infected and it's wonderful that the horrible problem with my modem being messed around with has stopped. If that hadn't happened to me, I would have carried on unaware of an infiltration. I'm using Firefox 3 instead of IE6 now. It has frozen up a couple of times but I'm assuming that that sort of thing CAN happen "naturally" on an old, tired five and a half year old laptop and needn't have to be suspicious.Firefox can be buggy for some. IE 7 is more secure then IE 6 so that is an option as well. Here are some more free low resource tools. Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become LESS effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Use only trusted security software like the programs listed on this page. Trusted security tools & resources |
|
| 2999. |
Solve : COmputer dying all of the sudden!? |
|
Answer» It all started last night....... We ALSO request patience. The Experts here are Volunteers and are not here 24/7. This is not a live session EITHER. If it takes a few hours or overnight for them to get back to you, trust me it is worth the wait. Looks like the wait was too long for free help. |
|
| 3000. |
Solve : Re: file will not delete? |
|
Answer» i was trying to download a song at it came up as a *censored* video and now it wont delete ive tryed LOADS ive EVEN avg scanned itand that says there nothing wrong but when i try to delete it it says there has been a SHARING violation the source or destination file MAY be in useMoved the to Computer VIRUSES and spyware forum |
|