InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 3001. |
Solve : Trying to find the cause of random hangups? |
|
Answer» On my HP Presario sr1750nx, 3500+ amd athlon64, 1gbmem, 200gbhard drive, win XP sp3. While I was in sys MANG in hidden DEVICES I FOUND a driver titled MCSTRM , with the yellow exclamation POINT tellimg me that it was inactive and missing part of it's drives. It was also activated by other programs, on searching I found that it can be a bit of malware too. Anybody know something about this???Welcome to CH. |
|
| 3002. |
Solve : anti spy/malware? |
|
Answer» hello, |
|
| 3003. |
Solve : Someone pls help me with my logs...? |
|
Answer» Hi, can someone pls help me with my LOGS. Below are the logs. Thanks!
---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) * O2 - BHO: (no name) - {3944EB28-3DA6-41A2-933B-DEBBD450E81C} - (no file) * O20 - Winlogon Notify: ddcYqpPG - ddcYqpPG.dll (file missing) Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis and restart the computer to register the changes. ---------- How is the computer now?Hi evilfantasy, thank you for your reply. My pc seems to be running very slowly and many programs tend to have problems again. I will re-do the steps u teach again and removed the norton. After which, I will post the logs again. Hope that solve my problems.You don't NEED to redo the steps, they won't turn up any new results. Let me know how everything is after removing Norton.Hi evilfantasy, now my pc having new problems. Now it can't cannot connect to the internet and ws2_32.dll problem. I had removed Norton but nothing seems to be ok. Can you help? Thanks!And also the system is running very slowly. It takes 5 to 10 mins or more to load up when I turn on the pc. Is there anything or application I could use to speed up the pc? But of course to resolve the internet issue first. I can't connect to the internet at all. I'm using wireless and it can't connect to my wireless network. I tried restart many times but still can't. And I also tried to run RegCure. Whenever I tried to open RegCure, windows pop up saying, "Windows sockets initialization failed". Pls let me know what other informations you require as I'm really a greenhorn to pc. Thanks!You need to run this tool. WinSock XP Fix. After that do you have your XP CD? hi evilfantasy, i do not have my XP CD.Did you try the WinSock XP Fix? |
|
| 3004. |
Solve : How to renamed files infected by virus MALAS?? |
| Answer» HONESTLY I don't KNOW. Your BETTER off STICKING with who was HELPING you on that. | |
| 3005. |
Solve : Infected laptop problem? |
|
Answer» A few days ago my wife foolishly opened an email from the customs department which after a bit of research contained a virus which is circulating. Basically I cannot use the laptop, however there are files on there that I would like to save. When I boot up the PC it goes to the Windows loggin screen and when I try to get past this it starts to dump physical memory then reboots. I've tried safe boot etc but exactly the same. I've also tried to reinstal windows as a REPAIR but still the same problem. Is ther anyway of clearing the virus without being in windows? I would like to save the files but I also really need to use the laptop again so if there is NOTHING that can be done then I will have to reinstall windows and start again. |
|
| 3006. |
Solve : Trojan.Packed.NsAnti? |
|
Answer» Second Hijack this I think I've got rid of the problem. I''ll wait for your reply. What did you do? There are still trojans left. Read this article: Danger: Remote Access Trojans. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the Backdoor Trojan has been removed the computer is now secure. Many experts in the security COMMUNITY believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. When should I re-format? How should I reinstall?. How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it will be 100% secure afterwards or that the removal will be successful. Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad.
Code: [Select]KillAll:: File:: C:\WINDOWS\system32\devldr32.exe C:\Program Files\FarStone\VirtualDrive\netsrv.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39686e63-595a-11dd-9a1d-000d87b86781}] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you SEE in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze ---------- |
|
| 3007. |
Solve : Avira?Windows ME? |
|
Answer» For Windows 2000 and above I would SUGGEST installing MBAM for an on demand scanner - http://www.besttechie.net/tools/mbam-setup.exe |
|
| 3008. |
Solve : rundll malware plz help? |
|
Answer» Hey guys,
---------- Download
C:\Windows\System32\bjuwckqkyt.exe C:\Windows\unvise32.exe EmptyTemp [start explorer]
Explorer KILLED successfully C:\Windows\System32\bjuwckqkyt.exe moved successfully. C:\Windows\unvise32.exe moved successfully. < EmptyTemp > File delete failed. C:\Users\Anhtuyet\AppData\Local\Temp\etilqs_4oEQWGDKaKIJfF1gK3Xs scheduled to be deleted on reboot. File delete failed. C:\Users\Anhtuyet\AppData\Local\Temp\061d7df21e7b420bbf81f860b2a6409d\filesys.dll scheduled to be deleted on reboot. File delete failed. C:\Users\Anhtuyet\AppData\Local\Temp\061d7df21e7b420bbf81f860b2a6409d\http.dll scheduled to be deleted on reboot. File delete failed. C:\Users\Anhtuyet\AppData\Local\Temp\NAILogs\UpdaterUI_ANHTUYET-PC.log scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08042008_211107 Yes, please restart then run this next scan and post the log from it. Use the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator. Click on SCAN NOW Click on the Accept button and install any components it needs.
Sorry for the long response, the kaspersky took a long time. Heres the attachment [recovering disk space -- attachment deleted by admin]The only thing showing is the MalwareBytes Quarantine which can be emptied. Time to cleanup. Let me know if you have any questions. 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and BECOME less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks a lot man my computer is finally error free. I appreciate what you have helped me with, hopefully if i have more trouble in the future ill go to u Two more questions 1. Should i keep Spybot Search & destroy and ad-aware?? 2. Somtimes my laptop has no sound and i check the volume mixer, it says its properly working. Then i close my laptop and put my fingerprint on for the password. When it turns on it works for a little. Then if i haven't played anything with sounds it stops working for unknown reasons. Thanks againQuote 1. Should i keep Spybot Search & destroy and ad-aware?? I would get rid of ad-aware and use MalwareBytes instead. Keep SpyBot, update it and also click the Immunize feature after updating. Quote 2. Somtimes my laptop has no sound and i check the volume mixer, it says its properly working. Then i close my laptop and put my fingerprint on for the password. When it turns on it works for a little. Then if i haven't played anything with sounds it stops working for unknown reasons. It would be BEST to start a new topic in the Windows or Software forum on this. Glad you are malware free. Safe surfing..... |
|
| 3009. |
Solve : Computer running sluggish all of the sudden? |
|
Answer» Quote Hows Startup in MSConfig?It was done through HJT, AS ALWAYS.Defrag?not bad. Only the things i want running are. Is it possible that it could be the zonealarm security suite? I just recently installed it. But I don't really like it. nothing to defrag. Just tried it. NothingQuote from: Broni on July 05, 2008, 08:10:42 PM QuoteJust wondering if anything was added after HijackThis.Do oyu want me to post a new copy of HJT? Maybe something changed.Go ahead.Hows Startup in MSConfig?It was done through HJT, AS ALWAYS. You may try also uninstalling ZA, but before you do, download replacements: - Avira free antivirus: http://www.free-av.com/en/download/index.html or - Avast! free antivirus: http://filehippo.com/download_avast_antivirus/ and - Comodo free firewall: http://www.personalfirewall.comodo.com/ or Windows firewall up. Physically disconnect from the Net, while MAKING changes.Quote from: paudashlake on July 05, 2008, 08:02:50 PM task killer www.rsdsoft.com For what it's worth - I had to delete the new version of Eraser about a month ago because of consistent errors that showed up with Event Viewer. I can't remember the exact error but my boot TIME increased quite a bit, that's why I went looking. The Heidi Forum was no HELP so I just uninstalled it.Any better?nopeHave you considered running Lavasoft's Ad-Aware program? I have found success in running this program first before my weekly ritual of tweeking my PC. The website provides a Freeware copy, and I have used it for 3 years no Virus yet. http://lavasoft.com/ Please advise if this was helpful? I have other steps you can use that have helped me.Welcome, NickBurns but this topic is a month old....and the Original Poster is gone...Nick, your input is appreciated, but like Carbon said, the original poster has deleted their account and is no longer a member. On that note, I am going to go ahead and lock this thread. |
|
| 3010. |
Solve : Infections won't go away, IE freezes? |
|
Answer» Hey all! Recently I've been having problems with Trojans and other infections. Also my Internet Explorer keeps freezing on me. This hasn't been a problem before. But almost every time I open IE and open some new tabs, it freezes. I keep running spyware and virus scans and they keep popping up. I'm attaching my SuperAnti spyware, Malwarebytes and HJT logs as requested. If anything else is needed, please just let me know. Is Juno your current ISP, or is it NetZero?Hey CBMatt- Alrighty then, first of all I ran VundoFix and then the VirtumundoBeGone but the only log I got was the one I attached on the previous post. After your last post I ran ComboFix and am attaching the log for you. I now have AVG AV and Firewall installed and running. I also updated my IT browser to SP3. Quote Is Juno your current ISP, or is it NetZero? I'm sorry, I completely forgot about that question! I am now using Hughes Net as my internet provider. The others are dial-up I have in case of a satellite outage. I DID tell HijackThis to get rid of them though since I haven't used them in quite a while. Oh, also, since installing AVG, it put a toolbar on my desktop too. Should I get rid of it as well? So, I think I've finished everything you suggested. Anything else you need? thanks! Christy [recovering disk space -- attachment deleted by admin]A toolbar? I've never known AVG to install a toolbar. Unless it's related to the SafeSearch, which I have never used... http://one9.us/blog/how-to/disable-avg-80-safe-search ComboFix picked up a few things and you should be relatively clean now (be sure to keep running scans on a regular basis), but it's hard to say because it looks like you crack a lot of games, and these cracks and keygens are notorious for infecting users with viruses. If you keep up such activity, you will never keep your computer virus-free. Also, you must be very careful with HJT because if you remove the wrong things, you can really screw up your system. Anyway, how is your computer running now? Any changes?The toolbar came with a paid subscription to AVG. I've used the free AVG before and decided to try the paid one. The info on the toolbar is here: http://www.grisoft.com/ww.product-avg-toolbar-tlbrc if you are interested. I think my computer is running better now. Haven't had any freezes lately. thanks for your help- ChristyOkay, gotcha. I've never used the paid version, so I'm not entirely familiar with every feature. According to AVG's site, the toolbar comes with Active Surf-Shield and LinkScanner. Personally, I am against these extra features as they are known for causing a lot of lag with some users, so I would remove it. However, if you aren't experiencing any problems and/or you want the toolbar, it's not going to cause you any harm. If you end up experiencing anymore problems, FEEL free to come back and we'll give it all another run-through. But if you're not having trouble, then you should be good to go. I think ComboFix is a HANDY program to keep around, but because it's constantly being updated, it's best to re-download it whenever you need it. So, let's go ahead and uninstall by going to Start > Run...then type in combofix /u and click on OK. Note the space between "combofix" and "/u". Here are some additional procedures that you should follow to help with the security of your computer... Next, let's clean your restore points and SET a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
And be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet, read this article by Tony Klein: So how did I get infected in the first place?Once again thanks a lot for your help. I completed this list of things to do and am good to go..I hope! lol If anything else comes along I'll be back. take care- ChristySounds good to me. Best of luck to you!As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem. |
|
| 3011. |
Solve : Is My Computer OK?? |
|
Answer» Different computer...wanted to know if it's all good. Anything from hijack this to delete...if so...what?That's up to you, really. I would get rid of all of the Verizon, Google, and Yahoo junk because it's just a bunch of CLUTTER in my opinion. And I would ditch McAfee for AVG and Comodo because these two programs have superior protection. But it's your call. These programs aren't malicious, I just think of them as subpar. Also, from your IE browser, you should go to Tools > Windows Update so you can get the latest service pack. Oh, and before I forget... Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again.Hmmm...what verzion and google, yahoo can I get rid of? This computer has verizon internet, I'm afraid I might get rid of something important. I also want to keep google earth.If you're okay with those being on your computer, then that's fine. You've just GOT a couple of toolbars that can sometimes cause lag in IE. But if you're not experiencing any problems, then I wouldn't worry about it.OK...all done. Should the computer be in good shape...any tests I should run or that enough for today? I had a few additional questions about CCleaner 1) When I Scan for Issues, I backup changes as told -Once I have finished cleaning....is it ok to then delete the backups...I mean why keep this cluttering space? 2) How come when I Scan for issues -I get usually many things popping up...even though I clean 1-2 times a week? -Sometimes when I scan...and clean...I do a second scan right after...and new stuff POPS up...why is it this happens and is this odd? Thanks.Quote 1) When I Scan for Issues, I backup changes as told Personally I have stopped using the backups with CCleaner. (I'm not advising anybody to do this). I've come to trust the tool to be safe. The makers take great care in not removing too much, other more aggressive cleaners would likely find more junk, but the benefits performance wise of cleaning the Registry are not great enough to warrant such aggressive cleaning. If the PC restarts a few times with no problems then it is safe to delete the backups. Quote 2) How come when I Scan for issues There are many things you and Windows does that creates new registry entries, and just as many things leaves orphaned Registry keys. It's normal. Normally running the Registry cleaner a few times in succession is advised with CCleaner. It's along the lines of it not being too aggressive... If you would like to clean even more with CCleaner check out the CCleaner winapp2.ini. It adds a hundred or so software applications under the CCleaner applications tab. All software creates some sort of junk that can be cleaned. The winapp2.ini file is an easy safe way to do so. Thanks!As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem. |
|
| 3012. |
Solve : Help with Trojan-Psw.onlinegames? |
|
Answer» As this issue appears to be RESOLVED, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any REASON, PM me or another moderator and it can be arranged. |
|
| 3013. |
Solve : Computer Doctor Needed!!? |
|
Answer» Here is the BDscan
---------- Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to PREVENT possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- How is everything now?SWEET. So far everything seems good. I'm going to Microsoft to update the stuff i need updated. Also, is now a good time to update to sevice pack 3? Also, should i install my norton back on the computer? When i go to my start button, the icon for IE is missing, looks just like a blank program file. Honestly I would leave Norton alone and stay with Avast! I also suggest installing a reliable firewall. Personally I use Comodo. 1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 2) Online Armor 3) Sunbelt/Kerio 4) Agnitum 5) PC Tools Firewall Plus ---------- You might wait a few days to be sure evrything is running OK before installing the SP3. ---------- Is the icon from the new IE 7 or is it there from IE 6?Should i reinstall Avast? When i click on it, it says that it's not a VALID Win32 application. The icon is for IE7 Also, i still have a lot of icons on my deskstop from some of the .exe that we've ran. Would it be safe to delete? Examples: Launch, dialafix, hostsxpert, iseeyouxp, fixpolicies, sdfix, CCleaner? Also, should i continue to run Superantispyware, Malwarebytes and Spybot? I will definitely take your advice for Comodo and Avast!! Oh, and with Avast and Comodo, should I purchase it or running the free verisions will be good enough? Keep CCleaner and use it to cleanup occasionally. Delete Launch, dialafix, hostsxpert, iseeyouxp, fixpolicies, sdfix. Keep Superantispyware, Malwarebytes and Spybot and update then run them occasionally? The free versions of Comodo and Avast are fine, try reinstalling Avast. Install TweakUi - http://www.filehippo.com/download_tweakui/ There is a setting in there that says Rebuild Icons. Maybe that will fix the Icon problem.Ok, my icon is back and working. Could you send me a link to Avast? I did a search but it kept asking me to pay. Glad the icon is FIXED. Here is a link to Avast free - http://www.filehippo.com/download_avast_antivirus/Well, i have Comdo and Avast installed and running. Will i need to update Avast or will it do it on it's own whenever there are updates? Also, on the system restore, should I have it checked for "Turned off" or have it unchecked? Other than that, i think we've fixed it I appreciate your help so much, thanks a million times over. Avast will update on it's own. The only thing avast doesn't do on its own is automatic scans so if you want to scan you will need to open it and do one manually or follow this guide to set them automatically. Click here Avast also has skins to change the appearance. http://www.avast.com/eng/skins.html System Restore should be turned on, there should be no check mark. http://support.microsoft.com/kb/310405 As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem. |
|
| 3014. |
Solve : Can't post logs? |
|
Answer» LOL. Strange....... |
|
| 3015. |
Solve : I got done by a nasty program? |
|
Answer» Hi |
|
| 3016. |
Solve : looking for some trojan horse help? |
|
Answer» i reinstalled java, and flash, but still no pictures on ie5 if i right click and say show picture then they show up?Check here for possible solutions.
Important: Restart the computer before continuing. ---------- Now delete ATF Cleaner. It isn't good for regular use. Ant change?i am still timing out, and also how do i uninstall atf cleaner? just delete it? its on my desktop but i dont see a uninstall feature.Just delete it. It doesn't actually install. Do you have an XP CD? If so, PLACE it in your CD ROM drive and follow the instructions below:
If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + SYMBOL next to it) and then click on System. |
|
| 3017. |
Solve : Infected by Trojan Horse?? |
|
Answer» Hi, I've recently witnessed a trojan horse and Avast removed it. I am not sure if it really worked. Heres my log.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 3018. |
Solve : Shocking, Torjan Vundo help please... >:(? |
|
Answer» ComboFix 08-08-08.07 - Kenneth L. JAMES II 2008-08-09 7:31:33.1 - NTFSx86
And be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet, read this article by Tony Klein: So how did I get infected in the first place?Matt, thanks! cpu seems to be working well... i downloaded the programs you reccommended... should i remove mcafee (free with internet) and windows defender (downloaded it for XP)?That's up to you, really. I think McAfee is subpar, but if you want to keep it, then feel free. However, if you wish to remove McAfee, then you should follow the instructions on this page. As a replacement, Avast! and AVG are GOOD free programs. As for Windows Defender...I would that SUPERAntiSpyware is a much better program, but it is okay to have both programs (just don't run them at the same time), so the decision is yours. |
|
| 3019. |
Solve : Computer is: Freezing, Slowing Down, Randomly Restarting (+Multiple Keyloggers)? |
|
Answer» Lately without warning I have been having issues where my computer gets a little slower. If I am playing an online game my latency skyrockets to the high 800's and sometimes low 1000. Then later I could be doing anything and suddenly my computer freezes and not knowing what to do I will press my "Turbo Reset" button located on the front of my tower. After the computer completely reboots I will notice my cursor "skips", just as a record does when scratched or warped, and it won't go away for awhile. Soon after that issue the cycle restarts and my computer freezes or on rare occasion it will restart itself but not without alerting me with a black screen that covers the screen.
(Courtesy of evilfantasy.) 3. Download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls. In your next post, I would like to see the logs from ComboFix and Dr. Web Cureit, along with a fresh new HijackThis log.Just a quick update and a side issue I'll need help with after I get these problems taken care of... The reason my computer "Freezes" during game play is because the fan on my graphics card isnt moving. So the card just overheats because of all the advanced graphics in the game. I assume this is very dangerous for me to play anything without repairing. So if someone could help me figure out that issue later that would be great. The Dr.Web thing is taking forever but I will have the log soon.Ok finished all steps you have given me. Here are the logs. DrWeb Log: aolconnfix.exe;C:\;Trojan.PWS.Gamania.origin;Incurable.Moved.; A0286869.exe;C:\ErdUndoCache\rp336;Program.mIRC.621;Moved.; SpWizard.exe;C:\Program Files\WinRAR\Setup&CabPackerTrojan.Click.17167;Deleted.; ComboFix Log: ComboFix 08-08-09.03 - Dianne 2008-08-09 20:11:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.208 [GMT -5:00] Running from: C:\Documents and Settings\Dianne\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Dianne\Application Data\inst.exe C:\Documents and Settings\Dianne\Application Data\macromedia\Flash Player\#SharedObjects\8WYGXRH4\interclick.com C:\Documents and Settings\Dianne\Application Data\macromedia\Flash Player\#SharedObjects\8WYGXRH4\interclick.com\ud.sol C:\Documents and Settings\Dianne\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Dianne\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\_000004_.tmp.dll C:\WINDOWS\system32\disk.dll . ((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 ))))))))))))))))))))))))))))))) . 2008-08-09 06:41 . 2008-08-09 06:58d--------C:\Documents and Settings\Dianne\DoctorWeb 2008-08-08 12:24 . 2008-08-08 12:24d--------C:\Program Files\SUPERAntiSpyware 2008-08-08 12:24 . 2008-08-08 12:24d--------C:\Documents and Settings\Dianne\Application Data\SUPERAntiSpyware.com 2008-08-08 12:24 . 2008-08-08 12:24d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-06 09:37 . 2008-07-30 20:0738,472--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-25 21:44 . 2008-07-25 21:44d--------C:\Documents and Settings\All Users\Application Data\vsosdk 2008-07-25 21:42 . 2008-07-25 21:42d--------C:\Program Files\VSO 2008-07-25 21:42 . 2004-05-04 12:531,645,320--a------C:\WINDOWS\gdiplus.dll 2008-07-25 21:42 . 2006-05-20 17:161,184,984--a------C:\WINDOWS\system32\wvc1dmod.dll 2008-07-25 21:42 . 2006-05-11 20:21626,688--a------C:\WINDOWS\system32\vp7vfw.dll 2008-07-25 21:42 . 2006-09-29 13:24217,127--a------C:\WINDOWS\system32\drv43260.dll 2008-07-25 21:42 . 2006-09-29 13:25208,935--a------C:\WINDOWS\system32\drv33260.dll 2008-07-25 21:42 . 2006-09-29 13:26176,165--a------C:\WINDOWS\system32\drv23260.dll 2008-07-25 21:42 . 2007-03-18 21:3765,602--a------C:\WINDOWS\system32\cook3260.dll 2008-07-25 19:04 . 2008-07-25 19:04d--------C:\WINDOWS\WinAVI Video Converter 9.0 2008-07-25 19:04 . 2008-07-25 19:05d--------C:\Program Files\WinAVI Video Converter 9.0 2008-07-25 18:14 . 2008-07-25 21:03d--------C:\Program Files\Common Files\Nero 2008-07-24 20:23 . 2004-03-09 00:00212,240--a------C:\WINDOWS\system32\richtx32.ocx 2008-07-24 20:23 . 2000-05-19 17:5681,920--a------C:\WINDOWS\system32\mbmouse.ocx 2008-07-24 20:23 . 2007-08-31 18:3636,864--a------C:\WINDOWS\system32\trayicon_handler.ocx 2008-07-23 16:31 . 2008-07-23 16:31d--------C:\Program Files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-10 01:10---------d-----wC:\Program Files\Trillian 2008-08-09 11:35---------d-----wC:\Program Files\Java 2008-08-08 17:23---------d-----wC:\Program Files\Common Files\Wise Installation Wizard 2008-08-08 15:18---------d-----wC:\Documents and Settings\Dianne\Application Data\Vso 2008-08-08 15:02---------d-----wC:\Program Files\World of Warcraft 2008-08-06 14:41---------d-----wC:\Program Files\Malwarebytes' Anti-Malware 2008-07-31 01:0717,144----a-wC:\WINDOWS\system32\drivers\mbam.sys 2008-07-26 02:4247,360----a-wC:\WINDOWS\system32\drivers\pcouffin.sys 2008-07-26 02:4247,360----a-wC:\Documents and Settings\Dianne\Application Data\pcouffin.sys 2008-07-23 21:33---------d-----wC:\Program Files\iTunes 2008-07-23 21:32---------d-----wC:\Program Files\iPod 2008-07-23 21:30---------d-----wC:\Program Files\QuickTime 2008-07-12 18:25---------d-----wC:\Documents and Settings\All Users\Application Data\Avg8 2008-07-09 03:32---------d-----wC:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-07 05:37---------d-----wC:\Documents and Settings\Dianne\Application Data\mIRC 2008-07-03 14:5476,040----a-wC:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-03 14:5396,520----a-wC:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-03 14:5310,520----a-wC:\WINDOWS\system32\avgrsstx.dll 2008-06-28 04:300---ha-wC:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-06-28 04:300---ha-wC:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-06-28 04:24---------d-----wC:\Program Files\Common Files\LogiShared 2008-06-28 04:24---------d-----wC:\Documents and Settings\Dianne\Application Data\Logitech 2008-06-28 04:22---------d-----wC:\Program Files\Common Files\Logitech 2008-06-28 04:21---------d--h--wC:\Program Files\InstallShield Installation Information 2008-06-28 04:21---------d-----wC:\Program Files\Logitech 2008-06-28 04:21---------d-----wC:\Documents and Settings\All Users\Application Data\Logitech 2008-06-28 04:20---------d-----wC:\Documents and Settings\All Users\Application Data\LogiShrd 2008-06-25 16:11---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP 2008-06-20 17:41245,248----a-wC:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45360,320----a-wC:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44138,368----a-wC:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52225,920----a-wC:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 13:10272,128------wC:\WINDOWS\system32\drivers\bthport.sys 2008-06-03 00:5641,296----a-wC:\WINDOWS\system32\xfcodec.dll 2008-05-27 02:337,680----a-wC:\WINDOWS\system32\ff_vfw.dll 2008-05-27 02:3360,273----a-wC:\WINDOWS\system32\pthreadGC2.dll 2008-05-13 01:49161,096----a-wC:\WINDOWS\system32\DivXCodecVersionChecker.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 16:41 69632] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 09:54 1232152] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160] C:\Documents and Settings\Dianne\Start Menu\Programs\Startup\ Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2007-12-11 1222144] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-27 23:22:05 692224] Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe [2008-06-03 12:19:10 20525056] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll "VIDC.XFR1"= xfcodec.dll "aux1"= ctwdm32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^traywc.exe] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\traywc.exe backup=C:\WINDOWS\pss\traywc.exeCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gnetmous] --a------ 2002-11-26 15:30 153600 C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WANMiniportService"=2 (0x2) "NVSvc"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "dlbt_device"=3 (0x3) "AOL ACS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\World of Warcraft\\Repair.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\Trillian\\trillian.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 09:53] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-03 09:54] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 09:53] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 09:54] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:56] R3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-06 16:30] S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Dianne\Desktop\misc\sex\IlvMoney1148.sys [] S3 rpqkfx;rpqkfx;C:\Documents and Settings\Dianne\Desktop\The Stuff\MMOGlider\rpqkfx.sys [] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-19 09:56] S3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 11:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdxREG_MULTI_SZ sysagent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30AC43C3-9F9B-C710-092B-0316EF1F69E4}] C:\WINDOWS\system32\smsss.exe s [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . Contents of the 'Scheduled Tasks' folder 2008-08-10 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:24] 2008-08-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-10 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe MSConfigStartUp-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe MSConfigStartUp-Steam - C:\Program Files\Steam\Steam.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\rkgflapl.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-09 20:15:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLBTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[emailprotected]?? scanning hidden files ... C:\WINDOWS\TEMP\b4cd3ab5-2b8a-4c86-995a-1bfd140f0f28.tmp 0 bytes scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2008-08-09 20:18:49 ComboFix-quarantined-files.txt 2008-08-10 01:18:20 Pre-Run: 18,452,893,696 bytes free Post-Run: 18,448,756,736 bytes free 233--- E O F ---2008-08-05 18:00:14 [recovering disk space -- attachment deleted by admin]Also my brother gave me an unopened "Vcool" from Antec fan that fits where 2 normal PCI slots go so I'm hoping putting that in can help my over heat issue. However im still looking for ideas on how to fix the Graphics card built in fan. I went to a local computer store and they said they didnt have much to over for a "nVidia GeForce 6600 GT" other than a DIY Cooling system which to me looked like something I made in a welding class once. Any thoughts there? But ofc the computers safety is priority to my game playing.Those scans should've helped. Go ahead and post a final HijackThis log so I can make sure you're clean. As for your hardware issue, this is definitely a problem and you should resolve it as fast as you can. Installing that other fan should help out quite a bit. It may be possible to find the necessary parts on eBay, so you can also fix the fan for your graphics card. Unfortunately, my specialty is malware removal...I'm not much of a hardware wizard. You should go ahead and post about this in the Hardware section of our forum, and I'm sure somebody will be able to give you the help/advice you need.Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:14 AM, on 8/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe C:\Program Files\Trillian\trillian.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[emailprotected] O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 6034 bytes I unplugged my computer to install the new fan and when I came back AVG now says Anti-Virus and Anti-Spyware are out of date... So I tried to update and it said there are no new updates. Any idea whats wrong there? [recovering disk space -- attachment deleted by admin]Your log looks clean...however, there is something that I just noticed. Before I give you the clean bill of health, I want to check for a CoolWebSearch infection... Download CWShredder here to its own folder. Update CWShredder
Restart your computer and as soon as it starts booting up again, continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Now run CWShredder. Click I Agree, then Fix, and then Next. Let it fix everything it asks about. Reboot your computer back into Normal Mode. Let me know how that goes and post yet another log (sorry, but I need to make sure). As for AVG, it's hard to say what the problem might be because the new AVG has a lot of issues. Do you have AVG 8 and AVG Anti-Spyware, or do you simply have the Anti-Spyware that comes bundled with AVG 8? If you have the two programs installed separately, that can cause a lot of problems. If that's not the case, then there's no telling what the problem might be. I would suggest stopping by the AVG forum to ask about that because they would have a better idea of what might be going on.The CWShredder link doesn't seem to be working. But I got it off http://www.intermute.com/products/cwshredder.html But the AVG issue solved when I restarted my computer. I think it might have been due to the fact that the clock was an hour behind in the year 2088.I pressed Check for Update and it resulted with this in the text box above: "Checking for a new version of CWShredder from Trend Micro. Unable to check for updates." -- So I did the rest of the steps anyways and heres the resulting log (It said no CoolWebSearch found): **** Run Keys **** RUN: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[emailprotected] RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup RUN: [nwiz] nwiz.exe /install RUN: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" RUN: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe RUN: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE RUN: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe RUN: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime RUN: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" RUN: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" RUN: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe **** Browser Helper Objects **** BHO: [Adobe PDF Reader Link Helper] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: [AVG Safe Search] C:\Program Files\AVG\AVG8\avgssie.dll BHO: [SSVHelper Class] C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll **** IE Toolbars **** **** IE Extensions **** IEExt: [] IEExt: [Research] **** Hosts File Entries **** HOSTS: 127.0.0.1 localhost HOSTS: 127.0.0.1 localhost **** IE Settings **** Default Page: http://go.microsoft.com/fwlink/?LinkId=69157 Default Search: http://go.microsoft.com/fwlink/?LinkId=54896 Local Page: C:\WINDOWS\system32\blank.htm Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch **** IE Context Menu (Right click) **** **** Layered Service Providers **** LSP: MSAFD Tcpip [TCP/IP] LSP: MSAFD Tcpip [UDP/IP] LSP: RSVP UDP Service Provider LSP: RSVP TCP Service Provider LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3022AA27-72BA-479E-8D38-CF7DC5BE32DD}] SEQPACKET 7 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3022AA27-72BA-479E-8D38-CF7DC5BE32DD}] DATAGRAM 7 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A3E322ED-51B9-4CFA-BA13-D3960FB219DA}] SEQPACKET 6 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A3E322ED-51B9-4CFA-BA13-D3960FB219DA}] DATAGRAM 6 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{52C33D97-83FB-4B51-AF87-B1E3804A163A}] SEQPACKET 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{52C33D97-83FB-4B51-AF87-B1E3804A163A}] DATAGRAM 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58B9E5FB-7425-4BEA-86B5-9A965B09BFD8}] SEQPACKET 5 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58B9E5FB-7425-4BEA-86B5-9A965B09BFD8}] DATAGRAM 5 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{48705128-C97E-408F-B353-99BAEB681403}] SEQPACKET 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{48705128-C97E-408F-B353-99BAEB681403}] DATAGRAM 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CB3C7EBC-10FF-4032-8D6E-2A24C646477B}] SEQPACKET 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CB3C7EBC-10FF-4032-8D6E-2A24C646477B}] DATAGRAM 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{678844D3-0E3D-468E-804B-F88B29400ABD}] SEQPACKET 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{678844D3-0E3D-468E-804B-F88B29400ABD}] DATAGRAM 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F255E76C-879A-4D16-8AE4-3B2D23BBD775}] SEQPACKET 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F255E76C-879A-4D16-8AE4-3B2D23BBD775}] DATAGRAM 4 **** Blocked Control Panel Items **** BLOCKED: [ncpa.cpl] No BLOCKED: [odbccp32.cpl] No **** Downloaded Program Files **** {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [http://go.microsoft.com/fwlink/?linkid=67633] C:\WINDOWS\system32\OGACheckControl.DLL {166B1BCA-3F9C-11CF-8075-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab] {17492023-C23A-453E-A040-C7C580BBF700} [http://go.microsoft.com/fwlink/?linkid=39204] {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [C:\Program Files\Yahoo!\Common\yinsthelper.dll] {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [http://go.divx.com/plugin/DivXBrowserPlugin.cab] {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab] {A4639D2F-774E-11D3-A490-00C04F6843FB} [http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab] {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab] {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab] {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab] {D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab] **** Windows Services **** [ACS] C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe [Alerter] %SystemRoot%\System32\svchost.exe -k LocalService [ALG] %SystemRoot%\System32\alg.exe [Apple Mobile Device] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs [aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [BITS] %SystemRoot%\System32\svchost.exe -k netsvcs [Browser] %SystemRoot%\System32\svchost.exe -k netsvcs [cisvc] C:\WINDOWS\System32\cisvc.exe [ClipSrv] %SystemRoot%\system32\clipsrv.exe [clr_optimization_v2.0.50727_32] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch [Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs [dlbt_device] C:\WINDOWS\system32\dlbtcoms.exe -service [dmadmin] %SystemRoot%\System32\dmadmin.exe /com [dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs [Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService [ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs [Eventlog] %SystemRoot%\system32\services.exe [EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs [FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs [FontCache3.0.0.0] C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs [HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs [HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter [IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [idsvc] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [ImapiService] C:\WINDOWS\System32\imapi.exe [iPod Service] "C:\Program Files\iPod\bin\iPodService.exe" [lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs [lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs [LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService [Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs [mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe [MSDTC] C:\WINDOWS\System32\msdtc.exe [MSIServer] C:\WINDOWS\system32\msiexec.exe /V [NetDDE] %SystemRoot%\system32\netdde.exe [NetDDEdsdm] %SystemRoot%\system32\netdde.exe [Netlogon] %SystemRoot%\System32\lsass.exe [Netman] %SystemRoot%\System32\svchost.exe -k netsvcs [NetTcpPortSharing] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [Nla] %SystemRoot%\System32\svchost.exe -k netsvcs [NtLmSsp] %SystemRoot%\System32\lsass.exe [NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [NVSvc] %SystemRoot%\system32\nvsvc32.exe [PlugPlay] %SystemRoot%\system32\services.exe [PnkBstrA] C:\WINDOWS\system32\PnkBstrA.exe [PolicyAgent] %SystemRoot%\System32\lsass.exe [ProtectedStorage] %SystemRoot%\system32\lsass.exe [RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs [RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs [RDSessMgr] C:\WINDOWS\system32\sessmgr.exe [RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService [RpcLocator] %SystemRoot%\System32\locator.exe [RpcSs] %SystemRoot%\system32\svchost -k rpcss [RSVP] %SystemRoot%\System32\rsvp.exe [SamSs] %SystemRoot%\system32\lsass.exe [SCardSvr] %SystemRoot%\System32\SCardSvr.exe [Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs [seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs [SENS] %SystemRoot%\system32\svchost.exe -k netsvcs [SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs [Spooler] %SystemRoot%\system32\spoolsv.exe [srservice] %SystemRoot%\System32\svchost.exe -k netsvcs [SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService [stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc [SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{4E077276-404A-4FFD-893B-12574A08FB76} [SysmonLog] %SystemRoot%\system32\smlogsvc.exe [TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [TermService] %SystemRoot%\System32\svchost -k DComLaunch [Themes] %SystemRoot%\System32\svchost.exe -k netsvcs [TlntSvr] C:\WINDOWS\System32\tlntsvr.exe [trkWks] %SystemRoot%\system32\svchost.exe -k netsvcs [TuneUp.Defrag] %SystemRoot%\System32\TuneUpDefragService.exe [upnphost] %SystemRoot%\System32\svchost.exe -k LocalService [UPS] %SystemRoot%\System32\ups.exe [usprserv] %SystemRoot%\System32\svchost.exe -k netsvcs [UxTuneUp] %SystemRoot%\System32\svchost.exe -k netsvcs [VSS] %SystemRoot%\System32\vssvc.exe [W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs [WebClient] %SystemRoot%\System32\svchost.exe -k LocalService [WinDefend] "C:\Program Files\Windows Defender\MsMpEng.exe" [winmgmt] %systemroot%\system32\svchost.exe -k netsvcs [WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs [Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs [WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe [WMPNetworkSvc] "C:\Program Files\Windows Media Player\WMPNetwk.exe" [wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs [wuauserv] %SystemRoot%\system32\svchost.exe -k netsvcs [WudfSvc] %SystemRoot%\system32\svchost.exe -k WudfServiceGroup [WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs [xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs **** Custom IE Search Items **** SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SEARCH: [Default_Search_URL] http://www.google.com/ie SEARCH: [CustomSearch] http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html **** Complete IE Options **** IEOPT: [NoUpdateCheck] IEOPT: [NoJITSetup] IEOPT: [Disable Script Debugger] yes IEOPT: [Show_ChannelBand] No IEOPT: [Anchor Underline] yes IEOPT: [Cache_Update_Frequency] Once_Per_Session IEOPT: [Display Inline Images] yes IEOPT: [Do404Search] IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm IEOPT: [Save_Session_History_On_Exit] no IEOPT: [Show_FullURL] no IEOPT: [Show_StatusBar] yes IEOPT: [Show_ToolBar] yes IEOPT: [Show_URLinStatusBar] yes IEOPT: [Show_URLToolBar] yes IEOPT: [Start Page] http://www.google.com/ IEOPT: [Use_DlgBox_Colors] yes IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IEOPT: [Check_Associations] No IEOPT: [FullScreen] no IEOPT: [NotifyDownloadComplete] no IEOPT: [Window_Placement] , IEOPT: [Error Dlg Displayed On Every Error] no IEOPT: [Use FormSuggest] no IEOPT: [AddToFavoritesExpanded] IEOPT: [FormSuggest PW Ask] no IEOPT: [Use Search Asst] no IEOPT: [Enable Browser Extensions] yes IEOPT: [FormSuggest Passwords] yes IEOPT: [Use Custom Search URL] IEOPT: [AutoSearch] IEOPT: [ShowedCheckBrowser] Yes IEOPT: [Default_Page_URL] http://go.microsoft.com/fwlink/?LinkId=69157 IEOPT: [Default_Search_URL] http://go.microsoft.com/fwlink/?LinkId=54896 IEOPT: [Search Page] http://go.microsoft.com/fwlink/?LinkId=54896 IEOPT: [Enable_Disk_Cache] yes IEOPT: [Cache_Percent_of_Disk] IEOPT: [Delete_Temp_Files_On_Exit] yes IEOPT: [Local Page] %SystemRoot%\system32\blank.htm IEOPT: [Anchor_Visitation_Horizon] IEOPT: [Use_Async_DNS] yes IEOPT: [Placeholder_Width] IEOPT: [Placeholder_Height] IEOPT: [Start Page] http://www.yahoo.com/ IEOPT: [CompanyName] Microsoft Corporation IEOPT: [Custom_Key] MICROSO IEOPT: [Wizard_Version] 6.0.2600.0000 IEOPT: [FullScreen] no IEOPT: [Search Bar] http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html Quote from: sjn2009 on August 11, 2008, 11:29:07 AM The CWShredder link doesn't seem to be working. But I got it off http://www.intermute.com/products/cwshredder.htmlSorry, I haven't had to use that program in quite awhile. Looks like I'll have to update my link! Quote But the AVG issue solved when I restarted my computer. I think it might have been due to the fact that the clock was an hour behind in the year 2088.Ah, yes, ALTHOUGH incorrect dates are easy to spot, incorrect times can slip by because I'm not viewing the logs live, so I really don't know if the times are right or not. In any case, you are right about that being the problem; AVG is very PICKY about your clock having the correct settings. If it's off by a certain amount, AVG is unable to update like it should. As for the log...everything seems fairly normal. I'm just concerned because of this line of your HJT log: MSIE: Unable to get Internet Explorer version! In every case I have seen this, it has been related to CoolWebSearch. You don't show any other symptoms, however, and your log is clean. So, I have to admit that I'm not quite sure what could be causing this to happen. I have heard that it can sometimes be related to Messenger Plus. You have MSN Messenger, but I don't see Messenger Plus anywhere on your computer. You can check your Add/Remove Programs, though, and if it's there, try uninstalling it and posting a new HJT log. If it's not there, then simply skip this. It's also possible that your IE has managed to become corrupted and needs to be repaired... http://support.microsoft.com/kb/318378 I would try performing a repair install and then posting a new HJT log to see if that issue has been fixed. But as far as actual infections, your computer looks clean. However, you're vulnerable without a decent firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall. |
|
| 3020. |
Solve : Screwed up computer? |
|
Answer» This computer got a virus or something and is all outa whack. I've tried running drweb's cureit, windows live one care, and spybot but it's still whacked. Could someone help me out and tell me what's goin on here? Thanks a million.
---------- Now run a new HijackThis scan and post that log also. |
|
| 3021. |
Solve : Desktop Hijacked.? |
|
Answer» Hi. |
|
| 3022. |
Solve : Imbedded virus problems? |
|
Answer» Here is the log for Eset.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the MALWARE and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. How is everything now?I created a new restore point and cleaned out the old ones. I attempted to use Secunia and got this error message: CiceroUIWndFrame: iexplore.exe - Application Error The instruction at "0x0303418e" referneced memory at "0x0332ec30". The memory could not be "read". Click on OK to terminate. When I clicked on OK another error message came up with new numbers. If I clicked on OK again it went back to the original message and they just keep repeating themselves. I have to logout to get rid of them. I probably will not use IE much anymore as a browser. I am using Flock, which is a newer version of Firefox. Will the programs you suggested to use with Firefox work with Flock? One more question: Is the Microsoft Security program strong enough to use, if updated regularly, or is it better to disable that and use other security programs such as you suggested and/or the ones I already use. I currently have Security Shield 2008, Superantispyware, will reload Spybot and I also have PC Registry Cleaner. I understand to use only one primary of each at a time. I will also LOOK at the programs you suggested and download them. I really want to thank you for your time, help and suggestions. I know it must be a job to sit there and analyze and suggest remedies for all the people who are using this forum. Kudos to you. Quote Will the programs you suggested to use with Firefox work with Flock? No. Most programs will work only with IE and FF. Quote Is the Microsoft Security program strong enough to use What program? Quote I also have PC Registry Cleaner. Where did you download this from? Quote I understand to use only one primary of each at a time. One firewall, one antivirus and one real time antispyware. Spyware Blaster will work with all of them as it doesn't run in real time. The Microsoft Security program I was referring to is Windows Security center found when you use Control Panel. My registry cleaner is PC Tools Registry Mechanic. Sorry for not being more precise.Leave the Windows Security center as it is. PC Tools Registry Mechanic is fine to keep although the functions in CCleaner are much safer in my opinion. It's your choice.Right now I have the Windows Security Center firewall off since I have Security Shield on. Same with the antivirus. I will use CCleaner since I have it downloaded. I'll look at the other programs you suggested also. Thanks again for all the help.Just tried to get into my EMAILS. G mail will not load at all and Yahoo mails are all blank.Run the F-Secure Online Scanner for Viruses, Spyware and RootKits. Note: This Scanner is for Internet Explorer Only!
|
|
| 3023. |
Solve : Re: unidentified malware still running? |
|
Answer» Hi,
---------- Now run a new HijackThis scan and post the log along with the MBAM log. This time before copying the HijackThis log, in Notepad select Edit > and click Word Wrap. Anti malware indicate all ok. but sedoparking still show up sometimes. inside cookies got these files name ad.yieldmanager, adrevolver. i suspect these caused the problem. thanks log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:03:04 PM, on 8/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\PV92Tray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\WgaTray.exe D:\David\Software\Torrent\utorrent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\Sniper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{12D9302D-AA03-4949-8045-44470AD7F841}: NameServer = 202.134.0.155,202.134.2.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{12D9302D-AA03-4949-8045-44470AD7F841}: NameServer = 202.134.0.155,202.134.2.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{12D9302D-AA03-4949-8045-44470AD7F841}: NameServer = 202.134.0.155,202.134.2.5 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5380 bytes Can you post the MBAM log. Open MBAM then select the Logs tab and it can be found there. Also how is the computer now?Malwarebytes' Anti-Malware 1.24 Database version: 1045 Windows 5.1.2600 Service Pack 2 5:01:15 PM 8/13/2008 mbam-log-8-13-2008 (17-01-15).txt Scan type: Full Scan (C:\|D:\|I:\|) Objects scanned: 107229 Time elapsed: 30 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Computer is ok but connection is slow. need to restart computer and modem once awhile. Thanks. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I don't THINK it is malware. Try posting in the Windows forum for some advice from people in there. |
|
| 3024. |
Solve : Very bad virus: computer completely frozen!? |
|
Answer» Hi, |
|
| 3025. |
Solve : Antivirus XP 2008 virus? |
|
Answer» Hello again,
C:\nav_update EmptyTemp [start explorer]
---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- How is everything now?I couldn't post what was in the results window because it prompted me to restart my machine when it was finished. Here is the log instead, hope it is just as useful. Explorer killed successfully C:\nav_update moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\Iain\LOCALS~1\Temp\~e5.0001 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Iain\LOCALS~1\Temp\~e5.0001.dir.0000\~df394b.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Iain\LOCALS~1\Temp\~e5.0001.dir.0000\~efe2.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_bPa1pLJOTHzUaHL scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_bxIthif21ZvxxEe scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_ye11UkYmj0yULdM scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08152008_195429 Files moved on Reboot... C:\DOCUME~1\Iain\LOCALS~1\Temp\~e5.0001 moved successfully. C:\DOCUME~1\Iain\LOCALS~1\Temp\~e5.0001.dir.0000\~df394b.tmp moved successfully. C:\DOCUME~1\Iain\LOCALS~1\Temp\~e5.0001.dir.0000\~efe2.tmp moved successfully. File C:\WINDOWS\temp\mcmsc_bPa1pLJOTHzUaHL not found! C:\WINDOWS\temp\sqlite_bxIthif21ZvxxEe moved successfully. C:\WINDOWS\temp\sqlite_ye11UkYmj0yULdM moved successfully. My computer seems to be back to normal again. Thanks for all your help, IainLet's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done. .
. The above procedure will:
---------- 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 3026. |
Solve : Newbie here with trojans/malware/rogues, Oh my!? |
|
Answer» Hi all. I am glad to be here. As the subject reads, I acquired all of these things on my HP pavilion laptop while surfing the net. I am running XP SP2. I have read the sticky and performed the initial steps outlined there and have created the appropriate logs. My question is: What do I do from here? I appreciate any help/advice offered.
Place a check mark next to the following entries: (if there) O24 - Desktop Component 0: Privacy Protection - (no file) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and restart the computer to register the changes made by HijackThis. ----------
---------- Use the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator. Click on SCAN NOW Click on the Accept button and install any components it needs.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.Alright, moving right along. Here it is: [recovering disk space -- attachment deleted by admin]
C:\Documents and Settings\andy\Incomplete\CORRUPT-0-Linkin Park - Given up.mp3 EmptyTemp [start explorer]
C:\Documents and Settings\andy\Incomplete\CORRUPT-0-Linkin Park - Given up.mp3 moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\synchronize.log scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\hsperfdata_andy\2664 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\Arj.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\avlib.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\Avp1.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\AvpMgr.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\btimages.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\CAB.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\dmap.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\dtreg.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\FSSync.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\HashCont.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\HashMD5.PPL scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\HCCMP.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\ichk2.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\iChkSA.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\Inflate.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\IWGen.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\kave.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\lha.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\L_llio.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\mdb.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\MDMAP.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\MemModSc.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\MemScan.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\minizip.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\MKavIO.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\msoe.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\nfio.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\NTFSstrm.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\prKernel.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\prLoader.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\prseqio.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\PrUtil.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\Quantum.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\rar.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\ScanningProcess.exe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\sfdb.PPL scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\TempFile.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\thpimpl.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\UniArc.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\UnLZX.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\UnStored.ppl scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\andy\LOCALS~1\Temp\jkos-andy\binaries\WDiskIO.ppl scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_58c.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your FIREWALL or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. ---------- Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them. Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks for all the help, Kevin. That was quite a process but i think everything is running okay. I do continue to have a solid white background on my desktop despite changing the picture via control panel> display> background tab. Don't know what that is all about. Try this. Fixing a Locked Desktop
Run a new HijackThis scan and post the log if that doesn't work.Dang you're good! That FIXED it. I now have the background I have chosen. Thanks again.No problem. Glad it worked.I know this wasn't for me but have FOLLOWED the thread - am well impressed with the degree of help - quite awesome. Kudos to evil. |
|
| 3027. |
Solve : So it seems like my computer is running too muh....? |
|
Answer» So I have cleaned it out f any viruses/syware/malware, but I looked at performane in task manager, and this is what it says for physical memory: Total: 1917That seems very odd.... How much RAM do you have?Ive got 2 GB of ramIt's perfectly normal. This is how MINE looks: Explanation: http://articles.techrepublic.com.com/5100-10878_11-6162525.html Quote Total entry shows the amount of RAM installed in the system.so then im fine? thank you broni! as usual lolYou're perfectly fine |
|
| 3028. |
Solve : Super Winspy? |
|
Answer» I'm a mother of five kids, including four boys. The OLDEST two are teenagers. I'd like to monitor their computer usage more closely. I've RUN across a program called Super Winspy that claims to allow me to CHECK everything they do on the computer. Is this a safe program to use?Never heard of it, freeware, less than 1MB. Not SURE if it's safe or not but I think you could give it a try. |
|
| 3029. |
Solve : system aministrator?(Need Help)? |
|
Answer» Ok I got a problem every time LIKE I want to go CHANGE like my PERSONAL setting s on my computer a little bar comes up on the left top corner it says restrictions and a big x and inside the box it say (This OPERATION has been cancelled due to restrictions in effect on this computer. Please contact you system administrator.) Can someone like tell what SHELL I do thanks.Click below... |
|
| 3030. |
Solve : backdoor.trojan? |
|
Answer» So I recently came under ATTACK from a backdoor.trojan, and had to pay the COMPANY that runs my antivirus program (Symantec) $100 to fix it. (Maybe to some this might not seem like much, but I'm still a student, without a job) I'm not really sure how I got it, but I have a strong suspicion it might be from downloading a video file, but I'm not sure. To tell the truth, I use bittorrent, and it's from this that I think I might have gotten it. But to be sure, is it actually possible to get this virus from downloading files? If not, then how exactly does it get onto a computer? Also, I read some articles about how it gives the attacker access to your computer, but what I want to know is how exactly does it work, is it only when your computer is on that the attacker is able to look through your private files, history, etc. or is it once you have the virus, does it make a copy of all the things on your computer for the attacker to look through? Lastly, was there some easier/cheaper way to take care of it? I was talking to a live assistant over at Symantec, and they just said the best option is to let them take care of it since they have to deal with the computer's registry keys or something, but that could've been just a ploy to make money. I'm really not computer-literate, if you haven't guess already, so your help would be appreciated, especially if it's not too cluttered with technical jargon. Quote is it actually possible to get this virus from downloading files?Yes. It's one of the most common ways of getting infected. Whenever you download any file of questionable source, it has to be scanned with your antivirus, before you do anything else with that file. More info: So how did I get infected in the first place?: http://www.castlecops.com/postlite7736-.html Quote Lastly, was there some easier/cheaper way to take care of it?Absolutely. If you came to our forum while infected, we'd fix your computer for free. Welcome aboard Torrents are the new Malware! I understand that money may be tight but downloading copywrite protected material is illegal. Free in many instances comes at a price. Many torrents will install malware designed to steal your banking and private information, software license keys (including Windows) and some just go for plain old PC destruction. I could go on, but I think you get the point. Symantec (or any live help) have to charge to keep the bottom line alive. There are many free replacements out there that actually do a superior job to the paid products. If you do get a virus/trojan then start HERE and we can help you get cleaned up. Check out these two articles. If you have any questions feel free to ask. So how did I get infected in the first place? by Tony Klien. How to prevent Malware by Miekiemoes.Quote Torrents are the new Malware! I understand that money may be tight but downloading copywrite protected material is illegal.I'll have to disagree. 1. "Torrents are the new Malware" is a misleading statement, because torrent itself is a small harmless file, UNLESS it leads to a download, which contain malware. I've been using torrents for a long time, and never got infected. There are many aspects of using internet, which are dangerous, but if you play safe, you'll stay safe. A torrent, definitely cannot be defined as a malware. It would be the same to call an email a malware, because it happened to include infected attachment. 2. Using torrents doesn't mean, someone is automatically breaking a law by downloading copyrighted material. Torrents can be used to download legal material as well. We're not gonna ban email, because some people are sending copyrighted, or terrorist materials through it. Nobody is guilty, until proven to be. Quote Nobody is guilty, until proven to be. Which is the reason so many people don't care what they download. Save the innocent speech for someone else. My response is justified. Quote I'm not really sure how I got it, but I have a strong suspicion it might be from downloading a video file, but I'm not sure. To tell the truth, I use bittorrentI'm sorry. Maybe it's late, but I'm not getting your point....OK, many torrents are malicious, just like many email attachments and codecs are malicious. Illegal is illegal if it is copywrited. Torrents are the new malware (Malicious Software) is something that I feel strongly about. They are used to distribute virus/trojans to the unsuspecting user. When someone says I think it was from a torrent then it most likely was. Even "safe" clients can be exploited. ADVISORY: Malicious torrent files can execute arbitrary CODE in Opera Stop Downloading Fakes and Junk From BitTorrent Dodgy torrent - beware |
|
| 3032. |
Solve : Korean Attack | Spy-/Ad-ware? |
|
Answer» WELL my other pc SOMETIMES get a grey BOX with chinese or japanise TEXT, Does anyone know what it is ? Click below...Quote chinese or japanise textThen what's with KOREAN? |
|
| 3033. |
Solve : Infection, desktop background unavailable? |
|
Answer» Hi, |
|
| 3034. |
Solve : Possible Nasty from Hijack this decoder.? |
|
Answer» I have been going to this site to check my Hijack this loggs, http://www.hijackthis.de/ . They say I have possible Nastys, Could you guys be so kind to check this out? Hijack this logg.....Logfile of Trend Micro HijackThis v2.0.2 |
|
| 3035. |
Solve : What is the significance of a "warning"? |
|
Answer» I have just done a full system scan with Avira Antivirus. The only item LISTED is a "warning' and it specifically is "G:\pagefile.sys" . The reference of the scan to it is "could not scan FILE". I do understand the literal statement--but what is it's significance? thank you, truenorth |
|
| 3036. |
Solve : I think I have a Keylogger? |
|
Answer» Hey guys I joined here hoping to get some help as I think my computer is infected with a Keylogger. I have followed all of the steps in the "Read this before requesting malware removal help" thread. Thanks My logs are as follows: I was suspicious as my account on an online game was locked as they believed that someone knew my password.It doesn't mean someone does know your password. You could have logged on at once place and maybe logged on at another computer right afterwards. This may have been detected as SIMULTANEOUS log in which may AROUSE suspicion. I suggest changing your password at least once every month.Quote It doesn't mean someone does know your password. I agree. Since SUPERAntiSpyware didn't turn up anything then I would think you are safe. Here is a program to help monitor suspicious activities and a great addition to any PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Using Winpatrol to protect your computer from malicious software --------- Then some final cleanup steps. Use the Secunia Software Inspector to check for out of date software.
So how did I get infected in the first place? by TONY Klien. How to prevent Malware by Miekiemoes.Nice read(s), Evilfantasy Thanks Evilfantasy. I can honestly say that I wish I had half the knowledge of computers you do Heh, a LOT of it is first HAND experience..... |
|
| 3037. |
Solve : what can viruses do?? |
|
Answer» can virsues copies DIRECTORIES from PLACES to other places on the same pc?Depends what is COPIED. Why? Do you suspect a virus?*.tif FILES....!Viruses can ruin your entire life. You're a man of a few WORDS, aren't you, Hi? |
|
| 3038. |
Solve : Computer full of crap? |
|
Answer» Sup. My IE likes to freeze alot, and so many of my programs, so I THINK may have alot of crap on my computer. Recently I ACCIDENTALLY installed some spyware while searching for video codecs and I'm getting alot of popup boxes with "Your cpomputer is infected with dangerous virus" messages and many IE links forward to a malware scanner site. Ran both AVG and SUPERantispyware programs. I hear complaints about the avg 8If AVG installed, and works fine, no reason to touch it. |
|
| 3039. |
Solve : What causes the spread of the ctfomon [ forgot the spelling ] virus?? |
|
Answer» I'm looking through the forum and see a lot of people that EITHER have the problem or had it [ I'm even a VICTIM myself ]. |
|
| 3040. |
Solve : Shared documents ate its self...? |
|
Answer» It all started yesterday while I wasn't around, so I don't know if I'm getting the full story, but oh well. |
|
| 3041. |
Solve : Nothing seems to work? |
|
Answer» Hi there, |
|
| 3042. |
Solve : Unknown virus removal/recommended non-lagging virus protection? |
|
Answer» Well, here it is |
|
| 3043. |
Solve : Bugs eating background, background changed to blue with spyware warning ...? |
| Answer» THANKS and GOOD LUCK!!!! | |
| 3044. |
Solve : Avira antivirus software? |
|
Answer» Greetings,Recently uninstalled AVG 8.01,Had some problems with Avast. Anyone tried and have opinions on "AVIRA" Thank you,truenorthAvira is a very good AV and I have heard it has made some good improvements recently. Many swear by it.With reference to Avira--while i am far from an expert on it and due to only very recently have installed it i cannot with credibility comment on it's efficacy. I will say the following;when you download the file you automatically get a licence key that is generated without your input. However it may be your experience (as it was mine) that the key installed is already out of date (mine was for May 31st and i didn't download the program until June 2ND).The result of this is that you will not be able to "update" the virus definitions. Without a valid key you cannot interact with their site. In ORDER to find out how to get a valid key i found it NECESSARY to join the forum for Avira. It TOOK a bit of back and forthing before that issue got solved. All this to say it looks like a good program but if you try to get it on your computer it may take a bit of EFFORT. truenorth |
|
| 3045. |
Solve : Illusory and Hidden folders out of the blue plz help? |
|
Answer» I wrote this post in the wrong section... So I post it again; i ve got a virus from a flash memory Download Flash_Disinfector.exe by sUBs and save it to your desktop:
I did run some scans but it's said my computer is secure!? yet these empty and system folders are everywhere. Concerning the Flash_Disinfector.exe, is it compatible with Vista? coz when to install, it's said it's unknown publisher and it may cause harm to the computer... SHALL I run it anyway? Thanks again I am much obliged You will get that warning from a lot of programs that aren't Microsoft approved. It is a reliable program. That said nothing we suggest can be used against us But I have used it myself and suggested it's use many times with no bad results. |
|
| 3046. |
Solve : Stuck with CoolWebSearch virus and it pieces? |
|
Answer» File 1
. The above procedure will:
--------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Using Winpatrol to protect your computer from malicious software Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. Using SpywareBlaster to protect your computer from Spyware and Malware Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! |
|
| 3047. |
Solve : Rundll system error system32/rhdfmahd.dll (please help)? |
|
Answer» Go Start>Run, type in: |
|
| 3048. |
Solve : deleting WgaTray.exe? |
|
Answer» I have XP Pro. I did a google on WgaTray.exe and The Inquirer came up, with directions on how to delete it permanently, but I wondered if you have an easier way? wgatray.exe is a process which belongs to the Microsoft Windows Operating System and provides a notification system for Windows Genuine Advantage product validation software. This program is a non-essential process, but should not be terminated unless SUSPECTED to be causing problems. How to disable Microsofts new Anti-Piracy Program UpdateAs they say I'm counterfeit anyway, I was just tired of it wasting CPU. It's all the memory usage going out THRU svchosts I need to concentrate on. Thank you for saving me from further complicating myself! [recovering space - attachment deleted by admin]Try this > http://www.mlin.net/StartupCPL.shtmlThanks, evilfantasy. I feel guilty downloading stuff and GETTING info from ppl when I'm too broke to donate for all they've done. |
|
| 3049. |
Solve : Unknown applications evil?? |
|
Answer» I have XP Pro, with BITDEFENDER. In BD Firewall section, in the traffic list, I see some applications with no names, some of them with tcp, some udp protocol, all say "any" under source address, source PORT, and destination address, destination ports are: 135(I read that's never good), 386, or 88. No path listed on any. I also have some of the anonymous app's that do have a destination port OR source port. Are these evil? PC issues causing me to study all I can. Nearest computer class is about 50 miles away. [recovering space - attachment DELETED by admin] |
|
| 3050. |
Solve : Screensaver Virus with Bugs Maybe Others? |
|
Answer» Screensaver shows bugs eatign a retarded jpg file that the desktop pic was change into saying I (friends pc) had spyware. Which ironically is true lol..
Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop. Run ViewpointKiller, and select File > Do All Killings Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with. ---------- Open Hijackthis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) - 020 - Winlogon Notify: vtUolMEu - vtUolMEu.dll (file missing) Important: Close all windows except for Hijackthis and then click Fix checked. Exit Hijackthis. ---------- Run CCleaner. How is everything now?Will be back at pc (belongs to a friend) and will continue with your last advice in about 24hours from this post. <3 thx for everything up til nowAm using a different login user this time. here is a HJT log after I removed the 2 files you advised, and am about to run Superanti again for a quick search on this alt user. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:16:25 PM, on 6/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128MGUS O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Haley\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174761884390 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174763175624 O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- End of file - 9309 bytes Open Hijackthis and select Do a system scan only. Place a check mark next to the following entries: (if there) - R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) - O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto - O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128MGUS Important: Close all windows except for Hijackthis and then click Fix checked. Exit Hijackthis. ---------- Create An Uninstall List
NEW HJT LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:55:37 PM, on 6/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Haley') O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Haley') O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Haley') O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [A00F5467D96.exe] C:\DOCUME~1\Haley\LOCALS~1\Temp\_A00F5467D96.exe (User 'Haley') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - S-1-5-21-1645522239-162531612-725345543-1010 Startup: IMVU.lnk = C:\Documents and Settings\Haley\My Documents\IMVU\IMVUClient.exe (User 'Haley') O4 - S-1-5-21-1645522239-162531612-725345543-1010 User Startup: IMVU.lnk = C:\Documents and Settings\Haley\My Documents\IMVU\IMVUClient.exe (User 'Haley') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Haley\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174761884390 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174763175624 O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- End of file - 9737 bytes I was needing an uninstall list. Create An Uninstall List
|
|
