InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 3401. |
Solve : NEEEED HEELP PLEEASE!!!!? |
|
Answer» I am running windows XP and I have a virus but I don't know how to fix it. When I go to boot it it will go to the Windows XP loading screen and then the screen goes blank and it's almost like it goes into standby mode. I can't get the screen to come back on or ANYTHING without shutting it off with the power BUTTON. I have already done a SYSTEM recovery and when I was all done with it it did the same exact thing. Please tell me how to fix this somebody!!!! Thanks!tdelong08...... I am running windows XP and I have a virus but I don't know how to fix it.You know because ................... ? Do you have a anti virus running ? You should NEVER use system restore to fix this sort of issue ...if thats the problem. dl65 Virus near the bottom of the LIST of possibilities.have you tried making sure your video card is in all the way? and the computer is clear of dust unlovedwarrior |
|
| 3402. |
Solve : Is this virus real?? |
|
Answer» I just got this email from a family member, and i cant tell if this is b.s. or not. ANYONE heard anything about this? so there might be a virus attached to the e-mail warning me about viruses from emails? d**n i hate computers. It's hardly the computer's fault. Quote so i guess its a good thing i opened it from my work computer. It would not be if it were an infected file AND they did not have the means to protect their system. |
|
| 3403. |
Solve : Fun with trojans...? |
|
Answer» Thanks a lot for your help, both of you! I really appreciate it. And thanks for the links. I'll be sure to take the time to read EVERYTHING and soak it all up. I'll also definitely keep AVG. It's a bit more user-friendly than McAfee and seems to do a better job of finding malware. |
|
| 3404. |
Solve : More spyware/adware etc.? |
|
Answer» So prety much i accidently clicked on some link and i pick up some spyware or addware or whatever. Its just a little thing in the corner of my screen saying "system alert! You need to PURCHASE some software" ... i Think its called like Active X torjan or something.. Sorry but i deleted them all so i cant remember what they were...but i remember the second i got it and it was when i was on Utorrent...i click some link accidently and some weird website open... Clicking is never an accident. You have to aim the mouse and press the button. Just for grins, download update and run Spybot and CCleaner in SAFE MODE with SYSTEM RESTORE TURNED off. |
|
| 3405. |
Solve : Incredimail install - installed itself? |
|
Answer» OS is Win98SE This may not answer every question you may have, but I hope you find it useful...I Googled it and found the following for complete removal. You Googled Incredimail? Quote IncrediMail does not provide this info in their Support section: You misunderstand. The link you provided is about uninstalling Incredimail. Incredimail is not installed. Quote The above link also refers to a Microsoft KnowledgeBase document: This page looks to be the same. The keys there are not the same as the ones I mentioned. Thanks anyway. Quote You Googled Incredimail? Nope...I Googled "Completely Remove IncrediMail", because I've run across this sort of problem before on someone else's computer. I know you stated IncrediMail is not installed, but it seems the Installer wants to run every time you boot. IncrediMail's support page will only tell you how to uninstall it using Control Panel, but doesn't assist with the issue you seem to be experiencing. Sorry I couldn't help. Good luck!I suggest you follow your 4) above. Also check msconfig for the starup entry.1) Delete the install files you found. 2) Delete the reg entries you listed. 3) Restart regedit (not the machine) and type incredimail in the search field...F3 takes you to the next listing until you reach the end of the registry.Delete any other incredimail keys that are found. Re-boot and run CCleaner and you should be good to GO...Quote from: Saviour on April 10, 2007, 02:01:52 PM QuoteYou Googled Incredimail? This is not Incredimail. It is an installer for Incredimail. Quote because I've run across this sort of problem before on someone else's computer. You have? Great! But.... you forgot to describe what you did to fix it. ....or, you couldn't fix it? .... or.... what? Quote I know you stated IncrediMail is not installed, Right. Quote but it seems the Installer wants to run every time you boot. Right. Quote IncrediMail's support page will only tell you how to uninstall it using Control Panel, but doesn't assist with the issue you seem to be experiencing. Right. Quote Sorry I couldn't help. Good luck! Ok. Thanks for wishing me luck. Quote from: 2k_dummy on April 10, 2007, 03:55:47 PM I suggest you follow your 4) above. I see another post that says the same thing. That's two positive votes for that method. I needed some reassurance that I was on the right track, before I did any deleting in the registry. Thanks. Quote Also check msconfig for the starup entry. Did that first. Forgot to mention it. Sorry. Quote from: WillyW on April 11, 2007, 10:50:45 AM Quote from: Saviour on April 10, 2007, 02:01:52 PMQuoteYou Googled Incredimail? WillyW, To be perfectly honest...it was a while ago, when I happened upon this problem so, I can't remember in detail what it was I did (at that time) to remove it. One thing I am SURE of is that you will need to edit the registry in order to fix this problem and you have received a couple of replies recommending this relative to your initial post. I realize IncrediMail is not installed and that it is the "Installer" that continually wants to run. One thing I will recommend, though...it is called Process Scanner and you can use it to scan your PC for processes that should or should not be running on your PC. I find it to be a very useful tool and you can obtain more information about it at the following URL: http://www.processlibrary.com/ Additional links: About Process Library Process Scanner I hope you find the above information helpful and find a solution to removing the IncrediMail Installer from this computer.Quote from: patio on April 11, 2007, 03:20:51 AM 1) Delete the install files you found. Done. Quote 2) Delete the reg entries you listed. Done Quote 3) Restart regedit (not the machine) and type incredimail in the search field...F3 takes you to the next listing until you reach the end of the registry.Delete any other incredimail keys that are found. [That's how I found them the first time. Therefore, at that time, what I posted was all of them. ] Exited Regedit. Ran Rededit, searched, found none. Done. Quote Re-boot and run CCleaner and you should be good to go... Machine rebooted fine. CCleaner - 'issues' search, right? - found a few things. Some had nothing to do with this topic. Found one that did. "obsolete software key" "ImInstaller" Found it with Regedit and deleted it too. Rebooted. Ran CCleaner again, and searched with Regedit again. Found nothing that looked like it had to do with this. For now, I think it is good. You think? Patio and 2k_dummy: Thanks for your on target instructions on solving this issue. Quote from: Saviour on April 11, 2007, 11:19:37 AM
Ok. Makes sense. Quote I realize IncrediMail is not installed and that it is the "Installer" that continually wants to run. ? You did? Naturally, I had concluded that you were confused. Why you would direct me to things that are not the problem that I described then, if it was not in error .... I don't know now. It is a tad bit obfuscating. No matter now though. Thanks for trying, I guess. Quote I hope you find the above information helpful and find a solution to removing the IncrediMail Installer from this computer. Yep - I think I got some good advice. |
|
| 3406. |
Solve : I dont know if this is a virus..? |
|
Answer» I constantly get disk cleanup MESSAGES saying my hard drive is full, and whenever I get this, I can't STREAM media, and it gets really annoying because this happens about 10 times a day. I have plenty of space on my hard drive though, so my hard drive is never full, but the messages keep coming up. Anyone know what's WRONG?can we get more info on your computer os when did this start HAPPENING what changes have you made hardware software or none what protections do you have anti-virus anti- spyware etc I have AVG, but that program is useless because it never detects any viruses. But i don't even know if this is a virus yet. This in no way determines that AVG is useless... When is the last time you ran disk cleanup, defrag and dskchk on that drive ? ? Post the HDD size and amount of free space as Explorer sees it.Too many theories, so few facts. |
|
| 3407. |
Solve : ISU bloack URL? |
|
Answer» I facing problem while accessing certain website.the web page redirect to this page: Sounds to me like something my schools filters would say when trying to access a blocked site...Same here, which is why I asked if they owned the machine and were the admin.it seems is malware.. juz now dl avg ..n scan found a lots of malware...after clean ..it solve the problemQuote it seems is malware.. That's good. I'm glad you fixed your computer. Although now if I ever get a virus or suspect of one, i'd be in Safe Mode by now and scanning...Same here, glad you're fixed up and thanks for posting back. As suggested, it may be an idea to run the scans again in Safe Mode, just to be sure. Follow this guide to help you clean any remnants. |
|
| 3408. |
Solve : vbs/psyme? |
|
Answer» WOW............i really have no idea what a hijack log is or how u guys run it or whatever but some help gettin RID of this virus/trojan would be awesome also have eploit anlfile.c...and another EXPLOIT bo.jen...........awesome stuff......................HELPWe are gonna NEED a lot more info on your system, OS what happened prior to this and SPECIFIC error messages before we can assist... There are no generic fixes. |
|
| 3409. |
Solve : Hmmm...AOL spyware...sorta.? |
|
Answer» Well, I have this free firewall called 'Comodo', it's won countless awards from a magazine called "PC World"...anyway, I have AIM installed on my computer. |
|
| 3410. |
Solve : Desktop Icons not responding? |
|
Answer» Hi. I'm running Windows ME on a PC. Yesterday after the regular AVG Free scan on start up which revealed nothing, I went to connect to broadband using the desktop icon and the result was all the icons disappeared and the screen background went white. Clicking on any icon produces the same effect. |
|
| 3411. |
Solve : Cannot Connect to Internet or Restart Comp!? |
|
Answer» I accidentally clicked a bad link and it infected my computer. I can't restore, internet does not work, and it does not RESTART. Here are the logs. Please help me! |
|
| 3412. |
Solve : How to Disable Norton?? |
|
Answer» Ok, I had some problems with my Norton and after reading some, I have now downloaded the AVG and the Avast antivirus programs. Now when I restart my computer it says that the Avast cannot run because Norton is still running... How in the heck do you disable Norton!?!?Make sure you uninstall it COMPLETELY, and if that doesn't work, go here: http://service1.symantec.com/support/tsgeninfo.nsf/docid/2005033108162039?Open&docid=2004030411260104 DLoad the tool below...Do I have to uninstall it? I wanted to keep it just in case.... just disable it. And if I uninstall it, can I get it back from my recovery disks?An uninstall would be preferable, and the program may still not install if it is only disabled. You would also have to disable it EVERY time the machine is started. If you have only "restore disks" from your computer maker I doubt you can get Norton back without a complete system restoration if it is unistalled.Quote Do I have to uninstall it? I wanted to keep it just in case.... just disable it. And if I uninstall it, can I get it back from my recovery disks? If you have AVG there is no need for Norton...kiss it goodbye and don't look back.Uhhh...Right click on the bottom right icon on Norton and click on the thing that says 'Disable active protection' or something or other....I don't have Norton any more, thank god. =]We just love specific information like this.Thanks all for your help. I uninstalled the Norton, and wow! Noone mentioned that it would actually speed up my computer! I love this site and all the great help! Yeah, the Norton VIRUS is a big memory hog. I could list grievances for hours.Yes indeed. Norton is known to be eat up resources. Now you have removed it you should consider carefully the full range of protection. What follows assumes you don't have a hardware router/firewall/NAT. First ... Quote I have now downloaded the AVG and the Avast antivirus programsMake sure you only have ONE antivirus and ONE firewall operating at any one time otherwise you will likely get conflicts and problems. Here are a couple of excellent guides to reliable, free protection. There is a little duplication but both are well worth reading ..... http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html Safe surfing. OJQuote Thanks all for your help. I uninstalled the Norton, and wow! Noone mentioned that it would actually speed up my computer! I love this site and all the great help! I do this intentionally....makes it like Christmas ! !LOL! Really kinda was! |
|
| 3413. |
Solve : Whats the best anti-spyware? (freeware)? |
|
Answer» Quote from: fullbug on April 09, 2007, 01:24:48 PM Quote from: soybean on April 09, 2007, 01:02:44 PMI don't know about you, but I'd say that's a pretty big indicator that it doesn't do a good job.Quote from: CBMatt on April 10, 2007, 03:26:14 AMI can't recommend Windows Defender and I know you won't find much encouragement in this forum to use it. .I use Windows Defender and I honestly cant tell if it does a good job or not, when I scan it never finds anything, I would think that would be good but when I run AVG, ect. it always finds quite a few things..... Yeah, I just got rid of it, if this forum doesnt endorse it its gotta suck....Quote from: Jonas Wauters on April 10, 2007, 02:57:52 AM Yes I know that's the problem. Actually AVG AntiSpyware will automatically get updates for 30 DAYS. After that the user must get the updates manually. Unless SCANS are scheduled, they must manually be run on demand. I also update and run SPYBOT and Ad-Aware weekly and neither has found anything in months. Does this mean they don't work or am I just incredibly well protected? As for Windows Defender, I still update and run weekly. Microsoft has acknowledged that it is a piece of garbage and independent testing has proved it but I'm keeping for now just to be ready for when they get their act together. Quote from: Sidewinder on April 10, 2007, 05:58:18 AM As for Windows Defender, I still update and run weekly. Microsoft has acknowledged that it is a piece of garbage.They did? That surprises me, Microsoft rarely admits anything unless it has to....The info on AVG is inaccurate...i run the AVG Free virus program and it gets updates at 4:00 AM and does a complete scan at 5:00 AM. No user intervention is required at all. Their other product which is called AVG Anti-Spyware(formerly Ewido ) is also free and will update itself as well... After 30 days the "live" scanner which runs in the background expires but the program itself remains fully functional and is a solid ADDITION to the AVG Free program. Hope this clarifies things... |
|
| 3414. |
Solve : Frigin Stupid annoying smitfraud-c thing!!!!? |
|
Answer» (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
## 6. 1.Download DAFT from the link below and save it to your desktop …. http://techsupportforum.com/Deckard/daft.exe 2.Double-click the daft.exe icon. Read the disclaimer and click okay. 3.Click on the Scan button. Hopefully you get the message back that all your files associations are OK. If not .. post the results back here for fixing. ****************** ## 7. Lastly … your security. I remarked that I didn’t think Norton Internet Security (NIS) was robust enough for your system. You replied that you had spyware doctor, AVG and Spybot. You must be clear here …it is VITAL that you have up to date antivirus and a firewall on this system. From your logs it seems you are using NIS for this and the other programs to help protect you from other malware. I strongly recommend that you download a different antivirus & firewall. I would suggest AVG Free antivirus (in addition to AVG Anti Spyware) and Zone Alarm or Sygate firewall. Once downloaded you should install them both then IMMEDIATELY disable NIS at that point. To remove NIS from your system completely use this tool … http://service1.symantec.com/support/tsgeninfo.nsf/docid/2005033108162039?OpenDocument&seg=hm&lg=en&ct=us You should also read through these tutorials to help you with other protection …. http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html There is a little duplication but these tutorials are both well worth reading. ****************** When you have done all I advise please post a final HijackThis log and another update on how your computer is working now. Please also let us know what happened when you used the DAFT tool. OJ PS Like you I don't know what the "karma" note is below our avatars. Also I see I am described as a "beginner". Hmm.....ok sry. i havent really had tome to do the things you told me to i was too busy doing projects ok. ill so those things soon and post a new hjt log. sry about the inactivity... |
|
| 3415. |
Solve : i need help with this message... what does it mean?? |
|
Answer» ok basically i'm getting this message everytime i get on my computer...it appears when i log on... here it is I have got the same message. So I went to a DLL download site or two - no trace of this HHCTRL.OCX one. This must be caused by an update (I think) and how can you contact your supplier when you haven't an idea of what the HHCTRL.OCX thing refers too??? I am not very great at this sort of PC stuff...but will try to find out more... See the post above yours for the fix...o i see...you're RIGHT, thank you cuz i wouldn't of figured that |
|
| 3416. |
Solve : MCAfee and Advanced Spy? |
|
Answer» I PURCHASED Advanced SPY www.advancedspy.net after reading all the great reviews and wonders about the program. Well, the program is great, however, Mcafee Anti virus detects it. Support recommend put this into exception LIST. But i don't know where it. Any suggestions?Hi theone |
|
| 3417. |
Solve : dllhost.exe? |
|
Answer» I've heard various things about dllhost.exe and it's causing me a bit of confusion. Basically, I want to know if it's a concern at all because I'd hate to have this on my computer if it's actually a virus or spyware of some sort. It's never come up in my virus scans as malware, but I'd still appreciate knowing if there's any threat or if there are any signs to look for or anything. dllhost.exe is a process belonging to Microsoft Windows Operating System. The dllhost.exe file manages DLL based applications. This program is important for the stable and secure running of your computer and should not be terminated.So it sounds like it's not a virus. Do you have problems running games? As for your other problem, read this. It may enlighten you a little as to what the process is and why it's there. Hope this helps.Hi CBMatt, Calum CBMatt ... like Calum says the dllhost.exe is VITAL to the sucessful operation of your system. Don't disturb it. The other file ~f39a36.tmp is nothing to worry about and is only temporary in nature. I agree it will most likely run when you load something like Black & White. However, if you want to make sure all temporary FILES etc. are removed, or you just want to give your computer a good "spring clean", use AVG AntiSpyware for free. Download Ewido/AVG Anti Spyware from here …. http://www.ewido.net/en/ It has a fully working 30 day trial period. Install it and update it to the latest definitions. Do NOT use it yet. Now boot to safe mode. Here’s a “how to” if you’re not sure .. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 When in safe mode run a full system scan with AVGAS and let it fix what it wants to. [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time]. Calum ... that link you posted to daemon-tools.cc .... that site is coming up rather dubious. Site Advisor tells me that "Feedback from credible users suggests that downloads on this site may contain what some people would consider adware, spyware, or other unwanted programs" so be careful if you decide to d/l anything from there. I wouldn't. OJOr use CCleaner to clean your temp files. Use this guide to set it before use. Just make sure that you set it not to clean any COOKIES that you want to keep, or you'll have to log into any sites that you log into, like this one, again. The link I posted suggests that the temp file will run under certain circumstances, like when you attempt to run certain copy protected games under a virtual CD drive. And I didn't know it was dodgy, sorry. I wasn't going to download anything from it, but anyone thinking of it, take note. I don't have SiteAdvisor as the one time I tried to use it it crashed my Firefox. I'm careful anyway so I don't see a need for it (for me). Anyway, looking at the SiteAdvisor report, all the downloads submitted came p clean according to McAfee. So it doesn't seem to me that it's a problem anyway.Thanks, guys. The file's been on my computer for awhile, I believe, and I figured it was safe, but a few people on various sites had said otherwise, so I just wanted to make sure (I've been pretty cautious about malware lately). And to me, this is the most OBVIOUS PLACE to ask. As for the other file...since posting, I've completely uninstalled Black & White. I accidentally did irreversable damage to my savegame file thanks to a very poorly-coded utility program. The whole thing was giving me a headache, so I just got rid of the darn game. Since then, that file hasn't shown up, so I have to assume it went along with the game. Just to be safe, I deleted the temp file and did a scan with AVG. I think I'm in the clear. Thanks for the insight!Quote And I didn't know it was dodgy, sorry.No need to apologise for anything. I was just highlighting something Site Advisor told me, that's all. Glad it's all OK with you, CBMatt. You can still use AVG Anti Spyware anyway. It's an excellent free scanner/cleaner. Ccleaner is good too but AVG AS scans deeper. |
|
| 3418. |
Solve : I think im infected? |
|
Answer» As soybean indicates there is nothing wrong with iexplore.exe. BC's startup programs database simply indicates programs that (as BC remarks) "... should not appear in Msconfig/Startup unless you add [them] manually!". They are not necessarily bad.
If this doesn't fix things post a fresh HJT log in full startup mode and give us an update on what's still not right. OJthank you for the great response guys, looks like ive got some work to do. Ill post back when i've tried some of those things.oh and patio- no, i dont need both Norton and AVG. In fact, i didnt know Norton was still running. I thought i took it off but aparantly it's not that easy.http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039 removal toolDLoad the tool below... Norton Removal Tool Do not run it yet. 1) DLoad and install ERUNT and have it make a backup of your registry... 2) Use Add Remove Programs first and un-install Norton... 3) From Windows Explorer search for any folders named Norton and Symantec and delete them... 4) Open regedit and type Norton in the search bar. Delete all entries it finds. F3 takes you to the next instance of Norton. Continue til you have reached the end of the registry... 5) Repeat the above process using Symantec instead in the search field. Delete any Symantec keys it finds... 6) Now run the Norton Removal tool you DLoaded... 7) Empty the recycle bin... Go to My Computer and right clik the C: drive and select Properties and run disk cleanup... 9) Re-boot and run disk defrag.... There you're done ! patio. For anyone who may be interested this is another good source of information on startup programs ... http://www.sysinfo.org/startuplist.php OJi ran the bootup with all files allowed to ron from msconfig. should i run it like that all the time? cuz theres certain programs like quiktime and stuff that i would rather not have at startup. Anyway, here is the HJT after that and all of the other suggestions Logfile of HijackThis v1.99.1 Scan saved at 9:34:47 AM, on 4/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\User\Desktop\Bacteria\Protections\medmanHijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://crossfit.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138591397\ee\AOLSoftware.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Canon CAMERA Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe I'm not an experienced HijackThis analyzer but, while looking at some of your log, this item seems to be a suspicious one: yt.dllvirustotal came up with no threats on dllhost.exe heres the link to it, i tried to post a pic but it didnt go thru..whatever: http://www.virustotal.com/vt/en/resultadof?44ceb017762f293cc4bc301d1c7dab47As to the startup items you can DLoad a great little app from Mike Lin called Startup CPL which resides in the Control Panel... Gives you full control on what loads up and what doesn't.Log is much improved. That yt.dll is OK. It's part of the Yahoo! Companion and I see that the dllhost.exe file came up clean at Virustotal. Just one thing in the log. Open HJT and fix this one ... O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Now run a system search and find the file(s) ... ALCMTR.EXE. Delete it/them. Empty your recycle bin. Make sure your java, antivirus, firewall and other protection programs stay fully up to date. How is you computer operating now? Can Adaware now full scan? Note that there is currently an issue with Adaware. It won't always update properly. If you experience this problem just bear with it and keep trying the update. Also keep looking at comments on the Lavasoft site & forums on that. They are hoping to clear it up soon. OJ well the messages about FAT32 and such have left, norton is officiall gone, and my java software has now been updated. Things seem to be going a bit better, however Adaware SE still isnt running properly but ill check in with their website about those problems. Also, internet has been running waaayyyy slow after all of this. I use Opera mostly but have Firefox as well and they both are slowing down. I dunno if theres any suggestions about that, but either way, thank you all for the huge help with this.This can also relate to your internet connection...what type of service do you have ? ?Ive got comcast cable. THe problem seems to come and go. I thought it might have a little to do with the fact that i just cleared ALL of my cache, but i didnt think it would effect it this much. SOmetimes my Opera browser even "encounters an error" and must close. Firefox has never done that yet. Today, however, seems to be running fine right now (im on Opera).it could just be your provider is having problems or the stregnthen of the connection is getting weaker because you might be using it during the peak hours ... when does this happen? |
|
| 3419. |
Solve : Unable to virus scan....Pls HELP!!!!!? |
|
Answer» Oh, one more question. At the moment on my computer I have various security running (as per your instructions). Do I need to turn any of these off? |
|
| 3420. |
Solve : firewall has been turned off? |
|
Answer» I have a desktop computer running XP home service pack 2. I have just switched over to an adsl line with always on internet connection. |
|
| 3421. |
Solve : Norton Vs Free Software?? |
|
Answer» Hey guys, Hey guys, hi i use avg i was WORKING on reformating a pre sp2 computer w/ dail up on friday and they only had the macfee that came with AOL. 63 updates before sp2 then 100 + after all = fun for me thankfully i had my computer hooked up the other monitor unlovedwarriorI have tried Norton, AVG , and Avast I love Avast because its very light on resources and provides an excelent resident shield: myavast.110mb.com And as far as free goes you should add these to your package as well Spybot AdAware AVG Anti-Spyware (formerly Ewido ). I'm CURRENTLY testing jetico....a free firewall and will be posting a review here shortly.Avesta and AVG free dont alway protect you to be safe use both of them but let one of them auto protectI personally don't think it's necessary nor advisable to be running two (or more) different anti-virus scanners on one computer.I agree...one or the other.I urge you to try AVG Anti-Virus Free Edition 7.5. Not only is it absolutely free, but it does a much better job than Norton, in my opinion. I dropped Norton last year because my budget couldn't stand the $39.95 subscription fee. AVG runs like a dream and automatically updates itself on a daily basis. My system runs much smoother now because AVG REQUIRES much less space than Norton. Give it a try at the following link... jandal |
|
| 3422. |
Solve : More Ad-Aware agro!? |
|
Answer» ALTHOUGH I still can't update Ad-Aware by clicking on update in the program (It just brings up "Error updating") last time I was able to do it manually thanks to help given on this site. I have just tried to install the latest update, but now it asks me for a password (which I do not have) before it will unzip into the Ad-Aware program. I have REREAD the instructions, but as far as I can see am following them to the letter! Any suggestions please?My immediate suggestion is only the obvious one, I'm afraid .... you should try completely UNinstalling the program, reboot your PC then download/install a fresh copy. Hope this works but, if not, other suggestions will follow. If not from me then from other members. OJThanks Oddjob. I have tried this before, but will give it another try.It seems I am not the only one having problems with Ad-Aware. I found (eventually) the below on the Lavasoft site. I am taking the easy option and depending on SpyBot and A-Squared to find what Ad-Aware would have, and start reusing it again when they sort out the update problem. From Lavasoft:- We are currently experiencing problems with our definition file updating SERVICE for customers using certain Internet Service Providers (EARTHLINK, for example). The problem produces the Ad-Aware SE warning: "Error retrieving updates" when performing a webupdate. It interrupts at 5% download completion . (If your update stalls at another point than at 5 %, your problem stems from another issue. See http://www.lavasoftsupport.com/index.php?showtopic=1336 ) The update problems are a result of expired DNS records for our previous definition update servers. Now, some Internet Service Providers DNS servers are routing erroneous domain requests to a custom webpage, rather than to the standard The domain you requested could not be found 404 error page. This stops our updating service from functioning . We are currently resolving to fix this problem and have contacted the ISP:s in question. As a temporary solution, you can reconfigure your DNS settings. Check with your ISP (website FAQ:s or support) and find out if they provide any alternative DNS server addresses and instructions how to configure this. (If you are using a router, you may need to change the DNS settings on the router.) If you use Earthlink as ISP (or Earthlink owned ISP:s) you can try this solution (provided by Earthlink) for working your way around the problem: http://kb.earthlink.net/case.asp?article=187117 There is a few 'Related ARTICLES' at the bottom of the webpage, how to manually specify DNS information, for various operative systems and ADSL modems. The following link includes a list of other Earthlink owned domains. http://kb.earthlink.net/case.asp?article=28968 Thank you for your patience as we endeavor to solve this web update issueWe thanks for that. Now we know. Let us know how it goes. Good luck. OJ Well done pantherman good Karma to you. |
|
| 3423. |
Solve : Port Scanning? |
|
Answer» I'm new to this forum, occationally I will get an alert certain ports are being scanned by IANA. I want to know if they are collecting information and if it would hurt anythig if I attempt to BLOCK there access?LCRJR... This would be your firewall giving you these alerts I'm guessing. Are you being asked to ALLOW access ? |
|
| 3424. |
Solve : adclicker and vundo Trojan can not clean? |
|
Answer» hi All, |
|
| 3425. |
Solve : Mail server timer? |
|
Answer» Well, I see why I couldn't find it. The PROPERTIES button in my E-Mail Scanner panel is greyed out. Any idea why?Soybean what version ? ? |
|
| 3426. |
Solve : my mouse freezes at about 8.45am everyday...help!!!? |
|
Answer» Hope someone out there can help me. My mouse STARTS becoming unusable at around the same time EVERY morning and continues to malfuntion for about an hour. I am able to move it vertically up and down but that is it. I am all new to maintaing a computer and would appreciate any kind help out there. THANKS John See if it happens in safe mode?okay i will TRY tommorrow ....thanks |
|
| 3427. |
Solve : Can someone please analysise? |
|
Answer» Hey there guys. I know there's alot of bad stuff in here (for example the Starsearch) and ive managed to clean up most of it, but i just want some help if at all possible. Thanks! P.S Just realised i spelt Analyise wrong It's OK Chris...we can analysise with the best of them. Chris ... when you post back a new HJT log for dl65 can you also please let him know how your computer is working now. Is it any better? Do you still have problems? OJHey there, ok so yea the P.C is running ALOT better now. But DL65 i didint install that starware remover because there were many negative reviews on it. The 'Starware Automatic Cleaner' was SpyHunter. Any other suggestions? Thanks ChrisChris , Glad to hear it's running better , however when you did the rescan with AVG and AVGASW in safe mode , was anything detected ? As far as the automated remover ...... yes its Spyhunter ........ it will however ,point to the locations that the infection is in , but it will not remove it .........( they want you to purchase it ) Are you up for doing a manual removal of it ? Did you update the java ? You havent posted a current hijackthis log as requested . dl65 |
|
| 3428. |
Solve : Please Advise? |
|
Answer» Could somebody have a look at my log
Post a new HJT log with an update on how the computer is behaving now. OJthanks oddjob i did all that removed what you advised.can't tell if it's done anything , not clever enough but i'm sure it as.once again comp/hope to the rescue.thanks. ivanoe.No problem. How's the text issue? Any better? Please post a fresh HJT log so we can check if all is clear from that point of view. OJLike oddjob says, nothing in your log should be affecting your text. Try taking this problem over to the Windows board and see what everyone has to say about it. I hope you get it resolved.text size seems tobe ok now heres the log file you ASK for Logfile of HijackThis v1.99.1 Scan saved at 10:58:22, on 31/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~3\MPFSERVICE.exe C:\Program Files\SiteAdvisor\4608\SAService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\keyhook.exe C:\PROGRA~1\McAfee.com\PERSON~3\MpfTray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\SiteAdvisor\4608\SiteAdv.exe C:\Program Files\Multimedia Combo Set\MouseDrv.exe C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\PCPal\PalAgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\McAfee.com\PERSON~3\MpfAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SAGEM\SAGEM [emailprotected] 800-840\dslmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~3\MpfTray.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PCPal] "C:\Program Files\PCPal\PalAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [emailprotected] 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?b501759d484243658a89ec919c719df2 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?b501759d484243658a89ec919c719df2O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.42/WinSSWebAgent.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148656698371 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{890127C2-FEDA-4043-8CB7-32FC1D2C5C83}: NameServer = 212.139.132.53 212.139.132.52 O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~3\MPFSERVICE.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing) O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe and thanks for you help oddjob and cbmattivanoe, after reading this thread, I'm still wondering exactly what was your problem? Exactly what text was larger than normal? The text in applications such word processing? In your web browser? The labels of icons on your desktop? All of your Windows menus and panels? And, how did you correct it, before supposedly resolving it here in the forum? I'm assuming you did something to correct it after turning on your computer, as implied in your comments? What did you do?SOYBEAN .to answer your question i dont know how.( it went right. itself ) i clicked on view then text, and clicked medium,but everytime i switched back on, it had gone back to large text,i did this several times ,then one time it stayed on medium.no more problem.OK, thanks for the reply. By the way, in case you're not aware of it, holding the Ctrl key while turning the mouse WHEEL will change text size in a browser. And, that can happen by accident if you happen to unknowingly touch the Ctrl key and move the mouse wheel at the same time. |
|
| 3429. |
Solve : Beware Valentine day "emails" ...? |
|
Answer» Security EXPERTS are warning PC users to be on GUARD against viruses masquerading as Valentine's Day messages, which could damage computers. "Computer users should keep a wary eye on any romantic messages received by e-mail, as many of them[highlight] could contain malicious code[/highlight]," said US security firm PandaLabs after detecting an increase in a worm it dubbed Nurech.A. [highlight]The worm hides in e-mails with subjects like: "Together You and I," "Til the End of Time Heart of Mine."[/highlight] PEOPLE who open an attached file such as postcard.exe can end up infecting their computers. Security firm Symantec said it had detected "large-scale spamming" of e-mails including a Trojan horse, a program that contains or installs a malicious program. Symantec said the malware was a new version of Trojan, Peacomm or the "Storm Trojan." "With Valentine's Day approaching, this time around the authors are attempting to tug on the heartstrings of unsuspecting users with romantic subject lines such as 'My Heart belongs to you,' said Symantec's Orla Cox. "The Trojan is much the same as we've seen before, the only difference being that the authors have used a modified packer in an (unsuccessful) effort to evade detection by antivirus vendors." "As a general rule, don't open any suspicious e-mail, regardless of what is says it contains," said Luis Corrons, technical director of PandaLabs. "Instead of GOING on instincts, let a security solution decide whether it's safe to open it or not," he said, urging users to scan any suspicious messages with an antivirus program. Corrons said events like Valentine's Day and Christmas are often exploited by cyber-criminals to try and spread their creations by disguising infected e-mails as e-greeting cards. This use of "social engineering" was used in the LoveLetter virus, which caused one of the biggest epidemics in computer history. Too many viruses . . . It's pathetic: a)that people have time to sit and write these things and have NOTHING better to do, and b) the amount of people that open these emails, ignoring common sense and all basic security rules. They just don't pay attention to anything they're told or that they hear, and then wonder why they get infected.Thanks for the heads-up, honvetops.will see how many ppl come to us around v-day for helpQuote Too many viruses . . . I agree 100% but; there are still a large percentage of older (above55) internet users and others- who don't even know what virus protection is. I have spoken to 2 at work and even my dad a few months back who were totally "clueless" to the threat. As redundant as these warnings get, they still do serve a purpose to the uneducated* This just adds to my theorem that one should automatically delete unsolicited email from anyone. (At least, the ones with attachments.) I remember the paranoia that even opening an email could destroy a PC -- pathetic.Quote Thanks for the heads-up, honvetops. agreed... 8-)fffreakOnce again lots of info ...no links. Quote Once again lots of info ..[highlight].no links.[/highlight] http://p231.news.mud.yahoo.com/s/afp/20070209/od_afp/afplifestyleusinternet_070209230449 |
|
| 3430. |
Solve : mouse problems..has someone got control of my computer?? |
|
Answer» well, i BOUGHT a new mousse tosee if i had a hardware problem. Beofre with my new mouse, every MORNING at about 9.a.m, my mousse would become UNUSABLE by giving me vertical movement only. This would last about an hour before returning to USUAL. However, now, my new mousse jumps around all over the screen at any time of the DAY. I would say I have about 85% functional use of it now...The rest of the time it jumps around. I have yet to see if I will loose use of it tommorrow morn at 9.a.m. Help anyone! I am not very computer literate but I am tryibng to learn!! Help!! |
|
| 3431. |
Solve : Norton Anti-Virus? |
|
Answer» I got norton Anti-Virus free with my computer but found it to be rather useless. So I got AVG and was much happier with it. But I have a friend of mine which THINKS Norton is great. Is there different versions or am I just missing something?IMHO you are missing all the headaches that Norton will give your friend. But then I'm an AVG Free fan But is it any less useful in finding viruses?I think so. In my short experience, AVG tends to find more than other virus scanners. But that may just be me.If your friend thinks Norton is great just agree with him...the "which is best" discussion gets beaten to death from TIME to time. However, once a virus gets past the overly-protective firewall, there's no getting rid of it. AVG works much better. McAfee is the same exact way. The firewall and autodetect are great. I love how quickly it detects and blocks (if I choose to do so) PUP's and programs that want to mess with my registry and/or connect to the internet. But when it comes to viruses...it's not so great at getting rid of the threats it finds. |
|
| 3432. |
Solve : start up problem-pop up message? |
|
Answer» during start up i get pop up message saying"Windows cannot find'c\windows\system32\services\msxmidi.exe.Make sure you typed the name CORRECTLY and try again." After clicking o k a second pop up states "Could not load or run(above message).make sure file exists on COMPUTER or remove the reference to it in the REGISTRY."Start up freezes while messages are displayed.Could anyone help to solve this problem?You have managed to get a trojan infection. |
|
| 3433. |
Solve : random windows restart? |
|
Answer» hi, i've just had windows restart randomly, and recived a message saying windows has recoverd from a serious error.
AND... an update on how your compter is operating now. There is at least one more HJT running process I don't like (and will be recommending its removal) and there may be other files that need deleting. However, there's nothing in the log that indicates why you should have suffered a random restart. That issue may be down to hardware/software issues. Perhaps overheating too. Let's deal with the obvious malware first though. OJQuote ok get avg anti-spyware done and done thanks OJ, i wasen't aware of my Java being out of date, or it being a problem really. it's up to date now... i've had no more restarts so far... whats next? i'd like to get rid of any malware possible.. oh, and i'm worried about the computer over heating too... it's a pre built computer, and i've had it for around 3 years. so i'm guessing it must be getting abit rusty by now :-/ i took some tempreture readings from Everest... while in game my CPU is around 61C and while idle the temp is around 49C i'm not sure if this is a good or bad thing.. but i am looking to upgrade at some point...sadly things have just got worse for me, i'm now unable to shut down windows! i've had this problem which i've been ignoring for some time, but it just got worse.. ccApp.exe fails to shut down, normaly i wait a minute and it shuts down.. but now it just doesn't shut down at all! arfter waiting 30mins i go start/turn off again.. and nothing! i tried opening/closing norton,alt+ctrl+del - shut down does nothing either. now the only way is to force my comp to shutdown it only seems to do this sometimes, i've not worked out what triggers it yet. i've had this smaller problem too where norton security 2006 crashes sometimes when i open it (normaly i just alt ctrl del it, load it up again and it's fine)... maybe it's all related, and norton is cuasing all the problems, i'm not sure. but it has worked fine for me in the past... EDIT: lol! sorry, just noticed how full of questions this thead is! i'll ignore the norton crashes for now.. i'm more intrested in getting rid of this malware you spotted OJ.. i'm not sure how to read a HJT logDLoad the tool below... Norton Removal Tool 1) Use Add Remove Programs first and un-install Norton... 2) From Windows Explorer search for any folders named Norton and Symantec and delete them... 3) DLoad and install ERUNT and have it make a backup of your registry... 4) Open regedit and type Norton in the search bar. Delete all entries it finds. F3 takes you to the next instance of Norton. Continue til you have reached the end of the registry... 5) Repeat the above process using Symantec instead in the search field. Delete any Symantec keys it finds... 6) Now run the Norton Removal tool you DLoaded... 7) Empty the recycle bin... Go to My Computer and right clik the C: drive and select Properties and run disk cleanup... 9) Re-boot and run disk defrag.... There you're done ! See how easy Symantec makes it for you to dump their product ? ? patio. 8-)Do you have a real Windows CD to reinstall with? It's been two days now and that is more than enough time to have installed, updated and reloaded your programs. Of course this will not solve hardware issues, but a good format and reinstall solves all Windows problems.....for a while. Quote thanks OJ, i wasen't aware of my Java being out of date, or it being a problem really. it's up to date now... i've had no more restarts so far...Please post a fresh HJT log. We'll see where we go from there. OJPatio, i'll keep note of that for later on thanks.. but i'll stay with norton until subscription runs out. arfter all, it is still doing it's job... just seems abit buggy is all :-/ and the reformat, i'm leaving that for a last resort... although it's defently time i made backups!! i'll by some blank CD's tomorow hopefully... much appriceated TedNo problem. I hope that subscription isn't too long...Hi Please print this out as you will need to close all open windows for part of this fix. The log is clean apart from the one program I alluded to earlier, ALCMTR.EXE. This is related to Realtek AC97 Audio - Event Monitor. It's "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers. Undesirable. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for it (IF it still exists) ......... C:\WINDOWS\ALCMTR.EXE Open HijackThis and click on 'Do a System Scan Only'. Check the following entry (IF it still exists)..... O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Please remember to close all other windows, including browsers before clicking Fix checked. Go to the following file (in BOLD) and delete it ....... C:\WINDOWS\ALCMTR.EXE Empty your recycle bin. Reboot your system in Normal Mode. Perform an online scan with Internet Explorer here ..... http://www.pandasoftware.com/products/activescan.htm Click on the "Free To Use ActiveScan" located on the top right hand corner [list=1]
alcmtr.exe - i'd rather keep this process i remember using the free panda scan last year.. still gives the same result as it did before, 1 hack tool and 128 spyware detectedOn the Activescan report ... This file: C:\HP\bin\KillIt.exe looks like something HP put there to delete bad stuff. See this also .... http://www.pcreview.co.uk/forums/thread-108839.php If you do not use it you may delete it but, if HP put it there as part of a malware removal process, it may stop working. You can upload/scan it online if you wish here: http://virusscan.jotti.org/ http://www.kaspersky.com/scanforvirus http://www.virustotal.com/flash/index_en.html Or you can ask HP tech support about them: http://h10025.www1.hp.com/ewfrf/wc/siteHome Once you make your decision you can delete it if you wish. ************ The others are cookies that Spybot and/or Ccleaner should get rid of. Load/update Programs from here ... Spybot > http://www.spybot.info/ Ccleaner > http://www.spybot.info/ >>>NOTE >>> when downloading/installing Ccleaner make sure you UNtick the optional Yahoo TRoolbar download. Scan your system with both and let them clean out cookies. ************ Empty your recycle bin. ************ Final thoughts..... If you are certain you have no more trouble you should clear out all old System Restore points then immediately create a new one so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis. More on System Restore ... http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx What may have lead up to your infection and help keep your computer free of malware … http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html There is a little duplication but these tutorials are both well worth reading. If you do suffer an infection again you should run first Spybot & Ccleaner to clean out your system. Also run through this before posting another HijackThis log … http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html Best wishes. OJ |
|
| 3434. |
Solve : virus [protection? |
|
Answer» how much protection do I need. Do I really need Windows FIREWALL, Norton, and Webrot spyware? Also, how are each of these significant?Yes, you should have firewall and anti-virus protection, and one or more spyware prevention and/or removal tools are recommended for anyone who uses a computer on the Internet. |
|
| 3435. |
Solve : Sasser? |
|
Answer» From reading a bit on the web, I think I might have a sasser worm. |
|
| 3436. |
Solve : yellow triangle with ! in it? |
|
Answer» ok my friends got this when i was gone and i think i got it but can u guys look at my hijackthis log |
|
| 3437. |
Solve : Give me your advice. NOW!!! It slaughtered my COM!? |
|
Answer» Oh! Here's a good 1! |
|
| 3438. |
Solve : Ad-Aware SE Personal Update probs? |
|
Answer» For the last couple of years I have been able to update Ad-Aware SE Personal without problems. But now "Error retrieving file" comes up when I try to update it after 5%. All other programs update ok. Is there a problem with Lavasoft, or something I should do? I have tried uninstalling and reinstalling the program. |
|
| 3439. |
Solve : HELP ME!!! Virus Causes Comp. To Reboot? |
|
Answer» I'm in the MOOD for beating a dead horse... Sounds like awesome software to me!!! [smiley=laugh.gif] Re-install it...you won't be disappointed.Cmd.exe is not a virus, it’s COMMAND prompt. I suggest you obtain real AV software, e.g. AVG. |
|
| 3440. |
Solve : virus basically killed my pc...do i have any hope?? |
|
Answer» my system specs were windows xp home, pentium 4 |
|
| 3441. |
Solve : explorer keeps crashing! help!? |
|
Answer» We MIGHT've SCARED him off with all of the FORUM CONVERSIONS. |
|
| 3442. |
Solve : Ads Show Up The Top Of Every Page? |
|
Answer» Alright, here's the situation: |
|
| 3443. |
Solve : JS/ForcePopup@troj" virus? |
|
Answer» Hello does anyone know how to remove this virus. I have googled it but havn't found anything about removing it. JS/[emailprotected]" virus |
|
| 3444. |
Solve : AVG .dll popups? |
|
Answer» I run Windows XP, using Firefox as my browser, and AVG as my antivirus. I often get popups saying "You have chosen to open ADSAdClient31.dll which is a application from http://rad.msn.com What should Firefox do with this file?" Choices are a dropdown menu that says "You are attempting to open a file of type 'Application Extension' (.dll)" If I click on the "open with" button, another popup says "Windows cannot open this file: File: ADSAdClient31-5.dll What do you want to do with it?" If I choose "use the web service to find the appropriate program", off we go to a "Windows File Association" popup that explains the file type and describes it, and offers a link to "Windows Live Search", which produces a dizzying array of files to choose from. If I choose "sel :-/ect the program from a list", up comes a long list of programs already on my C-drive, and I have no idea which one to use. |
|
| 3445. |
Solve : HighjackThis log - I need help please :/? |
|
Answer» Quote oddjob what are these USR is U.S. Robotics...Its my modem I useQuote Well, umm I have a lil question...Should I just attach my next logs? because i noticed thats alot of stuff there >.<Don't worry, it's fine to just post them normally. AVG cleaned up quite a bit, so your future virus-scan logs shouldn't be so big. Unfortunately, AVG didn't clean up that worm, which disappoints me some, but hey, it can't get everything. Worms can be a little trickier at times. Your log is a bit cleaner, but there's still some junk in there. The ones that concern me most are... (NOTE: The following is just an observation. Whether I'm right or not, I would advise to not take any action until someone with more EXPERIENCE tells you to.) O2 - BHO: (no name) - {4148A482-1466-15BE-4C84-60D4CCB5AABC} - C:\Windows\System32\iudum.dll (file missing) I can't find any information on the CLSID or filename. It could be harmless, but I think it generally isn't a good idea when you can't find any information on something. HJT says that the file is missing, and if that's true, checking it for removal should be safe either way. IF you can find the file in C:\Windows\system32, then scan it on VirusTotal and post the results. O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe These two identical entries show traces of CoolWebSearch still remaining on your computer. As I have some experience with this particular INFECTION, I might not get scolded too bad for telling you what to do. Heh. (You might want to print this out or save it to a Notepad file...) 1. Find those entries (they look the same, but there's two of them) and check them for removal. 2. Close all windows (including this one), except for HJT. Click on Fix Selected. 3. Reboot into Safe Mode. 4. Open up Add/Remove Programs and uninstall any mention of MyWebSearch or CoolWebSearch. 5. Navigate to C:\Program Files\MyWebSearch and delete it. Also look for a CoolWebSearch folder and delete it if you find one. 6. Just to be THOROUGH, run through the CWShredder procedure again. Then post another log to see if we've gotten rid of the infection. O4 - HKLM\..\Run: [explorer] C:\Program Files\Mozilla Firefox\two.exe I'm not very familiar with Firefox, so I don't know if two.exe is a normal executable. But I suspect it may be malicious. A bit of research leads me to think that it's a PurityScan infection, but this isn't the type of filename that I'm used to seeing, so I'm not 100% positive. Head over to VirusTotal and do a scan of C:\Program Files\Mozilla Firefox\two.exe and post the log. O20 - Winlogon Notify: mszsrn32 - C:\Windows\System32\mszsrn32.dll Here's our friend the worm again. I can't find any guides for proper removal for this particular infection, so my suggestion would be to fix the entry in HJT and then delete C:\Windows\System32\mszsrn32.dll in Safe Mode. However, I'll have to ask you to await the approval of oddjob or someone else. There are a few more entries I would suggest that you fix, but the above entries are the ones that need immediate attention. Unfortunately, I'm still a trainee, so I can only extend my help so far. I'm confident when it comes to a simple infection such as CoolWebSearch, but there is some semi-unfamiliar territory here and I would really hate to advise you in the wrong direction. The best I can do right now without getting in trouble is help diagnose. But don't worry, we'll get this problem sorted out for you soon enough. Thank you for your patience.Kurt 2 other things you can do in the meantime. DLoad Stinger. Disconnect from the web. Turn off system restore. Re-boot into safe mode. Run Stinger. Re-run AVG anti-spyware. It's possible these nasties are hiding in restore points and coming back each restart. Let us know.Looks like oddjob is busy with things right now. He's told me to take a crack at this, so I'll be advising you as much as I possibly can. Sir patio makes a good point; follow his instructions. And because it's been a couple of days, please post a fresh log so we have a more current view of what we're working with here.Quote O2 - BHO: (no name) - {4148A482-1466-15BE-4C84-60D4CCB5AABC} - C:\Windows\System32\iudum.dll (file missing) This file isnt there. Quote O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe Neither of them was on the HJT and the folders wasn't in my Program Files either. Quote O4 - HKLM\..\Run: [explorer] C:\Program Files\Mozilla Firefox\two.exe This file is no longer there either. I checked my AVG log and this file is in the infections and was quarantined. Quote O20 - Winlogon Notify: mszsrn32 - C:\Windows\System32\mszsrn32.dll This file says (file is missing) in HJT log. I have this file quarantined in AVG as wellHere is my new HJT. Logfile of HijackThis v1.99.1 Scan saved at 11:31:54 PM, on 3/25/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Windows\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Windows\System32\svchost.exe C:\Windows\Explorer.EXE C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\WINDOWS\SYSTEM32\USRshutA.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1128817780\ee\aolsoftware.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Windows\twain_32\SiPix\SCDeluxe\DELUXECC.exe c:\program files\common files\aol\1128817780\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe c:\program files\common files\aol\1128817780\ee\aolsoftware.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\NetZero\exec.exe C:\Program Files\NetZero\exec.exe C:\Program Files\Trillian\trillian.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\System32\LVComsX.exe C:\Documents and Settings\Administrator\Desktop\High Jack This\Analyse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {4148A482-1466-15BE-4C84-60D4CCB5AABC} - C:\Windows\System32\iudum.dll (file missing) O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128817780\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [explorer] C:\Program Files\Mozilla Firefox\two.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DELUXECC] C:\Windows\twain_32\SiPix\SCDeluxe\DELUXECC.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w O4 - Startup: Dora Fairytale Adventures Registration.lnk = D:\ATR1.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360 O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361 O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{869C53F5-AF1E-4866-AAD5-BC4E503BCB34}: NameServer = 64.136.28.122 64.136.20.122 O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: mszsrn32 - C:\Windows\System32\mszsrn32.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Documents and Settings\Administrator\Desktop\7.6 YurOTs\xampp\FileZillaFTP\FileZillaServer.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)Patio, Where would the best place to DLoad Stinger be?Quote Patio, Where would the best place to DLoad Stinger be?Try this ... http://vil.nai.com/vil/stinger/ Also ... log reviewers ... like CBMatt says ... look/research these entries ... O4 - HKLM\..\Run: [explorer] C:\Program Files\Mozilla Firefox\two.exe >> probably not what you think it is. O20 - Winlogon Notify: mszsrn32 - C:\Windows\System32\mszsrn32.dll (file missing) >> a worm. In safe mode ... fix both with HJT & delete corresponding files, if present. MyWebSearch can be more of a nuisance than real malware (if it's still around). If OP wants to ensure it's gone ... fix MyWebSearch related entries in HJT & delete the folder ...... C:\Program Files\MyWebSearch Afterwards ... fresh HJT log in normal mode & update on how machine is running. OJ |
|
| 3446. |
Solve : HJT log, help please? |
|
Answer» Here is my wife's HJT log. She says that she is constantly having to reboot her computer. When I use it I also notice a few annoying things, such as "Dell assistance network update" pop up and a "wireless network found" constant popup. The major issue is obviously having to reboot a lot, but I need advice if I should do the dell update and how to stop the wireless network found pop up. There might be a few other things cluttering her computer. Can you take a look at the HJT log and give me some advise? Thanks in advance. I made a few changes, but here is my updated log,What changes? Did they improve anything? Please don't change anything till we say. It confuses things when trying to compare an earlier log with a later one. OJ |
|
| 3447. |
Solve : AVG free error and registry cleaner question?? |
|
Answer» ok, so I let my lil cousin use my computer to watch youtube videos and download music, and the next time i got on there i kept getting pop ups from some "registry cleaner" site saying my registry is in danger and I must go to their site, get their reg cleaner and fix it. |
|
| 3448. |
Solve : Unending popups.? |
|
Answer» This probably isn't a virus, but it happened while researching them, so I figured I'd post it here... Go ahead and disregard the original post. As soon as I posted that, a thought occured to me and I discovered the culprit. I tried thinking of any recent changes I've made and all I could think of were two additions: Age of Empires III and IE Developer Toolbar. Obviously, I'm not going to mess with my AoE, so I uninstalled the new toolbar and ran CCleaner just to see what would happen. I went back to the site and...no problems. So, there you have it. It was a nifty toolbar feature, but I don't need it, so I'll pass for now. nice one! i would have helped you... If you have a problem but manage to fix it yourself it's always good to post what happened. We can all learn from the experience. OJ |
|
| 3449. |
Solve : sufficient software protection?? |
|
Answer» can anyone help me with the following? |
|
| 3450. |
Solve : Explorer Keeps Restarting...EMERGENCY? |
|
Answer» Let me start off by saying I have no experience with this side of the computer, This is the first time I have ever had anything go wrong with a computer of mine. |
|
