4832 + Interview Questions in Computer viruses and spyware in Software Page 70 InterviewSolution

3451.	Solve : Possible virus problem??
Answer» Hi all, I am having some strange problems with my PCs and hopefully someone will be ABLE to advice me. Thanks in advance. How it started was that my sis's notebook running windows 2000 starts to act werid. Sometimes the notebook can bootup, other times, it will not boot up and you will get this error: Windows 2000 could not start because the following file is missing or corrupt: \system32\ntoskrnl.exe. Please reinstall a copy of the above file. And if successfully bootup, I will sometimes get a domain is not avaliable error and still not able to login. After many many tries, I will be able to get in. So we suspect it's a virus, and I tried running virus scan (NORTON, AVG, Online scanning) but the virus scan will not be able to complete the scan, it will usually hang around 50-53%). So what I did next was to take out the hdd and connect it as a USB drive to my PC. The hdd show up and I attempt to carry out a virus scan with AVG Free. But of course, the scan could not complete and again hangs at around 53%. And it also cause some of the programmes running in my windows XP system to lock up. When I do a reboot at this point, I was not able to get my XP system to start up and I get the following error: Windows 2000 could not start because the following file is missing or corrupt: \system32\ntoskrnl.exe. Please reinstall a copy of the above file. I am totally buffled since my pc is running XP and not Win2k, how is that error possible? A vrius..A boot sector virus ? So I tried to reboot the system from cd-rom, with the XP pro cd in it, it failed. So I decided to pop in the Win2k Pro cd, and what happen next is very strange. I let the system reboot, and when the prompt came up "press any key to contiune booting from cd-rom", I ignore that and the system bypass the cd-rom, but somehow, because the win2k cd is in the drive, my system manage to boot into xp normally ( I tried the same thing without the win2k cd in the cd-rom and the system just return me the same ntoskrnl.exe error, a win XP cd will not work too). I make the mistake of replacing the ntoskrnl.exe through repair console from the XP pro cd, and after this, the system no longer boot up at all. So I did a format on the C: (holding the OS), and did a clean install of XP. Everything went well until I had to reboot after the installation, and to my horror, the same ntoskrnl.exe error came back. Again I had to pop in the win2k cd into cd-rom and do the same thing as before to boot up XP. Next I went into bios to set the boot up device [1] as Hdd, and disabled the rest of the options. And somehow, this seems to set everything right, and I was able to boot into XP normally. (My previous boot set up are [1] cd-rom, [2] hdd, [3] floopy). I also run a full system scan on my system (all my 5 partitions) and AVG was able to complete the scans and all partitions came up as clean. But I am still not sure if my system is indeed ok. Is there any chance, anyone knows what is happening here? Work of a virus? Another question, how can I check if my boot sector is really clean? If I am indeed infected by a boot sector virus, I would not have been able to boot up my system, is that right? I have no idea what I have caught from my sis's HDD since the virus scan cannot complete. Any help is greatly appreciated. Thank you for reading such a long post. romi.... Are we talking about 2 differant machines or just the laptop? What is the current status of the problematic MACHINE ? I have just reread the post again and it is the laptop....... Have you booted it up in Safe mode and run a full antivirus scan with AVG ? It would be a good idea to D/L AVG antispyware and run it in safe mode as well. http://free.grisoft.com/doc/20/lng/us/tpl/v5 I am going to move this post into the spyware and virus section as well. dl65 I am talking mainly about the problems on my XP machine. It somehow caught what was on the hdd from my sis's notebook. Nothing has been done about the notebook yet. I am trying to fix my PC first. I hope this clears up the confusion. The main catch of the problem is that my pc is running XP but I am GETTING a windows 2000 error.romi.... ok....... reboot the XP machine into safe mode and run scans with both AVG anti virus and AVG antispyware. Let us know the results of the scans. dl65 Quote romi.... ok....... reboot the XP machine into safe mode and run scans with both AVG anti virus and AVG antispyware. Let us know the results of the scans. I will do that tonight when I get home. But I did do a full scan with AVG Free and nothing turns out. Will follow up.romi.... Was the scan run in safe or normal mode ? dl65 Follow what dl65 already advises but make sure you have exposed all Hidden Files & Folders first. To enable the viewing of Hidden files follow these steps: 1. Close all programs so that you are at your desktop. 2. Double-click on the My Computer icon. 3. Select the Tools menu and click Folder Options. 4. After the new window appears select the View tab. 5. Put a checkmark in the checkbox labeled Display the contents of system folders. 6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. 8. Remove the checkmark from the checkbox labeled Hide protected operating system files. 9. Press the Apply button and then the OK button and close My Computer. ********************* (On Windows 2000 or XP)... Download Ewido/AVG Anti Spyware from here …. http://www.ewido.net/en/ It has a fully working 30 day trial period. Install it and update it to the latest definitions. Do NOT use it yet. Now boot to safe mode. Here’s a “how to” if you’re not sure .. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 When in safe mode run a full system scan with AVGAS and let it fix what it wants to. REMEMBER TO SAVE THE SCAN REPORT and also remember where** you saved it. Reboot to normal mode and use the computer as you would usually do. [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time]. Post back the scan report and update us. OJ

3451.

Solve : Possible virus problem??

Answer»

Hi all,

I am having some strange problems with my PCs and hopefully someone will be ABLE to advice me. Thanks in advance.

How it started was that my sis's notebook running windows 2000 starts to act werid. Sometimes the notebook can bootup, other times, it will not boot up and you will get this error:

Windows 2000 could not start because the following file is missing or corrupt:

\system32\ntoskrnl.exe.

Please reinstall a copy of the above file.

And if successfully bootup, I will sometimes get a domain is not avaliable error and still not able to login. After many many tries, I will be able to get in. So we suspect it's a virus, and I tried running virus scan (NORTON, AVG, Online scanning) but the virus scan will not be able to complete the scan, it will usually hang around 50-53%).

So what I did next was to take out the hdd and connect it as a USB drive to my PC. The hdd show up and I attempt to carry out a virus scan with AVG Free. But of course, the scan could not complete and again hangs at around 53%. And it also cause some of the programmes running in my windows XP system to lock up. When I do a reboot at this point, I was not able to get my XP system to start up and I get the following error:

Windows 2000 could not start because the following file is missing or corrupt:

\system32\ntoskrnl.exe.

Please reinstall a copy of the above file.

I am totally buffled since my pc is running XP and not Win2k, how is that error possible? A vrius..A boot sector virus ? So I tried to reboot the system from cd-rom, with the XP pro cd in it, it failed. So I decided to pop in the Win2k Pro cd, and what happen next is very strange.

I let the system reboot, and when the prompt came up "press any key to contiune booting from cd-rom", I ignore that and the system bypass the cd-rom, but somehow, because the win2k cd is in the drive, my system manage to boot into xp normally ( I tried the same thing without the win2k cd in the cd-rom and the system just return me the same ntoskrnl.exe error, a win XP cd will not work too).

I make the mistake of replacing the ntoskrnl.exe through repair console from the XP pro cd, and after this, the system no longer boot up at all. So I did a format on the C: (holding the OS), and did a clean install of XP. Everything went well until I had to reboot after the installation, and to my horror, the same ntoskrnl.exe error came back. Again I had to pop in the win2k cd into cd-rom and do the same thing as before to boot up XP.

Next I went into bios to set the boot up device [1] as Hdd, and disabled the rest of the options. And somehow, this seems to set everything right, and I was able to boot into XP normally.

(My previous boot set up are [1] cd-rom, [2] hdd, [3] floopy).

I also run a full system scan on my system (all my 5 partitions) and AVG was able to complete the scans and all partitions came up as clean.

But I am still not sure if my system is indeed ok. Is there any chance, anyone knows what is happening here? Work of a virus?

Another question, how can I check if my boot sector is really clean? If I am indeed infected by a boot sector virus, I would not have been able to boot up my system, is that right?

I have no idea what I have caught from my sis's HDD since the virus scan cannot complete. Any help is greatly appreciated.

Thank you for reading such a long post.
romi.... Are we talking about 2 differant machines or just the laptop?
What is the current status of the problematic MACHINE ?
I have just reread the post again and it is the laptop.......
Have you booted it up in Safe mode and run a full antivirus scan with AVG ?
It would be a good idea to D/L AVG antispyware and run it in safe mode as well.
http://free.grisoft.com/doc/20/lng/us/tpl/v5
I am going to move this post into the spyware and virus section as well.
dl65 I am talking mainly about the problems on my XP machine.
It somehow caught what was on the hdd from my sis's notebook.
Nothing has been done about the notebook yet.
I am trying to fix my PC first. I hope this clears up the confusion.

The main catch of the problem is that my pc is running XP but I am GETTING a windows 2000 error.romi.... ok....... reboot the XP machine into safe mode and run scans with both AVG anti virus and AVG antispyware.
Let us know the results of the scans.

dl65 Quote

romi.... ok....... reboot the XP machine into safe mode and run scans with both AVG anti virus and AVG antispyware.
Let us know the results of the scans.

I will do that tonight when I get home. But I did do a full scan with AVG Free and nothing turns out. Will follow up.romi.... Was the scan run in safe or normal mode ?

dl65 Follow what dl65 already advises but make sure you have exposed all Hidden Files & Folders first.

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and close My Computer.

***********************

(On Windows 2000 or XP)...

Download Ewido/AVG Anti Spyware from here ….

http://www.ewido.net/en/

It has a fully working 30 day trial period.

Install it and update it to the latest definitions.

Do NOT use it yet.

Now boot to safe mode. Here’s a “how to” if you’re not sure ..

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

When in safe mode run a full system scan with AVGAS and let it fix what it wants to.

REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it.

Reboot to normal mode and use the computer as you would usually do.

[FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time].

Post back the scan report and update us.

OJ

3455.	Solve : Trojan Protection?
Answer» Hello, I was wondering what is the best trojan software I should purchase? I am not a constant online gamer but I do play games online now and then. Also I do use p2p PROGRAMS not often but occasionaly as well. I have McAffe secuirty centre but as you know, an anti-virus program is not enough to protect against trojans. What do you think of McAffe anyway? Thanks againAVG anti-spyware does a nice job of cleaning Trojans but does not stop them from getting to your machine. Common sense surfing is your best bet along with not opening e-mail attachments that you're not familiar with. Unfortunately p2p networks are like walking into a minefield with really big floppy shoes on.I have McAfee SecurityCenter and I'm happy with it. It's really good at detecting trojans and PUP's, but it can't always prevent them. It's definitely a good idea to have AVG at your disposal. And patio's right...if you use P2P networks, you should expect to get malware on your computer.Ok so what do you think of trojan HUNTER or trojan remover or even tauscan? I also have spybot search and destroy. I use p2p yes but not as often as one may think. I am going to delete it as it's so unsafe.I've never used those trojan programs, but I'm sure SOMEBODY here has their opinions. As for spyware removal...I'm partial to Ad-Aware, but I think some of the guys here have Search & Destroy, so I'm sure it can't be bad.Many of us have both. Anti-virus.....detects and cleans known virii. AdAware......detects and removes adware. Spybot.........detects and cleans spyware and some adware. Trojan Hunter......detects and removes trojans. Keep in mind there are many forms of threats out there which is why a well rounded arsenal is neccessary for protection. Trojan Hunter is a FINE program...a free alternative would be AVG Anti-Spyware (formerly Ewido) patio.I will have to check out AVG.They offer 2 excellent free programs: AVG Free anti-virus and AVG Free Anti-spyware... You probably won't be disappointed along with adding some of the others mentioned here. We take our Security pretty seriously here and our feedback is from years of TESTING and trying a lot of products on the market. The added bonus is because we have spent the time doing so you can protect your machine in all ways with top-notch programs without having to spend a dime... It's part of what we do.

3456.	Solve : Still having problems. Here's my HJT log.?
Answer» NOPE. None of those. Anywhere else I could look?You say that windows reports a "driver error". Doesn't it give you more information than that? If so PLEASE post it here. OJWhen my COMPUTER shuts off and turns back on sometimes it says "system has RECOVERED from a serious error". I posted the screencap in that other post. Then when I send the report to Windows it takes to to a page that say it was a driver error. No other info was given as to what driver and why. It said it couldn't give me any further information.I looked into the driver ISSUE and found this page: http://support.microsoft.com/kb/322205 That is what my computer is doing. I don't recall updating any drivers though. Maybe it is my printer driver? I think that might have ATTEMPTED to update. So I'm reinstalling the one from hp.com in hopes of something.Due to lack of response this thread now locked. Should the original poster require it re-opening please PM GX1_Man or a moderator. they pm you GX

3459.	Solve : norton Update without internet?
Answer» I have a norton antivirus 2002 installation and I have an internet connection. I am able to run LIVE updates on my computer. HOWEVER I have installed the same norton antivirus 2002 at my friends place but he does not have an internet connection. Which folder or files shall I copy from my updated norton (from my hard disk drive) to my friends place (WITHOUT using live update at friends place) so his norton antivirus will to be up-to-date. I believe this is the PAGE you are looking for. The page also includes LINKS to instructions to update without an internet connection. Hope this helps. Calum.

3460.	Solve : Does this sound like a virus to you??
Answer» Before my current computer, I had an eMachines W2247 with Windows XP Home SP2, 128 MB, and an AMD Athlon XP Processor 2200+. It's been awhile, so I can't remember anything I had done, but it just totally crapped out one day. It first started having a lot of trouble booting up, and then by the end of the night, it wouldn't boot up at all. Or even attempt to. To this day, when I turn it on, nothing happens. The power light blinks on and off, but that's it. It doesn't MAKE any noise or anything. Also, the lights on the keyboard will blink in a random pattern. Does anyone have any idea of what might be GOING on with it? I thought maybe there was something wrong with the power supply, but I don't know if that's the case. I tried using another cable and the exact same thing happens. Also, when I hook the keyboard up to any other computer, the lights still do that weird blinking. It's weird to me that the keyboard would also be infected in the case of faulty power supply or dust or whatever. The computer is a piece of junk compared to my new one, so it's fine if I can't get it up and running again. However, there are files that I would like to RECOVER if at all possible. Will I have to take it down somewhere to do this, or would that be a pointless waste of money? I'd appreciate any input on the matter. The computer had a few virus problems, so I'm guessing that's the culprit. eMachines certainly aren't the best computers out there, but it was actually a decent model and did well for maybe four years; I doubt it just suddenly died of old age.This sounds like a hardware issue and, as you mentioned, the power supply seems the likely culprit. And, since that keyboard behaves the same way on another computer, I suspect the keyboard is also faulty. Concerning the files you'd like to retrieve from that hard drive, I would just remove it from the eMachines W2247, and put in the other computer as a slave drive, even if only temporarily, to retrieve files off of it. Another option would be to get an external enclosure with a USB cord to connect to your computer, and install that hard drive in it. Either way, you can delete all the Windows and other program files on that old hard drive and continue to use it as a second internal drive or as an external hard drive (in the external enclosure). The external hard drive makes a good backup device.It's possible that the keyboard is faulty, but it seems odd because it worked just fine before this happened. Unless a LOSS in power supply somehow fried the keyboard... Could that even happen? As for using it as a slave drive...it's a good idea and I could certainly use a few extra GB. However, I'm not at all familiar with the inner workings of a computer tower. I've only been inside of a computer to clean it out and remove stuck disks. I haven't the slightest idea how to go about installing a second drive and I'm afraid of mucking something up. However, I do have a couple of other computers I could maybe practice on. Is there some kind of in-depth tutorial I could refer to that would guide me along in the process of doing all of this? I'd love to be able to access those old files. And it'd be nice if I could steal the hard drive out of a Dell that my sister doesn't use anymore. Heh. Thanks for your help, soybean.Here are several references that should help: How to Install a Second Hard Drive How to Change the Master/Slave Designation on a Hard Drive, and Setting Hard Drive Jumpers (includes images of hard drive jumpers) Removing the old hard drive should give you some insight into how the drive is mounted in the case and how the power and data cable connectors fit together. However, the actual mounting can vary from one computer case to another; it depends on the design of the case. The data cable must be connected a certain way. Look carefully at the pins on the hard drive and the connector on the cable before trying to connect the cable to the drive. The hard drive will probably have one pin position where there is no pin and the connector will have a blocked pin position which corresponds to the pin pattern on the hard drive connector. This is designed to preclude connecting the cable the wrong way, or upside down. Likewise, the power cable will not fit onto the drive's power connector in an upside down position. Two corners of the power cable connector will be beveled. Look at it closely and you'll surely see this. Regarding the hard drive jumper position for the slave setting, look on the hard drive for a diagram of the master and slave jumper settings. You see this in the third reference above.Thanks for the links, soybean. Looks like I've got a bit of homework tonight. Heh.I haven't tried doing this yet because I wanted to get the Dell up and running first (which I just did a little while ago), but I thought I would mention something else... When I plug in the eMachines, I can hear a slight high-pitched humming sound coming from the back. Maybe this is normal, but I don't remember ever noticing it before. Also...it didn't do this before, but now it sounds like it's trying to power up when I turn it on. But the lights don't come on and it doesn't actually do anything. What are your thoughts on that? Does it still sound like a power supply issue?computers are like playing with legos , DONT be scared. most probably you have a psu dying (try checking the voltages with a voltmeter) Usually pre built machines are installed with terrible psu. the huming is due to the build up of dust around the fans, if you clean them there will be less humming.try running your rig with one set of ram or with other ram, as ram failiures are quite often. do you get any beeps ?I have never had RAM go bad in my life, and I have owned and worked on quite a few machines. A bad power supply from eMachines is much more common.Yep, it still sounds like a power supply problem. If you want to replace it, ebay might worth looking at; see: POWER SUPPLY FOR EMACHINES W2247 computer That computer could be a decent machine, with more memory. I'm running an AthlonXP 2200, the same processor as the one in that eMachine, with 512MB of RAM and an AGP video card. I believe the eMachines W2247 has onboard video but also has an AGP slot. So, more RAM and an AGP video card are two options for a better performing computer. Here's what Crucial.com shows for it: http://www.crucial.com/store/listparts.aspx?model=W2247Ooh boy, I just opened that thing up and...man...sure looks like I neglected that poor machine. No wonder it crapped out on me. I've never seen such a dusty computer. I should've expected such a thing after moving to a farming community like this. Although I doubt it will make much of a difference, I'm going to give it a very thorough cleaning (it can't hurt, right?). And I need to make sure I do some preventive care for my Gateway. I'll be back in a few hours...Oh, and thanks, soybean. I'll definitely add that auction to my watchlist!Whew, that was one heck of a job. As I figured, it didn't really help anything (although one of the lights did come on for a few seconds), but it feels good to have that all cleaned out. Even though I'm probably going to die of lung cancer now. Heh. I think I'm going to try installing a new power supply before messing around with anything. But if that doesn't work, I'll move on to installing the hard drive into another computer. Expect plenty more questions from me if/when it comes down to that. Ha.This is quite a bump, but I figured I'd give an update. I've been watching PSU's on eBay and I don't have the funds to buy one yet and I was getting anxious, so I finally tried putting the W2247 hard drive into the Dell...and it actually worked without a hitch. I didn't even have to mess with the BIOS or anything fancy. I just hooked it up and the Dell did the rest. It's rare for things to be this easy for me. It looks like a hillbilly computer because the Dell doesn't have a drive cage, so I kinda had to rig something up, but it works wonderfully. It's a little slow, but who cares? I'm just happy to finally have access to these files again. Thanks a lot, soybean, for the very helpful links! Now I don't have to buy a PSU...but I still might just for the heck of it. Maybe I'll fix this thing up and sell it to a friend or something. I would just put the hard drive in my Gateway for an extra bit of space, but I think I'd rather wait until I can buy a brand new one with about 500 GB. Anyway...thanks a bunch. Now, it's time to get back to backing up my files.

3461.	Solve : Pop up virus?
Answer» Thank you for your help it has been very useful. I am now more wary about this sort of thing and will HOPEFULLY have the right stuff to COMBAT it.This thread has been locked now that it is RESOLVED. Should the original poster require it re-opening PLEASE PM GX1_Man or a MODERATOR.

3462.	Solve : Analysis/Help please?
Answer» Well, i'll give a little background I guess. You could call me a gamer, and as most people do - I encounter the occasional virus or adware problems. I use McAfee which includes a firewall and virus scanner as well as Webroot Spy Sweeper which has many accessories (spy sweeper, startup shield...I'm sure most of you know this already.) With those TWO things I can usually get rid of most viruses I COME across. Well, I went away on vacation for 4 days, and I come back and I load up the game I play (Battlefield 2142) I cant walk in a straight line. My ping is jumping from 30 to 350, spiking all over the place. My ping settles down to around 60 but I still experience lag. After a while, everything feels normal but again, it comes back and I'm lagging real bad for a good 10 MINUTES I log off and have been trying to find out the problem. I'm not sure what happened because I was away, but I have a younger sister who I guess could have had something to do with it but I cant get anything out of her. Anyways, I went through the FAQs and have downloaded many a spysweepers and etc. So far I have run: McAfee, Webroot, Ad-Aware SE, CCleaner, Spybot search and destroy, as well as Vcleaner. I have picked up a few things like low risk cookies as well as one noted-high risk called download.small.co which I have quarantined. I saw a lot of other posts that have that Hijackthis thing so I'll post that, I hope i did it right. Logfile of HijackThis v1.99.1 Scan saved at 4:29:11 PM, on 2/23/2007 Platform: WINDOWS XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Mixer.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\iTunes_Carly\iTunesHelper.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Ventrilo\Ventrilo.exe C:\Documents and Settings\All Users\Desktop\Main\Anti Virus\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll O2 - BHO: SSVHelper CLASS - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes_Carly\iTunesHelper.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165888161765 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Edit - Add some system specs: Operating: Windows XP (I own a legitimate CD) Mobo: Desktop D865GLC Processor: Intel Pentium 4 2.4Ghz (these two are going to be replaced by the end of the week) Vcard: 7800 GS Sound: Sound-Blaster Anyways, thanks a bunch for any help - i'd really appreciate it.Anybody? The Hijack This experts are not here 24/7...be patient and someone will be along shortly.Your HJT log is fine aside from a couple of missing file entries. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Your lagging could be due to internet congestion, the game server itself or even your own ISP. Have you talked to anyone else who plays on the same server to see if they are experiencing problems.They dont get any problems. You can tell its on my side because of the massive ping jumps. I'll have a 150+ Ping when I usally get around 30. And its comes in spikes. Sorry, I didnt mean to sound impatient or whatever, I just bumped itTalk to your ISP, see what they say about it.okay, thanks anyways

3464.	Solve : inetsrv folder?
Answer» I am running WINDOWS XP Home, SERVICE pack 2. My norton antivirus picked up a virus in system32. I forgot what the virus name was but it was in a folder i have never seen before called 'inetsrv'. My antivirus got rid of it and the folder but when i restart/turn on the computer, there is an undeletable empty folder named 'inetsrv' Anyone have any idea what this is?Could be a Wareout infection. We need to see a HijackThis log first though. I suggest you print this out to help you follow my advice. Please download FixwareOut from one of the following sites ..... http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe http://downloads.subratam.org/Fixwareout.exe SAVE it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. If your FIREWALL gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead. Then you will be asked to reboot your computer; please do so. Your system MAY take longer than usual to load; this is normal. Once the desktop loads please post the text that will open (report.txt) and a new HijackThis log. Note: ONLY if you have connection problems after performing above steps - go to Start > Control Panel choose work Connections, right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) and select the radio button that says obain DNS servers automatically. Click OK twice and restart your computer. ***************** Download Ewido/AVG Anti Spyware from here …. http://www.ewido.net/en/ It has a fully working 30 day trial period. Install it and update it to the latest definitions. Do NOT use it yet. Now boot to safe mode. Here’s a “how to” if you’re not sure .. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 When in safe mode run a full system scan with AVGAS and let it fix what it wants to. REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it. Reboot to normal mode and use the computer as you would usually do. [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time]. ***************** If this doesn’t succeed in fixing the problem download a self-extracting copy of HijackThis from here ……. http://downloads.malwareremoval.com/hijackthis_sfx.exe Save it to your Desktop. Double-click on the file hijackthis_sfx.exe file and it will self-extract into its own folder …… C:\Program Files\HijackThis Go to this folder and run the hijackthis.exe file. From the menu click on "Do a system scan and save a logfile". Copy and paste both the AVG AS scan report and the HJT logfile to this thread. More specific removal instructions will follow for whatever it is that's causing the problem. OJHey thanks man, ill try thatSorry but I have had to correct the wording in my advice (above). No substantive changes ... just corrections to my spelling. I really need to improve...... Due to lack of response this thread now locked. Should the original poster require it re-opening please PM GX1_Man or a moderator.

3465.	Solve : Another analysis please?!?
Answer» Hi there. This time its MY laptop. I cant finish the other one i have posted until Tuesday like i said. First off, my SB S&D keeps telling me its removed these entries below, but whenever I do a scan they return. Im doing the scans with Sys Restore turned off. Any Ideas?! http://img181.imageshack.us/img181/1596/kjsr1.jpg EDIT: Now Ive done another scan and i got these. http://img251.imageshack.us/img251/6983/sadgi8.png Second off I know i have infection. Avast! keeps telling me something is trying to access a server. I know what it is, the Process is called v6.exe and I know that that is the virus. Below is the HJT log. Logfile of HijackThis v1.99.1 Scan saved at 19:28:00, on 25/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_11\BIN\jusched.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Internet Explorer\csrss.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\v6.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Chris'\My Documents\My Downloads\hijackthis(3)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3981 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ O2 - BHO: (no name) - {03E41DBC-C9F8-3A24-FE20-0B94A61C884F} - C:\WINDOWS\system32\qsokfli.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe O4 - HKLM\..\Run: [ddhonui.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Chris'\Local Settings\Application Data\ddhonui.dll",ysuecmg O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxig.dll,startup O4 - HKCU\..\Run: [] "C:\Program Files\Internet Explorer\csrss.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\ProO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: jkkjkih - C:\WINDOWS\SYSTEM32\jkkjkih.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Thanks ChrisHello again Chris Not only do you have the v6.exe malware but you also have Vundo/Smitfraud/Browseraid and other malware. I recommend you print this out to help you follow the advice. Open Task Manager … click “End process” for this one (the malware you mentioned) …… C:\WINDOWS\system32\v6.exe **************** Download SUPERAntiSpyware here …... http://www.superantispyware.com/ Update to the latest definitions and run a full system scan. ************** Open HijackThis … click on scan … put tick/check marks next the following entries IF they are still present …. O2 - BHO: (no name) - {03E41DBC-C9F8-3A24-FE20-0B94A61C884F} - C:\WINDOWS\system32\qsokfli.dll O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe O4 - HKLM\..\Run: [ddhonui.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Chris'\Local Settings\Application Data\ddhonui.dll",ysuecmg O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxig.dll,startup O20 - Winlogon Notify: jkkjkih - C:\WINDOWS\SYSTEM32\jkkjkih.dll O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll Remember to close ALL open windows – including this one - before clicking on “Fix Checked” at the foot of the HijackThis window. ************** Locate these files and delete them IF they are still present …. C:\WINDOWS\system32\qsokfli.dll C:\WINDOWS\system32\v6.exe C:\WINDOWS\system32\drvxig.dll C:\WINDOWS\SYSTEM32\jkkjkih.dll C:\WINDOWS\SYSTEM32\winmyy32.dll ************** Empty your recycle bin. ************** Reboot your system into normal mode and use it as you would usually do. Hopefully everything will have improved. IF NOT then run a fresh HijackThis scan and look to see IF either of these files have returned … O2 - BHO: (no name) - {03E41DBC-C9F8-3A24-FE20-0B94A61C884F} - C:\WINDOWS\system32\qsokfli.dll O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxig.dll,startup IF they are present in the log do this ….. Please download VundoFix.exe to your desktop. 1. Double-click VundoFix.exe to run it. 2. When VundoFix re-opens, click the Scan for Vundo button. 3. Once it's done scanning, click the Remove Vundo button. 4. You will receive a prompt asking if you WANT to remove the files, click "YES". 5. Once you click yes, your desktop will go blank as it starts removing Vundo. 6. When completed, it will prompt that it will reboot your computer, click "OK". 7. Please post the contents of C:\vundofix.txt and a new HiJackThis log. If vundofix cannot delete a file, it will try to delete it during a reboot, after the reboot vundofix will open again, you must run vundofix again, from "Click the Scan for Vundo button" ... and you must keep running vundofix untill it does delete the file... I've known a stubborn vundo file take 5 or 6 reboots before it is deleted... Run vundofix again & again until you get the message "no infected files were found". **************** Is Spybot S&D working OK now (don’t forget to update that program too)? When you have done all this post a fresh HijackThis log with an update on how things are operating now. OJ Hi there, thanks alot!! Ok first off qsokfli.dll and v6.exe wernt present, but jkkjkih.dll and winmyy32.dll where. However when i tried to delete winmyyy32 it said that it cant delete it because 'Access is denied, Make sure the Disk is not read or write protected and hat the file is not currently in use'. For jkkjkih it said 'Cannot delete jkkjkih.dll: It is being used by another person or program. Close any programs that MIGHT be using the file and try again'. Below is another log. Logfile of HijackThis v1.99.1 Scan saved at 18:14:53, on 26/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\csrss.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Chris'\My Documents\My Downloads\hijackthis(3)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3981 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {601774FD-4B3F-44F0-99E3-B0E4E0146F65} - C:\WINDOWS\system32\jkkjkih.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [] "C:\Program Files\Internet Explorer\csrss.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: jkkjkih - C:\WINDOWS\SYSTEM32\jkkjkih.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Hi Run the vundofix routine explained at the end of my last post. Run it as often as necessary till you see "no infected files were found". After that post another fresh HJT log .... AND .... ....another update on how your computer is working now. OJWell theres no difference. My Antivir keeps popping up saying that jkkjkih.dll has been DETECTED, and i choose to delete them but an hour later it will come up with the exact same. Ive ran Vundo a couple of times and it keeps finding things but ill keep going. Thanks! ChrisHow's it all going, Chris? Fixed yet? OJ

3466.	Solve : Suspicious dll in XP (trojan related I'm sure)?
Answer» GLAD all seems to be well again. NOW you can do what I suggested in post #9 SAFE surfing. OJ

3467.	Solve : Autorun.inf Virus?
Answer» Hello everyone, a friend of mine caught the autorun.inf virus..he is on a dial up so it is hard to update virus definitions..i heard that there is a way to remove it by deleting all the files named autorun in local drivers but this didn't solve the problem..is there any way to remove it without the NEED to update? thxDownload AVG Free onto that computer and run the updater and just be patient. I'm on dial-up (28.8 kbps) and the last big update took me maybe ten or fifteen minutes to download. Or you can even download the manual updates from the site on broadband and then put them on his computer. Either way, it's certainly better than just deleting some files. You're pretty much guaranteed to have traces leftover. And malware likes to have parties. Once you get one, it will often let others in. So, there's a good chance he has more than one virus. Just be patient and take the time to install the necessary updates. Slow and steady wins the race.seems that this is the only way my friend..deleting or replacing files didn't solve it..guess the only option is to download those updates..thx for the help man..Like CBMatt says .... malware attracts malware. That autorun problem could indcate a number of issues. What I suggest is that, after AVG has been run and updated, post a HIJACKTHIS log here for further review. Hopefully anything bad will show up in that log. If you're unsure how to do this ..... download a self-extracting copy of HijackThis from here ……. http://downloads.malwareremoval.com/hijackthis_sfx.exe Save it to your Desktop. Double-click on the file hijackthis_sfx.exe file and it will self-extract into its own folder …… C:\Program Files\HijackThis Go to this folder and run the hijackthis.exe file. From the menu click on "Do a system scan and save a logfile". Copy and PASTE the HJT logfile to this thread. More specific removal instructions will follow for anything SHOWING up as bad. OJ the best way to run any ANTIVIRUS is in SAFE MODE, reboot the computer and keep pressing the F8 key and then select the SAFE MODE, when you are into the windows protected screen run the antivirus then there is a bigger chance it will be cleaned out. Try Asquared from here:- http://emsisoft.com/en/software/free/ OR AVG Anti-Spyware from here:- http://free.grisoft.com/doc/1

3470.	Solve : NOD32 Diskette, How Can I do it??
Answer» How can i create a DISKETTE from NOD32, to BOOT and VERIFY the computer??

3468.	Solve : Help Unable to View Links with IE 6?
Answer» unlovedwarrior ... no problem. Please add anything at any time if you feel it would be useful. Nhksrv.exe > Should be OK. See here .. http://www.liutilities.com/products/wintaskspro/processlibrary/nhksrv/ snmp.exe > Again, should be OK. Microsoft SNMP Agent service that allows the user to configure and manage the SNMP (Simple Network Managament Protocol). ************** littelp24 ... You should print this put to help you follow the advice. Make sure you have EXPOSED all Hidden Files & Folders. To enable the viewing of Hidden files follow these steps: 1. Close all PROGRAMS so that you are at your desktop. 2. Double-click on the My Computer icon. 3. Select the Tools menu and click FOLDER Options. 4. After the new window appears select the View tab. 5. Put a checkmark in the checkbox labeled Display the contents of system folders. 6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. 8. Remove the checkmark from the checkbox labeled Hide protected operating system files. 9. Press the Apply button and then the OK button and close My Computer. ******************* Download Ewido/AVG Anti Spyware from here …. http://www.ewido.net/en/ It has a fully working 30 day trial period. Install it and update it to the latest definitions. Do NOT use it yet. Now boot to safe mode. Here’s a “how to” if you’re not sure .. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 When in safe mode run a full system scan with AVGAS and let it fix what it wants to. REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it. [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time]. *************** STILL in safe mode ... open HJT ... click on scan ... put tick/check marks next to these entries IF they are still present ... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing) O15 - Trusted Zone: http://www.match.com O15 - Trusted Zone: http://www.mcartsworkshop.com O15 - Trusted Zone: http://www.webkinz.com O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://download.iwon.com/ct/pm3/iwonpm1,0,2,5.cab Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window. NOTE >> The 015 fixes above are optional. I would never keep anything in the Trusted Zone. It's just too dangerous. However, it's your choice to fix them or not. *************** Reboot to normal mode and use the computer as you would usually do. *************** Update your Webroot Spysweper to the latest definitions and scan the computer with it. Let it fix what it wants to. *************** Make sure you have the latest version of java installed. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6*. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"….. Click the "Download" button to the right. Check the box that says: "Accept* License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control PANEL double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version. ***************** Also make sure your antivirus and firewall are both fully up to date. *************** Run a full system-wide search of your computer for iwon**. Post BACK the results here giving the locations of anything found. Also post back a fresh HJT log and the scan report from AVG Anti Spyware. Let us know if anything has improved. OJ

3471.	Solve : question about Inspiron running slowly?
Answer» I recently came into possession of a Dell Inspiron 6000; before me, it was owned by a friend. When I first got it, it was very reliable, very fast, and very quiet. A few months later, and now it seems to be running slower and the fan is now constantly on -- not extremely loud, but like I said, it used to be dead-quiet. I downloaded a few free anti-adware programs, which enabled me to get rid of a few malware programs on my computer (there weren't many, though), checked for viruses that weren't there, and I also ran Defrag, but the computer is much less RESPONSIVE than it used to be (which ultimately makes me FEEL like a failure as computer-owner). I notice the computer is really slow at start-up. When I'm running a few different programs (like I usually have Windows Media Player, INTERNET Explorer, and Word Processor all running at once), the computer is pretty slow and unresponsive. However, if I'm running just Internet Explorer using multiple tabs for different sites, it runs generally okay. So I basically have two main questions: 1.) What more can I do to try to make my computer RUN as fast and as responsively as it did only a mere few months ago? and 2.) Is it normal for my computer's fan to be running constantly like this? (It should also be NOTED that I downloaded a program that allows me to check on the CPU temperature, and when I only have on program running, the average temp is usually around 28 degrees C, but higher when I have more programs running.) Thanks in advance, Joshok can we get some more info? like os and hardware specs and what software you used? unlovedwarrior

3473.	Solve : Invisible files?
Answer» Hello All the music from my computer recently DISAPPEARED, but the memory was still being used. I couldn't understand it and posted in a few forums, to no avail. When I go to the folder the music files were in, there are now no files. Hovering over the folder, it says it contains 0 BYTES and 0 folders. The folder in which the ALBUMS were stored is something along the lines of: D:/Documents and Settings/Tim/My Music When I type this into the Windows explorer bar, it appears, as usual, blank. However, I recently found that if I type the same, but then add the album folder name, the album will open, complete with MP3s... D:/Documents and Settings/Tim/My Music/Neil Young - Harvest So... the files are definately in the folder. Problem is, I had 40gb of music and cant remember every album's file name to type into the bar. Plus, sometimes it will open the folder when I type the album name in, but other times it won't. Please would somebody help - I'm out of ideas! Thanks! TimDouble post. I suggest that the discussion is continued in the POSTER's other thread, where it has a response already. I also think it is more appropriate there.Due to lack of response this thread now LOCKED. Should the original poster require it re-opening please PM GX1_Man or a moderator.

3479.	Solve : Trying to see if I have viruses?
Answer» Fixwareout Last EDITED 2/11/2007 Post this report in the forums please ... »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. .... »»»»» Checking for OLDER varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky ANTI-Virus 6.0\\avp.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -SILENT" "AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" .... Hosts file was reset, If you use a custom hosts file please REPLACE it »»»»» End report »»»»» this was my fixit report. I dont know if something is wrong but it is shorter than other peoplesHi Psychopath34 What made you think you had a wareout infection? It may be shorter because you didn't have the malware in the first place so perhaps Fixwareout had nothing to "fix". If you want to check if you have viruses, and try to remove them, please do this. Download Ewido/AVG Anti Spyware from here …. http://www.ewido.net/en/ It has a fully working 30 day trial period. Install it and update it to the latest definitions. Do NOT use it yet. Now boot to safe mode. Here’s a “how to” if you’re not sure .. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 When in safe mode run a full system scan with AVGAS and let it fix what it wants to. REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it. Reboot to normal mode and use the computer as you would usually do. [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time]. ******************* If this doesn’t succeed in fixing the problem download a self-extracting copy of HijackThis from here ……. http://downloads.malwareremoval.com/hijackthis_sfx.exe Save it to your Desktop. Double-click on the file hijackthis_sfx.exe file and it will self-extract into its own folder …… C:\Program Files\HijackThis Go to this folder and run the hijackthis.exe file. From the menu click on "Do a system scan and save a logfile". Copy and paste both the AVG AS scan report and the HJT logfile to this thread. At that time also give us some idea of why you have concerns about viruses and malware problems on your computer. More specific removal instructions will follow for whatever it is that's worrying you. OJwell, from time to time on my taskbar, the button sometimes grow smaller and I'm not doing anything.Not quite sure what you mean but proceed with my advice and use Ewido/AVG Anti Spyware & HJT. Post the logs back when finished WITH an update on how the computer is operating now. OJ

3480.	Solve : Patching??
Answer» How do you patch up holes in your machine?By installing patches. If you want a better answer you will to give me details on what exactly you want to patch.Well, What I really want to KNOW is, what if I EXPLOIT one of my other computers and there is no patch on the internet to download, how do you patch then? Can you make your own patch?Yes in theory you could make your own patches but this will usually not be feasible with any closed source software like Windows for example. Besides if you need to ask this is way, way, way above your level. I still don't understand what it is you want to do though. If you want to patch Windows go to Windows Update. If you're looking for patches for any other PROGRAM visit its homepage.I'm using Linux. It is above my level, that's why I'm only asking, I'm not actually trying to do it. I was just wondering if it was possible so I can start learning how.I made my own program in Perl to run an exploit on the other machines on my network. It was SUCCESSFUL, but there is no patch for it, because I discovered the hole.Topic Closed We are not here to teach exploit basics. Sorry.

3482.	Solve : AVG Free edition- reccuring result question.?
Answer» So I keep getting the following results every time I scan my computer using AVG Free edition. It's updated daily and is a wonderful program so far. But I'm new to It and I'm not sure what this means? (i) kernel32.dll CHANGE C:\WINDOWS\system32\kernel32.dll (i) user32.dll Change C:\WINDOWS\system32\user32.dll (i) shell32.dll Change C:\WINDOWS\system32\shell32.dll (i) ntoskrnl.dll Change C:\WINDOWS\system32\ntoskrnl.dll Every thing i read says they should be there, of course. I just don't KNOW if the files should come up on every scan as being changed? I have a ligit copy, OEM Windows XP Professional. recently re-installed and running smoothly on a SATELLITE M30 Laptop. Thanks for you time. There is a way to clear the change result, I just can't remember how atm. Nothing to worry about though. Edit: You could try the AVG forums, if you find out let me know.If you recently re-installed your OS, it may still be installing updates, which would account for the changes. It's usually nothing to worry about. Try giving it a few days and see if the changes are still being reported.

3483.	Solve : wats a TRT/ZXOP.viral file mean??
Answer» ok so ive been trying to do clean ups on my familys computers so like i go to uncles and his kid has this file he has no virus software or anything and his comps full to the brim and if i delete anything it comes back and i can download anything he has dell not sure about anything else on it but this TRT/ZXOP.viral popped up and ive searched through it a bit and it seems to be counting down all it is a timer if u open it...... its odd we cant delete and he keeps saying ur gonna buy me a new comp..... i aint the one on his comp downloading music soooo...... yeah he needs this for schoolhes running windows vista using IE 7 and msn i think is his isp its a dell if i didnt say it 200gb 7200rpm ULTRA ATA/ 100 hard drive is WAT it seems to beCcleaner Slim RogueRemover Ewido/AVG Anti-Spyware Online Scan Panda Activescan Ccleaner will free up some space. RogueRemover for the pups that aren't neccessarily viruses or spyware. AVG Antispyware will remove all but the viruses. Panda Activescan will remove the viruses. You may have to use another computer to get Ccleaner & RogueRemover. You may have to start in safe mode + networking for the online scans.yeah we tried that but we get a message in a green BOX and it SAYS to much memory please remove permanent files from your censored folderYou may have to start in safe mode + networking, remove some files or uninstall some programs then carry out the scans.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

3484.	Solve : Could Someone Take A Look At My HJT?
Answer» Hey, I know there's probably nothing wrong with my log but I'm just curious as to a few entires and I was wondering if someone could take a look and see what they think. Also, I have NOD32 and use Vista's firewall, do I need any additional SPYWARE protection, such as SUPERantispyware or something? What is recommended? Logfile of TREND Micro HijackThis v2.0.2 Scan saved at 11:54:01 p.m., on 21/08/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\Windows\System32\rundll32.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Steam\Steam.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Windows\System32\rundll32.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\DeltaSlaya\Desktop\Jeremy's Stuff\Files\Computer Stuff\HJT\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O13 - Gopher Prefix: O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179126965031 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179127107640 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Windows Display Driver Manager - Unknown owner - C:\Program Files\Common Files\System\Nvcpl.exe (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 8483 bytesFor the most PART, things look pretty clean. There are a few entries you should check, though... R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O13 - Gopher Prefix: O20 - AppInit_DLLs: O23 - Service: Windows Display Driver Manager - Unknown owner - C:\Program Files\Common Files\System\Nvcpl.exe (file missing) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present (You should check these two entries if you didn't place these restrictions on purpose.) Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and enable hidden files and folders. Then navigate to and delete the following file if it still exists... C:\Program Files\Common Files\System\Nvcpl.exe After that, you should be all set. And yes, I would suggest getting SUPERAntiSpyware. I would also suggest getting Spybot - Search & Destroy because it has an active scanner. Other than that, things are looking pretty good.Thanks, no I didn't set any restrictions but I might have changed its associations? No that file "Nvcpl.exe" is not present, and I'll get those two applications as well.It's possible that the restrictions were set by NOD32. I'm not terribly familiar with its features, so I don't know for sure if it has such a setting or not. I do know that Spybot can do such a thing, and users often apply it without realizing it. I can't say for sure what happened, but I don't think it was caused by an infection. But to be on the safe side, you should update your protection and scan in Safe Mode whenever you get a chance to do so.Just curious, in Spybot do you think I should keep SDHelper and Teatimer enabled? Are they necessary? I'm running Windows Vista and I don't use IE so do I need them?If you don't use IE, then SDHelper isn't really necessary. However, I think it would be a good idea to enable the TeaTimer so Spybot can be on alert and actively detect spyware. It's up to you, though. As long as you have NOD32 active, you don't need Spybot TeaTimer active...it's just strongly recommended.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you REQUIRE help, PLEASE start a New Topic with information about your computer and your problem.

3486.	Solve : is my network hacked??
Answer» My pc was hacked last month ,on my router i accidentally left my wireless on 2g and 5 G by accident. (I use an ethernet cord on my pc) so I did a FRESH install of my os, and i downloaded and ran a program CALLED netwatch and it shows two 'routers' on my network, one said cable box arris router the other says arris router, when i go to the connected devices on my router page it just shows my pc as being connected, and my voip vonage box,. I have my wireless 2g and 5 g disabled and i also got a new routerIf you did a fresh install and purchased a new router you should be good to go. Just make sure you have strong passwords.

3487.	Solve : rejg Ransomware removal?
Answer» my files are affected (encrypted) rejg RANSOMWARE? not all my files have .rejg file extension in addition to their respective file extension Could you please suggest the methods / ways to remove and recover the REJG ransomware? With this Ransomware there is 2 parts to decrypting the files. The Key which is in the txt file and the 2nd part which you need to pay a ransom for. There is no other WAY to decrypt the files at this time without the 2 parts. I recommend changing the drive/s and loading a CLEAN operating system. There may be a way in the FUTURE to unencrypt the files so if you have important data keep the drive safe. Now is a good time to look at your backups, if you don't have any it would be a great time to start. Also, paying the ransom is no guarantee that your files will be recovered. That is why regular back-ups of your computer is so important in this perilous times.

Explore topic-wise InterviewSolutions in .

Solve : Possible virus problem??

Solve : Difference-McAfee Antivirus & AOL AntiVirus?

Solve : impossible situation?

Solve : Check this out?

Solve : Trojan Protection?

Solve : Still having problems. Here's my HJT log.?

Solve : trojan - Hijack This logfile?

Solve : Hi there, another analysis please.?

Solve : norton Update without internet?

Solve : Does this sound like a virus to you??

Solve : Pop up virus?

Solve : Analysis/Help please?

Solve : Problem with ie?

Solve : inetsrv folder?

Solve : Another analysis please?!?

Solve : Suspicious dll in XP (trojan related I'm sure)?

Solve : Autorun.inf Virus?

Solve : Help Unable to View Links with IE 6?

Solve : Some nasty virus resident memory! Need help!!?

Solve : NOD32 Diskette, How Can I do it??

Solve : question about Inspiron running slowly?

Solve : How can I tell if someone is on my computer??

Solve : Invisible files?

Solve : "Locking" abandoned malware topics??

Solve : ** NEW HJT**?

Solve : Help - HijackThis Log attached!!?

Solve : Email - DO NOT OPEN?

Solve : Major brower problem.?

Solve : Trying to see if I have viruses?

Solve : Patching??

Solve : Your opinion?

Solve : AVG Free edition- reccuring result question.?

Solve : wats a TRT/ZXOP.viral file mean??

Solve : Could Someone Take A Look At My HJT?

Solve : Antispyware software for Windows 98?

Solve : is my network hacked??

Solve : rejg Ransomware removal?

Solve : can a virus execute by itself??

Solve : I Think I Found The Problem But I Don't Know How To Fix It?

Solve : free internet protection?

Solve : I think I have a virus?

Solve : Best way to remove Pop Up Ads.?

Solve : Toshiba Satellite L455D Laptop virus??

Solve : Windows 10 - Norton Vault password auto-fill not working?

Solve : Windows 10 doesn't need antivirus? True??

Solve : 'Delivery Failure' - Phishing for What??

Solve : New to Phishing?

Solve : Running two antivirus software?

Solve : Formatting disk after virus infection?

Solve : SpywareBlaster 6.0 won't open in Windows 10?

Solve : NEW HJT?

3489.	Solve : I Think I Found The Problem But I Don't Know How To Fix It?
Answer» I decided to use the HP Virtual Agent which tested my OS. (Windows 10) The screenshot below shows corrupt files of some sort. I don't KNOW what to do to fix it. I don't see any corrupt files.Do you have the OS DISK(s)?Your comment has been removed. PLEASE do not post malware advice, or post here in the malware FORUM, unless you need help.Superdave.

3490.	Solve : free internet protection?
Answer» Whats the best FREE internet protection that doesn't slow the pc down, got malwarebytes on at moment but keeps saying trial has expired.. don't know much about this pc lark..cheersIt depends on which OS you're using. I always recommend MicroSoft Security Essentials but this won't run on XP and Vista and it probably won't run on Windows 7 in a few days. Windows 10 has its own AV called Windows Defender. Im running Windows 8, I have windows defender on WOULD that be enough protection or should I be running something ELSE with it. Thanks.Only one AV should be enabled on a computer. More than that cause all kinds of problems. That is all I use on all my COMPUTERS.

3492.	Solve : Best way to remove Pop Up Ads.?
Answer» My PC does not have a malware ting. Instead, my Chrome BROWSER wants to show me stuff I don't want. What is the right WAY to stop this nonsense? So it is not malware, it is Nag Ware.You could try this: Open. Google Chrome. ... Click ?. It's in the top-right corner of the WINDOW. ... Click Settings. You'll find this option near the BOTTOM of the drop-down menu. ... Scroll down and click Advanced ?. ... Scroll down and click Content Settings …. ... Click Ads. ... Click the BLUE "Allowed" switch. ... Click the "Back"Thanks. I will do that.

3493.	Solve : Toshiba Satellite L455D Laptop virus??
Answer» Hello everyone,, I am wondering what could be the cause of my issue with my laptop. It was brought to my attention about a couple weeks ago. I would start the laptop and everything would just freeze up. Network would not connect, antivrius was disabled, and start menu was not responding. Eventually I would get a message saying Windows was not RESPONDED and to end the process. Bad news, right? But it would start in safe mode fine. So I backed up all my files and did a system restore (reset to factory settings) The restore went through, but I had a long of factory standard junk software I didn't care for. So, shortly after I did a CLEAN install of Windows 7, deleted all partitions, and started over fresh. I put all my files back on again, and it worked fine for a few days. In fact, it worked perfectly. Then suddenly the same things started to happen -it would start up, then not respond, lock up, and eventually require a hard restart. The whole time safe mode works just fine, but normal mode will not. Thinking it was a file that was causing it to be corrupt, I did another clean install of Windows 7, updated all my drivers, and it was running like a peach again. Worked fine through plugged in, unplugged, restarts, idle, SHUT down and back up again. There was nothing wrong with it. I did not put any old files on it this time, just keep the updates up on it and didn't go to any strange sites or download anything bogus. Just kept a clean copy to monitor. But just today now it is LOCKING up on startup again, acting the same way. I know it is not a file causing it. I'm thinking it has to either be a windows update that is messing with the hardware, or there is a virus. Has anyone heard of a virus that works like this? Is something hiding deep in the system that is programmed to show up after so long? Or do you think it was an update through Windows that has a compatibility issue? I haven't seen any other complaints on this model, so I am thinking it is not specific to my make/model. Aside from Windows I am running Avast, ThreatFire, Google Chrome, and that's about it. I have no other software installed aside from normal java updates, flash player, and drivers from the company's site for this model. Hi Your laptop is around 9 years old if it hasn't had any upgrades to the MEMORY (2 GB) and had a diagnostic of the hard drive ( 250 GB 5400 rpm). This would be the first to check. Also when you start the Laptop in Standard mode is it running warm. Warmer than in safe mode. Also running Avast on 2 GB of memory is a little harsh on the laptop. You can check your fan speeds and also your computer's temperatures by downloading and running Speedfan

3495.	Solve : Windows 10 doesn't need antivirus? True??
Answer» I'm going to install soon WIN 10 on my machine. A few days ago I watched some video about Win 10 on YT. Some guy there mentioned that installation of AV program on OS Win 10 is needless. That Win 10 is so good and secured, moreover, this OS has implemented own AV program that is sufficient enough for security of our COMPUTERS. And stuff like that. It's hard to believe in that for me. That's why I'm writing this post here. I'm curious what you guys are going to say about this Crap? Windows Defender is part of Windows 10 and it is a good AV solution. There are better 3rd party AV's (mostly not for free), but as long as you practice smart computing Defender should be fine.Actually, there is one word that stands out in your post that is very important — "our" — and that is important because of the question that arises about you having some sort of internal net where different FOLKS are using computers on that internal net. Point is that the more people you have using a bunch of computers the easier it is to have somebody make a mistake and accidentally invite some BAD bug into your internal net and that means you might want a HIGHER grade of protection. So I think for anyone to give you a good answer the information about your use of "our" could be useful, BUT I wouldn't be so quick to post information out here in public because that is also a flaw in the area of maintaining security. But I can sometimes get seriously paranoid about security, and there might be some who will state that I am being too paranoid about the idea you should PM a tech person you think you can trust here on this site, or another site, and do your discussion in that environment where only you and that tech person you have decided to trust can figure things out. By the way, the — "And stuff like that." — would also have a security professional asking what stuff? But I am again going to state that with security all sorts of little details posted in public can be a problem if a really skillful bad person is paying attention to what you post. There might be a good professional here in this CompHop Community that wouldn't mind helping you through a private means here or elsewhere. Not me, by the way. I am not reliable. I am a cancer patient and my medical situation can get very iffy and I might disappear from the Net for days on end because something in the chemotherapy went haywire.

3496.	Solve : 'Delivery Failure' - Phishing for What??
Answer» My Spam folder is catching about half a dozen or so messages a day titled "Delivery Status Notification (Failure)" from [emailprotected] They read that my message could not be delivered to random group addresses. I don't email groups. I don't belong to Google groups. Etc. etc. There's no HACKED emails in my Sent Items. The "More INFORMATION can be found here" redirects to a legitimate Google link. Is this a phishing attempt? Do I have a weird ADDRESS BOOK virus? Does someone else? If it is a phishing attempt, I can't for the life of me figure out the con.Your gmail account MIGHT be compromised.Neglected to add - this isn't my Gmail.

3497.	Solve : New to Phishing?
Answer» Never heard of this before. Someone has been using my old email address to beg for money from all my contacts. I don't know what to do about it. I can't even GET into that ACCOUNT they must have changed my password. I have opened a new email account but my FRIENDS and family keep ringing to say whoever it is is still SENDING emails begging for money. Any idea what I can do?

3499.	Solve : Formatting disk after virus infection?
Answer» Ok so long story SHORT I got a virus in my PC running win10, and ended up deciding that resetting the ssd (m. 2) would be the best option... The problem is that it won't let me do so from windows. I therefore decided that I would try to reset it from a PC running kali live. So I buy a m.2 to USB adapter, plug it in the kali pc. At this point I check the disk manager and it appears even if I am unable to interact with it. I then try gparted but it doesn't find the ssd... At this point I am out of ideas and need help. ThanksHi 4aure First things, even Windows 10 will not see all M2 drives on all MOTHERBOARDS without drivers and gparted under linux has the same problem. Both Linux and Windows should be able to see the M2 drive using the USB to M2 adapter. Is this plugged into a USB3.0 port as most M2 will not be able to get enough power from a USB2 port some won't work even from usb3. You could check the M2 specs for current REQUIREMENTS or post the model here. I would only use a M2 to sata adapter board. It would help if you could post. Motherboard make and model M2 Make and model How the M2 is configured in the Bios Thanks Instead of messing with Kali, download the Media Creation Tool from MS and create a bootable USB THUMB drive with Win 10 on it. It will allow you to boot from the thumb drive and install Win 10 on the PC. Make sure that you delete the current partitions on the Win 10 PC and then complete the install. Since you already have Win 10 on that PC, Windows will automatically activate. Don't COMPLICATE things by using Kali and a USB adapter. Here's the link to download the Media Creation Tool: https://www.microsoft.com/en-us/software-download/windows10

3500.	Solve : SpywareBlaster 6.0 won't open in Windows 10?
Answer» SpywareBlaster won't open. I have turned-off all anti-virus and anti-malware programs. I ran Process MONITOR but the log file was empty. Renaming/restoring the original profiles.ini of Firefox did not work. Neither running REPAIRS in Tweaking.com Windows Repair, nor restoring the registry, has HELPED. This is the only program that has stopped. Please tell me what the next step is! I'm not sure what Firefox has to do with anything, but try uninstalling and reinstalling SpywareBlaster. If that doesn't work, do a FULL scan with your installed AV program. Finally, you can reach out to Brightfort support if NEED be.