4832 + Interview Questions in Computer viruses and spyware in Software Page 71 InterviewSolution

3501.	Solve : I do not know if it is a virus or what ... but please help!?
Answer» A few days ago in the MIDDLE of working on PREMIER Pro software something got stuck and pixel shapes began to appear in the FORM of small green and pink figures. The computer crashed and shut down the software abruptly and windows froze and did not move, I could not even shut down the computer because the start button did not work. Since it came back a few times, I returned the computer to a restore point where I bought it and thought it worked out. But now (after two days) everything is back - the pixels of the characters, the freezes, etc... Does anyone have any idea what this could be? Is it a virus? Am I being attacked? Any help will be MUCH appreciated!Hello and welcome to Computer HOPE Forum. My name is Dave. I will be helping you out with your particular problem on your computer. This does not appear to be a problem with malware. I will move this thread to the appropriate forum where someone else may be able to help. I couple of questions. Do you always leave my passport plugged in and is there a disc in the CD drive? Is this a laptop or a desktop pc?

Discussion

3502.	Solve : cannot check viruses on mac?
Answer» Guys, I am a newbie with computers. Last week I noticed that when I wanted to open a window with a forum or web sites, I have problems. It shows that I have viruses, cannot check it, don't know how. Developers text me that I could be a spammer . I also started getting notified of being full stored inside mac, but it works quite well. Guys, do you have a piece of advice for me? I'm sorry but I can't give any help with malware on Mac OS. None of my tools are designed to work on that OS.Still thanks, Dave! I HOPE someone will help me or I will find out how to solve it. Don't you know if this program https://bestantiviruspro.org/review/mcafee-review/ works good for CHECKING any computer problems? I found it here on the forum, but haven't seen it earlier. Quote from: SuperDave on May 27, 2020, 12:38:57 PM I'm sorry but I can't give any help with malware on Mac OS. None of my tools are designed to work on that OS. here is a link to some popular AV's for Mac and many are free.Quote from: Elizabeth S. Silva on May 26, 2020, 04:32:15 PM Guys, I am a newbie with computers. Last week I noticed that when I wanted to open a window with a forum or web sites, I have problems. It shows that I have viruses, cannot check it, don't know how. Developers text me that I could be a spammer . I also started getting notified of being full stored inside mac, but it works quite well. Guys, do you have a piece of advice for me? Better late than never))) I would not say the description you have provided, Elizabeth, suggest you have any viruses on your mac. Or rather there is one, it is technically not a virus, it is a kind of scareware. I write this cause I have got one on my mac, coupled with Safari problems. I will PROVIDE more details in a while, it was on iMac in my office (now I am out with my ToughBook on site). Here I am))) I have already upgraded to Big Sur, and it has been a while since I had that issue. It was so nasty that it made me take a dozen of screenshots. I have tried MalwareBytes and MacBooster, both failed to detect the malware. The malware (I assume it was one) was named Quick Mac Fixer. Quick indeed, and super stubborn as it loaded its voice message with a nice female voice, slight accent like Eastern European (maybe), TELLING something like blah blah blah there are malware and memory hogs on your mac, please let me remove'em all. It 'found' hundreds of threats in a bling of an eye. I could not remove it manually, it simply would not let me sending it to Trash. I assume it kept its processes running on the background that prevented the removal. Fortunately, the scareware does not seem to be compatible with Big Sur, but there are still many users AROUND running lower versions of macOS. The outrageous thing is that the malware is still available for download, its website is not even marked unsecure or something. https://ibb.co/PNnmjR6 Here you can see a couple of screenshots, I have not managed to add it to my first posting...This thread is almost one year old. I'm quite sure that the original poster has moved on.

3502.

Solve : cannot check viruses on mac?

Answer»

Guys, I am a newbie with computers. Last week I noticed that when I wanted to open a window with a forum or web sites, I have problems. It shows that I have viruses, cannot check it, don't know how. Developers text me that I could be a spammer . I also started getting notified of being full stored inside mac, but it works quite well. Guys, do you have a piece of advice for me? I'm sorry but I can't give any help with malware on Mac OS. None of my tools are designed to work on that OS.Still thanks, Dave! I HOPE someone will help me or I will find out how to solve it. Don't you know if this program https://bestantiviruspro.org/review/mcafee-review/ works good for CHECKING any computer problems? I found it here on the forum, but haven't seen it earlier.
Quote from: SuperDave on May 27, 2020, 12:38:57 PM

I'm sorry but I can't give any help with malware on Mac OS. None of my tools are designed to work on that OS.

here is a link to some popular AV's for Mac and many are free.Quote from: Elizabeth S. Silva on May 26, 2020, 04:32:15 PM

Guys, I am a newbie with computers. Last week I noticed that when I wanted to open a window with a forum or web sites, I have problems. It shows that I have viruses, cannot check it, don't know how. Developers text me that I could be a spammer . I also started getting notified of being full stored inside mac, but it works quite well. Guys, do you have a piece of advice for me?

Better late than never)))
I would not say the description you have provided, Elizabeth, suggest you have any viruses on your mac. Or rather there is one, it is technically not a virus, it is a kind of scareware. I write this cause I have got one on my mac, coupled with Safari problems. I will PROVIDE more details in a while, it was on iMac in my office (now I am out with my ToughBook on site). Here I am))) I have already upgraded to Big Sur, and it has been a while since I had that issue. It was so nasty that it made me take a dozen of screenshots. I have tried MalwareBytes and MacBooster, both failed to detect the malware. The malware (I assume it was one) was named Quick Mac Fixer.

Quick indeed, and super stubborn as it loaded its voice message with a nice female voice, slight accent like Eastern European (maybe), TELLING something like blah blah blah there are malware and memory hogs on your mac, please let me remove'em all. It 'found' hundreds of threats in a bling of an eye.
I could not remove it manually, it simply would not let me sending it to Trash. I assume it kept its processes running on the background that prevented the removal.
Fortunately, the scareware does not seem to be compatible with Big Sur, but there are still many users AROUND running lower versions of macOS. The outrageous thing is that the malware is still available for download, its website is not even marked unsecure or something.
https://ibb.co/PNnmjR6
Here you can see a couple of screenshots, I have not managed to add it to my first posting...This thread is almost one year old. I'm quite sure that the original poster has moved on.

Discussion

3503.	Solve : Possible Virus or Spyware?
Answer» Hello. A whole bunch of problems happen today. I was downloading something and suddenly my McAfee picks up a whole bunch of trojans. I did not get it from any WEIRD sites. The place I went to is usually safe. I haven't had any problems until today. I decided to do a malwarebytes scan. It found a few things. I fix those. I got a message saying that someone is doing a remote connection. I checked my remote settings and the boxes are not checked. I did an Ad-Aware Scan. Half way through that I saw a blue screen with some sort of message. The computer restarted before I can even finish one line. After it restarted, my desktop background is black. I RIGHT clicked on the desktop, properties and went through control panel, display, and there is only the screen saver tab. I went to the registry to see the value number. It is 0 for appearance and background. I left that aside and started to do some scans. I was able to do a full Malwarebytes scan, Ad-Aware Smart Scan, and a SpyBot scan. During the Malwarebytes scan my McAfee scan came up with a few messages. It detected Generic Pup.x, Cutwail.gen. Generic Dropper, FakeAlert-AX, and Generic BackDoor. It said it deleted it so I guess it's OK for now. Here's the part that makes me worry about what is going on. I open firefox and it open up to whatever I was on before. It did not give me the option of restoring or starting new. I tried to e-mail something to myself. Nothing. I tried it three times and nothing. I closed firefox and opened it again and I get whatever I was on before I closed it without any messages to restore or starting new. I'm not sure what is going on. I did a Hijack This. Here's the log. Any information would be great. Here is the log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:17:18 AM, on 11/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SafeConnect\scClient.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SafeConnect\scManager.sys C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) N4 - Mozilla: # Mozilla User Preferences / Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs / user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.src"); user_pref("browser.startup.homepage_override.mston e", "rv:1.8.1.13"); user_pref("intl.charsetmenu.browser.cache", "UTF-8"); user_pref("network.cookie.prefsMigrated", true); user_pref("prefs.converted-to-utf8", true); user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file"); (C:\Documents and Settings\ALUCARD\Application Data\Mozilla\Profiles\default\hjtptqdy.slt\prefs.js) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [msupdate.exe] C:\WINDOWS\system32\msupdate.exe -check O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SafeConnect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access LIBRARY 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing) -- End of file - 13134 bytes I have no problem with reformating my computer. I hope I hear from you guys SOON. Until then, I'm going to do some scan under safe mode. Maybe I can't get something there.Alright I was able to fix most of it. I got the display tabs and backgrounds fixed. I was looking in the wrong area in the registry. As for the e-mail, one provider doesn't seem to work and the other works. I'll just change the settings on those. The firefox is still doing the same thing. I'm still a bit worry about the remote connection message. If you guys can just look at the log and see what is bad and good that would be great.If you made any changes to your system after you posted the hijackthis log I would run it again and post a fresh log also post the logs from fresh scans with malwarebytes and superantispyware. Then just wait and one of the specialist should be along to look at them.Here is the new log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:02:37 PM, on 11/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SafeConnect\scClient.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SafeConnect\scManager.sys C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) N4 - Mozilla: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.src"); user_pref("browser.startup.homepage_override.mston e", "rv:1.8.1.13"); user_pref("intl.charsetmenu.browser.cache", "UTF-8"); user_pref("network.cookie.prefsMigrated", true); user_pref("prefs.converted-to-utf8", true); user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file"); (C:\Documents and Settings\ALUCARD\Application Data\Mozilla\Profiles\default\hjtptqdy.slt\prefs.js) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [msupdate.exe] C:\WINDOWS\system32\msupdate.exe -check O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SafeConnect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing) -- End of file - 13142 bytes Thanks mroilfield Hello Koyu. There are some very questionable entries in the HJT log. To further help you I will need the logs from THIS POST. Please read through and follow all of the instructions then post the 3 logs.I've been writing a new tool to scan HijackThis logs and happened to run your log through it to test it and noticed that you had a Symantec Norton (aluschedulersvc.exe) process on the computer in addition to your McAfee VirusScan. If you have no other Symantec products on the computer definately make sure you're not running more than one AntiVirus (in part or whole) on the computer since it can cause a number of issues. If no other Symantec products have been installed you may want to go through Add/Remove programs in control panel and make sure it's completely uninstalled.

Discussion

3504.	Solve : Does this look right, Help ??
Answer» I swear, this guy is Mac. Raptor Quit trying to play it cool ! I have no doubts about what part you played in all this. And Oh, let me tell you that AOL had some kind of we can protect your mail, then reneged, about three weeks ago, tee hee my mail files are gone on the reboot. Thank you!!Thank you !! nice, nice, very nice ! Jp PS do I desrve to know what mac means ? JP ..... So whats the situation now with your pc ? Have you successfully installed SP2 ? Do you have the other critical UPDATES installed ? Did the activation process go ok ? dl65 Dl65, I did reformat with the restore CD's, but , . . when going to MS UD, there were quite afew, and I chose from the top of the list it updated SP1, instead of updateing what I thought was sp1 to sp2, . . . in the mean time, I downloaded that TrUST ME Firewall and decided they had to go, I could't get rid of them and decided to reformat a 2nd time, This time I definitely did not get exactly the same thing, there were some distnct differences, I can't even imagine how or why, . . . anyway, . . . I still haven't d/l sp2, and right now, I am just recharging after realizing I really I can't afford to sue MS or somebody or maybe ANYBODY else that ever crosses my path. again, . . . ever, . . . I don't even care . . ., but just exactly where is this d/l, . . and is it really worth it, . . I mean in your opinion, . . I mean, . . maybe I should just update AOL security, and consider myself a lucky devil, just to live in a free world. JP Jp ..... Ok , so you have SP1 installed now and all of the applicable updates (excluding SP2) and the pc is working ok. Do you have a anti-virus installed ? Now go back to MS windows updates and d/l SP2 ( don't d/l anything other than SP2 first) ...... once its installed and things are working ok , go back to MS update page and click express , let it scan and then d/l all the updates for SP2 http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us dl65 And if you have a burner, then burn it to a CD so you have no excuse to not be updated BEFORE you ever go on the internet next time you get to format that machine. Burn AVG and Spybot on that same CD as well.Thanks Dl65, No, I don't and I can't belive this, I am seeing all the great security products that AOL has to offer, I just reformated I I get this; Where have I gone wrong ? Jp Jp ....... Lets forget about the A O Hl thing for now....... More important .......Have you downloaded and installed SP2 ? Go into control panel/system ...... general tab and take a screen shot and post it here. Now then , what is it the is so great with the "great security products" that AO hl offers? Which products are you refering to? dl65 dl65, The security programs for AO H*L http://free.aol.com/tryaolfree/wr6_asm/more_info.adp http://daol.aol.com/safetycenter I now have this revamped computer running SP1, am I'm sorry but it is like I died and went to heaven. I definetly need a new key board, the reason my curser is out there doing alot of crazy things. After I get this key board installed I will be back, thanks much for now. Jp Jp, you really need to download and install SP2 before you spend anymore time online. You're in a vulnerable state right now.Reading this is like watching a dog drag its behind over the floor after it had a bad sht. Don't get me wrong, it's FUN to watch. Unless you're the person having to mob it up... QUOTE from: Jp on May 05, 2007, 07:44:04 AM <pic removed by admin> Your pictures aren't showing up for me, Jp.Raptor, Hardee Har-Har CBMatt, What do you mean ? I was asked by dl65 to post it, it's the right picture isn't it ? JpRaptor, Why don't you in all of your computer prowress, and savy, get yourself a remote accsess and just fix the censored thing for us hopeless sons of dogs. You would be in Compuserve Heaven, exactly were you think you going to be some day ! Jp

3504.

Solve : Does this look right, Help ??

Answer»

I swear, this guy is Mac. Raptor Quit trying to play it cool !

I have no doubts about what part you played in all this.

And Oh, let me tell you that AOL had some kind of we can protect your mail, then reneged, about three weeks ago, tee hee my mail files are gone on the reboot.

Thank you!!Thank you !! nice, nice, very nice !

Jp

PS do I desrve to know what mac means ? JP ..... So whats the situation now with your pc ?
Have you successfully installed SP2 ?
Do you have the other critical UPDATES installed ?
Did the activation process go ok ?

dl65
Dl65,

I did reformat with the restore CD's, but , . . when going to MS UD,
there were quite afew, and I chose from the top of the list it updated SP1,
instead of updateing what I thought was sp1 to sp2, . . .

in the mean time, I downloaded that TrUST ME Firewall and decided they had to go, I could't get rid of them and decided to reformat a 2nd time,

This time I definitely did not get exactly the same thing, there were some distnct differences, I can't even imagine how or why, . . . anyway, . . .

I still haven't d/l sp2, and right now, I am just recharging after realizing I really I can't afford to sue MS or somebody or maybe ANYBODY else that ever crosses my path. again, . . . ever, . . .

I don't even care . . ., but just exactly where is this d/l, . . and is it really worth it, . . I mean in your opinion, . . I mean, . . maybe I should just update AOL security, and consider myself a lucky devil, just to live in a free world.

JP

Jp ..... Ok , so you have SP1 installed now and all of the applicable updates (excluding SP2) and the pc is working ok.

Do you have a anti-virus installed ?

Now go back to MS windows updates and d/l SP2 ( don't d/l anything other than SP2 first) ...... once its installed and things are working ok , go back to MS update page and click express , let it scan and then d/l all the updates for SP2 http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us

dl65 And if you have a burner, then burn it to a CD so you have no excuse to not be updated BEFORE you ever go on the internet next time you get to format that machine. Burn AVG and Spybot on that same CD as well.Thanks Dl65,

No, I don't and I can't belive this, I am seeing all the great security products that AOL has to offer, I just reformated I I get this;

Where have I gone wrong ?

Jp

Jp ....... Lets forget about the A O H**l thing for now.......
More important .......Have you downloaded and installed SP2 ?
Go into control panel/system ...... general tab and take a screen shot and post it here.

Now then , what is it the is so great with the "great security products" that AO h**l offers? Which products are you refering to?

dl65
dl65,

The security programs for AO H**L

http://free.aol.com/tryaolfree/wr6_asm/more_info.adp

http://daol.aol.com/safetycenter

I now have this revamped computer running SP1, am I'm sorry but it is like I died and went to heaven.

I definetly need a new key board, the reason my curser is out there doing alot of crazy things.

After I get this key board installed I will be back, thanks much for now.

Jp

Jp, you really need to download and install SP2 before you spend anymore time online. You're in a vulnerable state right now.Reading this is like watching a dog drag its behind over the floor after it had a bad sh*t.

Don't get me wrong, it's FUN to watch. Unless you're the person having to mob it up... QUOTE from: Jp on May 05, 2007, 07:44:04 AM

<pic removed by admin>

Your pictures aren't showing up for me, Jp.Raptor,

Hardee Har-Har

CBMatt,

What do you mean ?

I was asked by dl65 to post it, it's the right picture isn't it ?

JpRaptor,

Why don't you in all of your computer prowress, and savy, get yourself a remote accsess and just fix the *censored* thing for us hopeless sons of dogs.

You would be in Compuserve Heaven, exactly were you think you going to be some day !

Jp

Discussion

3505.	Solve : Windows activation Trojan can catch the unwary?
Answer» Watch out – the bad guys have stepped up their Trojan creation nastiness by creating Trojans that look like real Windows alerts which wouldn’t fool experts but could easily catch novices. Given Microsoft’s well publicized anti-piracy drives, some novice to intermediate users might easily be fooled by a new Trojan horse called “Trojan.Kardphisher” which opens up a relatively realistic looking “Microsoft Piracy Control” dialog box. Symantec says that Trojan.Kardphisher is a “Trojan horse that attempts to steal credit card numbers by tricking the user into entering their credit card details to activate Windows”. Frighteningly, if a user falls victim to this Trojan, the rogue software will shut down Windows should the user CHOOSE to “activate” their copy of Windows later, something that would easily spook novice and intermediate users into entering their details when they next turn their computer on, because the Trojan instantly activates itself again and prevents you from running other software. The Trojan, which you can see 'screen 1' of here, and then 'screen 2' of here, is incredibly brazen. Once you choose to “activate” your copy of Windows because the Trojan tells you that “Your copy of Windows was activated by another user”, it asks you to enter in your location, your contact information, your credit card number, your ATM pin number (!), your card’s expiration date and the 3-digit CVV2 number. The software tells you that your card won’t be charged, but that it needs the details to proceed with activation. Naturally, if you DIVULGE your real details, they are sent off to the author of the Trojan, who can then use them to steal your identity, rack up credit card debts and do other nasty things. One suggestion from the web on dealing with the Trojan should you find yourself infected with it is to simply enter in fake details, simply so that you can get past the “activation” process and immediately find out how to remove the Trojan from your system. Thankfully, Symantec have posted removal instructions which tell you how to get rid of the Trojan. If a user does choose to run Windows over the web, the trojan asks the victim to enter location, contact information, credit card number, PIN and card expiration date. It’s important to know that Microsoft and other companies will NOT ask you to enter credit card details and other information for the simple purpose of activating software. Of course, you will be asked for some personal information if you are registering software you have just purchased, and we may well see attempts by the ‘bad guys’ to now create registration Trojans that look ever more realistic. The attempts at ‘social engineering’ to get you to voluntarily hand over sensitive private details are only GOING to increase, making it ever more imperative that users become ultra web-savvy, as well as protected as much as possible by Internet Security Suites from companies such as Symantec, McAfee, Trend Micro, ZoneAlarm, AVG and others, along with protective anti-phishing software such as TrustDefender www.trustdefender.com. If ever in doubt – err on the side of caution and never enter your real details. Get the help of a knowledgeable FRIEND, call the tech support department of the software or hardware you are using, ask questions – don’t just hand over personal details that could expose you to identity theft, fraud and more – and make sure that you are using the very latest security programs and make sure their automatic update features are permanently turned on. http://www.itwire.com.au/content/view/11853/1103/Quote “Trojan horse that attempts to steal credit card numbers by tricking the user into entering their credit card details to activate Windows” Won't fool me. Might fool newbies though...I think you'd have to be pretty dense to get duped by this one, but I've seen worse. In any case, thanks for the info.crap... i better warn my family. they might just fall for it

Discussion

3506.	Solve : run two at once?
Answer» Hi,can you tell me if it is ok to run more than 1 spy,virus prog at the same time. thanks for your time....Like I say here, you can run two at the same time, but you really shouldn't. The two programs are likely to conflict and they might let certain infections slip through, as it can hinder the scanning, detecting, and cleaning process. It'll also use up a lot of resources.More than one antivirus PROGRAM with real-time protection is not a good idea. More than one anti-spyware program is, and is highly recommended, as no one product will catch all of them.This will cause nothing but problems....simple ANSWER NO.Thanks! all of you for your time that helps.cheers..........Yes like they say, More than 2 AV No, More 1 (or 50 LOL) AntiSPY YES!...What?Liek I said, Chris - upping the post count without substance. Quote from: GX1_Man on May 07, 2007, 03:57:23 AM Liek I said, Chris - upping the post count without substance. Alright, alright, you got me on that one. HEH.

3506.

Solve : run two at once?

Answer»

Hi,can you tell me if it is ok to run more than 1 spy,virus prog at the same time.
thanks for your time....Like I say here, you can run two at the same time, but you really shouldn't. The two programs are likely to conflict and they might let certain infections slip through, as it can hinder the scanning, detecting, and cleaning process. It'll also use up a lot of resources.More than one antivirus PROGRAM with real-time protection is not a good idea.
More than one anti-spyware program is, and is highly recommended, as no one product will catch all of them.This will cause nothing but problems....simple ANSWER NO.Thanks! all of you for your time that helps.cheers..........Yes like they say, More than 2 AV No, More 1 (or 50 LOL) AntiSPY YES!...What?Liek I said, Chris - upping the post count without substance. Quote from: GX1_Man on May 07, 2007, 03:57:23 AM

Liek I said, Chris - upping the post count without substance.

Alright, alright, you got me on that one. HEH.

Discussion

3507.	Solve : BHO just won't quit?
Answer» nnnlmmm.dll IS GONE!!!!! I also was able to delete C:\WINDOWS\system32\ddcyxya.dll So, I guess my comp is good! I'll take a look back here to see if you guys have any more comments for me. But, again... a big "thank-you" for all the help. Especially, CBMatt Also, I had no idea that alcx monitor did that!!! I'm glad it's gone! ALRIGHT! and here's my (hopefully) clean HJT log: --------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 9:29:57 AM, on 5/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\VisualZone\VisualZone.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mchsi.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/ O2 - BHO: (no name) - {058FC709-D5CD-4A95-92DB-59E6488ECDA4} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file) O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [CookieJar] C:\Program Files\Cookie Jar\CookieJar.exe /qd_banned O4 - Global Startup: VisualZone.lnk = C:\Program Files\VisualZone\VisualZone.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O16 - DPF: ppctlcab - O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} - O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe --------------------------------------------------------------------Alright, it's looking pretty good! Definitely a relief. The particular infection you had has actually been known to cripple a few systems. If we hadn't gotten rid of it, your computer lag might've kept getting worse. The VirtumondeBeGone log mentioned that the file was renamed to: C:\WINDOWS\system32\nnnlmmm.dll.vir Does this file still exist on your computer? If so, it should be safe to go ahead and delete it. Make sure you keep up with your regular anti-virus updates and scans. You'll also want to install the latest version of Java as soon as you can; this will help prevent future infections. And for safer browsing, I suggest downloading SiteAdvisor and Spware Blaster. How are things running now? Have you noticed an improvement?Yeah, the speed's back up, and I'm booting-up fine. I almost forgot about updating java. I used to have spywareblaster, but I got rid of it. Maybe it's time for another try. I'll also try site advisor. Thanks, -dudemanGood, glad to hear it. As long as you go through the options and enable EVERYTHING in SpywareBlaster (I'm not sure why it doesn't do it automatically), it's really handy to have. And I really feel naked if I surf WITHOUT SiteAdvisor. Even when I'm not naked... cough Be sure to come back if you have any other issues.also dl superantispyware like i SAID earlier and give that a go just to help clean up

Discussion

3508.	Solve : my pc crashed after installing NOD32 antivirus?
Answer» good morning everyone! i need all the help i can get from u guys. i installed the NOD32 antivirus on my pc and found parite b virus,parite b unpacked virus,small K virus and trojan b virus...came from a yulgang bot/auto attack program received by my brother from a friend who plays the scions of fate online game.After scanning and cleaning,it says these VIRUSES cant be cleaned.My pc was still running smoothly after running the anti virus software but after 4 hours pc crashed.When i tried to restart it ,I cannot log in anymore.Deskstop freezes and I cant use any program.Now more problem is,i had deep freeze installed and i cant unfreeze it.I hired a computer technician to fix the problem but he wasnt able to fix it. What shall I do?Any advise regarding this? Note:I am not a computer techie.I use my pc for emails,surfing and confrence calls on msn and ym most of the time.I dont have much knowledge on computer "LINGO". thank you. waiting for ur replieswhat windows do you have?? what other protections do you have?? unloved warrior,im using windows XP. intel pentium D 2.8GHZ (915) 2X2MB 800 MHZ dual core LGA 775 asus P5VD2-MX CORE2DOU DDR2 512 MB DDR2 western digital 80GB 7200 RPM INNO3D GF6500 PCI EXPRESS 128MB i hope this is helpful info. i bought pc 2 months ago.so its basically new. Now i cant use it and the computer techie i hired cant fix the problem as well. what other protections do you have?? do you get any error messagesprotection? =i only have deep freeze installed 2 months ago and just installed and run the NOD32 anti virus software yesterday...pc crashed after 4hours...do a system restore start all programs accessors system tools system restore no error messages. after pc crashed and i restarted,all icons on my administrator deskstop are gone and desktop froze.if i switch to guest user,all icons on desktop can be seen but its also frozen.u cant click on anyone of them.i tried to unfreeze my DEEPFREEZE but cant do so also...Techie tried RESTORING affected programs,but cant unfreeze DEEPFREEZE as well. http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml run that and see if that helpok.i will try it when i get HOME in 30mins.im using pc from work.thank u very much!Do you have a real WIndows CD? Is this home or pro?I dont know if the techie who assembled my pc and installed the programs used real Windows CD. I havent been able to fix it yet. Same problem:cant run any program right now.if i start pc,deskstop still froze and on depfreeze.go into safe mode and disable deepfreeze and anything else thats not required for start up rapidly press f8 before windows loads go into msconfig to do this start run enter msconfig click ok and go to start up and uncheck any programs like wordd or deepfreeze that arent required for windos to start upQuote from: docallenlou on May 03, 2007, 09:03:03 AM I dont know if the techie who assembled my pc and installed the programs used real Windows CD. If you didn't get a CD and COA sticker on the case it is probably not. Everyone needs a real Windows CD sooner or later. In your case it appears to be sooner. hi! to GX1_Man: techie installed real windows Xp cd... Was unable to Unfreeze my pc.So, Reformatted my pc today and running smoothly now. Downside is,I lost my FREE hours to reformatting it instead of going to sleep after work.lol.and lost important files!:( Installed another anti virus software,deep freeze and firewall from my internet provider. After reformat,Scanned for viruses and still found trojan,worm and vbs.small K viruses. From 1400++ viruses before reformatting,down to 40 trojan,worm and viruses total now after reformat. Question1.What anti trojan software will I use to be able to delete them completely?and delete the worm as well? Question2.What exactly is a yulgang program?What does it do?what i just know is,its a bot used in an online game.Is it the one that made my pc crash??? AntiVir anti virus software installed.Is this good?

3508.

Solve : my pc crashed after installing NOD32 antivirus?

Answer»

good morning everyone!
i need all the help i can get from u guys.
i installed the NOD32 antivirus on my pc and found parite b virus,parite b unpacked virus,small K virus and trojan b virus...came from a yulgang bot/auto attack program received by my brother from a friend who plays the scions of fate online game.After scanning and cleaning,it says these VIRUSES cant be cleaned.My pc was still running smoothly after running the anti virus software but after 4 hours pc crashed.When i tried to restart it ,I cannot log in anymore.Deskstop freezes and I cant use any program.Now more problem is,i had deep freeze installed and i cant unfreeze it.I hired a computer technician to fix the problem but he wasnt able to fix it.
What shall I do?Any advise regarding this?

Note:I am not a computer techie.I use my pc for emails,surfing and confrence calls on msn and ym most of the time.I dont have much knowledge on computer "LINGO".

thank you.
waiting for ur replieswhat windows do you have?? what other protections do you have??

unloved warrior,im using windows XP.
intel pentium D 2.8GHZ (915) 2X2MB 800 MHZ dual core LGA 775
asus P5VD2-MX CORE2DOU DDR2
512 MB DDR2
western digital 80GB 7200 RPM
INNO3D GF6500 PCI EXPRESS 128MB

i hope this is helpful info.
i bought pc 2 months ago.so its basically new.
Now i cant use it and the computer techie i hired cant fix the problem as well.
what other protections do you have?? do you get any error messagesprotection?
=i only have deep freeze installed 2 months ago and just installed and run the NOD32 anti virus software yesterday...pc crashed after 4hours...do a system restore

start
all programs
accessors
system tools
system restore
no error messages.
after pc crashed and i restarted,all icons on my administrator deskstop are gone and desktop froze.if i switch to guest user,all icons on desktop can be seen but its also frozen.u cant click on anyone of them.i tried to unfreeze my DEEPFREEZE but cant do so also...Techie tried RESTORING affected programs,but
cant unfreeze DEEPFREEZE as well. http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

run that and see if that helpok.i will try it when i get HOME in 30mins.im using pc from work.thank u very much!Do you have a real WIndows CD? Is this home or pro?I dont know if the techie who assembled my pc and installed the programs used real Windows CD.

I havent been able to fix it yet.
Same problem:cant run any program right now.if i start pc,deskstop still froze and on depfreeze.go into safe mode and disable deepfreeze and anything else thats not required for start up

rapidly press f8 before windows loads

go into msconfig to do this

start run enter msconfig click ok and go to start up and uncheck any programs like wordd or deepfreeze that arent required for windos to start upQuote from: docallenlou on May 03, 2007, 09:03:03 AM

I dont know if the techie who assembled my pc and installed the programs used real Windows CD.

If you didn't get a CD and COA sticker on the case it is probably not.

Everyone needs a real Windows CD sooner or later. In your case it appears to be sooner. hi!

to GX1_Man: techie installed real windows Xp cd...

Was unable to Unfreeze my pc.So, Reformatted my pc today and running smoothly now.
Downside is,I lost my FREE hours to reformatting it instead of going to sleep after work.lol.and lost important files!:(
Installed another anti virus software,deep freeze and firewall from my internet provider.
After reformat,Scanned for viruses and still found trojan,worm and vbs.small K viruses.
From 1400++ viruses before reformatting,down to 40 trojan,worm and viruses total now after reformat.

Question1.What anti trojan software will I use to be able to delete them completely?and delete the worm as well?

Question2.What exactly is a yulgang program?What does it do?what i just know is,its a bot used in an online game.Is it the one that made my pc crash???

AntiVir anti virus software installed.Is this good?

Discussion

3509.	Solve : Thank you for this forum!?
Answer» I just joined today and have been reading like a mad woman (you know not to make us mad!) and have really learned a lot. One of the THINGS I did right away was d/l SUPER Anti-SPYWARE that someone mentioned. Danged if it didn't catch 151 critters! Can this spyware run along with other anti-spyware or anti-virus? Great forum, great INFO and a lot of helpful folks! Thanks again!Spybot, AVG Antivirus, CCleaner and AdAware are what I use on the Windows boxes.Technically, you can run them together, but it's best to not run different malware scanners at the same time. It can cause conflicts that might allow infections to slip through.Your thanx are much appreciated...and Welcome Aboard !also dl avg anti-spyware

Discussion

3510.	Solve : ATTN.: UnLoved Warrior; FROM: Walker93268; RE.: The "Zango" Adware/Virus.?
Answer» Hey there brother, I apologize that it has taken me as long to SEND you this posting. I lost the paper you gave me with the site directions until this morning. In either case, After we spoke at 7-11 the other night....... I went home to try the things I said I would try before I sought out more drastic measures like we were discussing. Luckily, I was successful and have been able to use my computer, problem free, ever since. What I did: 01.) I went to the Start Menu => Run => and typed in "msconfig" (like we talked about. 02.) I then clicked on the button that read "Boot Necessary Items Only" (or something like that). 03.) Then, I restarted my system (in Normal Mode). 04.) Only the nec. items STARTED, which did not include the Zango Program. 05.) I went to my "Control Panel" and chose "Add/Remove Programs." 06.) From there, I scrolled down and deleted everything Zango Related. 07.) Then, I went back to msconfig and placed it back on normal boot mode. 08.) Then, I restarted my system again. 09.) After Booting up and signing in, I had to run updates for my viral programs. after that, I ran both programs for full system scans. 10.) Next I ran a search from any files related to Zango and removed them as well. 11.) Just to be safe, I re-ran my viral programs and and file searches, and my system shows clean. It has been running problem free and without PROBLEMS ever since. I appreciate your insight. It was you mentioning the MSConfig at 7-11 that made me think of pursuing this route. Shoot me a message or gimme a call when you get the chance. ~Goliath (Walker93268) ok thats great to hear i cant quite remember the program i gave you so can you plz tell me and do you remember any of the infections names so that other members can give advise.. also go to my computer local drive program files and make sure the zango folder and delete it for me in safe mode.. restart rapidly press f8 before windows loads unlovedwarriorYou didn't give me a program to use. Also, I did not mention it, but I had already gone to the Program Files and deleted the folder for Zango. I didn't find it the way you just asked me to. When I did the Search for the files with "Zan" and "Adware" and "Zango" it automatically showed the locations of all related files and folders. That way I could use another window and go straight to each files and delete them individually and completely. I did not need to operate in safe mode because the program was disabled when I disabled it in the msconfig section and restarted it in normal mode. That route was more comfortable for me. As usual, I appreciate you help and input. I apologize that it took me as long to reply to your return posting. I'll shoot you a call later. ~Goliath ok get supereantispyware from www.superantispyware.com get the free one go here http://free.grisoft.com/doc/1 get all three of the programs avg free avg antispyware avg antirootkit go here http://www.safer-networking.org/en/mirrors/index.html and dl spybot search and destroy go here http://www.lavasoftusa.com/download_and_buy/product_comparison_chart.php get the free adaware go here http://www.ccleaner.com/ccdownload.asp dl Ccleaner go here http://www.merijn.org/files/hijackthis.zip dl hijackthis (dont do anything with this one yet update all of those programs reboot into safe mode (rapidly hit f8 before windows loads) use Ccleaner the run cleaner first that clean your computer of junk files then do the spybot, adaware, avg, avg antispyware, avg antirootkit, and superantispyware then run the issues scan on Ccleaner to clean up your register and back it up when it asks you to and save it to the desktop or somewhere youll remember. then post back with how your computer is unlovedwarriorHey UnLoved W., I have all the programs you left me links to. I will be implementing those steps you left me over the next few days. I'm also working on my truck today. I'll let you know my status as soon as I know myself. Thanks for your help, brother. ~Goliath WELCOME

Discussion

3511.	Solve : Microsoft to patch zero-day DNS flaw?
Answer» Microsoft on Tuesday plans to release seven security bulletins, including a fix for a zero-day flaw in Windows that is already being used in cyberattacks. The bulletins, part of Microsoft's monthly patch cycle, are slated to provide FIXES for an UNDISCLOSED number of security vulnerabilities in Windows, Office, EXCHANGE and BizTalk, Microsoft said on its Web site Thursday. The issue affecting BizTalk also relates to "Capicom," a developer component to add cryptography to applications. Each of the four product families is scheduled to get at least one "critical" update, Microsoft's highest severity rating, the company said. Microsoft plans to release two bulletins related to issues in Windows and three related to Office, with one remaining for both Exchange and BizTalk, it said. Security issues tagged as critical typically could allow an attacker to gain full control of an affected system with very little, if any, action by the user. Microsoft's updates will include a patch for a vulnerability in the Windows domain name system, or DNS. The security vulnerability affects Windows 2000 Server and Windows Server 2003. Microsoft warned of the problem last month and has said it was being used in "limited" attacks. Some of the planned Office patches will likely deal with vulnerabilities in the software that have been disclosed and have been waiting for fixes. Microsoft gave no further information on the upcoming alerts, other than to state that some of the fixes may require restarting the computer or server. Last month, Microsoft released six security bulletins. Shortly after it released the fixes, several new Office zero-day bugs and the Windows DNS bug hit. Some security WATCHERS have come to call this phenomenon "zero-day Wednesday." http://news.zdnet.com/2100-1009_22-6181296.html

Discussion

3512.	Solve : Major Malware/Adware Prob?
Answer» Quote from: TragicKingdom92 on May 01, 2007, 02:44:06 PM some slight things i noticed while fixing the comp were that neither Alexa, KSXW, nor Isasss were present but it's no big deal. You mention Isasss... The filename is actually Lsasss (just with a lowercase L). Make sure you're able to view hidden files and folders and please double-check to make sure this file isn't present on your computer. I'd hate for us to leave something behind. As for those IP's...I'm not really sure what they are. I know no more about them than oddjob. But at least we know your firewall is working. As long as it's blocking them, they shouldn't cause you any trouble. I'm glad things are working well now. To help with future protection, I would suggest getting a few extra programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. SiteAdvisor is a very handy toolbar that gives you reports on various sites and will tell you if one has been reported as malicious/harmful. Searching on Google is a lot more convenient with it. It took me a couple of days to get used to it at first, but now I feel NAKED without it, especially on Google. If you didn't already have them, I would be suggesting Ad-Aware and Spybot S&D. Make sure you keep them UPDATED and scan with them at least once a week. You're also going to want a decent anti-virus that you can scan with regularly. Unfortunately, I'm not too well-versed on WinME and what programs are compatible with it. Until you find something that works, you can try online scans with Panda and/or Kaspersky.thats why we are hereNow you are clean you might want to read these and bookmark the links for future reference. You should clear out all old System Restore points then immediately create a new one so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis. More on System Restore ... http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx What may have lead up to your infection and help keep your computer free of malware … http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html There is a little duplication but these tutorials are both well worth reading. Don’t forget to keep AVG Anti Spyware updated and use it to scan your computer from time to time. If you do suffer an infection again you should run first Ccleaner to clean out your system. Get Ccleaner here but ensure you install it WITHOUT the optional YAHOO Toolbar download (you MUST untick/uncheck the relevant box on download) … http://www.ccleaner.com/ Also run through this before posting another HijackThis log … http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html Best wishes. OJ

3512.

Solve : Major Malware/Adware Prob?

Answer»

Quote from: TragicKingdom92 on May 01, 2007, 02:44:06 PM

some slight things i noticed while fixing the comp were that neither Alexa, KSXW, nor Isasss were present but it's no big deal.

You mention Isasss... The filename is actually Lsasss (just with a lowercase L). Make sure you're able to view hidden files and folders and please double-check to make sure this file isn't present on your computer. I'd hate for us to leave something behind.

As for those IP's...I'm not really sure what they are. I know no more about them than oddjob. But at least we know your firewall is working. As long as it's blocking them, they shouldn't cause you any trouble.

I'm glad things are working well now. To help with future protection, I would suggest getting a few extra programs:
SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
SiteAdvisor is a very handy toolbar that gives you reports on various sites and will tell you if one has been reported as malicious/harmful. Searching on Google is a lot more convenient with it. It took me a couple of days to get used to it at first, but now I feel NAKED without it, especially on Google.

If you didn't already have them, I would be suggesting Ad-Aware and Spybot S&D. Make sure you keep them UPDATED and scan with them at least once a week. You're also going to want a decent anti-virus that you can scan with regularly. Unfortunately, I'm not too well-versed on WinME and what programs are compatible with it. Until you find something that works, you can try online scans with Panda and/or Kaspersky.thats why we are hereNow you are clean you might want to read these and bookmark the links for future reference.

You should clear out all old System Restore points then immediately create a new one so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis.

More on System Restore ...

http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx

What may have lead up to your infection and help keep your computer free of malware …

http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html

There is a little duplication but these tutorials are both well worth reading.

Don’t forget to keep AVG Anti Spyware updated and use it to scan your computer from time to time.

If you do suffer an infection again you should run first Ccleaner to clean out your system. Get Ccleaner here but ensure you install it WITHOUT the optional YAHOO Toolbar download (you MUST untick/uncheck the relevant box on download) …

http://www.ccleaner.com/

Also run through this before posting another HijackThis log …

http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html

Best wishes.

OJ

Discussion

3513.	Solve : Any help is needed....?
Answer» ....My other computer, a laptop from 2005 ...well its a laptop so it sucks and ive got like 2000 viruses and it is SUPER slow....and so on,... it gets even slower with the new internet connection of 2mbps =(, ive got , so i could really use some virus programs.........i can find virus programs on google but with them comes new viruses, so yeah if you could tell me a nice antivirus prog i would be happy, this ^_^ happy (sorry but i cant keep it short =/ )Quote from: shimal on May 01, 2007, 04:38:46 PM ....My other computer, a laptop from 2005 ...well its a laptop so it sucks and ive got like 2000 viruses and it is super slow....and so on,... it gets even slower with the new internet connection of 2mbps =(, ive got , so i could really use some virus programs.........i can find virus programs on google but with them comes new viruses, so yeah if you could tell me a nice antivirus prog i would be happy, this ^_^ happy (sorry but i cant keep it short =/ ) Holy moly! Did someone link to us from Myspace? How did you get here? lol, i searched google, and i dont have...use myspace )=Right well, google for AVG Free and run it in safe mode. Safe mode can be entered by pressing F8 before Windows loads. cool thanks ^_^And install Adaware SE Personal and/or Windows Defender while you're at it. What have you used so far, by the way? Since you claim that <EM>virus programs on google but with them comes new viruses I'm kind of curious. right now iam using registry mechanic, i dont like it but iam not allowed 2 download any antivirus progams after i blew my computer =( but ive used ....norton antivirus, WinAntiSpyware 2006....thats the files that aint removed yet.....but the most hated one by me is from a site called,http://download.mmosite.com/download.php?id=216´ ....eTrust _Antivirus , ive used that site for a while and it got some cool ,hacks and tools so ive got 2 put the blame on my brother and DENY that eTrust _Antivirus blew my computer I'm not too sure about Windows Antispyware 2006, but the rest seems legit. Well, install these programs and scan your PC, you can always remove them after you're done although I advise against that, of course.. thanks ^_^i really feel safe already, even though that the antivirus programs aint installed yet =) always spybot search and destroy and avg anti-spyware oh and ccleaneryup, but still it doesnt happen the first day, i had like 387 critical ....viruses,and still geting 4-20 , and nice defence this viruses got, they shut my computer down but i never give up ill bring em down like a warriori would love to see a hijackthis log just to wittness the death shimal ........ Sounds like a good format and a clean install of the operating system, may be in order. And then install some of the AV software that has been suggested. dl65 Quote from: RAPTOR on May 01, 2007, 06:40:27 PM I'm not too sure about Windows Antispyware 2006 Raptor ... shimal didn't say this. He said "WinAntiSpyware 2006". A nasty piece of work. It's from the same family of scumware as Winfixer/Virtumonde/Msevents/Trojan.vundo. Remove that one definitely. SPECIAL instructions here .... http://www.bleepingcomputer.com/forums/topic18610.html Yes, a HJT log would be nice. We're all thrashing round in the dark without it. Post a log after you've carried out the fix for WinAntiSpyware. PLEASE ALSO update us on how the computer is working now. OJThanks guys ^_^, Ive used the programs and all the viruses are deleted, the computer is faster its working great. I cant even belive how good those progs are , ....cant belive that i didnt find this forum before

3513.

Solve : Any help is needed....?

Answer»

....My other computer, a laptop from 2005 ...well its a laptop so it sucks and ive got like 2000 viruses and it is SUPER slow....and so on,... it gets even slower with the new internet connection of 2mbps =(, ive got , so i could really use some virus programs.........i can find virus programs on google but with them comes new viruses, so yeah if you could tell me a nice antivirus prog i would be happy, this ^_^ happy (sorry but i cant keep it short =/ )Quote from: shimal on May 01, 2007, 04:38:46 PM

....My other computer, a laptop from 2005 ...well its a laptop so it sucks and ive got like 2000 viruses and it is super slow....and so on,... it gets even slower with the new internet connection of 2mbps =(, ive got , so i could really use some virus programs.........i can find virus programs on google but with them comes new viruses, so yeah if you could tell me a nice antivirus prog i would be happy, this ^_^ happy (sorry but i cant keep it short =/ )

Holy moly!

Did someone link to us from Myspace?

How did you get here? lol, i searched google, and i dont have...use myspace )=Right well, google for AVG Free and run it in safe mode.

Safe mode can be entered by pressing F8 before Windows loads. cool thanks ^_^And install Adaware SE Personal and/or Windows Defender while you're at it.

What have you used so far, by the way? Since you claim that <EM>virus programs on google but with them comes new viruses I'm kind of curious. right now iam using registry mechanic, i dont like it but iam not allowed 2 download any antivirus progams after i blew my computer =( but ive used ....norton antivirus, WinAntiSpyware 2006....thats the files that aint removed yet.....but the most hated one by me is from a site called,http://download.mmosite.com/download.php?id=216´ ....eTrust _Antivirus , ive used that site for a while and it got some cool ,hacks and tools so ive got 2 put the blame on my brother and DENY that eTrust _Antivirus blew my computer
I'm not too sure about Windows Antispyware 2006, but the rest seems legit.

Well, install these programs and scan your PC, you can always remove them after you're done although I advise against that, of course.. thanks ^_^i really feel safe already, even though that the antivirus programs aint installed yet =) always spybot search and destroy and avg anti-spyware oh and ccleaneryup, but still it doesnt happen the first day, i had like 387 critical ....viruses,and still geting 4-20 , and nice defence this viruses got, they shut my computer down but i never give up ill bring em down like a warriori would love to see a hijackthis log just to wittness the death shimal ........ Sounds like a good format and a clean install of the operating system, may be in order.
And then install some of the AV software that has been suggested.

dl65 Quote from: RAPTOR on May 01, 2007, 06:40:27 PM

I'm not too sure about Windows Antispyware 2006

Raptor ... shimal didn't say this. He said "WinAntiSpyware 2006". A nasty piece of work.

It's from the same family of scumware as Winfixer/Virtumonde/Msevents/Trojan.vundo.

Remove that one definitely. SPECIAL instructions here ....

http://www.bleepingcomputer.com/forums/topic18610.html

Yes, a HJT log would be nice. We're all thrashing round in the dark without it.

Post a log after you've carried out the fix for WinAntiSpyware.

PLEASE ALSO update us on how the computer is working now.

OJThanks guys ^_^, Ive used the programs and all the viruses are deleted, the computer is faster its working great. I cant even belive how good those progs are , ....cant belive that i didnt find this forum before

Discussion

3514.	Solve : I dont know what's going on !!!?
Answer» If your PC is that badly compromised, I'd reformat and take security measures as soon as or before you connect to the Internet. Quote from: Raptor on April 30, 2007, 08:12:03 AM If your PC is that badly compromised, I'd reformat and take security measures as soon as or before you connect to the Internet. secondSo, what do I do now? It's not nearly as bad as it was I just cant reply to emails nor myspace msgs Other than that things are good Well, you're still not free of infection. HijackThis isn't an actual cleaning tool. The files have to be removed manually. C:\WINNT\svchost.exe This file is still on your computer. Could you upload it to VirusTotal and post the log here? Your Quicktime is still infected, so I WOULD suggest fixing the related entry mentioned earlier, uninstalling Quicktime, running CClener (both Cleaner and Issues; install without Yahoo! toolbar), and then reinstalling Quicktime. The thing that concerns me most is the password stealer. You can do a search for IExplorer.dll and post the results here, but I honestly don't know if we'll really be able to get rid of this. I could never be comfortable enough to say that it's gone, so maybe a reformat would be the best option... I'd like to know what oddjob has to say.I couldnt get total virus or virustotal to load on windows 2000, however super antiware is showing NOTHING anymore! It was showing hundreds of problems! Hijack this is showing the following: Logfile of HijackThis v1.99.1 Scan saved at 7:23:56 PM, on 5/1/2007 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\svchost.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\AOL\1148324149\ee\AOLSoftware.exe c:\program files\partners\busboy.exe c:\program files\partners\bbpart11.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINNT\SOUNDMAN.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\AdsGone\adsgone.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\Interstar.INTERSTA-R26OB0\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: @msdxmLC.dll,[emailprotected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148324149\ee\AOLSoftware.exe O4 - HKLM\..\Run: [agpart] C:\Program Files\Partners\AGPART11.EXE O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt O4 - HKCU\..\Run: [xrunwin] C:\WINNT\svchost.exe O4 - HKCU\..\Run: [Yahoo! PAGER] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll__BHODemonDisabled (file missing) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} (HostFront ActiveX Display) - http://leads400.landstar.com/HFAccess/HFDSP.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC8DFB8-6269-4F66-A697-155CC2CAF08C}: NameServer = 166.102.165.11,166.102.165.13 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) This log has all of the same major problems as before. I get the distinct feeling that you haven't been following any of my instructions... VirusTotal is just a website, it's not OS-specific.I copied and pasted what hijack this said and I sent it to virus total so I'll let you know what they say.This is what Virus Total told me: Antivirus Version Update Result AhnLab-V3 2007.5.3.0 05.02.2007 no virus found AntiVir 7.4.0.15 05.02.2007 no virus found Authentium 4.93.8 05.02.2007 no virus found Avast 4.7.997.0 05.03.2007 no virus found AVG 7.5.0.467 05.02.2007 no virus found BitDefender 7.2 05.03.2007 no virus found CAT-QuickHeal 9.00 04.30.2007 no virus found ClamAV devel-20070416 05.03.2007 no virus found DrWeb 4.33 05.02.2007 no virus found eSafe 7.0.15.0 05.03.2007 no virus found eTrust-Vet 30.7.3611 05.02.2007 no virus found Ewido 4.0 05.02.2007 no virus found FileAdvisor 1 05.03.2007 no virus found Fortinet 2.85.0.0 05.02.2007 no virus found F-Prot 4.3.2.48 05.02.2007 no virus found F-Secure 6.70.13030.0 05.03.2007 no virus found Ikarus T3.1.1.7 05.02.2007 no virus found Kaspersky 4.0.2.24 05.03.2007 no virus found McAfee 5022 05.02.2007 no virus found Microsoft 1.2405 05.02.2007 no virus found NOD32v2 2235 05.02.2007 no virus found Norman 5.80.02 05.02.2007 no virus found Panda 9.0.0.4 05.02.2007 no virus found Prevx1 V2 05.03.2007 no virus found Sophos 4.17.0 05.01.2007 no virus found Sunbelt 2.2.907.0 05.03.2007 no virus found Symantec 10 05.03.2007 no virus found TheHacker 6.1.6.104 04.15.2007 no virus found VBA32 3.11.4 05.02.2007 no virus found VirusBuster 4.3.7:9 05.02.2007 no virus found Webwasher-Gateway 6.0.1 05.02.2007 no virus found Aditional Information File size: 31232 bytes MD5: 7960edcdac55907840837cd4c32bbab9 SHA1: 67de61729e5e011a986fa8ce3d69e54d9af342d d which fileQuote from: unlovedwarrior on May 02, 2007, 07:54:21 PM which file I think it's this one from reply #18 above ..... C:\WINNT\svchost.exe ************* Is your Norton Internet Security (antivirus + firewall) actully running? It seems to be loaded on your system but looks to be inactive. You cannot expect to stay safe using the internet if you don't have (at least) these two running at all times. Please let us know. *********** This LATEST log is full of Trojans. Download the fully working trial version of Trojanhunter from here .... http://www.misec.net/ Install it on your computer then scan with it. Let it fix anything it wants to. *********** Lastly go to your HJT folder and find this file (below in BOLD) ... C:\Documents and Settings\Interstar.INTERSTA-R26OB0\Desktop\HijackThis.exe Right click on it and choose "rename" ... Type the word "new" in front to rename thus ..... newHijackThis.exe Rescan your computer with the newly named file and post the resulting log. *********** Please also give us an an update on how the computer is working now. *********** Footnote >>> I do believe your Service Pack is out of date. SP4 is available here BUT DO NOT LOAD IT YET.... http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.mspx (Just bookmark the site for later use; we'll tell you when) OJThanks for the log. However, I still don't trust that file. It's not in the standard folder, which is the biggest red flag. Also, I've looked around a bit more and although there's very little info on xrunwin, I've noticed that every time it shows up in a log, it's accompanied by the IExplorer.dll password stealer. Seems fishy to me. Unless someone can make me believe otherwise, I'll assume this is malicious. The infection you have is a little tricky and there is no surefire way of removing it yet, so all we can do at this point is try a few different things and hope they work... First, download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Also... Download DAFT and save it to your Desktop: Double-click the daft.exe icon. Read the disclaimer and click OK. Click on the Scan button. Place a checkmark next to the following entries if they are shown after the scan: .bat .ini .reg .txt Click the Fix button. Re-scan and save a logfile to your Desktop. By default, it will save as daft.txt** I'll need that log later. If everything is alright again, it should display the "All associations OK" message. I have included a batch file (FixPWS.bat). Unzip the file to your desktop, reboot into Safe MODE, and double-click on FixPWS. Wait a few seconds and when the command window closes, restart your computer. You might want to go ahead and uninstall QuickTime. Once you do that, use CCleaner to clean the temp files and registry keys. Afterwards, you may reinstall QuickTime if you wish. Once you have done all of this, try running a virus scan. Any luck? What happens? In addition to the logs I've asked for, post yet another HJT log (rename it first like oddjob suggests) to see if we've made a dent at all. And be sure to let me know how things are running. If you are still having problems, I see a reformat in your immediate future. [cleaning up - attachment deleted by admin]what did avg anti-spyware and superanti-spyware find??

3514.

Solve : I dont know what's going on !!!?

Answer»

If your PC is that badly compromised, I'd reformat and take security measures as soon as or before you connect to the Internet. Quote from: Raptor on April 30, 2007, 08:12:03 AM

If your PC is that badly compromised, I'd reformat and take security measures as soon as or before you connect to the Internet.

secondSo, what do I do now? It's not nearly as bad as it was
I just cant reply to emails nor myspace msgs
Other than that things are good Well, you're still not free of infection. HijackThis isn't an actual cleaning tool. The files have to be removed manually.

C:\WINNT\svchost.exe
This file is still on your computer. Could you upload it to VirusTotal and post the log here?

Your Quicktime is still infected, so I WOULD suggest fixing the related entry mentioned earlier, uninstalling Quicktime, running CClener (both Cleaner and Issues; install without Yahoo! toolbar), and then reinstalling Quicktime.

The thing that concerns me most is the password stealer. You can do a search for IExplorer.dll and post the results here, but I honestly don't know if we'll really be able to get rid of this. I could never be comfortable enough to say that it's gone, so maybe a reformat would be the best option...

I'd like to know what oddjob has to say.I couldnt get total virus or virustotal to load on windows 2000, however super antiware is showing NOTHING anymore! It was showing hundreds of problems!
Hijack this is showing the following:

Logfile of HijackThis v1.99.1
Scan saved at 7:23:56 PM, on 5/1/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148324149\ee\AOLSoftware.exe
c:\program files\partners\busboy.exe
c:\program files\partners\bbpart11.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Interstar.INTERSTA-R26OB0\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: @msdxmLC.dll,[emailprotected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148324149\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [agpart] C:\Program Files\Partners\AGPART11.EXE
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [xrunwin] C:\WINNT\svchost.exe
O4 - HKCU\..\Run: [Yahoo! PAGER] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll__BHODemonDisabled (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} (HostFront ActiveX Display) - http://leads400.landstar.com/HFAccess/HFDSP.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC8DFB8-6269-4F66-A697-155CC2CAF08C}: NameServer = 166.102.165.11,166.102.165.13
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)

This log has all of the same major problems as before. I get the distinct feeling that you haven't been following any of my instructions...

VirusTotal is just a website, it's not OS-specific.I copied and pasted what hijack this said and I sent it to virus total so I'll let you know what they say.This is what Virus Total told me:

Antivirus Version Update Result
AhnLab-V3 2007.5.3.0 05.02.2007 no virus found
AntiVir 7.4.0.15 05.02.2007 no virus found
Authentium 4.93.8 05.02.2007 no virus found
Avast 4.7.997.0 05.03.2007 no virus found
AVG 7.5.0.467 05.02.2007 no virus found
BitDefender 7.2 05.03.2007 no virus found
CAT-QuickHeal 9.00 04.30.2007 no virus found
ClamAV devel-20070416 05.03.2007 no virus found
DrWeb 4.33 05.02.2007 no virus found
eSafe 7.0.15.0 05.03.2007 no virus found
eTrust-Vet 30.7.3611 05.02.2007 no virus found
Ewido 4.0 05.02.2007 no virus found
FileAdvisor 1 05.03.2007 no virus found
Fortinet 2.85.0.0 05.02.2007 no virus found
F-Prot 4.3.2.48 05.02.2007 no virus found
F-Secure 6.70.13030.0 05.03.2007 no virus found
Ikarus T3.1.1.7 05.02.2007 no virus found
Kaspersky 4.0.2.24 05.03.2007 no virus found
McAfee 5022 05.02.2007 no virus found
Microsoft 1.2405 05.02.2007 no virus found
NOD32v2 2235 05.02.2007 no virus found
Norman 5.80.02 05.02.2007 no virus found
Panda 9.0.0.4 05.02.2007 no virus found
Prevx1 V2 05.03.2007 no virus found
Sophos 4.17.0 05.01.2007 no virus found
Sunbelt 2.2.907.0 05.03.2007 no virus found
Symantec 10 05.03.2007 no virus found
TheHacker 6.1.6.104 04.15.2007 no virus found
VBA32 3.11.4 05.02.2007 no virus found
VirusBuster 4.3.7:9 05.02.2007 no virus found
Webwasher-Gateway 6.0.1 05.02.2007 no virus found

Aditional Information
File size: 31232 bytes
MD5: 7960edcdac55907840837cd4c32bbab9
SHA1: 67de61729e5e011a986fa8ce3d69e54d9af342d d
which fileQuote from: unlovedwarrior on May 02, 2007, 07:54:21 PM

which file

I think it's this one from reply #18 above .....

C:\WINNT\svchost.exe

***************

Is your Norton Internet Security (antivirus + firewall) actully running? It seems to be loaded on your system but looks to be inactive.

You cannot expect to stay safe using the internet if you don't have (at least) these two running at all times.

Please let us know.

***************

This LATEST log is full of Trojans.

Download the fully working trial version of Trojanhunter from here ....

http://www.misec.net/

Install it on your computer then scan with it. Let it fix anything it wants to.

***************

Lastly go to your HJT folder and find this file (below in BOLD) ...

C:\Documents and Settings\Interstar.INTERSTA-R26OB0\Desktop\HijackThis.exe

Right click on it and choose "rename" ...

Type the word "new" in front to rename thus .....

newHijackThis.exe

Rescan your computer with the newly named file and post the resulting log.

***************

Please also give us an an update on how the computer is working now.

***************

Footnote >>> I do believe your Service Pack is out of date. SP4 is available here BUT DO NOT LOAD IT YET....

http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.mspx

(Just bookmark the site for later use; we'll tell you when)

OJThanks for the log. However, I still don't trust that file. It's not in the standard folder, which is the biggest red flag. Also, I've looked around a bit more and although there's very little info on xrunwin, I've noticed that every time it shows up in a log, it's accompanied by the IExplorer.dll password stealer. Seems fishy to me. Unless someone can make me believe otherwise, I'll assume this is malicious.

The infection you have is a little tricky and there is no surefire way of removing it yet, so all we can do at this point is try a few different things and hope they work...

First, download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here.

Also...
Download DAFT and save it to your Desktop:

Double-click the daft.exe icon. Read the disclaimer and click OK.
Click on the Scan button.
Place a checkmark next to the following entries if they are shown after the scan:

.bat
.ini
.reg
.txt

Click the Fix button.
Re-scan and save a logfile to your Desktop. By default, it will save as daft.txt
I'll need that log later.

If everything is alright again, it should display the "All associations OK" message.

I have included a batch file (FixPWS.bat). Unzip the file to your desktop, reboot into Safe MODE, and double-click on FixPWS. Wait a few seconds and when the command window closes, restart your computer.

You might want to go ahead and uninstall QuickTime. Once you do that, use CCleaner to clean the temp files and registry keys. Afterwards, you may reinstall QuickTime if you wish.

Once you have done all of this, try running a virus scan. Any luck? What happens? In addition to the logs I've asked for, post yet another HJT log (rename it first like oddjob suggests) to see if we've made a dent at all. And be sure to let me know how things are running. If you are still having problems, I see a reformat in your immediate future.

[cleaning up - attachment deleted by admin]what did avg anti-spyware and superanti-spyware find??

Discussion

3515.	Solve : Malware, Trojan, Virus, Spyware??
Answer» just wondering what all did it find? try avg antispyware adaware se personel to help cleaner up more oh and ccleaner if you dont ALREADY have those programsIt just found what I had put in my previous post...... I am now clean out my system with various anti-virus tools... I would like to thank oddjob and unlovedwarrior for all your time and effort...it is greatly appreciated!!!!!your very welcome we're glad to help as much as possibleThe log is free of malware. Just two things to "tidy up". 1. FIX these two with HJT in the usual way to get rid of them... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 2. Your java is a little out of date. Version 6 now has "update 1". It's here ... http://java.sun.com/javase/downloads/index.jsp (the 4th "download" button down the page). Small note >> when using HJT make sure it's in a permanent location. Yours isn't. It's in a temporary file. Thing is that HJT makes automatic backups of items it removes in case you make a mistake and want to restore them. If HJT is in a temporary place those backups may well be lost. Go to the HJT folder and "drag &AMP; drop" it on to the C: drive to keep it safe. Thanks again to unlovedwarrior for reminding us all of that fix. Now you are clean you might want to read these and bookmark the links for future reference. Hopefully they will help new Vista users as well as those on XP. You should clear out all old System Restore points then immediately CREATE a new ONE so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis. More on System Restore ... http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx What may have lead up to your infection and help keep your computer free of malware … http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html There is a little duplication but these tutorials are both well worth reading. Don’t forget to keep AVG Anti Spyware, if you have it, updated and use it to scan your computer from time to time. If you do suffer an infection again you should run first Ccleaner to clean out your system. Also run through this before posting another HijackThis log … http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html Best wishes from the team here. OJ

Discussion

3516.	Solve : help, please..?
Answer» My LAPTOP has been acting funny for a couple of weeks now and I was WONDERING if any of you could help me figure it out. These are a couple of my problems: -I cannot open any page that involves paying with a credit card, paypal, or online check(cannot find server). -Unable to connect to either Yahoo or MSN Messenger service. It says the internet could not be found. -Facebook home page will open, but I'm unable to LOGIN(cannot find server). However Myspace works just fine, any correlation between the two? My boyfriend suggests a firewall problem, but he is in Iraq so he is unable to fully help me. However, we are both pretty illiterate when it comes to this sorta thing so I'm sure ya'll can help me more than him. ANY help would be GREATLY appreciated. Thanks you guys!Download, google & install these programs and run them in safe mode; 1. AVG Free 2. Adaware SE Personal 3. Windows Defender 4. Crap Cleaner And once done, use Firefox instead of Internet Explorer. thanks! I have a feeling you do not know how to get into safe mode. Press F8 before Windows loads and choose 'safe mode' from the list. If you need any more help, don't hesitate to COME back.

Discussion

3517.	Solve : Norton is disliked, OK why??
Answer» I have been reading many of the post about how most everyone on this FORUM dislikes Norton. I have my own reasons for wanting to dump it but can some of you tell us rookies what you don't like about it. All I normally hear is that you just don't like it. Are there any technical reasons and what exactly does it do to the OS that causes everything to slow down like in my case. I also don't like the arrogance of Symantecs at how they like control and very little support for your buck....remenscient of Microsoft. AVG here I come.it a resource hog.. it slows your computer way down you cant scan in safe mode. it doesnt detect as much as others do it adds alot of other programs to your computer. Somehow a lot of users get Norton to suddenly block stuff or have Norton shut down on its own. I never have these problems when I install AVG FREE for them and it still does a very good job. I think the resource hog must be my problem. I use AutoCAD most days and I SOMETIMES turn off Norton just to speed up my processing. Can't wait to get home and remove it for the last time.Anything that needs a special guide just to be uninstalled is too shady for me.dhinds ........ In defence of Norton Anti-Virus....... I used it for at least 5 or 6 years on one machine ...and never........ had any problems with viruses...... Now then, let me add that it does utilize a lot of the machines resources,but if one schedules a regular virus scan at times when the machine is not normally used.....there are no issues. Others complain that Norton is difficult to remove...... Again, if users would utilize Norton's removal tool, there is no problem with removing it. At least Norton took the time to create a removal tool that does the job. A lot of users believe that simply going into the control panel, add/remove programs...and selecting a program to remove is all there is to it........ not so, some programs actually do this, but many do not. The program appears to have been removed, but there are file folders and some components left behind .......... not to mention unwanted registry entries. Then we see comments like this...... Quote it a resource hog.. it slows your computer way down you cant scan in safe mode. it doesnt detect as much as others do it adds alot of other programs to your computer. I would agree with ...it being a resource hog. I disagree with the rest of the comment......... It does scan in safe mode. I would also like to know ....... what other programs it adds to your computer. dl65 all of the nortons ive had would always complain about scaning in safe mode the programs im talking about are the lil nick pick ones the come with the main scaner and firewallSystemWorks?Well I too have used Norton for a number of years and amittedly have had no virus problems, but I have had some slowing in performance. I don't like the Norton logo placed on my task bar and resent it doing so with no turn off except for a move to the sys tray. I don't like anything that doesn't allow me to say NO to it. I too have scanned in safe mode USING Norton so I am not sure where that comes from. I think the final decision about Norton will oddly enough be wheather or not it allows me to uninstall it entirely. How dumb is that. If it does allow a complete uninstall I will have more respect for the product and consider going back in the future. If it does not it is good bye forever. I thank you dl65 for you VIEW both pro and con. I don't understand the post Systemworks at all. This is a healthy discussion about Norton and it will be good for many readers I am sure. Thanks for that.

3517.

Solve : Norton is disliked, OK why??

Answer»

I have been reading many of the post about how most everyone on this FORUM dislikes Norton. I have my own reasons for wanting to dump it but can some of you tell us rookies what you don't like about it. All I normally hear is that you just don't like it. Are there any technical reasons and what exactly does it do to the OS that causes everything to slow down like in my case. I also don't like the arrogance of Symantecs at how they like control and very little support for your buck....remenscient of Microsoft. AVG here I come.it a resource hog.. it slows your computer way down you cant scan in safe mode. it doesnt detect as much as others do

it adds alot of other programs to your computer.

Somehow a lot of users get Norton to suddenly block stuff or have Norton shut down on its own. I never have these problems when I install AVG FREE for them and it still does a very good job. I think the resource hog must be my problem. I use AutoCAD most days and I SOMETIMES turn off Norton just to speed up my processing. Can't wait to get home and remove it for the last time.Anything that needs a special guide just to be uninstalled is too shady for me.dhinds ........ In defence of Norton Anti-Virus....... I used it for at least 5 or 6 years on one machine ...and never........ had any problems with viruses......
Now then, let me add that it does utilize a lot of the machines resources,but if one schedules a regular virus scan at times when the machine is not normally used.....there are no issues.

Others complain that Norton is difficult to remove...... Again, if users would utilize Norton's removal tool, there is no problem with removing it. At least Norton took the time to create a removal tool that does the job. A lot of users believe that simply going into the control panel, add/remove programs...and selecting a program to remove is all there is to it........ not so, some programs actually do this, but many do not. The program appears to have been removed, but there are file folders and some components left behind .......... not to mention unwanted registry entries.

Then we see comments like this......
Quote

it a resource hog.. it slows your computer way down you cant scan in safe mode. it doesnt detect as much as others do
it adds alot of other programs to your computer.

I would agree with ...it being a resource hog.
I disagree with the rest of the comment......... It does scan in safe mode.
I would also like to know ....... what other programs it adds to your computer.

dl65

all of the nortons ive had would always complain about scaning in safe mode

the programs im talking about are the lil nick pick ones the come with the main scaner and firewallSystemWorks?Well I too have used Norton for a number of years and amittedly have had no virus problems, but I have had some slowing in performance. I don't like the Norton logo placed on my task bar and resent it doing so with no turn off except for a move to the sys tray. I don't like anything that doesn't allow me to say NO to it. I too have scanned in safe mode USING Norton so I am not sure where that comes from. I think the final decision about Norton will oddly enough be wheather or not it allows me to uninstall it entirely. How dumb is that. If it does allow a complete uninstall I will have more respect for the product and consider going back in the future. If it does not it is good bye forever. I thank you dl65 for you VIEW both pro and con. I don't understand the post Systemworks at all. This is a healthy discussion about Norton and it will be good for many readers I am sure. Thanks for that.

Discussion

3518.	Solve : computer sometimes acts sluggish?
Answer» my computer is fast but somtimes it would run really slow i need someone to check my HJT log please................ Logfile of HijackThis v1.99.1 Scan saved at 10:04:08 AM, on 4/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SYMANTEC\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\new user\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=38938&mpver=11.0.5721.5145&id=C00D1199&contextid=68&originalid=80040218 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\system32\cmd.exe /c """""C:\WINDOWS\inf\unregmp2.exe"" /ShowWMP""" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177463886078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe From a malware point of view this is what I see. This entry > O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE is spyware and needs to go. You could update your Webroot program and scan with it to see of it removes it but, if not, do the following. I suggest you print this out to help you follow my advice. ********************* Make sure you have exposed all Hidden Files & Folders. To enable the viewing of Hidden files follow these steps: 1. Close all programs so that you are at your desktop. 2. Double-click on the My Computer icon. 3. Select the Tools menu and click Folder Options. 4. After the new window appears select the View tab. 5. Put a checkmark in the checkbox labeled Display the contents of system folders. 6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. 8. Remove the checkmark from the checkbox labeled Hide protected operating system files. 9. Press the Apply button and then the OK button and close My Computer. ******************* Download Ewido/AVG Anti Spyware from here …. http://www.ewido.net/en/ It has a fully working 30 day trial period. Install it and update it to the latest definitions. Do NOT use it yet. Now boot to safe mode. Here’s a “how to” if you’re not sure .. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 When in safe mode run a full system scan with AVGAS and let it fix what it wants to. REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it. Reboot to normal mode and use the computer as you would usually do. [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time]. *************** Open HJT ... click on scan ... put tick/check marks next to this entry IF it is still present ... O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window. *************** Go to the file and delete it.... ALCXMNTR.EXE >> search your system to locate it. *************** Empty your recycle bin. *************** Rehide Hidden Files & Folders by carrying out the reverse procedure to that indicated at the start of this post. *************** Reboot to normal mode. ***************** Download Ccleaner here but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download) … http://www.ccleaner.com/ Have the program clean out your system on the DEFAULT settings. Post a fresh HJT log with an update on how the computer is operating now. OJi DELETED the ACLXMNTR>EXE from my pc and ran a ccleaner but i cant update avg anispyware so i didnt run the avg scan but here is my new HJT log Logfile of HijackThis v1.99.1 Scan saved at 11:38:38 AM, on 4/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\new user\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=38938&mpver=11.0.5721.5145&id=C00D1199&contextid=68&originalid=80040218 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\system32\cmd.exe /c """""C:\WINDOWS\inf\unregmp2.exe"" /ShowWMP""" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177463886078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Even if you can't update AVG AS you should still run the scan in safe mode, as recommended. If you want to, the updated database of signatures can be downloaded MANUALLY here .... http://www.ewido.net/en/download/updates/ You should also run through these free scans .... http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html If any of them find something they can't (or won't) remove without payment DO NOT pay anything. Just save the scan log reports and post them here. They should reveal what the scans have found and we can fix them manually. Apart from that .... how is the computer behaving now? Any improvement? I asked you for an update in my last post but you didn't reply. Please always let us know how you are getting on after each post. It helps us to help you. OJit is acting much faster That's good to hear. However, please set some time aside (perhaps a weekend afternoon or a couple of hours one evening) to go through the procedures set out in post number 3. It will help more. When that's all done post a fresh HJT log PLUS another update on how things are going. With luck it will be a malware-free log. If so I will have some closing advice to help you browse safely in the future. OJi did avg scan and updated all it found was cookies but here is the resh HJT log Logfile of HijackThis v1.99.1 Scan saved at 7:48:54 AM, on 4/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\new user\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=38938&mpver=11.0.5721.5145&id=C00D1199&contextid=68&originalid=80040218 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177463886078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe The log is clean. You might want to read these and bookmark the links for future reference. If you are certain you have no more trouble you should clear out all old System Restore points then immediately create a new one so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis. More on System Restore ... http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx What may have lead up to your infection and help keep your computer free of malware … http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html There is a little duplication but these tutorials are both well worth reading. Don’t forget to keep AVG Anti Spyware updated and use it to scan your computer from time to time. If you do suffer an infection again you should run first Ccleaner to clean out your system. Get Ccleaner here but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download) … http://www.ccleaner.com/ Also run through this before posting another HijackThis log … http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html Best wishes. OJ

Discussion

3519.	Solve : infeted with Known Bad Sites?
Answer» oo sry i have about 72GB left of FREE space and i run a daily disk defrag and regcure and disk cleanup like every 3-4days and aat startup i run norton av 2007, spysweeper, aim , site ADVISOR, QUICKTIME, itunes HELPER, and that about it...................

Discussion

3520.	Solve : lots of problems - virus??
Answer» PC system: Windows XP home edition version 2002 service pack 2 Fujitsu Siemens computers Intel (R) Pentium (R) 4 cpu 3.06.ghz 3.06.ghz, 960 mb ram I've followed the usual guidlines for dealing with viruses and all my detectors say I'm clean. But still there are way too many problems to satisfy me. PS. sorry about the long list but I don't know what else to do. 1. My computer switches off on its own. Often at random but more often when I'm running virus scans - usually when they're nearly finished. 2. My internet connection switches off (less frequent than above) on its own - as in disables itself via the network connections in control panel. I have to reactivate it manually. 3. I watched a few online (vid link sites) movies and sometimes they'd just switch to a different film half way through. And last night I was watching 'Jericho' online and it paused on its own, NORMALLY this woudln't bother me but everytime I hit play it just clicked to pause as if someon else was clicking it. 4. Random display windows keep POPPING up - like before writing this a printer window popped up for no reason. 5. PC is constantly struggling - not slowing down but noisy as h*l. 6. A tab with a blank .exe file appears in my task bar upon starting up. 7. recently contracted something called 'statcounter' from someone I know (on a blog) and I'd like to know how dangerous it is/what it could be used for (lead to worse viruses). 8. Downloaded Spyware doctor but it just freezes when starting scan. 9. Spybot S&D never really finishes a scan. It sort of GETS near the end then jumps the rest. Is that normal? 10. Network connection shows activity even when I'm not doing anything. EDIT: they blanked 'censored'? Do you have a real Windows CD if needed. You may have so many problems that this would be easier and quicker. They could be hardware, software or malware issues or a combination.to all those problems. i suggest u to format the PC frm scratch after backing up ur data.Quote 5. PC is constantly struggling - not slowing down but noisy as h*l. Clean your PC case and heatsinks and inspect your mainboard for leaking capacitors. Diagnose RAM and HDD. im curious to see WHATS cuasing all of this. run scans with system restore off and in safe mode.. but REFORMAT would be best for you...I'm not. He needs a clean re-install...And now he has disappeared. Maybe he is doing that. Quote And now he has disappeared. Maybe he is doing that. Nope, neither. I've asked my family to backup what they need but they're leaving it on the long finger. Won't be able to do anything 'til then. Me thinks I'll have to go terror-storm on them. Quote Do you have a real Windows CD if needed. You may have so many problems that this would be easier and quicker. They could be hardware, software or malware issues or a combination. not handy but I can get one off someone ... unless they're specifically coded for individual machines? thanks for the help btwyoull need your own cd key is it on the side of your computer??Once again, my post is ignored. The OP can therefore figure it out himself. Quote from: Titan01 on April 30, 2007, 10:38:22 AM Nope, neither. I've asked my family to backup what they need but they're leaving it on the long finger. Won't be able to do anything 'til then. Me thinks I'll have to go terror-storm on them. Why not just back their stuff up yourself? It shouldn't be too hard to determine what's important.your just back up all documents and pics on their accounts

3520.

Solve : lots of problems - virus??

Answer» PC system:
Windows XP home edition
version 2002
service pack 2

Fujitsu Siemens computers
Intel (R)
Pentium (R) 4 cpu 3.06.ghz
3.06.ghz, 960 mb ram

I've followed the usual guidlines for dealing with viruses and all my detectors say I'm clean. But still there are way too many problems to satisfy me.

PS. sorry about the long list but I don't know what else to do.

1. My computer switches off on its own. Often at random but more often when I'm running virus scans - usually when they're nearly finished.

2. My internet connection switches off (less frequent than above) on its own - as in disables itself via the network connections in control panel. I have to reactivate it manually.

3. I watched a few online (vid link sites) movies and sometimes they'd just switch to a different film half way through. And last night I was watching 'Jericho' online and it paused on its own, NORMALLY this woudln't bother me but everytime I hit play it just clicked to pause as if someon else was clicking it.

4. Random display windows keep POPPING up - like before writing this a printer window popped up for no reason.

5. PC is constantly struggling - not slowing down but noisy as h**l.

6. A tab with a blank .exe file appears in my task bar upon starting up.

7. recently contracted something called 'statcounter' from someone I know (on a blog) and I'd like to know how dangerous it is/what it could be used for (lead to worse viruses).

8. Downloaded Spyware doctor but it just freezes when starting scan.

9. Spybot S&D never really finishes a scan. It sort of GETS near the end then jumps the rest. Is that normal?

10. Network connection shows activity even when I'm not doing anything.

EDIT: they blanked '*censored*'?
Do you have a real Windows CD if needed. You may have so many problems that this would be easier and quicker. They could be hardware, software or malware issues or a combination.to all those problems.
i suggest u to format the PC frm scratch after backing up ur data.Quote

5. PC is constantly struggling - not slowing down but noisy as h**l.

Clean your PC case and heatsinks and inspect your mainboard for leaking capacitors.

Diagnose RAM and HDD. im curious to see WHATS cuasing all of this.

run scans with system restore off and in safe mode..

but REFORMAT would be best for you...I'm not. He needs a clean re-install...And now he has disappeared. Maybe he is doing that. Quote

And now he has disappeared. Maybe he is doing that.

Nope, neither.
I've asked my family to backup what they need but they're leaving it on the long finger. Won't be able to do anything 'til then. Me thinks I'll have to go terror-storm on them.

Quote

Do you have a real Windows CD if needed. You may have so many problems that this would be easier and quicker. They could be hardware, software or malware issues or a combination.

not handy but I can get one off someone ... unless they're specifically coded for individual machines?

thanks for the help btwyoull need your own cd key is it on the side of your computer??Once again, my post is ignored. The OP can therefore figure it out himself. Quote from: Titan01 on April 30, 2007, 10:38:22 AM

Nope, neither.
I've asked my family to backup what they need but they're leaving it on the long finger. Won't be able to do anything 'til then. Me thinks I'll have to go terror-storm on them.

Why not just back their stuff up yourself? It shouldn't be too hard to determine what's important.your just back up all documents and pics on their accounts

Discussion

3521.	Solve : NAV 2007 question?
Answer» no a new person put i got i cracker i can send you for NAV and i said that they must have removed it right afterI wouldn't like having a cracker being sent my way! Quote from: Raptor on APRIL 29, 2007, 05:23:00 PM I wouldn't like having a cracker being sent my way! Oh, but they're so good with a BIT of MUENSTER.

3521.

Solve : NAV 2007 question?

Answer»

no a new person put i got i cracker i can send you for NAV and i said that they must have removed it right afterI wouldn't like having a cracker being sent my way! Quote from: Raptor on APRIL 29, 2007, 05:23:00 PM

I wouldn't like having a cracker being sent my way!

Oh, but they're so good with a BIT of MUENSTER.

Discussion

3522.	Solve : boot virus?
Answer» my anti picked upa boot sector virus. It WOULD NOT quar/remove and now it doesnt evenshow it whenirun the scan. Icanbarely connect tothe internet.Cant download any new virus programs. So i need some help PLEASE. [emailprotected] iamrunning windows XP home. Other than that i dont know about the pc, was givent o me by a kid that made it. This prob just started yesterday and its crashing the system.ok plz try to seperate your words better... what kind of protections do you have on the computer right now?? anti-virus anti-spyware and are you SURE its a boot sector virusi have ez firewall and running Av Ez trust antivirus. It showed it once as a boot sector virus unknown . Now it wont even show it anymore. I cant download any new virus progerams or anything. I can barely get pages to open.try scaning in safe mode presws f8 rapidly before windows splash screen. also unhide hidden folders and files open my computer go to tools folder options and click show hidden folders and fileswell,didnt do anything. It showed again the boot sectorc: unknown status will not remove or quarantine. I tried to system restore but doesnt make a difference. Still, everything MESSED up and cant get rid of this. Wont LET me domuch of anything esp shut off pc or add/remove programs. sigh now what?Here Ya Go... First item on the page.

Discussion

3523.	Solve : Viruses inside the flash drive or else?
Answer» click on my computer>tools>folder options>view> tick - show hiden FILE and folder untick - hide protected operating system file then see inside u flash drive example: autorun.inf (running pet32) pet32.exe "virus" MSWINSCK.OCX "virus" Please list out the virus filename at here(if u knw that is virus) , i need it. i also ned any high rick virus filename. tq I'd love to help you, but I'm really not sure what you're asking here. From what I gather, you have infected files on your flash drive? If so, you should delete the files or, better yet, format the drive. Or you should be able to run a virus scan on the drive. Most scanners tend to be able to scan external devices. Of course, you will want to update your protection software and perform a full-system scan on your computer in Safe Mode. If you have a trojan on your flash drive, there's a pretty good chance that your machine is also infected.A coherent question is the mionimum basic requirement for help. mionimum ? Good coherency there GX. LOL. I agree, the question is not understandable.He wants us to do his homework by, uhm, pointing out what the virus is on his flash drive. I think. yes raptor, u are right. i want to know the virus filename that will automatic move to flash drive. where can i get this? You want to OBTAIN this type of virus.. To do what? Any virus can infect a flash drive...how many and what variants would you like ? ? ?erm... becos i' want create a virus cleaner (using .BAT) to auto detect & del VIRUSES inside a flashdrive. so.. i want to find viruses filename that will infect to flash drive. to add into my "cleaner" who can help me? where can i find this information?This isn't really an effective way to clean viruses, but HEY, whatever floats your BOAT... http://en.wikipedia.org/wiki/List_of_computer_virusesThat's gonna be some bat file...Quote from: patio on April 16, 2007, 07:13:00 AM That's gonna be some bat file... He's got a lot of patience, you've got to admire that. .tq, but i its to many viruses , i dont know which one will infected flash drive? can u help me list down any popular viruses?The Raptor Virus, which verbally abuses you when you click on it, is particularly nasty.insertusername, this is not going to work. If you want to clean viruses, use a virus scanner. Making a batch file to clean them will be very difficult and a very long task, one which will never end as you will ahve to keep updating it. BTW, who gave him -7 karma?

3523.

Solve : Viruses inside the flash drive or else?

Answer»

click on
my computer>tools>folder options>view>

tick
- show hiden FILE and folder

untick
- hide protected operating system file

then see inside u flash drive

example:
autorun.inf (running pet32)
pet32.exe "virus"
MSWINSCK.OCX "virus"

Please list out the virus filename at here(if u knw that is virus) , i need it.

i also ned any high rick virus filename.

tq

I'd love to help you, but I'm really not sure what you're asking here. From what I gather, you have infected files on your flash drive? If so, you should delete the files or, better yet, format the drive.

Or you should be able to run a virus scan on the drive. Most scanners tend to be able to scan external devices. Of course, you will want to update your protection software and perform a full-system scan on your computer in Safe Mode. If you have a trojan on your flash drive, there's a pretty good chance that your machine is also infected.A coherent question is the mionimum basic requirement for help. mionimum ?
Good coherency there GX.
LOL.
I agree, the question is not understandable.He wants us to do his homework by, uhm, pointing out what the virus is on his flash drive. I think. yes raptor, u are right.

i want to know the virus filename that will automatic move to flash drive. where can i get this? You want to OBTAIN this type of virus.. To do what? Any virus can infect a flash drive...how many and what variants would you like ? ? ?erm... becos i' want create a virus cleaner (using .BAT) to auto detect & del VIRUSES inside a flashdrive.

so.. i want to find viruses filename that will infect to flash drive. to add into my "cleaner"

who can help me? where can i find this information?This isn't really an effective way to clean viruses, but HEY, whatever floats your BOAT...

http://en.wikipedia.org/wiki/List_of_computer_virusesThat's gonna be some bat file...Quote from: patio on April 16, 2007, 07:13:00 AM

That's gonna be some bat file...

He's got a lot of patience, you've got to admire that. .tq, but i its to many viruses , i dont know which one will infected flash drive?

can u help me list down any popular viruses?The Raptor Virus, which verbally abuses you when you click on it, is particularly nasty.insertusername, this is not going to work.
If you want to clean viruses, use a virus scanner.
Making a batch file to clean them will be very difficult and a very long task, one which will never end as you will ahve to keep updating it.
BTW, who gave him -7 karma?

Discussion

3524.	Solve : Maybe a virus??
Answer» So my sister was on my mother's laptop yesterday, and was just doing NORMAL stuff, when apparently a popup came up that was some kind of virus scan thing. So my sister clicks on it, thinking it was SOMETHING of my mom's. After she did, the desktop went blank, and only the background was visible (no icons, no start, no anything). So we restarted it, and nothing was there again. Does anyone have any advice for what to do to fix it?Operating system and installed malware protection please...We have Windows XP Home edition and some kind of AT&T anti spyware programJust a recommendation... If you have been staying on top of your malware protection...try booting into Safe Mode and RUN a full system scan...letting your malware protection delete or quarantine any infection it may find. Once it is done...try rebooting into Windows normally...and run a full system scan again. Post your results please. Update: Windows XP Safe ModeI have my doubts about AT&T's anti-spyware. Download AVG Free and SUPERAntiSpyware (with another computer if you have to). Scan with them, one at a time, in Safe Mode as Saviour suggests. Let them clean whatever they want. I suspect some sort of SmitFraud variant, so go ahead and post HijackThis LOG (scan in Normal Mode).I'm moving this to the Viruses and Spyware section.If you see nothing on the desktop... try opening task MANAGER (Alt+Ctrl+Delete) and then try to open a file from there. That should make your icon, start menu, etc... reappear again. Not 100% sure thought. The same thing happened when i started my comp one day. Hope i could help Quote from: Ifain on July 03, 2007, 11:24:35 PM If you see nothing on the desktop... try opening task manager (Alt+Ctrl+Delete) and then try to open a file from there. That should make your icon, start menu, etc... reappear again. Not 100% sure thought. The same thing happened when i started my comp one day. Hope i could help Running explorer from Task Manager should bring back everything in question, but something is disabling it, and we need to find out exactly what it is.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

3524.

Solve : Maybe a virus??

Answer»

So my sister was on my mother's laptop yesterday, and was just doing NORMAL stuff, when apparently a popup came up that was some kind of virus scan thing. So my sister clicks on it, thinking it was SOMETHING of my mom's. After she did, the desktop went blank, and only the background was visible (no icons, no start, no anything). So we restarted it, and nothing was there again. Does anyone have any advice for what to do to fix it?Operating system and installed malware protection please...We have Windows XP Home edition and some kind of AT&T anti spyware programJust a recommendation...

If you have been staying on top of your malware protection...try booting into Safe Mode and RUN a full system scan...letting your malware protection delete or quarantine any infection it may find.

Once it is done...try rebooting into Windows normally...and run a full system scan again.

Post your results please.

Update: Windows XP Safe ModeI have my doubts about AT&T's anti-spyware. Download AVG Free and SUPERAntiSpyware (with another computer if you have to). Scan with them, one at a time, in Safe Mode as Saviour suggests. Let them clean whatever they want.

I suspect some sort of SmitFraud variant, so go ahead and post HijackThis LOG (scan in Normal Mode).I'm moving this to the Viruses and Spyware section.If you see nothing on the desktop... try opening task MANAGER (Alt+Ctrl+Delete)
and then try to open a file from there. That should make your icon, start menu, etc... reappear again. Not 100% sure thought.
The same thing happened when i started my comp one day.
Hope i could help Quote from: Ifain on July 03, 2007, 11:24:35 PM

If you see nothing on the desktop... try opening task manager (Alt+Ctrl+Delete)
and then try to open a file from there. That should make your icon, start menu, etc... reappear again. Not 100% sure thought.
The same thing happened when i started my comp one day.
Hope i could help

Running explorer from Task Manager should bring back everything in question, but something is disabling it, and we need to find out exactly what it is.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3525.	Solve : email virus quesiton?
Answer» If you open an email that was sent to you and it contains a worm or trojan horse and you are not on your own computer won't it AFFECT your email such as your files or attach itself to your address book ANYHOW. didn't think it mattered what computer you used if you are opening something from your own ACCOUNT that is infected.Viruses do different things. Some attack system files, some grab information, others just crash your computer.I'm not quite SURE what you're asking here... You want to know if a virus can infect your e-mail even if you're not on your computer? It's less likely, but it's still possible, depending on your e-mail client and how you viewed it. Did you download a virus onto someone's computer while checking your e-mail? Quote from: Dark Blade on July 15, 2007, 12:32:16 AM Viruses do different things. Some attack system files, some grab information, others just crash your computer. And there are even some that do absolutely nothing.

3525.

Solve : email virus quesiton?

Answer»

If you open an email that was sent to you and it contains a worm or trojan horse and you are not on your own computer won't it AFFECT your email such as your files or attach itself to your address book ANYHOW. didn't think it mattered what computer you used if you are opening something from your own ACCOUNT that is infected.Viruses do different things. Some attack system files, some grab information, others just crash your computer.I'm not quite SURE what you're asking here... You want to know if a virus can infect your e-mail even if you're not on your computer? It's less likely, but it's still possible, depending on your e-mail client and how you viewed it. Did you download a virus onto someone's computer while checking your e-mail?

Quote from: Dark Blade on July 15, 2007, 12:32:16 AM

Viruses do different things. Some attack system files, some grab information, others just crash your computer.

And there are even some that do absolutely nothing.

Discussion

3526.	Solve : Possible Virus.. have no clue what to do?
Answer» I posted in the more general category folders, the larger issue of the problem (as there are a couple problems going on). I hope it was ok that I also posted this more specific of things here. I think my computer GOT a large virus. Acer: aspire, 5000, PC, with windows xp. My whole computer started shutting down. As time continues more programs, and now even some of my files piece by piece are getting corrupt. It may be the reason that I am having a hard time getting the info off the computer. I cannot get the computer to put info on cd's. It did put info on an external mini San Disk cruzer usb outlet that lets you put approx 500 mb on there. and the FIRST time I did that, I was able to transfer the info over to my new computer that I purchased. However -- the second time, I was able to get the info onto the USB info saver off of the crashing computer -- yet... my new computer was saying that it could not read the USB. I do not think this ever came with a CD (the usb memory stick). The new computer is also shutting down... I might have bought a computer that is not what they said it was.... so not sure if the problem is in the new computer or something else. right now, my thoughts are to try to get the filess off of the xp and onto my new computer (an aspire 5100)..... and then transfer them to cd and/or an external hard drive. Yet --- I'm not sure if the issue is the new computer, regarding why the info won't transfer, or if there is some sort of virus that can transfer into the files themselves that will then eat away at any computer you put them in. Is there a way to clear viruses from programs? Or is there something else that I should do? I don't have a lot of computer knowledge.... and am not sure what to do. Thanks for any help!! (posted this same note in the extended explanation in the more general folder area) Adding that I just now tried to install the free trial of norton anti virus on the computer that seems to have a virus. It comes out as a corrupt file, or while I am trying to use it it becomes corrupt, ... what do I do from there? Thanks!At this point, it's hard to say whether or not you actually do have a virus, but it certainly sounds that way. Go ahead and give AVG Free a try. Update it and scan with it in Safe Mode. Also see if you can get a HijackThis log posted. It may TAKE several posts.Quote from: Kimberly1 on July 15, 2007, 11:22:34 PM what do I do from there? Thanks! Hey Kimberly1, Stop transfering files to your new computer, if there is a virus you will just infect that pc aswell!! Do what CBMatt says d-load AVG, but I would d-load it to the new pc, then transfer the other hard drive over as a slave and do your scan from there.(if your not sure how to do it just post BACK theres plenty of knowledge on this site) The advantage of having the hard drive as a slave is that its easyer to transfer files & info. just remember not to open any programs/files if you do have the hard drive as a slave. Hope this helpsThanks!! I might download AVG if I find I still need to be running programs on the other computer. I'm going to paste the message I put in the other area... as I want to say thanks you you guys too!!! Thanks!: First off, I would like to thank everyone who has been helping me. I had ordered an external hard drive a week or few ago -- that I had to return as it did not work -- yet I received the new one that I ordered after from a different place, and as of today got all info off the old computer onto the external hard drive (took about 7 hours, as the computer was not wanting to work properly -- yet all I can say, is I am Glad I got my info off there! ). The new computer, I will be returning soon, and in the meantime, ran the norton virus scan throughout all files on the external hard drive that came off of the crashing computer. There were no viruses, spyware, or any other problems found. When on the crashing computer though, one file after another was still not opening. And as I was transfering things, more programs began not to work. In the end, it was not letting me send some things to trash. And it kept shutting down over and over. I was finally able to download the norton virus scan on there (I had not read the last note yet on here).... yet it keeps shutting down in the middle of the scan. At this point, I can just recover the whole system, and let it whipe everything off. If I find I need to use a program on there while waiting to get a new computer, I might try to download the other virus scan that you were talking about. So, at this point, I think all is safe regarding the programs on that were on the crashing computer. And it looks like I got them off right at the blink of time. I now will need to wait an see what to be doing while waiting to be able to get a new computer, as not sure when I will (or if I will) get a REFUND for this one (though I heard paypal will help give refunds for purchases on ebay that were frauds). Thanks again for all the help!!!!

3526.

Solve : Possible Virus.. have no clue what to do?

Answer»

I posted in the more general category folders, the larger issue of the problem (as there are a couple problems going on). I hope it was ok that I also posted this more specific of things here. I think my computer GOT a large virus. Acer: aspire, 5000, PC, with windows xp.

My whole computer started shutting down. As time continues more programs, and now even some of my files piece by piece are getting corrupt. It may be the reason that I am having a hard time getting the info off the computer. I cannot get the computer to put info on cd's. It did put info on an external mini San Disk cruzer usb outlet that lets you put approx 500 mb on there. and the FIRST time I did that, I was able to transfer the info over to my new computer that I purchased.

However -- the second time, I was able to get the info onto the USB info saver off of the crashing computer -- yet... my new computer was saying that it could not read the USB. I do not think this ever came with a CD (the usb memory stick).

The new computer is also shutting down... I might have bought a computer that is not what they said it was.... so not sure if the problem is in the new computer or something else. right now, my thoughts are to try to get the filess off of the xp and onto my new computer (an aspire 5100)..... and then transfer them to cd and/or an external hard drive. Yet --- I'm not sure if the issue is the new computer, regarding why the info won't transfer, or if there is some sort of virus that can transfer into the files themselves that will then eat away at any computer you put them in.

Is there a way to clear viruses from programs? Or is there something else that I should do?

I don't have a lot of computer knowledge.... and am not sure what to do.

Thanks for any help!!
(posted this same note in the extended explanation in the more general folder area)
Adding that I just now tried to install the free trial of norton anti virus on the computer that seems to have a virus. It comes out as a corrupt file, or while I am trying to use it it becomes corrupt, ... what do I do from there? Thanks!At this point, it's hard to say whether or not you actually do have a virus, but it certainly sounds that way. Go ahead and give AVG Free a try. Update it and scan with it in Safe Mode.

Also see if you can get a HijackThis log posted. It may TAKE several posts.Quote from: Kimberly1 on July 15, 2007, 11:22:34 PM

what do I do from there? Thanks!

Hey Kimberly1, Stop transfering files to your new computer, if there is a virus you will just infect that pc aswell!!
Do what CBMatt says d-load AVG, but I would d-load it to the new pc, then transfer the other hard drive over as a slave and do your scan from there.(if your not sure how to do it just post BACK theres plenty of knowledge on this site) The advantage of having the hard drive as a slave is that its easyer to transfer files & info. just remember not to open any programs/files if you do have the hard drive as a slave.
Hope this helpsThanks!! I might download AVG if I find I still need to be running programs on the other computer. I'm going to paste the message I put in the other area... as I want to say thanks you you guys too!!! Thanks!:

First off, I would like to thank everyone who has been helping me. I had ordered an external hard drive a week or few ago -- that I had to return as it did not work -- yet I received the new one that I ordered after from a different place, and as of today got all info off the old computer onto the external hard drive (took about 7 hours, as the computer was not wanting to work properly -- yet all I can say, is I am Glad I got my info off there! ).

The new computer, I will be returning soon, and in the meantime, ran the norton virus scan throughout all files on the external hard drive that came off of the crashing computer. There were no viruses, spyware, or any other problems found.

When on the crashing computer though, one file after another was still not opening. And as I was transfering things, more programs began not to work. In the end, it was not letting me send some things to trash. And it kept shutting down over and over.

I was finally able to download the norton virus scan on there (I had not read the last note yet on here).... yet it keeps shutting down in the middle of the scan. At this point, I can just recover the whole system, and let it whipe everything off. If I find I need to use a program on there while waiting to get a new computer, I might try to download the other virus scan that you were talking about.

So, at this point, I think all is safe regarding the programs on that were on the crashing computer. And it looks like I got them off right at the blink of time. I now will need to wait an see what to be doing while waiting to be able to get a new computer, as not sure when I will (or if I will) get a REFUND for this one (though I heard paypal will help give refunds for purchases on ebay that were frauds).

Thanks again for all the help!!!!

Discussion

3527.	Solve : IE7 internet search redirection problem?
Answer» "Frank" - 2007-07-08 2:48:42 - COMBOFIX 07-07-07.3 - Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 ))))))))))))))))))))))))))))))) 2007-07-08 02:4651,200--a------C:\WINDOWS\nircmd.exe 2007-07-07 06:30d--------C:\Program Files\CCleaner 2007-07-06 21:08d--------C:\Program Files\SUPERAntiSpyware 2007-07-06 21:08d--------C:\Program Files\Common Files\Wise Installation Wizard 2007-07-06 21:08d--------C:\DOCUME~1\Frank\APPLIC~1\SUPERAntiSpyware.com 2007-07-06 21:08d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-07-04 20:4810,872--a------C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-07-04 18:47d--------C:\Program Files\Enigma Software Group 2007-07-04 13:00d--------C:\WINDOWS\BDOSCAN8 2007-07-02 19:03490,272--a------C:\WINDOWS\system32\LVUI2.dll 2007-07-02 19:03465,696--a------C:\WINDOWS\system32\LVUI2RC.dll 2007-07-02 19:03416,544--a------C:\WINDOWS\system32\lvcodec2.dll 2007-07-02 19:0341,888--a------C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-07-02 19:033,580,832--a------C:\WINDOWS\system32\drivers\lvuvc.sys 2007-07-02 19:0322,560--a------C:\WINDOWS\system32\drivers\lvuvcflt.sys 2007-07-02 19:0315,558--a------C:\WINDOWS\system32\Repository.reg 2007-07-02 19:031,921,184--a------C:\WINDOWS\system32\drivers\lvpopflt.sys 2007-07-02 19:02d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech 2007-07-02 18:19d--------C:\WINDOWS\system32\appmgmt 2007-07-02 18:19d--------C:\WINDOWS\SxsCaPendDel 2007-06-30 17:4658,368--a------C:\WINDOWS\pfpick.dll 2007-06-30 17:4640,129--a------C:\WINDOWS\iccsigs.dat 2007-06-30 17:4637,376--a------C:\WINDOWS\kpsys32.dll 2007-06-30 17:46210,944--a------C:\WINDOWS\system32\MSVCRT10.DLL 2007-06-30 17:4620,992--a------C:\WINDOWS\icccodes.dll 2007-06-30 17:46197,120--a------C:\WINDOWS\kpcp32.dll 2007-06-30 17:46133,120--a------C:\WINDOWS\sprof32.dll 2007-06-30 17:46d--------C:\WINDOWS\system32\COLOR 2007-06-30 17:46d--------C:\KPCMS 2007-06-30 17:42299,520--a------C:\WINDOWS\uninst.exe 2007-06-30 17:41d--------C:\DOCUME~1\Frank\WINDOWS 2007-06-25 19:17d--------C:\Program Files\Marvell 2007-06-21 20:52d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd 2007-06-21 20:39d--------C:\Program Files\MSXML 6.0 2007-06-08 17:56d--------C:\Program Files\SanDisk 2007-06-08 17:56d--------C:\DOCUME~1\Frank\APPLIC~1\InstallShield (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-07 18:32:54664----a-wC:\WINDOWS\system32\d3d9caps.dat 2007-07-02 23:05:40--------d-----wC:\Program Files\Common Files\LogiShrd 2007-06-08 21:56:54--------d--h--wC:\Program Files\InstallShield Installation Information 2007-05-22 00:57:03--------d-----wC:\DOCUME~1\Frank\APPLIC~1\MSNInstaller 2007-05-16 22:00:10--------d-----wC:\Program Files\Common Files\AOL 2007-05-16 15:12:02683,520----a-wC:\WINDOWS\system32\inetcomm.dll 2007-05-15 22:15:50--------d-----wC:\DOCUME~1\Frank\APPLIC~1\AOL 2007-05-11 21:30:1625,888----a-wC:\WINDOWS\system32\drivers\LVPr2Mon.sys 2007-05-11 21:29:542,142,752----a-wC:\WINDOWS\system32\drivers\LVMVdrv.sys 2007-05-11 21:28:32195,360----a-wC:\WINDOWS\system32\lvci1100.dll 2007-05-11 21:27:582,107,808----a-wC:\WINDOWS\system32\drivers\Lvckap.sys 2007-04-25 14:21:15144,896----a-wC:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:432,854,400----a-wC:\WINDOWS\system32\msi.dll 2007-04-17 02:47:3633,624----a-wC:\WINDOWS\system32\wups.dll 2007-04-17 02:45:541,710,936----a-wC:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48549,720----a-wC:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42325,976----a-wC:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:2892,504----a-wC:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:2053,080----a-wC:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:2043,352----a-wC:\WINDOWS\system32\wups2.dll 2007-04-17 02:43:44203,096----a-wC:\WINDOWS\system32\wuweb.dll 2007-04-13 17:31:03103,984----a-wC:\WINDOWS\system32\AOLDial.dll((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 23:0862080--a------C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 02:04853672--a------C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] 2006-10-31 16:29198136--a------C:\Program Files\Yahoo!\Common\yiesrvc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43501400--a------C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MPFEXE"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 16:05] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "sscRun"="C:\Program Files\Common Files\AOL\1167361348\ee\SSCRun.exe" [2006-11-20 16:42] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 21:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 16:35] "SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 19:00] "OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2005-08-18 17:57] "LWBMOUSE"="C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE" [2001-11-09 02:47] "LWBKEYBOARD"="C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe" [2004-05-12 11:10] "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 22:00] "HostManager"="C:\Program Files\Common Files\AOL\1167361348\ee\AOLSoftware.exe" [2006-09-25 20:52] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 C:\WINDOWS\system32\HdAShCut.exe] "EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2005-10-19 13:13] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43] "AOLSPScheduler"="C:\Program Files\Common Files\AOL\1167361348\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 16:42] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 08:00] "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 07:17] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=01000000 "NoLogoff"=01000000 "NoRecentDocsMenu"=01000000 "ClearRecentDocsOnExit"=00000000 "NoRecentDocsHistory"=01000000 "NoRecentDocsNetHood"=01000000 "NoSMMyDocs"=01000000 "NoNetworkConnections"=01000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Avg7Alrt"=2 (0x2) "AVGEMS"=2 (0x2) "Avg7UpdSvc"=2 (0x2) Contents of the 'Scheduled Tasks' folder 2007-07-04 07:30:00 C:\WINDOWS\tasks\RegistrySmart Scheduled SCAN.job ************************************************************************ catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-08 02:52:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden PROCESSES ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-07-08 2:54:13 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-08 02:54 --- E O F --- everything is back to normal and a system restore point was made one again thank you You're welcome, Frank. Everything's looking good; let's hope it STAYS that way! Take care.As this issue appears to be resolved, I am closing this TOPIC. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3528.	Solve : missing registry files?
Answer» No, it's not worse. A few hidden entries were simply revealed as a result of VundoFix. Vundo appears to be gone from your system. But to be on the safe side, run through the VundoFix steps once again, just in case something was missed. Open up HijackThis and check the following entries... F3 - REG:win.ini: load=C:\WINDOWS\system32\cjcobhkbbn\csrss.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\cjcobhkbbn\csrss.exe O2 - BHO: (no name) - {7BD19CC3-2A7A-4174-8D43-AFF4D549B370} - C:\WINDOWS\system32\ssqpp.dll (file missing) O20 - Winlogon Notify: byxyvtu - byxyvtu.dll (file missing) O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing) O20 - Winlogon Notify: wvuuutu - wvuuutu.dll (file missing) Close all windows (except for HijackThis) and click on Fix Checked. Download CCleaner (install without Yahoo! toolbar) and configure it according to this guide. Make sure you also use the Issues feature to check your registry. Those messages will hopefully stop. I'm not entirely convinced that the file in question doesn't exist on your computer, however. Are you sure you have enabled the ability to see hidden files and folders? This is very important. Copy everything in the below quote box... Quote dir C:\WINDOWS\system32\cjcobhkbbn /a h > folder.txt notepad folder.txt After copying the contents, open up Notepad and click on Edit > Paste. Once the text has been pasted, click on File > Save As. Next to Save as type:, select All Files. Next to File name:, type in search.bat. Save the file to your desktop. Open the file by double-clicking on it and it should open up a new Notepad file. Please copy everything from that file and paste it here.Volume in drive C has no label. Volume Serial Number is C8E7-AC6F Directory of C:\WINDOWS\system32\cjcobhkbbn 08/06/2007 08:59 . 08/06/2007 08:59 .. 08/06/2007 08:59 531 csrss.ini 1 File(s) 531 bytes Directory of C:\Documents and Settings\Asher\My Documents the messages have dissapeared!!!!! thanx sooo much!!!! i really appreciate your help although my sound problem is ongoing and i have no idea how to fix it. The sound may or may not be related to an infection. It's hard to say. Download Pocket KillBox. Reboot into Safe Mode and use Pocket KillBox to delete C:\WINDOWS\system32\cjcobhkbbn (you can just copy/paste it). If you have trouble, copy everything in the below quote box... Quote del C:\WINDOWS\system32\cjcobhkbbn After copying the contents, open up Notepad and click on Edit > Paste. Once the text has been pasted, click on File > Save As. Next to Save as type:, select All Files. Next to File name:, type in search.bat. Save the file to your desktop. Open the file by double-clicking on it and it should delete the file in question. Go ahead and post a new HijackThis log and we'll see if we can figure out your other problem.Logfile of HijackThis v1.99.1 Scan saved at 00:50:34, on 27/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Cameno\Cameno.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [Cameno] C:\Program Files\Cameno\Cameno.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182249645109 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/sis/mjolauncher.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/sis/BTDownloadCtrl.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 ALERT Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Alright, it looks clean to me. However, I don't see the presence of a firewall on your computer. You're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall. Now, with that taken care of, once again try out the System File Checker that patio suggested... Quote from: patio on May 31, 2007, 07:50:25 AM You could try and run System File checker to see if it helps. Start/Run and type in sfc /scannow and hit Enter...have your XP CD handy as it will ask for it. Let it run to completion and re-boot. You might also want to open up the Control Panel and then open Sounds and Audio Devices. Click on the Sounds tab and make sure the APPROPRIATE Windows XP sound scheme is selected.boo, I know it's been awhile, but if you're still having problems, you should download MsnVirRem.exe to your desktop from one of the following mirrors. Mirror 1 Mirror 2 Mirror 3 First close any other programs you have running as this will require a reboot Double click MsnVirRem.exe to run it Once open, click the button labelled "Search and Destroy" <<Your computer will now be scanned for Infected Files>> When scanning is finished you will be prompted to reboot only if infected, Click OK Now click the "REBOOT" Button. After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue. A Message should popup from MsnVirRem if not, double click the program again and it will finish Please Post the contents of C:\msnvirrem.log along with a fresh HijackThis logit was clean. no bad filesAlright, then it must have been removed properly. Are you still experiencing problems?ummm yes but less frequently.Did you ever try the System File Checker? It might also be worthwhile to download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it SAYS. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.Due to lack of feedback, I am closing this topic. If you are the original poster and you WOULD like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

3528.

Solve : missing registry files?

Answer»

No, it's not worse. A few hidden entries were simply revealed as a result of VundoFix. Vundo appears to be gone from your system. But to be on the safe side, run through the VundoFix steps once again, just in case something was missed.

Open up HijackThis and check the following entries...

F3 - REG:win.ini: load=C:\WINDOWS\system32\cjcobhkbbn\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\cjcobhkbbn\csrss.exe

O2 - BHO: (no name) - {7BD19CC3-2A7A-4174-8D43-AFF4D549B370} - C:\WINDOWS\system32\ssqpp.dll (file missing)

O20 - Winlogon Notify: byxyvtu - byxyvtu.dll (file missing)
O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)
O20 - Winlogon Notify: wvuuutu - wvuuutu.dll (file missing)

Close all windows (except for HijackThis) and click on Fix Checked.

Download CCleaner (install without Yahoo! toolbar) and configure it according to this guide. Make sure you also use the Issues feature to check your registry.

Those messages will hopefully stop. I'm not entirely convinced that the file in question doesn't exist on your computer, however. Are you sure you have enabled the ability to see hidden files and folders? This is very important.

Copy everything in the below quote box...
Quote

dir C:\WINDOWS\system32\cjcobhkbbn /a h > folder.txt
notepad folder.txt

After copying the contents, open up Notepad and click on Edit > Paste. Once the text has been pasted, click on File > Save As. Next to Save as type:, select All Files. Next to File name:, type in search.bat. Save the file to your desktop. Open the file by double-clicking on it and it should open up a new Notepad file. Please copy everything from that file and paste it here.Volume in drive C has no label.
Volume Serial Number is C8E7-AC6F

Directory of C:\WINDOWS\system32\cjcobhkbbn

08/06/2007 08:59 .
08/06/2007 08:59 ..
08/06/2007 08:59 531 csrss.ini
1 File(s) 531 bytes

Directory of C:\Documents and Settings\Asher\My Documents

the messages have dissapeared!!!!!
thanx sooo much!!!!

i really appreciate your help although my sound problem is ongoing and i have no idea how to fix it.

The sound may or may not be related to an infection. It's hard to say.

Download Pocket KillBox. Reboot into Safe Mode and use Pocket KillBox to delete C:\WINDOWS\system32\cjcobhkbbn (you can just copy/paste it).

If you have trouble, copy everything in the below quote box...
Quote

del C:\WINDOWS\system32\cjcobhkbbn

After copying the contents, open up Notepad and click on Edit > Paste. Once the text has been pasted, click on File > Save As. Next to Save as type:, select All Files. Next to File name:, type in search.bat. Save the file to your desktop. Open the file by double-clicking on it and it should delete the file in question.

Go ahead and post a new HijackThis log and we'll see if we can figure out your other problem.Logfile of HijackThis v1.99.1
Scan saved at 00:50:34, on 27/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Cameno\Cameno.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Cameno] C:\Program Files\Cameno\Cameno.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182249645109
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/sis/mjolauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/sis/BTDownloadCtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 ALERT Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Alright, it looks clean to me. However, I don't see the presence of a firewall on your computer. You're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.

Now, with that taken care of, once again try out the System File Checker that patio suggested...
Quote from: patio on May 31, 2007, 07:50:25 AM

You could try and run System File checker to see if it helps.
Start/Run and type in sfc /scannow and hit Enter...have your XP CD handy as it will ask for it.
Let it run to completion and re-boot.

You might also want to open up the Control Panel and then open Sounds and Audio Devices. Click on the Sounds tab and make sure the APPROPRIATE Windows XP sound scheme is selected.boo,
I know it's been awhile, but if you're still having problems, you should download MsnVirRem.exe to your desktop from one of the following mirrors.

First close any other programs you have running as this will require a reboot
Double click MsnVirRem.exe to run it
Once open, click the button labelled "Search and Destroy"
<<Your computer will now be scanned for Infected Files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
A Message should popup from MsnVirRem if not, double click the program again and it will finish

Please Post the contents of C:\msnvirrem.log along with a fresh HijackThis logit was clean.

no bad filesAlright, then it must have been removed properly. Are you still experiencing problems?ummm yes but less frequently.Did you ever try the System File Checker?

It might also be worthwhile to download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it SAYS. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.Due to lack of feedback, I am closing this topic. If you are the original poster and you WOULD like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3529.	Solve : Voices on my computer?
Answer» Good point, Darcstarr. The first link most likely wouldn't work for you. The other two should still apply, though. At the very least, it's worth a try. However, if you are no longer experiencing the problem, then there may be no point.Umm...actually the second link is also for Windows 2000 and for status code 128 which isn't the same one as I get in my ERROR. The third link doesn't seem to work at all saying its currently unavailable. Any other help you could provide?I realize the problem is slightly different, but did you try the fix anyway? I have seen it work before despite the differences. I'm not sure why the other link isn't working; it worked fine last night. As of right now, the only other suggestions I have are to try going through with the removal steps for the Blaster and Sasser worms... http://www.symantec.com/security_response/writeup.jsp?docid=2003-081119-5051-99 http://www.symantec.com/security_response/writeup.jsp?docid=2004-050315-1907-99&tabid=3 Normally when this happens, it's tied to lsass.exe on Windows 2003... I'm having a difficult time finding anything about services.exe causing this particular error message on XP. I'll keep looking, though, and I'll let you know if I manage to find anything. If you have an official Windows CD, the System File Checker might be worth a shot. Go to Start > Run and type in sfc /scannow (note the space) and insert your Windows CD. Let me know if you have any luck. However, if you COMPUTER is constantly restarting, this may be difficult to do, so try running it in Safe Mode.Quote from: patio on July 02, 2007, 03:05:17 PM Would that be an audio HijackThis log Chris ? ? C'mon i didn't even get a chuckle for this one ? ?Ha, sorry, patio. Didn't mean to neglect you! I guess I'm just not much of a "COL" kind of guy... I did think it was funny, though. But you're no Stephen Wright. Ha!Oh I did try to the fix despite what it said. When I got to the part, being step 5, where it talks about looking at the Data column and telling you what you may see, I was a little confused because in the Data column it said (value not set). So basically all the instructions after step 5 were not helpful to me seeing as I didn't know what to do. I checked out the Blaster and Sasser Worm checks prior to this and it came out with nothing. I'm gonna give the System File Checker SCAN a shot now. If you have no luck, then I would suggest taking your problem over to the Windows forum. It's a lot busier than this one and you're bound to get a lot more suggestions, one of might be actually be what you need. Either way, I'm wishing the best of luck for you.Umm.. well its been a few days and the error hasn't come back up again, I didn't even have to do that scan you suggested. I wonder what could of happened... Like it seemed so random in the first place and then it just stopped happening. Maybe one day in the future it will appear again with no reason and annoy me for a bit and then just suddenly leave again. Well whatever it was thanks everyone who tried to assist me. I have another less life affecting issue I'm going to take over to a more busier area of the forums like suggested. Thanks again You're welcome and I wish you the best of luck. I just realized that I missed an entry... O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing) If the file is missing, then the entry can't do a lot of harm, but you should still fix it. And delete the file if found with Windows Search. Your Java is out of date. You'll want to correct this, as it will help provide further protection for you. To do so, go here and click on Free Java Download. You will be GIVEN instructions on what to do next. Also...you're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.Thanks. Got rid of that missing file in the Hijack log but I couldn't find it in a search of ym computer a guess that was expected. My Java is now up to date with version 6 update 1. I chose to use Comodo as a my firewall and I disabled Windows Firewall. Heres my latest Hijack log if you have anymore ideas: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 1:25:15 PM, on 7/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net F1 - win.ini: run= C:\C&C\INSTICON.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Adam\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.84.224/OCX/gwnet.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/install/iftwclix.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183510145515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF14735F-75A3-4EB5-9D18-35360F01110F}: NameServer = 64.71.255.198 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ATI HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 8169 bytes Everything's looking nice and clean. Unless you're having any other problems, you should be all set now.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

3529.

Solve : Voices on my computer?

Answer»

Good point, Darcstarr. The first link most likely wouldn't work for you. The other two should still apply, though. At the very least, it's worth a try. However, if you are no longer experiencing the problem, then there may be no point.Umm...actually the second link is also for Windows 2000 and for status code 128 which isn't the same one as I get in my ERROR. The third link doesn't seem to work at all saying its currently unavailable. Any other help you could provide?I realize the problem is slightly different, but did you try the fix anyway? I have seen it work before despite the differences. I'm not sure why the other link isn't working; it worked fine last night.

As of right now, the only other suggestions I have are to try going through with the removal steps for the Blaster and Sasser worms...
http://www.symantec.com/security_response/writeup.jsp?docid=2003-081119-5051-99
http://www.symantec.com/security_response/writeup.jsp?docid=2004-050315-1907-99&tabid=3

Normally when this happens, it's tied to lsass.exe on Windows 2003... I'm having a difficult time finding anything about services.exe causing this particular error message on XP. I'll keep looking, though, and I'll let you know if I manage to find anything.

If you have an official Windows CD, the System File Checker might be worth a shot. Go to Start > Run and type in sfc /scannow (note the space) and insert your Windows CD. Let me know if you have any luck. However, if you COMPUTER is constantly restarting, this may be difficult to do, so try running it in Safe Mode.Quote from: patio on July 02, 2007, 03:05:17 PM

Would that be an audio HijackThis log Chris ? ?

C'mon i didn't even get a chuckle for this one ? ?Ha, sorry, patio. Didn't mean to neglect you! I guess I'm just not much of a "COL" kind of guy... I did think it was funny, though. But you're no Stephen Wright. Ha!Oh I did try to the fix despite what it said. When I got to the part, being step 5, where it talks about looking at the Data column and telling you what you may see, I was a little confused because in the Data column it said (value not set). So basically all the instructions after step 5 were not helpful to me seeing as I didn't know what to do.

I checked out the Blaster and Sasser Worm checks prior to this and it came out with nothing.

I'm gonna give the System File Checker SCAN a shot now. If you have no luck, then I would suggest taking your problem over to the Windows forum. It's a lot busier than this one and you're bound to get a lot more suggestions, one of might be actually be what you need. Either way, I'm wishing the best of luck for you.Umm.. well its been a few days and the error hasn't come back up again, I didn't even have to do that scan you suggested. I wonder what could of happened... Like it seemed so random in the first place and then it just stopped happening. Maybe one day in the future it will appear again with no reason and annoy me for a bit and then just suddenly leave again.

Well whatever it was thanks everyone who tried to assist me. I have another less life affecting issue I'm going to take over to a more busier area of the forums like suggested. Thanks again You're welcome and I wish you the best of luck.

I just realized that I missed an entry...

O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)

If the file is missing, then the entry can't do a lot of harm, but you should still fix it. And delete the file if found with Windows Search.

Your Java is out of date. You'll want to correct this, as it will help provide further protection for you. To do so, go here and click on Free Java Download. You will be GIVEN instructions on what to do next.

Also...you're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.Thanks. Got rid of that missing file in the Hijack log but I couldn't find it in a search of ym computer a guess that was expected. My Java is now up to date with version 6 update 1. I chose to use Comodo as a my firewall and I disabled Windows Firewall.

Heres my latest Hijack log if you have anymore ideas:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:25:15 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
F1 - win.ini: run= C:\C&C\INSTICON.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Adam\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.84.224/OCX/gwnet.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/install/iftwclix.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183510145515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF14735F-75A3-4EB5-9D18-35360F01110F}: NameServer = 64.71.255.198
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATI HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8169 bytes
Everything's looking nice and clean. Unless you're having any other problems, you should be all set now.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3530.	Solve : Two Anti Virus programs?
Answer» Logfile of HijackThis v1.99.1 Scan saved at 11:30:37 AM, on 7/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\wuauclt.exe C:\Downloads\CompHope\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime TASK] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [GPClientMonitor] C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe O4 - HKLM\..\Run: [GPDownloadManager] C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Uniblue RegistryBooster2] F:\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151941045718 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} (SpdTCtl Class) - http://speedtest.adelphia.net/customerdiag/speedtest/SPEEDTESTACTIVEX.CAB O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Looks fairly clean to me. It looks like your anti-virus programs are doing their job. However, I must remind you that you should only keep one of them active. There are just a couple of entries you should take care of... Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet... O4 - HKLM\..\Run: [GPClientMonitor] C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe O4 - HKLM\..\Run: [GPDownloadManager] C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present (If you or the administrator didn't set this restriciton on the Control Panel, then you should check this entry as well.) Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)... Gallery Player Please note any other programs that you dont recognize in that list in your next response. Navigate to and delete the following folder(s) if present... C:\Program Files\GalleryPlayer Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps. Also, you should download CCleaner (install without Yahoo! toolbar) and configure it according to this guide.Quote from: unlovedwarrior on July 05, 2007, 10:12:46 AM try firefox Got Foxfire and like it much more than IE but noticed it allows certain cookie to download and set where-as Opera does not. Funny thing i never see/read about this cookie thing that i discovered. i run all of the anti spy/adware programs at the end of the day and get the fewest hits when using Opera. BTW Opera is running okay now after restarting. Thanks for the recommendation.Quote from: CBMatt on July 06, 2007, 06:38:42 PM Also, you should download CCleaner (install without Yahoo! toolbar) and configure it according to this guide. Matt, i downloaded the program CCleaner and ran it the other day. It had so many entries that i was worried about deleting them all. If i recall what we learned in my user GROUP many of the files that CC wants to delete are antivirus LOGS and zone alarm logs. Some of the other things are unfamiliar to me. Are you saying to use CC first, delete those files and then follow your INSTRUCTION about printing your instructions and booting in safe mode? Must admit that i never BOOTED XP in safe mode....pretty sure i can figure it out though.You can run CCleaner before or after my instructions; it doesn't matter too much either way. Better yet, you could do both. Run CCleaner, follow my instructions, run CCleaner again. Don't worry about the files that CCleaner deletes...it doesn't delete anything important. You shouldn't need anything it finds. And if you do, you can just backup the files that you don't want to get deleted.Quote from: Kryptonite on July 07, 2007, 05:10:05 AM Quote from: unlovedwarrior on July 05, 2007, 10:12:46 AM try firefox Got Foxfire and like it much more than IE but noticed it allows certain cookie to download and set where-as Opera does not. Funny thing i never see/read about this cookie thing that i discovered. i run all of the anti spy/adware programs at the end of the day and get the fewest hits when using Opera. BTW Opera is running okay now after restarting. Thanks for the recommendation. your welcome i look into the cookie thing when i get off of workDue to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

3530.

Solve : Two Anti Virus programs?

Answer»

Logfile of HijackThis v1.99.1
Scan saved at 11:30:37 AM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\CompHope\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime TASK] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [GPClientMonitor] C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe
O4 - HKLM\..\Run: [GPDownloadManager] C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] F:\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151941045718
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} (SpdTCtl Class) - http://speedtest.adelphia.net/customerdiag/speedtest/SPEEDTESTACTIVEX.CAB
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Looks fairly clean to me. It looks like your anti-virus programs are doing their job. However, I must remind you that you should only keep one of them active. There are just a couple of entries you should take care of...

Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet...

O4 - HKLM\..\Run: [GPClientMonitor] C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe
O4 - HKLM\..\Run: [GPDownloadManager] C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
(If you or the administrator didn't set this restriciton on the Control Panel, then you should check this entry as well.)

Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

Gallery Player

Please note any other programs that you dont recognize in that list in your next response.

Navigate to and delete the following folder(s) if present...

C:\Program Files\GalleryPlayer

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.

Also, you should download CCleaner (install without Yahoo! toolbar) and configure it according to this guide.Quote from: unlovedwarrior on July 05, 2007, 10:12:46 AM

try firefox

Got Foxfire and like it much more than IE but noticed it allows certain cookie to download and set where-as Opera does not. Funny thing i never see/read about this cookie thing that i discovered. i run all of the anti spy/adware programs at the end of the day and get the fewest hits when using Opera.

BTW Opera is running okay now after restarting.

Thanks for the recommendation.Quote from: CBMatt on July 06, 2007, 06:38:42 PM

Also, you should download CCleaner (install without Yahoo! toolbar) and configure it according to this guide.

Matt, i downloaded the program CCleaner and ran it the other day. It had so many entries that i was worried about deleting them all. If i recall what we learned in my user GROUP many of the files that CC wants to delete are antivirus LOGS and zone alarm logs. Some of the other things are unfamiliar to me.

Are you saying to use CC first, delete those files and then follow your INSTRUCTION about printing your instructions and booting in safe mode?

Must admit that i never BOOTED XP in safe mode....pretty sure i can figure it out though.You can run CCleaner before or after my instructions; it doesn't matter too much either way. Better yet, you could do both. Run CCleaner, follow my instructions, run CCleaner again. Don't worry about the files that CCleaner deletes...it doesn't delete anything important. You shouldn't need anything it finds. And if you do, you can just backup the files that you don't want to get deleted.Quote from: Kryptonite on July 07, 2007, 05:10:05 AM

Quote from: unlovedwarrior on July 05, 2007, 10:12:46 AM
try firefox

Got Foxfire and like it much more than IE but noticed it allows certain cookie to download and set where-as Opera does not. Funny thing i never see/read about this cookie thing that i discovered. i run all of the anti spy/adware programs at the end of the day and get the fewest hits when using Opera.

BTW Opera is running okay now after restarting.

Thanks for the recommendation.

your welcome i look into the cookie thing when i get off of workDue to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3531.	Solve : Very bad problem plz help :(?
Answer» Scanning in Safe Mode makes it a lot easier for anti-virus to detect and clean infections because they are not actively running at the time. Scanning in Safe Mode probably would've given you a cleaner log. Exactly what options are there in your boot menu? If you can't get into Safe Mode, then you may need to use Pocket KillBox for deleting files in my fix... First...your HijackThis is in a temporary location. If you leave it there, it (along with its important backups) can and will eventually be deleted. Please navigate to its current location (C:\Documents and Settings\OWNER\Local Settings\Temporary Internet Files\Content.IE5\4FGADTEH) and it move to a new permanent folder at C:\Program Files\HJT. Download CCleaner (install without Yahoo! toolbar) and configure it according to this guide. 1. Download VundoFix and save it to your desktop. 2. Run VundoFix and click on Scan For Vundo. 3. Once it's done scanning, click on Remove Vundo. 4. When it prompts you to remove the files, click on Yes. 5. Your desktop will go blank as it's removing files. Don't worry, this is normal. 6. It will prompt you to restart your computer, so click OK. 7. When your computer is turned back on, your problem should be gone. 8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post. And then, just to be thorough... 1. Download VirtumundoBeGone and save it to your desktop. 2. Reboot into Safe Mode. 3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions. 4. Exit when it has finished and reboot back into normal mode. Vundo should now be removed from your computer. And as for your log... Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {2A0D2A0D-E789-4C5F-96CB-D5C1958CF330} - \ O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\toqponqx.dll (file missing) O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper2.dll O2 - BHO: (no name) - {C4C9A109-7749-48EE-AA91-F1836F8A480F} - C:\WINDOWS\system32\vtutu.dll O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\rqrssrr.dll O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe" O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320 161C4661227A755E9C2933154389A O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe" O4 - HKLM\..\Run: [mnrjdtkA] C:\WINDOWS\mnrjdtkA.exe O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\nmnilmhu.dll",realset O4 - HKCU\..\Run: [zzmu] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweapon/sis/popcaploader_v10.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab O20 - AppInit_DLLs: O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: rqrssrr - C:\WINDOWS\SYSTEM32\rqrssrr.dll O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tjjkfqof.exe (file missing) O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\mnrjdtk.exe (file missing) Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)... InetGet2 WinAntiSpyware 2007 Please note any other programs that you dont recognize in that list in your next response. Navigate to and delete the following folder(s) if present... C:\Program Files\InetGet2 C:\Program Files\Common Files\WinAntiSpyware 2007 Navigate to and delete the following file(s) if present... C:\WINDOWS\mnrjdtk.exe C:\WINDOWS\mnrjdtkA.exe C:\WINDOWS\poolsv.exe C:\WINDOWS\retadpu77.exe C:\WINDOWS\svhost.exe C:\WINDOWS\system32\nmnilmhu.dll C:\WINDOWS\system32\rqrssrr.dll C:\WINDOWS\system32\tjjkfqof.exe C:\WINDOWS\system32\toqponqx.dll C:\WINDOWS\system32\vtutu.dll C:\WINDOWS\xmlhelper2.dll Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.Hi... I am sorry to bother you about this but what do you mean when u say follow the instructions for VirtumundoBeGone.When you run VirtumundoBeGone, it displays a message that explains what the program does and what you should do. Basically, you click on Start and it will start scanning, which will take about 15 SECONDS. If you receive any prompts, respond to them accordingly. After the scan, there will be a VBG.txt Notepad file. You should paste the contents of that (along with the VundoFix file) in your next post, along with a new HijackThis log.I manage to download VirtumundoBeGone. The problem is that i wasnt able to find it when i reboot in safe mode. I could find it when i boot in normally I am really, really sorry for asking these stupid question Hey, don't worry, I'd rather have you ask a bunch of questions than not even follow my instructions. There's nothing wrong with asking questions; it's how you learn! When you reboot into Safe Mode, are you given the option to choose between different accounts? It will often give you the choice between Administrator and Owner. Owner is your account, so log into that one and see if the program is there.Here's the new hijackthis log... Logfile of HijackThis v1.99.1 Scan saved at 10:49:46 PM, on 7/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\AOL\1125001301\ee\AOLSoftware.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\cidaemon.exe c:\program files\common files\aol\1125001301\ee\aexplore.exe C:\Program Files\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aim.com/today/aimtoday.adp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B339E38A-22DD-4425-92C2-3C15F9643F4B} - C:\WINDOWS\system32\vtutu.dll (file missing) O3 - Toolbar: FLASHGET Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125001301\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java CONSOLE - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8237.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {F7899FAE-51C9-4EF5-B98C-A64997635235} (GSPRunGame Class) - http://www.playinfinity.net/cab/WindyGSPAx.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision CORPORATION - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe I was unable to find the following, when I scaned my computer with Hijackthis... O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\toqponqx.dll (file missing) O2 - BHO: (no name) - {C4C9A109-7749-48EE-AA91-F1836F8A480F} - C:\WINDOWS\system32\vtutu.dll O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\rqrssrr.dll O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe" O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\nmnilmhu.dll",realset O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll I did the rest as instructed. For some reason i keep on getting Trojan in my comp even when I'm not using my internet. ( My connection was still on) What about the VundoFix and VirtumondoBeGone logs? Which program is picking up the trojan? Also, you need to fix this entry... O2 - BHO: (no name) - {B339E38A-22DD-4425-92C2-3C15F9643F4B} - C:\WINDOWS\system32\vtutu.dll (file missing)It is the AVG Anti-Virus (Resident Sheild) that is picking up the trojans. I will post the logs first thing tomrrow Thankyou very much for helping me with this No problem, Ifain. I'll leave the light on for you.Quote from: Ifain on July 03, 2007, 03:26:39 PM I manage to download VirtumundoBeGone. The problem is that i wasnt able to find it when i reboot in safe mode. I could find it when i boot in normally I am really, really sorry for asking these stupid question In regular mode create a new folder called VMonde Fix or whatever you want to call it. Drag the program into that folder. This way when you re-boot into safemode you will be able to find it... Safemode can be confusing for the Desktop as it re-orients all the icons.Sry it took me so long I had to go SOMEWHERE for the weekend. Sorry Anyway here is the VirtumundoBeGone log: [07/09/2007, 15:53:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\OWNER\Desktop\VirtumundoBeGone.exe" ) [07/09/2007, 15:54:08] - Detected System Information: [07/09/2007, 15:54:08] - Windows Version: 5.1.2600, Service Pack 2 [07/09/2007, 15:54:08] - Current Username: OWNER (Admin) [07/09/2007, 15:54:08] - Windows is in NORMAL mode. [07/09/2007, 15:54:08] - Searching for Browser Helper Objects: [07/09/2007, 15:54:08] - BHO 1: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher) [07/09/2007, 15:54:08] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [07/09/2007, 15:54:08] - BHO 3: {B339E38A-22DD-4425-92C2-3C15F9643F4B} () [07/09/2007, 15:54:08] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/09/2007, 15:54:08] - Checking for HKLM\...\Winlogon\Notify\vtutu [07/09/2007, 15:54:08] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing. [07/09/2007, 15:54:08] - Finished Searching Browser Helper Objects [07/09/2007, 15:54:08] - Finishing up... [07/09/2007, 15:54:08] - Nothing found! Exiting... I can't seem to find the VundoFix file sorry That's alright, Ifain, I know how it is. How are things running now? Still having problems?yup every thing is running fine... Thanks for the help Awesome, I'm glad to hear that. Now that you're clean, there are just a couple of things you should take care of... First, you'll want to clean out your System Restore. This is to remove any infected files that have been backed up by Windows. Please follow these steps... 1. Go to Start > Programs > Accessories > System Tools > System Restore 2. Click on System Restore Settings. 3. Check Turn off System Restore and click OK. 4. Restart your computer. 5. Follow steps 1 and 2 to return to the settings, uncheck Turn off System Restore, and click OK. 6. Create a new restore point and close the program. System Restore will now be active again. If you would like to learn more about System Restore, go here. Also, I see that your Java is out of date. You'll want to correct this quickly, as it will help provide further protection for you. To do so, go here and click on Free Java Download. You will be given instructions on what to do next. To learn more about how you may have been infected and for even more prevention tips, read Tony Klein's protection article.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

3531.

Solve : Very bad problem plz help :(?

Answer»

Scanning in Safe Mode makes it a lot easier for anti-virus to detect and clean infections because they are not actively running at the time. Scanning in Safe Mode probably would've given you a cleaner log. Exactly what options are there in your boot menu? If you can't get into Safe Mode, then you may need to use Pocket KillBox for deleting files in my fix...

First...your HijackThis is in a temporary location. If you leave it there, it (along with its important backups) can and will eventually be deleted. Please navigate to its current location (C:\Documents and Settings\OWNER\Local Settings\Temporary Internet Files\Content.IE5\4FGADTEH) and it move to a new permanent folder at C:\Program Files\HJT.

Download CCleaner (install without Yahoo! toolbar) and configure it according to this guide.

1. Download VundoFix and save it to your desktop.
2. Run VundoFix and click on Scan For Vundo.
3. Once it's done scanning, click on Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files. Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post.

And then, just to be thorough...
1. Download VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and reboot back into normal mode. Vundo should now be removed from your computer.

And as for your log... Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet...

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {2A0D2A0D-E789-4C5F-96CB-D5C1958CF330} - \
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\toqponqx.dll (file missing)
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper2.dll
O2 - BHO: (no name) - {C4C9A109-7749-48EE-AA91-F1836F8A480F} - C:\WINDOWS\system32\vtutu.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\rqrssrr.dll

O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320 161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [mnrjdtkA] C:\WINDOWS\mnrjdtkA.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\nmnilmhu.dll",realset
O4 - HKCU\..\Run: [zzmu] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweapon/sis/popcaploader_v10.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab

O20 - AppInit_DLLs:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: rqrssrr - C:\WINDOWS\SYSTEM32\rqrssrr.dll
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tjjkfqof.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\mnrjdtk.exe (file missing)

Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

InetGet2
WinAntiSpyware 2007

Please note any other programs that you dont recognize in that list in your next response.

Navigate to and delete the following folder(s) if present...

C:\Program Files\InetGet2
C:\Program Files\Common Files\WinAntiSpyware 2007

Navigate to and delete the following file(s) if present...

C:\WINDOWS\mnrjdtk.exe
C:\WINDOWS\mnrjdtkA.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\nmnilmhu.dll
C:\WINDOWS\system32\rqrssrr.dll
C:\WINDOWS\system32\tjjkfqof.exe
C:\WINDOWS\system32\toqponqx.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\xmlhelper2.dll

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.Hi... I am sorry to bother you about this but what do you mean when u say follow the instructions for VirtumundoBeGone.When you run VirtumundoBeGone, it displays a message that explains what the program does and what you should do. Basically, you click on Start and it will start scanning, which will take about 15 SECONDS. If you receive any prompts, respond to them accordingly. After the scan, there will be a VBG.txt Notepad file. You should paste the contents of that (along with the VundoFix file) in your next post, along with a new HijackThis log.I manage to download VirtumundoBeGone.
The problem is that i wasnt able to find it when i reboot in safe mode.
I could find it when i boot in normally

I am really, really sorry for asking these stupid question Hey, don't worry, I'd rather have you ask a bunch of questions than not even follow my instructions. There's nothing wrong with asking questions; it's how you learn! When you reboot into Safe Mode, are you given the option to choose between different accounts? It will often give you the choice between Administrator and Owner. Owner is your account, so log into that one and see if the program is there.Here's the new hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 10:49:46 PM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\1125001301\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\cidaemon.exe
c:\program files\common files\aol\1125001301\ee\aexplore.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aim.com/today/aimtoday.adp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B339E38A-22DD-4425-92C2-3C15F9643F4B} - C:\WINDOWS\system32\vtutu.dll (file missing)
O3 - Toolbar: FLASHGET Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125001301\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java CONSOLE - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F7899FAE-51C9-4EF5-B98C-A64997635235} (GSPRunGame Class) - http://www.playinfinity.net/cab/WindyGSPAx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision CORPORATION - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I was unable to find the following, when I scaned my computer with Hijackthis...

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\toqponqx.dll (file missing)
O2 - BHO: (no name) - {C4C9A109-7749-48EE-AA91-F1836F8A480F} - C:\WINDOWS\system32\vtutu.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\rqrssrr.dll
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\nmnilmhu.dll",realset
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll

I did the rest as instructed.
For some reason i keep on getting Trojan in my comp even when I'm not using my internet. ( My connection was still on)

What about the VundoFix and VirtumondoBeGone logs? Which program is picking up the trojan?

Also, you need to fix this entry...

O2 - BHO: (no name) - {B339E38A-22DD-4425-92C2-3C15F9643F4B} - C:\WINDOWS\system32\vtutu.dll (file missing)It is the AVG Anti-Virus (Resident Sheild) that is picking up the trojans.
I will post the logs first thing tomrrow
Thankyou very much for helping me with this
No problem, Ifain. I'll leave the light on for you.Quote from: Ifain on July 03, 2007, 03:26:39 PM

I manage to download VirtumundoBeGone.
The problem is that i wasnt able to find it when i reboot in safe mode.
I could find it when i boot in normally

I am really, really sorry for asking these stupid question

In regular mode create a new folder called VMonde Fix or whatever you want to call it.
Drag the program into that folder.
This way when you re-boot into safemode you will be able to find it...

Safemode can be confusing for the Desktop as it re-orients all the icons.Sry it took me so long
I had to go SOMEWHERE for the weekend. Sorry
Anyway here is the VirtumundoBeGone log:

[07/09/2007, 15:53:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\OWNER\Desktop\VirtumundoBeGone.exe" )
[07/09/2007, 15:54:08] - Detected System Information:
[07/09/2007, 15:54:08] - Windows Version: 5.1.2600, Service Pack 2
[07/09/2007, 15:54:08] - Current Username: OWNER (Admin)
[07/09/2007, 15:54:08] - Windows is in NORMAL mode.
[07/09/2007, 15:54:08] - Searching for Browser Helper Objects:
[07/09/2007, 15:54:08] - BHO 1: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[07/09/2007, 15:54:08] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/09/2007, 15:54:08] - BHO 3: {B339E38A-22DD-4425-92C2-3C15F9643F4B} ()
[07/09/2007, 15:54:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/09/2007, 15:54:08] - Checking for HKLM\...\Winlogon\Notify\vtutu
[07/09/2007, 15:54:08] - Key not found: HKLM\...\Winlogon\Notify\vtutu, continuing.
[07/09/2007, 15:54:08] - Finished Searching Browser Helper Objects
[07/09/2007, 15:54:08] - Finishing up...
[07/09/2007, 15:54:08] - Nothing found! Exiting...

I can't seem to find the VundoFix file sorry That's alright, Ifain, I know how it is. How are things running now? Still having problems?yup every thing is running fine... Thanks for the help Awesome, I'm glad to hear that. Now that you're clean, there are just a couple of things you should take care of...

First, you'll want to clean out your System Restore. This is to remove any infected files that have been backed up by Windows. Please follow these steps...

1. Go to Start > Programs > Accessories > System Tools > System Restore
2. Click on System Restore Settings.
3. Check Turn off System Restore and click OK.
4. Restart your computer.
5. Follow steps 1 and 2 to return to the settings, uncheck Turn off System Restore, and click OK.
6. Create a new restore point and close the program.

System Restore will now be active again. If you would like to learn more about System Restore, go here.

Also, I see that your Java is out of date. You'll want to correct this quickly, as it will help provide further protection for you. To do so, go here and click on Free Java Download. You will be given instructions on what to do next.

To learn more about how you may have been infected and for even more prevention tips, read Tony Klein's protection article.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3532.	Solve : Suspicious "comment" on my Opera blog?
Answer» As i have mentioned her i prefer the Opera browser and joined the Opera community which has a nice homepage of sorts when you join their group lus they are very helpful and supportive if you have problems and or questions. ( a lot like here ) i started my first ever blog and got a "comment" the very next day. The comment was a link ( the person who sent it also is a member of Opera but his homepage is nothing more than a shell. His link lead me to a page that was all in arabic except for a graphic in the middle of the page saying that the person who's blog i was now on had approved my entering by providing me with a password which was all: ****** filled in. i did not take the bate. i closed the page and shortly there after i went to shut off my computer when an "END PROGRAM NOW" window poped up. It caught me off guard but i did notice an unfamilar symbol for the name of the program. i hit the END NOW button and it functions like all END NOW programs work and the computer shut off. But i turned it back on and ran spybot, adware SE, AVG, Avira, and Trendmicro remote. Nothing was found. A different person from the Opera community advised me to tell the community which i did. i asked her about Hijack this since she seemed to know a few things about computers and programs ( she is not a fan of Zone Alarm and recommened another program { for another POST } ) She never heard of hijack this except that there is a program that might be similarly named that actually takes over your computer. Be that as it may i told her about this forum and that you guys recommend it and actually analyze the results. What's your thoughts on using hijack this to see if i have something hidding somewhere? i will tell you that after doing a disk clean up and defrag my computer started with a scan disk blue screne which i have never seen before on XP. i also ran into problems trying to use standby and hibernate with an MS NET Frame update error which i seemed to have fixed. Any suggestions?>No harm can be done in posting a HijackThis log. I recommend you post one and someone will analyze and diagnose your situation ASAP.You should also do a scan with your anti-virus program, you do have an anti-virus program installed right? If not you haven't been paying close enough attention on this forum. Also did all these problems start after you visited that website? You haven't installed or done anything else?Kryptonite, I got your PM and although I don't know if that site is related to your recent problems or not, it certainly does sound suspicious. First of all, I will say that HijackThis is perfectly safe if used properly. If you don't know what you're doing, you may remove something vital, but I guarantee that I wouldn't tell anyone to remove something unless I absolutely knew what the file was and that removing it would be safe. Typically, I only instruct the removal of things that are known to be harmful and unwanted. I'm surprised that someone who supposedly knows a lot about computers would have never heard of HijackThis... I wonder how much this girl actually knows. I'm not insulting her by any means; it just strikes me as odd. Anyway, with that said...it's been a few weeks since you last posted a HijackThis log, so I would suggest posting a new log here. You should also update your protection and scan with it in Safe Mode. Then head on over to Panda ActiveScan and scan your computer with that and then post the results here.Hey Matt, i have the hijack scan which i will post ( BTW this is a different computer than the last post ) Panda only found one cookie from: atowla which is set by aol.com if i'm not mistaking. The other problems that i mentioned may just be coincidence. But check the scan data and see if anything is obviously weird. So far none of the programs or tests found anything. You recomended a couple programs once before and they are now on my other computer. One is called SuperBug or something like that....i have to find that post and download those programs. Here's the first part of the hijack scan: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 9:27:44 AM, on 7/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Digital Media Reader\shwicon2k.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Program Files\Opera\Opera.exe C:\dOWNLOADS\Hyjack\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user') O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: SUN Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155063375250 O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7804 bytes Well, I'm not seeing anything malicious in your log. Did you try the Panda ActiveScan? The program you're thinking of might be SUPERAntiSpyware, which you should also try. Also...this computer has both AntiVir and AVG. If you want two anti-virus programs, that's fine, but you should make sure one of them is disabled so there aren't any conflicts.Quote from: CBMatt on July 20, 2007, 01:51:02 PM Well, I'm not seeing anything malicious in your log. Did you try the Panda ActiveScan? The program you're thinking of might be SUPERAntiSpyware, which you should also try. Also...this computer has both AntiVir and AVG. If you want two anti-virus programs, that's fine, but you should make sure one of them is disabled so there aren't any conflicts. Panda found the atwola cookie but that's all. i went to that folder and there were 48 other cookie there so i deleted them all. Usually i only run the one antivirus as you had once before advised. Today i ran scans with both of them and left them running when i used hijack. Yes, SuperAntiSpyware is the program. i'm going to do a search for that post when your recommended it the first time so i can see the other programs you mentioned. Thanks MattNot all cookies need to be deleted. Most cookies just tell a site your login information quickly so that you can be automatically logged in. Tracking cookies, that record your browsing (even if not for malicious purposes) are usually picked up by AV or AS. When you say you usually only run the one, do you mean they're both open and you only 'scan' with one at a time? I suspect not but if you do then don't, because its the 'active' part thats conflicting, not so much the scan.Quote from: Kryptonite on July 20, 2007, 02:29:12 PM Panda found the atwola cookie but that's all. i went to that folder and there were 48 other cookie there so i deleted them all. Right, I missed that part in your previous post. DeltaSlaya is right. Cookies generally aren't something you need to be concerned about. HOWEVER, it would be a good idea to get SpywareBlaster, which will prevent many malicious sites from downloading cookies onto your computer. Scanning with two programs at once can cause a lot of complications. The same goes for having two active anti-virus programs. The below entries show that both programs are set to load on startup... O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min Although you claim to not use both programs at the same time, they are still active and on alert. It sounds like you have twice as much defense, but it can actually lower your security.

3532.

Solve : Suspicious "comment" on my Opera blog?

Answer»

As i have mentioned her i prefer the Opera browser and joined the Opera community which has a nice homepage of sorts when you join their group lus they are very helpful and supportive if you have problems and or questions. ( a lot like here )

i started my first ever blog and got a "comment" the very next day. The comment was a link ( the person who sent it also is a member of Opera but his homepage is nothing more than a shell. His link lead me to a page that was all in arabic except for a graphic in the middle of the page saying that the person who's blog i was now on had approved my entering by providing me with a password which was all: ****** filled in. i did not take the bate. i closed the page and shortly there after i went to shut off my computer when an "END PROGRAM NOW" window poped up. It caught me off guard but i did notice an unfamilar symbol for the name of the program. i hit the END NOW button and it functions like all END NOW programs work and the computer shut off. But i turned it back on and ran spybot, adware SE, AVG, Avira, and Trendmicro remote. Nothing was found.

A different person from the Opera community advised me to tell the community which i did. i asked her about Hijack this since she seemed to know a few things about computers and programs ( she is not a fan of Zone Alarm and recommened another program { for another POST } ) She never heard of hijack this except that there is a program that might be similarly named that actually takes over your computer. Be that as it may i told her about this forum and that you guys recommend it and actually analyze the results.

What's your thoughts on using hijack this to see if i have something hidding somewhere? i will tell you that after doing a disk clean up and defrag my computer started with a scan disk blue screne which i have never seen before on XP. i also ran into problems trying to use standby and hibernate with an MS NET Frame update error which i seemed to have fixed.

Any suggestions?>No harm can be done in posting a HijackThis log. I recommend you post one and someone will analyze and diagnose your situation ASAP.You should also do a scan with your anti-virus program, you do have an anti-virus program installed right? If not you haven't been paying close enough attention on this forum.

Also did all these problems start after you visited that website? You haven't installed or done anything else?Kryptonite, I got your PM and although I don't know if that site is related to your recent problems or not, it certainly does sound suspicious. First of all, I will say that HijackThis is perfectly safe if used properly. If you don't know what you're doing, you may remove something vital, but I guarantee that I wouldn't tell anyone to remove something unless I absolutely knew what the file was and that removing it would be safe. Typically, I only instruct the removal of things that are known to be harmful and unwanted. I'm surprised that someone who supposedly knows a lot about computers would have never heard of HijackThis... I wonder how much this girl actually knows. I'm not insulting her by any means; it just strikes me as odd.

Anyway, with that said...it's been a few weeks since you last posted a HijackThis log, so I would suggest posting a new log here. You should also update your protection and scan with it in Safe Mode. Then head on over to Panda ActiveScan and scan your computer with that and then post the results here.Hey Matt,

i have the hijack scan which i will post ( BTW this is a different computer than the last post ) Panda only found one cookie from: atowla which is set by aol.com if i'm not mistaking. The other problems that i mentioned may just be coincidence. But check the scan data and see if anything is obviously weird.
So far none of the programs or tests found anything.

You recomended a couple programs once before and they are now on my other computer. One is called SuperBug or something like that....i have to find that post and download those programs.

Here's the first part of the hijack scan:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:27:44 AM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Opera\Opera.exe
C:\dOWNLOADS\Hyjack\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: SUN Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155063375250
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7804 bytes
Well, I'm not seeing anything malicious in your log. Did you try the Panda ActiveScan? The program you're thinking of might be SUPERAntiSpyware, which you should also try. Also...this computer has both AntiVir and AVG. If you want two anti-virus programs, that's fine, but you should make sure one of them is disabled so there aren't any conflicts.Quote from: CBMatt on July 20, 2007, 01:51:02 PM

Well, I'm not seeing anything malicious in your log. Did you try the Panda ActiveScan? The program you're thinking of might be SUPERAntiSpyware, which you should also try. Also...this computer has both AntiVir and AVG. If you want two anti-virus programs, that's fine, but you should make sure one of them is disabled so there aren't any conflicts.

Panda found the atwola cookie but that's all. i went to that folder and there were 48 other cookie there so i deleted them all.

Usually i only run the one antivirus as you had once before advised. Today i ran scans with both of them and left them running when i used hijack.

Yes, SuperAntiSpyware is the program. i'm going to do a search for that post when your recommended it the first time so i can see the other programs you mentioned.

Thanks MattNot all cookies need to be deleted. Most cookies just tell a site your login information quickly so that you can be automatically logged in. Tracking cookies, that record your browsing (even if not for malicious purposes) are usually picked up by AV or AS.

When you say you usually only run the one, do you mean they're both open and you only 'scan' with one at a time? I suspect not but if you do then don't, because its the 'active' part thats conflicting, not so much the scan.Quote from: Kryptonite on July 20, 2007, 02:29:12 PM

Panda found the atwola cookie but that's all. i went to that folder and there were 48 other cookie there so i deleted them all.

Right, I missed that part in your previous post.

DeltaSlaya is right. Cookies generally aren't something you need to be concerned about. HOWEVER, it would be a good idea to get SpywareBlaster, which will prevent many malicious sites from downloading cookies onto your computer.

Scanning with two programs at once can cause a lot of complications. The same goes for having two active anti-virus programs. The below entries show that both programs are set to load on startup...

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

Although you claim to not use both programs at the same time, they are still active and on alert. It sounds like you have twice as much defense, but it can actually lower your security.

Discussion

3533.	Solve : What firewall should I get??
Answer» Hey, I was just wondering firstly, do I even need a firewall? If so what should I get. All the computers in our HOUSE are connected to the internet through a router. A Netgear DG834Gv3, with NAT enabled (firewall). Does this mean if I did use a firewall, there would be no difference in my protection level? Thanks, all comments appreciated Which Windows version are you running?Vista Ultimate 32bit, but firstly I need to know if it would even make a difference if I had a firewall or not.I wouldn't bother with a firewall if I were you. From what I hear, Vista Firewall (which you should have enabled) is actually pretty good. That, coupled with a router, should give you plenty of protection. Besides, at this point, there isn't really a whole lot in the way of third-party firewalls for Vista...especially for free. So, just stick with your router, default firewall, and anti-virus...and you should be set.Thanks a lot, I do have it enabled currently. As for my AV I currently am using NOD32, mainly due to what I have heard and the reviews at: www.av-comparatives.org . Is that a reliable source and can anyone back up anything like that? I'd like to know why AVG scores so low though? From using NOD for a bit it seems quite good personally.NOD is a fine protection app...if you are happy with it then stick with it.I've never used that site before, so I'm not sure how reliable it is. NOD32 is ACCEPTABLE for anti-virus protection. However, I personally prefer AVG because I've had a lot of success with it. Not sure why it would score low; it's definitely one of the better programs out there.I use NOD32. Before choosing it, I checked out the sites I could find that did regular, large scale testing of AV solutions and my conclusion was that NOD32 was among the very best virus catchers. I also like that it doesn't use a lot of resources, it scans fast and it isn't bloated with useless features. So all in all I like it. AVG actually scores pretty good if you LOOK at the on-demand test from February 2007. It's in the retrospective tests it doesn't do WELL. So apparently AVG isn't very good at catching unknown viruses. In the retrospective tests, they test a collection of current viruses on 3 month old versions of the VARIOUS AV programs to see how many "unknown viruses" the programs are able to detect. It's in these tests that NOD32 really shines.Sygate does it for me.Quote from: Deerpark on July 21, 2007, 08:08:40 PM AVG actually scores pretty good if you look at the on-demand test from February 2007. It's in the retrospective tests it doesn't do well. In my experience, AVG has been one of the best when it comes to active scanning. I've had it catch several infections before I even downloaded them. When testing it, I attempted to download programs/files I knew to be infected, and AVG caught them as soon as I clicked on the links, even before the downlod prompt. Now, when it comes to on-demand scans, I've found ClamWin to be quite impressive. Unfortunately, its interface is a bit unfriendly and isn't something you want active. But when scanning on-demand, it's likely to catch what even some of your favorite anti-virus programs might overlook.Thanks for all that, I think I'll continue using NOD32 for the time being, with Windows Firewall enabled.Ive used AVG for a while and its pretty good, another very good one to have is Avast! Anti-virus, it comes with a free home edition that all you have to do is register and they will email you a code.. but it costs nothing

3533.

Solve : What firewall should I get??

Answer»

Hey, I was just wondering firstly, do I even need a firewall? If so what should I get.

All the computers in our HOUSE are connected to the internet through a router. A Netgear DG834Gv3, with NAT enabled (firewall). Does this mean if I did use a firewall, there would be no difference in my protection level?

Thanks, all comments appreciated Which Windows version are you running?Vista Ultimate 32bit, but firstly I need to know if it would even make a difference if I had a firewall or not.I wouldn't bother with a firewall if I were you. From what I hear, Vista Firewall (which you should have enabled) is actually pretty good. That, coupled with a router, should give you plenty of protection. Besides, at this point, there isn't really a whole lot in the way of third-party firewalls for Vista...especially for free. So, just stick with your router, default firewall, and anti-virus...and you should be set.Thanks a lot, I do have it enabled currently.

As for my AV I currently am using NOD32, mainly due to what I have heard and the reviews at: www.av-comparatives.org .
Is that a reliable source and can anyone back up anything like that? I'd like to know why AVG scores so low though? From using NOD for a bit it seems quite good personally.NOD is a fine protection app...if you are happy with it then stick with it.I've never used that site before, so I'm not sure how reliable it is. NOD32 is ACCEPTABLE for anti-virus protection. However, I personally prefer AVG because I've had a lot of success with it. Not sure why it would score low; it's definitely one of the better programs out there.I use NOD32. Before choosing it, I checked out the sites I could find that did regular, large scale testing of AV solutions and my conclusion was that NOD32 was among the very best virus catchers. I also like that it doesn't use a lot of resources, it scans fast and it isn't bloated with useless features.
So all in all I like it.

AVG actually scores pretty good if you LOOK at the on-demand test from February 2007. It's in the retrospective tests it doesn't do WELL. So apparently AVG isn't very good at catching unknown viruses.
In the retrospective tests, they test a collection of current viruses on 3 month old versions of the VARIOUS AV programs to see how many "unknown viruses" the programs are able to detect. It's in these tests that NOD32 really shines.Sygate does it for me.Quote from: Deerpark on July 21, 2007, 08:08:40 PM

AVG actually scores pretty good if you look at the on-demand test from February 2007. It's in the retrospective tests it doesn't do well.

In my experience, AVG has been one of the best when it comes to active scanning. I've had it catch several infections before I even downloaded them. When testing it, I attempted to download programs/files I knew to be infected, and AVG caught them as soon as I clicked on the links, even before the downlod prompt.

Now, when it comes to on-demand scans, I've found ClamWin to be quite impressive. Unfortunately, its interface is a bit unfriendly and isn't something you want active. But when scanning on-demand, it's likely to catch what even some of your favorite anti-virus programs might overlook.Thanks for all that, I think I'll continue using NOD32 for the time being, with Windows Firewall enabled.Ive used AVG for a while and its pretty good, another very good one to have is Avast! Anti-virus, it comes with a free home edition that all you have to do is register and they will email you a code.. but it costs nothing

Discussion

Discussion

3535.	Solve : Internet Security Question?
Answer» When it COMES to Vista, that should be sufficient PROTECTION. And I wouldn't expect these programs to CAUSE you any speed issues. They're pretty light on resources.ok well THANKS for your suggestions.No problemo.

Discussion

3536.	Solve : email address stolen?
Answer» About a year ago, i joined a dating site (Dont laugh), it was spyware/ adware free but in June this year, a hacker broke into thier system and stole email addresses and passwords. As my details were still on their database, i was advised to change my passwords on any other sites which i did. I am now getting spoof emails pretending to be from the site and other emails containing attachments from strange email adresses. I DELETE the messages immediately and block the sender but then i get more of the same emails from different email addresses. Is the only way out to change my email address or do you think it will stop eventually?Sorry forgot to add, running win xp, with zone alarm firewall, AVG antivirus and superantispyware. All tests this morning came BACK clean.Change your PASSWORD as soon as possible. It may eventually go away, but getting a new email is the better option. And maybe remove your details from that site for the time being, just incase the hacker strikes again. And just as a side note (although you probably know this already): delete the spam emails and don't follow any links or download any attachments.Thanks for your advice. Will get a new email address if they dont stop by the end of the week. Thanks again.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you WOULD like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3537.	Solve : Folder option?? losssss?
Answer» my compter is attcked by a virus and my "FOLDER OPTION" loss... herm... any IDEAL to fix it up,What are you using for antivirus and spyware protection? Is it updated? If it is...run scans individually in Safe MODE...ONE at a time. Let them delete and/or quarantine what they find. Boot into Windows normally and run your scans again. Post your results, please...Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3538.	Solve : add/remove program button gone missing/unkown programs?
Answer» the thing about the firewall, is that I am currently using NORTON internet security, which includes a real-time antivirus, antispyware, and firewall. However, after this incidence, Idk what I want to use... The other thing is that I would be more than willing to use a different firewall/antivirus (for a time I was considering ZoneAlarm for firewall and AVG for antivirus), but I'm only 13 and my dad won't let me use any kind of free antivirus/firewall software. He's still under the old school impression that they don't work nearly as well as anything that you pay for (which may have been true in the '80s when he FIRST connected to the web, but now holds little validity) And yeh, I'll head over to my thread in the windows forum and see if anyone can recommend a good registry fixing program.I can see Norton Internet Security installed on the computer, but I see no evidence of an active firewall. Of course, I'm not particularly experienced with this specific program, so I may simply not know which files control the firewall. In any case, you should run the program and verify that it is enabled. I won't say your dad is wrong because it's all a matter of opinion, but in my experience, I've found that freeware protection programs are far superior compared to those that cost money. In fact, it's fairly common for us to suggest removing Norton products and replacing them with free alternatives because they're easier on resources and they're often safer. Not really sure why; just more dedicated people working on them, perhaps. Tell your dad you heard that from a weird fat guy on the internet, and he'll just have to believe you! Ha.Quote but I see no evidence of an active firewall. Of course, I'm not particularly experienced with this specific program, so I may simply not know which files control the firewall. In any case, you should run the program and verify that it is enabled. When I OPEN NIS, it has a green check NEXT to everything, including the inbound and oubound firewall, which means that it's working properly. Quote Tell your dad you heard that from a weird fat guy on the internet, and he'll just have to believe you! Ha. lol, I'll have to try that.Quote from: keybowvio02 on July 10, 2007, 08:51:22 AM Quote but I see no evidence of an active firewall. Of course, I'm not particularly experienced with this specific program, so I may simply not know which files control the firewall. In any case, you should run the program and verify that it is enabled. When I open NIS, it has a green check next to everything, including the inbound and oubound firewall, which means that it's working properly. Okay, good. I'll have to familiarize myself with this version of Norton a bit more. Quote from: keybowvio02 on July 10, 2007, 08:51:22 AM Quote Tell your dad you heard that from a weird fat guy on the internet, and he'll just have to believe you! Ha. lol, I'll have to try that. I'm telling you, it works!As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or ANOTHER moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

3538.

Solve : add/remove program button gone missing/unkown programs?

Answer»

the thing about the firewall, is that I am currently using NORTON internet security, which includes a real-time antivirus, antispyware, and firewall.

However, after this incidence, Idk what I want to use...

The other thing is that I would be more than willing to use a different firewall/antivirus (for a time I was considering ZoneAlarm for firewall and AVG for antivirus), but I'm only 13 and my dad won't let me use any kind of free antivirus/firewall software. He's still under the old school impression that they don't work nearly as well as anything that you pay for (which may have been true in the '80s when he FIRST connected to the web, but now holds little validity)

And yeh, I'll head over to my thread in the windows forum and see if anyone can recommend a good registry fixing program.I can see Norton Internet Security installed on the computer, but I see no evidence of an active firewall. Of course, I'm not particularly experienced with this specific program, so I may simply not know which files control the firewall. In any case, you should run the program and verify that it is enabled.

I won't say your dad is wrong because it's all a matter of opinion, but in my experience, I've found that freeware protection programs are far superior compared to those that cost money. In fact, it's fairly common for us to suggest removing Norton products and replacing them with free alternatives because they're easier on resources and they're often safer. Not really sure why; just more dedicated people working on them, perhaps. Tell your dad you heard that from a weird fat guy on the internet, and he'll just have to believe you! Ha.Quote

but I see no evidence of an active firewall. Of course, I'm not particularly experienced with this specific program, so I may simply not know which files control the firewall. In any case, you should run the program and verify that it is enabled.

When I OPEN NIS, it has a green check NEXT to everything, including the inbound and oubound firewall, which means that it's working properly.

Quote

Tell your dad you heard that from a weird fat guy on the internet, and he'll just have to believe you! Ha.

lol, I'll have to try that.Quote from: keybowvio02 on July 10, 2007, 08:51:22 AM

Quote
but I see no evidence of an active firewall. Of course, I'm not particularly experienced with this specific program, so I may simply not know which files control the firewall. In any case, you should run the program and verify that it is enabled.

When I open NIS, it has a green check next to everything, including the inbound and oubound firewall, which means that it's working properly.

Okay, good. I'll have to familiarize myself with this version of Norton a bit more.

Quote from: keybowvio02 on July 10, 2007, 08:51:22 AM

Quote
Tell your dad you heard that from a weird fat guy on the internet, and he'll just have to believe you! Ha.

lol, I'll have to try that.

I'm telling you, it works!As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or ANOTHER moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3539.	Solve : I need help... I don't know what's happening to my computer!!?
Answer» WELL, I downloaded a few "virus protectors" and it totally messed up my computer. I tried unistalling them, but my computer keeps having weird pop-up bubbles talking about spyware. Now I don't even have a homepage.. I keep trying to change it back but it continues to SAY strange things about how I can protect my computer. I ran a scan and this is what I got: Scan Summary Quick Scan run on 07/10/07 at 11:07:02 Total Time: 00 hours, 02 mins., 39 secs. Scan complete successful. - 62 memory locations scanned, 9 threats detected - 2442 files scanned, 38 files infected - 78101 registry locations checked, 24 threats detected 57 Spyware threats found 0 threats quarantined, 0 threats removed, 57 threats ignored 2 Cookies found 0 threats quarantined, 0 threats removed, 2 threats ignored Details on Spyware Items swg.dll - Infected by Variant of BHO.swg - Ignored Full path: C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Infected by Variant of BHO.swg - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} iesplg.dll - Infected by Variant of BHO.iesplg - Ignored Full path: C:\Program Files\Video ActiveX Access\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E26CEADA-67B0-4543-BE8B-307F00265118} - Infected by Variant of BHO.iesplg - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E26CEADA-67B0-4543-BE8B-307F00265118} iesbpl.dll - Infected by Variant of IEToobar.iesbpl - Ignored Full path: C:\Program Files\Video ActiveX Access\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - Infected by Variant of IEToobar.iesbpl - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} IadHide5.dll - Infected by BackWeb - Ignored Full path: C:\Documents and Settings\Mommy\Local Settings\Temp\ iesmn.exe - Infected by eCodec - Ignored Full path: C:\Program Files\Video ActiveX Access\ imsmain.exe - Infected by eCodec - Ignored Full path: C:\Program Files\Video ActiveX Access\ iesmin.exe - Infected by eCodec - Ignored Full path: C:\Program Files\Video ActiveX Access\ imsmn.exe - Infected by eCodec - Ignored Full path: C:\Program Files\Video ActiveX Access\ mywebsearch - Infected by CursorMania - Ignored Full path: c:\program files\ bar - Infected by CursorMania - Ignored Full path: c:\program files\mywebsearch\ History - Infected by CursorMania - Ignored Full path: c:\program files\mywebsearch\bar\ search2 - Infected by CursorMania - Ignored Full path: c:\program files\mywebsearch\bar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive - Infected by CursorMania - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products - Infected by CursorMania - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch - Infected by MyWebSearch - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch funwebproducts - Infected by CursorMania - Ignored Full path: c:\program files\ ScreenSaver - Infected by CursorMania - Ignored Full path: c:\program files\funwebproducts\ Images - Infected by CursorMania - Ignored Full path: c:\program files\funwebproducts\ScreenSaver\ Shared - Infected by CursorMania - Ignored Full path: c:\program files\funwebproducts\ Settings - Infected by CursorMania - Ignored Full path: c:\program files\mywebsearch\bar\ setting2.htm - Infected by CursorMania - Ignored Full path: c:\program files\mywebsearch\bar\Settings\ setting2.htm.bak - Infected by CursorMania - Ignored Full path: c:\program files\mywebsearch\bar\Settings\ settings.dat - Infected by CursorMania - Ignored Full path: c:\program files\mywebsearch\bar\Settings\ settings.dat.bak - Infected by CursorMania - Ignored Full path: c:\program files\mywebsearch\bar\Settings\ s_pid.dat - Infected by CursorMania - Ignored Full path: c:\program files\mywebsearch\bar\Settings\ video activex access - Infected by eCodec - Ignored Full path: c:\program files\ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\video ax object - Infected by eCodec - Ignored Full path: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\video ax object HKEY_LOCAL_MACHINE\software\classes\videoaccessactivex.chl - Infected by eCodec - Ignored Full path: HKEY_LOCAL_MACHINE\software\classes\videoaccessactivex.chl HKEY_CLASSES_ROOT\videoaccessactivex.chl - Infected by eCodec - Ignored Full path: HKEY_CLASSES_ROOT\videoaccessactivex.chl iesbunst.exe - Infected by eCodec - Ignored Full path: c:\program files\video activex access\ iesunst.exe - Infected by eCodec - Ignored Full path: c:\program files\video activex access\ imsunst.exe - Infected by eCodec - Ignored Full path: c:\program files\video activex access\ ot.ico - Infected by eCodec - Ignored Full path: c:\program files\video activex access\ ts.ico - Infected by eCodec - Ignored Full path: c:\program files\video activex access\ uninst.exe - Infected by eCodec - Ignored Full path: c:\program files\video activex access\ repair registry pro - Infected by Adware.RepairRegistryPro - Ignored Full path: c:\program files\ RepairRegistryPro.exe - Infected by Adware.RepairRegistryPro - Ignored Full path: c:\program files\repair registry pro\ HKEY_LOCAL_MACHINE\SOFTWARE\Repair Registry Pro - Infected by Adware.RepairRegistryPro - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Repair Registry Pro HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Repair Registry Pro - Infected by Adware.RepairRegistryPro - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Repair Registry Pro HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RepairRegistryPro.exe - Infected by Adware.RepairRegistryPro - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RepairRegistryPro.exe repair registry pro - Infected by Adware.RepairRegistryPro - Ignored Full path: c:\documents and settings\mommy\start menu\programs\ Repair Registry Pro.lnk - Infected by Adware.RepairRegistryPro - Ignored Full path: c:\documents and settings\mommy\start menu\programs\repair registry pro\ Uninstall.lnk - Infected by Adware.RepairRegistryPro - Ignored Full path: c:\documents and settings\mommy\start menu\programs\repair registry pro\ uninst.exe - Infected by Adware.RepairRegistryPro - Ignored Full path: C:\Program Files\Repair Registry Pro\ HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts - Infected by MyWebSearch - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MNWMRM.DLL - Infected by iMesh.v7 - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MNWMRM.DLL HKEY_LOCAL_MACHINE\SOFTWARE\MusicNet - Infected by BearShare - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\MusicNet HKEY_LOCAL_MACHINE\SOFTWARE\Magnet - Infected by Limewire 4.8.1 - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Magnet HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{92D94BB1-E28D-42A6-A299-A732CAF41AB8} - Infected by iMesh.v7 - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{92D94BB1-E28D-42A6-A299-A732CAF41AB8} HKEY_LOCAL_MACHINE\SOFTWARE\C-Dilla - Infected by CDilla - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\C-Dilla HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - Infected by PopCapLoader - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1} - Infected by PopCapLoader - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2 - Infected by PopCapLoader - Ignored Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopCapLoader.PopCapLoaderCtrl2 GLB14.tmp - Infected by BestOffersNetwork - Ignored Full path: C:\Documents and Settings\Mommy\local settings\Temp\ Details on Cookies [emailprotected][1].txt - Cookie from site Doubleclick - Ignored Full path: C:\Documents and Settings\Mommy\Cookies\ [emailprotected][1].txt - Cookie from site ClickBank - Ignored Full path: C:\Documents and Settings\Mommy\Cookies\ PLEASE HELP!!!! Thanks, Brittani<3what program was it? what os do have ?what other programs do have for protection? look at my signature for good free programs. get superantispyware.Due to lack of feedback, I am closing this topic. If you are the ORIGINAL poster and you would like this topic to be re-opened for any reason, PM me or ANOTHER moderator and it can be arranged. If you are not the original poster and you require help, please start a NEW Topic with information about your computer and your problem.

Discussion

3540.	Solve : come's up as unknown trojen?
Answer» Did a scan the other day and it came up. never SEEN it before what is it [BHO] not sure but how can i git rid of it even reformated but it's still there . says it is in internet explorer but i don't have it and never use it got firefox lol big pain i rackin what protections have you USED? whats the bho name? whats it doing?Due to lack of feedback, I am closing this TOPIC. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require HELP, please start a New Topic with information about your computer and your problem.

Discussion

3541.	Solve : Potential Dangerous Trojan - Please help!!!?
Answer» Quote from: CBMatt on July 10, 2007, 08:07:35 AM I agree, you might WANT to simply remove Norton and stick with a free alternative (AVG Free is my personal favorite). I can't say whether or not this will help with the System Restore issue, but regardless, I think your computer will be happier. and safer seeing how your dection engine is 6 yrs oldhahaha, i knew my lazyness to get a better antivirus would catch with to me sooner or later... And forget about the system restore issue, I never used it all that much anyway I will most definitely by downloading AVG Free but before I go ahead and uninstall Norton, does it matter at all that the the DESCRIPTION for the Norton REMOVAL Tool doesn't list the 2001 version?Well, even if the removal tool doesn't include Norton 2001, you might as well run it anyway. It won't hurt anything.youll be happier with AVG. if you want to turn restore off then right click on my computer go to properties on the restore tab it will have a check box that say turn off restore check it press apply then okDue to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

3541.

Solve : Potential Dangerous Trojan - Please help!!!?

Answer»

Quote from: CBMatt on July 10, 2007, 08:07:35 AM

I agree, you might WANT to simply remove Norton and stick with a free alternative (AVG Free is my personal favorite). I can't say whether or not this will help with the System Restore issue, but regardless, I think your computer will be happier.

and safer seeing how your dection engine is 6 yrs oldhahaha, i knew my lazyness to get a better antivirus would catch with to me sooner or later...

And forget about the system restore issue, I never used it all that much anyway

I will most definitely by downloading AVG Free but before I go ahead and uninstall Norton, does it matter at all that the the DESCRIPTION for the Norton REMOVAL Tool doesn't list the 2001 version?Well, even if the removal tool doesn't include Norton 2001, you might as well run it anyway. It won't hurt anything.youll be happier with AVG. if you want to turn restore off then right click on my computer go to properties on the restore tab it will have a check box that say turn off restore check it press apply then okDue to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3542.	Solve : Unwanted pop ups and more...?
Answer» I've been getting a lot of pop-ups on my computer. I have McAfee installed, and I have to run it daily, but I still get them. I've had this problem before, but last time, it was mostly one type of pop-up. This time it's different ones. Not only that, but after I started getting pop-ups, sometimes my keyboard won't type leters in. And after about five diffent letters, a pop-up comes up. Some of the Pop-ups are from Ask.com, Myspace, and a lot of them are from a dating service. I'm married and have a child, and some of the pop-ups show "HBO Soft-Porn", and I don't want my child seeing that. My Hijackthis Log will be on another post... Any help would be good help right now. Thank You. [Saving disk space - old attachment deleted by admin]Logfile of HijackThis v1.99.1 Scan saved at 6:21:31 PM, on 7/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\USB Disk Win98 Driver\Res.EXE C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\mcafee\msc\mcshell.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\DOCUME~1\Rob\MYDOCU~1\INSTAL~1\AINTI-~1\HIJACK~1\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mtsu36.mtsu.edu/cp/home/loginf R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[emailprotected] O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [USB STORAGE Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\system32\oobe\msoobe.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler//PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Hi there, Robert. I suspect a Vundo infection, so if you don't mind... 1. Download VundoFix and save it to your desktop. 2. Run VundoFix and click on Scan For Vundo. 3. Once it's done scanning, click on Remove Vundo. 4. When it prompts you to remove the files, click on Yes. 5. Your desktop will go blank as it's removing files. Don't worry, this is normal. 6. It will prompt you to restart your computer, so click OK. 7. When your computer is turned back on, your problem should be gone. 8. The program normally produces a Vundofix.txt* file. Please locate this file and paste the contents in your next post. And then, just to be thorough... 1. Download VirtumundoBeGone and save it to your desktop. 2. Reboot into Safe Mode. 3. Once you are in Safe Mode, run VirtumundoBeGone and FOLLOW the instructions. 4. Exit when it has finished and reboot back into normal mode. 5. The program normally produces a VBG.txt file. Please locate this file and paste the contents in your next post. You should scan with HijackThis and check the following entries... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto Then close all windows (except for HijackThis) and click on Fix Checked. You should then delete C:\Program Files\outlook. If you have any problems removing it, you may need to do so in Safe Mode. Also, you have Viewpoint Manager on your computer. I generally advise removing it, but it's up to you. Go here to read about it... http://ask-leo.com/is_viewpoint_spyware.html Once you have followed all of my above steps, please post back with the VundoFix and VirtumundoBeGone logs, as well as a new HijackThis log.I have attached the three text logs that you asked me to. Thank you for all your help. [Saving disk space - old attachment deleted by admin]Alright, Vundo is now gone from your system. However, a worm is still present, so make sure you follow my instructions... Once we start, you won't have ACCESS to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {634C7583-74C6-4FEF-BD06-9721761A6815} - C:\WINDOWS\system32\gebabyw.dll (file missing) O2 - BHO: (no name) - {865C773C-3446-40E5-8E65-D03921313DE1} - C:\WINDOWS\system32\opnll.dll (file missing) O2 - BHO: (no name) - {C99CB348-F50F-4A10-B2C2-56CAEA2B4791} - C:\WINDOWS\system32\cbaxw.dll (file missing) O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe (You have Viewpoint Manager on your computer. I generally advise removing it, but it's up to you. Go here to read about it: http://ask-leo.com/is_viewpoint_spyware.html) Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders. Go to Start > Settings > Control Panel > Add/Remove PROGRAMS and remove the following (if present)... Viewpoint Manager (You don't have to remove this, but I advise doing so.) Please note any other programs that you dont recognize in that list in your next response. Navigate to and delete the following folder(s) if present... C:\Program Files\outlook C:\Program Files\Viewpoint (You don't have to remove this, but I advise doing so.) Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3543.	Solve : A strange virus! please help me!?
Answer» My computer has been infected by a virus and I really don't know what to do. I've tried everything I could think of but no use. I couldn't find the name of this virus, so if you know about it, please help me. what's the name of this virus? I try to explain what a disaster this virus is: First of all, it doesn't allow me to install "Nod32" or "Kaspersky" and aborts their installation (even if I try to install them right after installing a fresh Windows XP on a formatted drive), and I tried "Avast!", "Panda", and "BitDefender" (all of them up to date), but they couldn't find or remove this virus, and There was not any antivirus else available! This virus doesn't allow me to see "System Properties" or run "msconfig" and "regedit". Also it doesn't allow me to see hidden files and folders (even when I change the setting for showing hidden files in "FOLDER Option"), and when I try to see hidden files using other softwares, say "WinNC3000", this virus closes that software. Another change is that in Right CLICK menu on every drive except drive "C" (Windows Drive), "OPEN" and "Explore" items are shown in some unknown CHARACTERS and they don't work. Also, there are to unknown processes in "Task Manager", "yreghpl.exe" and "wbegdwp.exe". I can't end them because they open again immediately. The worst problem is that even I format my Windows drive and install a fresh windows, Immediately after installation, this virus is active! I have lots of information and data on my hard disk and definitely don't want to lose any of them. Please Help me!!!!You said you formatted...but you still have all of your data? Did you actually format, or did you simply reinstall Windows? Those running processes make me suspect Vundo. Go ahead and download/save HijackThis to C:\Program Files\HJT and post a LOG here (it may take several posts).Quote from: CBMatt on July 11, 2007, 06:32:59 AM You said you formatted...but you still have all of your data? Did you actually format, or did you simply reinstall Windows? Those running processes make me suspect Vundo. Go ahead and download/save HijackThis to C:\Program Files\HJT and post a log here (it may take several posts). by formatting I meant I formatted my Windows Drive (C:)...not all the hard disk. As you said, I downloaded/saved Hijack This to c:\program files, but wen I run it (I mean when I double click it nothing happens. what am I spoused to do? log? what log? where is it? 1. go here and download the hijackthis.zip 2.make sure the zip file is on your desktop. Make a folder on your desktop named hijackthis. If you are using the basic windows extractor please open the zip by double clicking it and go to file extract all. The wizard should open up. Click next, click browse and find the folder you made on the desktop. Then click next. 3.now go to the folder on your desktop, open it double click on the icon in the folder. Click the button that says “do a system scan and save a logfile. 4.once the notepad opens up please copy the compete log to a new post in this topic, remember it might take more than one post to fit the complete log. It's strange! "HijackThis" doesn't work! when I double click on it, nothing happens! the first time when I run it, "yreghpl.exe" crashed and I see an error (send to microsoft) but of course this process didn't stop and immediately began again. Now when I run "HijackThis" again, simply nothing happens! If it's ability to run is being blocked by the infection you could try renaming it to HJT2.exe or similar.Yes, renaming it is definitely the first thing you should try. Give it a random inconspicious name...like subzeroking.exe. Also...these filenames with random letters lead me to suspect Vundo, so go ahead and try this... 1. Download VundoFix and save it to your desktop. 2. Run VundoFix and click on Scan For Vundo. 3. Once it's done scanning, click on Remove Vundo. 4. When it prompts you to remove the files, click on Yes. 5. Your desktop will go blank as it's removing files. Don't worry, this is normal. 6. It will prompt you to restart your computer, so click OK. 7. When your computer is turned back on, your problem should be gone. 8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post. And then, just to be thorough... 1. Download VirtumundoBeGone and save it to your desktop. 2. Reboot into Safe Mode. 3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions. 4. Exit when it has finished and reboot back into normal mode. 5. The program normally produces a VBG.txt file. Please locate this file and paste the contents in your next post.First of all, I should say that I really appreciate your help. thank you! I tried everything that CBMatt said, but VundoFix found nothing. At last I managed to run "HijackThis" (by renaming it) and get a log file. But before I post the log file I should say that first I ended all processes that I was able to (and I knew all of them) then I ran "HijackThis". Logfile of HijackThis v1.99.1 Scan saved at 4:27:05 PM, on 7/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\yreghpl.exe C:\Program Files\Common Files\System\vbegdwp.exe C:\Documents and Settings\Subzero\Desktop\hijackthis\HJT2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [] C:\Program Files\Common Files\Microsoft Shared\ O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [ulmasjm] C:\Program Files\Common Files\System\vbegdwp.exe O4 - HKLM\..\Run: [bptnsvr] C:\Program Files\Common Files\Microsoft Shared\yreghpl.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab O20 - AppInit_DLLs: qhbpri.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) Hm...although you say VundoFix came up with nothing, I still suspect it... First of all, go to VirusTotal and scan the following files... C:\Program Files\Common Files\System\vbegdwp.exe C:\Program Files\Common Files\Microsoft Shared\yreghpl.exe C:\WINDOWS\system32\qhbpri.dll Once you have scanned them, please post the results here. After doing so, go ahead and delete these files in Safe Mode. Along with your VirusTotal results, post a new HijackThis log and we'll take things from there.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

3543.

Solve : A strange virus! please help me!?

Answer»

My computer has been infected by a virus and I really don't know what to do. I've tried everything I could think of but no use. I couldn't find the name of this virus, so if you know about it, please help me. what's the name of this virus?
I try to explain what a disaster this virus is:
First of all, it doesn't allow me to install "Nod32" or "Kaspersky" and aborts their installation (even if I try to install them right after installing a fresh Windows XP on a formatted drive), and I tried "Avast!", "Panda", and "BitDefender" (all of them up to date), but they couldn't find or remove this virus, and There was not any antivirus else available!
This virus doesn't allow me to see "System Properties" or run "msconfig" and "regedit". Also it doesn't allow me to see hidden files and folders (even when I change the setting for showing hidden files in "FOLDER Option"), and when I try to see hidden files using other softwares, say "WinNC3000", this virus closes that software.
Another change is that in Right CLICK menu on every drive except drive "C" (Windows Drive), "OPEN" and "Explore" items are shown in some unknown CHARACTERS and they don't work.
Also, there are to unknown processes in "Task Manager", "yreghpl.exe" and "wbegdwp.exe". I can't end them because they open again immediately.
The worst problem is that even I format my Windows drive and install a fresh windows, Immediately after installation, this virus is active!
I have lots of information and data on my hard disk and definitely don't want to lose any of them.
Please Help me!!!!You said you formatted...but you still have all of your data? Did you actually format, or did you simply reinstall Windows?

Those running processes make me suspect Vundo. Go ahead and download/save HijackThis to C:\Program Files\HJT and post a LOG here (it may take several posts).Quote from: CBMatt on July 11, 2007, 06:32:59 AM

You said you formatted...but you still have all of your data? Did you actually format, or did you simply reinstall Windows?

Those running processes make me suspect Vundo. Go ahead and download/save HijackThis to C:\Program Files\HJT and post a log here (it may take several posts).

by formatting I meant I formatted my Windows Drive (C:)...not all the hard disk.

As you said, I downloaded/saved Hijack This to c:\program files, but wen I run it (I mean when I double click it nothing happens. what am I spoused to do? log? what log? where is it? 1. go here and download the hijackthis.zip
2.make sure the zip file is on your desktop. Make a folder on your desktop named hijackthis. If you are using the basic windows extractor please open the zip by double clicking it and go to file extract all. The wizard should open up. Click next, click browse and find the folder you made on the desktop. Then click next.
3.now go to the folder on your desktop, open it double click on the icon in the folder. Click the button that says “do a system scan and save a logfile.
4.once the notepad opens up please copy the compete log to a new post in this topic, remember it might take more than one post to fit the complete log.
It's strange! "HijackThis" doesn't work! when I double click on it, nothing happens! the first time when I run it, "yreghpl.exe" crashed and I see an error (send to microsoft) but of course this process didn't stop and immediately began again.
Now when I run "HijackThis" again, simply nothing happens!
If it's ability to run is being blocked by the infection you could try renaming it to HJT2.exe or similar.Yes, renaming it is definitely the first thing you should try. Give it a random inconspicious name...like subzeroking.exe.

Also...these filenames with random letters lead me to suspect Vundo, so go ahead and try this...

1. Download VundoFix and save it to your desktop.
2. Run VundoFix and click on Scan For Vundo.
3. Once it's done scanning, click on Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files. Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post.

And then, just to be thorough...
1. Download VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and reboot back into normal mode.
5. The program normally produces a VBG.txt file. Please locate this file and paste the contents in your next post.First of all, I should say that I really appreciate your help. thank you!
I tried everything that CBMatt said, but VundoFix found nothing.
At last I managed to run "HijackThis" (by renaming it) and get a log file. But before I post the log file I should say that first I ended all processes that I was able to (and I knew all of them) then I ran "HijackThis".

Logfile of HijackThis v1.99.1
Scan saved at 4:27:05 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\yreghpl.exe
C:\Program Files\Common Files\System\vbegdwp.exe
C:\Documents and Settings\Subzero\Desktop\hijackthis\HJT2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [] C:\Program Files\Common Files\Microsoft Shared\
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ulmasjm] C:\Program Files\Common Files\System\vbegdwp.exe
O4 - HKLM\..\Run: [bptnsvr] C:\Program Files\Common Files\Microsoft Shared\yreghpl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab
O20 - AppInit_DLLs: qhbpri.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Hm...although you say VundoFix came up with nothing, I still suspect it...

First of all, go to VirusTotal and scan the following files...

C:\Program Files\Common Files\System\vbegdwp.exe
C:\Program Files\Common Files\Microsoft Shared\yreghpl.exe
C:\WINDOWS\system32\qhbpri.dll

Once you have scanned them, please post the results here. After doing so, go ahead and delete these files in Safe Mode. Along with your VirusTotal results, post a new HijackThis log and we'll take things from there.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3544.	Solve : Flashing flash drive??
Answer» Sir, I noticed, since today, the light on my 4gb usb flash drive keeps flashing all the time. It used to be steady when idle and blink when data is being read/write. Checked the contents (I unchecked the hide system file/folder). there are two hidden files: 1. [Autorun] open=MicrosoftPowerPoint.exe shellexecute=MicrosoftPowerPoint.exe shell\Auto\command=MicrosoftPowerPoint.exe 2. MicrosoftPowerPoint.exe, its icon is just like a normal folder. I deleted these two files and they reappear almost immediatly. Even format this usb flash drive, the the two files appeared again. My OS is win2k ( sp4), P4 2.8ghz processor, 512mb ram, 2hdd 40gb each, adsl net connection etc. Find here the HJT log: Please help me to get rid of this irritant: Logfile of HijackThis v1.99.1 Scan saved at 04:27:57 PM, on 24-Jul-07 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: F:\WINNT\System32\smss.exe F:\WINNT\system32\winlogon.exe F:\WINNT\system32\services.exe F:\WINNT\system32\lsass.exe F:\WINNT\system32\svchost.exe F:\WINNT\system32\ZoneLabs\vsmon.exe F:\WINNT\system32\spoolsv.exe F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe F:\PROGRA~1\Grisoft\AVG7\avgemc.exe D:\BlueTooth Dongle\BTNtService.exe F:\WINNT\System32\svchost.exe D:\FreePOPs\freepopsservice.exe d:\FreePOPs\freepopsd.exe F:\WINNT\system32\HDDSvc.exe F:\WINNT\system32\nvsvc32.exe F:\WINNT\system32\MSTask.exe F:\WINNT\System32\WBEM\WinMgmt.exe F:\WINNT\system32\svchost.exe F:\WINNT\Explorer.EXE F:\PROGRA~1\Grisoft\AVG7\avgcc.exe F:\Program Files\Huawei\MT882\dslagent.exe F:\WINNT\SOUNDMAN.EXE F:\WINNT\system32\VTTimer.exe F:\WINNT\tsnpstd3.exe F:\WINNT\vsnpstd3.exe F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\ZoneAlarm\zlclient.exe F:\WINNT\system32\sm56hlpr.exe F:\Program Files\Picasa2\PicasaMediaDetector.exe F:\WINNT\system32\stisvc.exe D:\TICK\TICK.EXE F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\heap41a\svchost.exe C:\heap41a\svchost.exe F:\Program Files\Internet Explorer\IEXPLORE.EXE F:\Program Files\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://in.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://in.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://in.search.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://in.search.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] F:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] F:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\Huawei\MT882\dslagent.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [tsnpstd3] F:\WINNT\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] F:\WINNT\vsnpstd3.exe O4 - HKLM\..\Run: [QUICKTIME Task] "D:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe O4 - HKLM\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: TICK.lnk = D:\TICK\TICK.EXE O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156782613859 O17 - HKLM\System\CCS\Services\Tcpip\..\{3DF66C34-0103-465C-8721-972DFFA572EF}: NameServer = 218.248.240.79 218.248.240.135 O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - F:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BlueSoleil HID Service - Unknown owner - D:\BlueTooth Dongle\BTNtService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe O23 - Service: FreePOPs - Unknown owner - D:\FreePOPs\freepopsservice.exe O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - F:\WINNT\system32\HDDSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINNT\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINNT\system32\ZoneLabs\vsmon.exe Thanks, jawanda56The only malicious entry I see is this... O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing) You should fix it with HijackThis and then enable hidden files and folders. Look for F:\WINDOWS\system32\winepi32.dll, and if it exists, delete it in Safe Mode. The main concern here is the file in your flashdrive, which wouldn't show up in a HijackThis log. Unless it has infected your machine, but I see no evidence of that as of yet. First, it would help to know the brand and model of your flashdrive. Some drives come pre-installed with software. Of course, some drives, as you know, come pre-installed with infections. This isn't one of those Sony drives from China, is it? Are you experiencing any actual problems with your computer? If this actually is an infection, I would suspect the USBWorm, which typically disables Orkut, Youtube, and Firefox. See below for some info... http://sarathlakshman.info/?p=94 Download Flash Disinfector and run it in Safe Mode with your flash drive connected. Let me know if this helps at all. You could also try scanning the file at VirusTotal and posting the results here.Thnx, Chris: I've fixed the entry O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing) I looked around on the net about the worm and identified it as 'w32 ahk heap'. There are two entries in running processes of HJT log: C:\heap41a\svchost.exe C:\heap41a\svchost.exe Yes, this is those Chinse Sony flash drive and this infection in not one of the pre-installed one because, I've formated the drive many times. My flash drive was connected to another computer today and that's where in got infected. Scanned the file with Virus Total, results below: File MicrosoftPowerPoint.exe received on 07.24.2007 15:49:22 (CET) Antivirus Version Last Update Result AhnLab-V3 2007.7.25.0 2007.07.24 no virus FOUND AntiVir 7.4.0.44 2007.07.24 DR/Agent.aoe.1 Authentium 4.93.8 2007.07.23 no virus found Avast 4.7.997.0 2007.07.24 Win32:Agent-HYM AVG 7.5.0.476 2007.07.23 Worm/Small.2.F BitDefender 7.2 2007.07.24 Trojan.Agent.AACH CAT-QuickHeal 9.00 2007.07.24 no virus found ClamAV devel-20070416 2007.07.24 Trojan.Mozban DrWeb 4.33 2007.07.24 no virus found eSafe 7.0.15.0 2007.07.23 Win32.Trojan eTrust-Vet 31.1.5003 2007.07.24 Win32/AHKHeap.A Ewido 4.0 2007.07.24 no virus found FileAdvisor 1 2007.07.24 no virus found Fortinet 2.91.0.0 2007.07.24 Misc/AutoHotKey F-Prot 4.3.2.48 2007.07.23 no virus found F-Secure 6.70.13030.0 2007.07.24 Trojan.Win32.Agent.aoe Ikarus T3.1.1.8 2007.07.24 Trojan.Win32.Agent.aoe Kaspersky 4.0.2.24 2007.07.24 Trojan.Win32.Agent.aoe McAfee 5080 2007.07.23 W32/AHKHeap Microsoft 1.2704 2007.07.24 no virus found NOD32v2 2416 2007.07.24 Win32/AHKHeap.A Norman 5.80.02 2007.07.24 Smalltroj.BHFI Panda 9.0.0.4 2007.07.23 W32/AHKHeap.A.worm Sophos 4.19.0 2007.07.17 W32/AHKHeap-A Sunbelt 2.2.907.0 2007.07.24 no virus found Symantec 10 2007.07.24 Trojan.Dropper TheHacker 6.1.7.152 2007.07.23 no virus found VBA32 3.12.2.1 2007.07.23 Worm.Win32.AHKHeap.A VirusBuster 4.3.26:9 2007.07.24 no virus found Webwasher-Gateway 6.0.1 2007.07.24 Trojan.Agent.aoe.1 Additional information File size: 462050 bytes MD5: 4f30003916cc70fca3ce6ec3f0ff1429 SHA1: 7a12afdc041a03da58971a0f7637252ace83435 3 packers: UPX packers: RAR Please guide me to remove completely this worm 'w32 ahk heap'. Quote See below for some info... http://sarathlakshman.info/?p=94 Got the worm remover from this site and ran it. I think, it has removed the infection. I can see the usb flash drives light is not blinking un-nessaccirily. Removed these two unwanted files from the drive: 1. autoexec 2. MicrosoftPowerPoint.exe Now these files are not returning back. Please let me know if anything else to be done. Here is the latest HJT log: Logfile of HijackThis v1.99.1 Scan saved at 07:53:52 PM, on 24-Jul-07 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: F:\WINNT\System32\smss.exe F:\WINNT\system32\winlogon.exe F:\WINNT\system32\services.exe F:\WINNT\system32\lsass.exe F:\WINNT\system32\svchost.exe F:\WINNT\system32\ZoneLabs\vsmon.exe F:\WINNT\system32\spoolsv.exe F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe F:\PROGRA~1\Grisoft\AVG7\avgemc.exe D:\BlueTooth Dongle\BTNtService.exe F:\WINNT\System32\svchost.exe D:\FreePOPs\freepopsservice.exe d:\FreePOPs\freepopsd.exe F:\WINNT\system32\HDDSvc.exe F:\WINNT\system32\nvsvc32.exe F:\WINNT\system32\MSTask.exe F:\WINNT\System32\WBEM\WinMgmt.exe F:\WINNT\system32\svchost.exe F:\WINNT\Explorer.EXE F:\PROGRA~1\Grisoft\AVG7\avgcc.exe F:\Program Files\Huawei\MT882\dslagent.exe F:\WINNT\SOUNDMAN.EXE F:\WINNT\system32\VTTimer.exe F:\WINNT\tsnpstd3.exe F:\WINNT\vsnpstd3.exe F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\ZoneAlarm\zlclient.exe F:\WINNT\system32\sm56hlpr.exe F:\Program Files\Picasa2\PicasaMediaDetector.exe D:\TICK\TICK.EXE F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe F:\WINNT\system32\stisvc.exe F:\Program Files\Internet Explorer\IEXPLORE.EXE F:\Program Files\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://in.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://in.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://in.search.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://in.search.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] F:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] F:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\Huawei\MT882\dslagent.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [tsnpstd3] F:\WINNT\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] F:\WINNT\vsnpstd3.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe O4 - HKLM\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: TICK.lnk = D:\TICK\TICK.EXE O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156782613859 O17 - HKLM\System\CCS\Services\Tcpip\..\{3DF66C34-0103-465C-8721-972DFFA572EF}: NameServer = 218.248.240.79 218.248.240.135 O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - F:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\BlueTooth Dongle\BTNtService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe O23 - Service: FreePOPs - Unknown owner - D:\FreePOPs\freepopsservice.exe O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - F:\WINNT\system32\HDDSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINNT\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINNT\system32\ZoneLabs\vsmon.exe jawanda56Looks like it was in FACT the worm. I'm glad we managed to catch it. Just to be on the safe side, you should update your AVG and scan with it in Safe Mode. If it comes up clean, you should be set. I'm not seeing anything malicious in your HijackThis file.Quote update your AVG and scan with it in Safe Mode My AVG free is always updated. Scanned the PC in safe mode and have removed about more 14 threats. Thanks and bood bye... until next time. jawanda56No problem, come back anytime. You need to be careful when connecting your flashdrive to another computer. These types of infections SEEM to be running wild over in your neck of the woods. I would suggest contacting the person who infected your drive and suggest that they try same removal tool that fixed your problem.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

3544.

Solve : Flashing flash drive??

Answer»

Sir, I noticed, since today, the light on my 4gb usb flash drive keeps flashing all the time. It used to be steady when idle and blink when data is being read/write. Checked the contents (I unchecked the hide system file/folder). there are two hidden files:
1. [Autorun]
open=MicrosoftPowerPoint.exe
shellexecute=MicrosoftPowerPoint.exe
shell\Auto\command=MicrosoftPowerPoint.exe

2. MicrosoftPowerPoint.exe, its icon is just like a normal folder.

I deleted these two files and they reappear almost immediatly. Even format this usb flash drive, the the two files appeared again.

My OS is win2k ( sp4), P4 2.8ghz processor, 512mb ram, 2hdd 40gb each, adsl net connection etc.
Find here the HJT log: Please help me to get rid of this irritant:
Logfile of HijackThis v1.99.1
Scan saved at 04:27:57 PM, on 24-Jul-07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\ZoneLabs\vsmon.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\BlueTooth Dongle\BTNtService.exe
F:\WINNT\System32\svchost.exe
D:\FreePOPs\freepopsservice.exe
d:\FreePOPs\freepopsd.exe
F:\WINNT\system32\HDDSvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\Huawei\MT882\dslagent.exe
F:\WINNT\SOUNDMAN.EXE
F:\WINNT\system32\VTTimer.exe
F:\WINNT\tsnpstd3.exe
F:\WINNT\vsnpstd3.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\ZoneAlarm\zlclient.exe
F:\WINNT\system32\sm56hlpr.exe
F:\Program Files\Picasa2\PicasaMediaDetector.exe
F:\WINNT\system32\stisvc.exe
D:\TICK\TICK.EXE
F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\heap41a\svchost.exe
C:\heap41a\svchost.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://in.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] F:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [tsnpstd3] F:\WINNT\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] F:\WINNT\vsnpstd3.exe
O4 - HKLM\..\Run: [QUICKTIME Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: TICK.lnk = D:\TICK\TICK.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156782613859
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DF66C34-0103-465C-8721-972DFFA572EF}: NameServer = 218.248.240.79 218.248.240.135
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - F:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil HID Service - Unknown owner - D:\BlueTooth Dongle\BTNtService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: FreePOPs - Unknown owner - D:\FreePOPs\freepopsservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - F:\WINNT\system32\HDDSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINNT\system32\ZoneLabs\vsmon.exe

Thanks, jawanda56The only malicious entry I see is this...

O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)

You should fix it with HijackThis and then enable hidden files and folders. Look for F:\WINDOWS\system32\winepi32.dll, and if it exists, delete it in Safe Mode.

The main concern here is the file in your flashdrive, which wouldn't show up in a HijackThis log. Unless it has infected your machine, but I see no evidence of that as of yet. First, it would help to know the brand and model of your flashdrive. Some drives come pre-installed with software. Of course, some drives, as you know, come pre-installed with infections. This isn't one of those Sony drives from China, is it?

Are you experiencing any actual problems with your computer? If this actually is an infection, I would suspect the USBWorm, which typically disables Orkut, Youtube, and Firefox. See below for some info...
http://sarathlakshman.info/?p=94

Download Flash Disinfector and run it in Safe Mode with your flash drive connected.

Let me know if this helps at all. You could also try scanning the file at VirusTotal and posting the results here.Thnx, Chris:
I've fixed the entry
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)

I looked around on the net about the worm and identified it as 'w32 ahk heap'.

There are two entries in running processes of HJT log:
C:\heap41a\svchost.exe
C:\heap41a\svchost.exe

Yes, this is those Chinse Sony flash drive and this infection in not one of the pre-installed one because, I've formated the drive many times. My flash drive was connected to another computer today and that's where in got infected.

Scanned the file with Virus Total, results below:

File MicrosoftPowerPoint.exe received on 07.24.2007 15:49:22 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2007.7.25.0 2007.07.24 no virus FOUND
AntiVir 7.4.0.44 2007.07.24 DR/Agent.aoe.1
Authentium 4.93.8 2007.07.23 no virus found
Avast 4.7.997.0 2007.07.24 Win32:Agent-HYM
AVG 7.5.0.476 2007.07.23 Worm/Small.2.F
BitDefender 7.2 2007.07.24 Trojan.Agent.AACH
CAT-QuickHeal 9.00 2007.07.24 no virus found
ClamAV devel-20070416 2007.07.24 Trojan.Mozban
DrWeb 4.33 2007.07.24 no virus found
eSafe 7.0.15.0 2007.07.23 Win32.Trojan
eTrust-Vet 31.1.5003 2007.07.24 Win32/AHKHeap.A
Ewido 4.0 2007.07.24 no virus found
FileAdvisor 1 2007.07.24 no virus found
Fortinet 2.91.0.0 2007.07.24 Misc/AutoHotKey
F-Prot 4.3.2.48 2007.07.23 no virus found
F-Secure 6.70.13030.0 2007.07.24 Trojan.Win32.Agent.aoe
Ikarus T3.1.1.8 2007.07.24 Trojan.Win32.Agent.aoe
Kaspersky 4.0.2.24 2007.07.24 Trojan.Win32.Agent.aoe
McAfee 5080 2007.07.23 W32/AHKHeap
Microsoft 1.2704 2007.07.24 no virus found
NOD32v2 2416 2007.07.24 Win32/AHKHeap.A
Norman 5.80.02 2007.07.24 Smalltroj.BHFI
Panda 9.0.0.4 2007.07.23 W32/AHKHeap.A.worm
Sophos 4.19.0 2007.07.17 W32/AHKHeap-A
Sunbelt 2.2.907.0 2007.07.24 no virus found
Symantec 10 2007.07.24 Trojan.Dropper
TheHacker 6.1.7.152 2007.07.23 no virus found
VBA32 3.12.2.1 2007.07.23 Worm.Win32.AHKHeap.A
VirusBuster 4.3.26:9 2007.07.24 no virus found
Webwasher-Gateway 6.0.1 2007.07.24 Trojan.Agent.aoe.1
Additional information
File size: 462050 bytes
MD5: 4f30003916cc70fca3ce6ec3f0ff1429
SHA1: 7a12afdc041a03da58971a0f7637252ace83435 3
packers: UPX
packers: RAR

Please guide me to remove completely this worm 'w32 ahk heap'.
Quote

See below for some info...
http://sarathlakshman.info/?p=94

Got the worm remover from this site and ran it. I think, it has removed the infection. I can see the usb flash drives light is not blinking un-nessaccirily. Removed these two unwanted files from the drive:
1. autoexec
2. MicrosoftPowerPoint.exe

Now these files are not returning back.

Please let me know if anything else to be done.

Here is the latest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 07:53:52 PM, on 24-Jul-07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\ZoneLabs\vsmon.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\BlueTooth Dongle\BTNtService.exe
F:\WINNT\System32\svchost.exe
D:\FreePOPs\freepopsservice.exe
d:\FreePOPs\freepopsd.exe
F:\WINNT\system32\HDDSvc.exe
F:\WINNT\system32\nvsvc32.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\Huawei\MT882\dslagent.exe
F:\WINNT\SOUNDMAN.EXE
F:\WINNT\system32\VTTimer.exe
F:\WINNT\tsnpstd3.exe
F:\WINNT\vsnpstd3.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\ZoneAlarm\zlclient.exe
F:\WINNT\system32\sm56hlpr.exe
F:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\TICK\TICK.EXE
F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
F:\WINNT\system32\stisvc.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://in.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] F:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [tsnpstd3] F:\WINNT\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] F:\WINNT\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: TICK.lnk = D:\TICK\TICK.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156782613859
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DF66C34-0103-465C-8721-972DFFA572EF}: NameServer = 218.248.240.79 218.248.240.135
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - F:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\BlueTooth Dongle\BTNtService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: FreePOPs - Unknown owner - D:\FreePOPs\freepopsservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - F:\WINNT\system32\HDDSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINNT\system32\ZoneLabs\vsmon.exe

jawanda56Looks like it was in FACT the worm. I'm glad we managed to catch it.

Just to be on the safe side, you should update your AVG and scan with it in Safe Mode. If it comes up clean, you should be set. I'm not seeing anything malicious in your HijackThis file.Quote

update your AVG and scan with it in Safe Mode

My AVG free is always updated. Scanned the PC in safe mode and have removed about more 14 threats.

Thanks and bood bye... until next time.

jawanda56No problem, come back anytime.

You need to be careful when connecting your flashdrive to another computer. These types of infections SEEM to be running wild over in your neck of the woods. I would suggest contacting the person who infected your drive and suggest that they try same removal tool that fixed your problem.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

3545.	Solve : search for [program removed] licence key?
Answer» please send me [program removed] software & licence key for this software on my e-mail ADDRESS - [e-mail removed]himay, if you WOULD've read the rules, you would know that we don't HELP with this sort of thing. If you want illegal software, you will have to GO elsewhere. You're not even requesting GOOD software. If you want decent anti-virus protection, good free alternatives include AVG Free, Avast, ClamWin, and several others. Topic locked.

Discussion

3546.	Solve : Both my user account is limited!!!?
Answer» I am using a window xp proffesional with window vista skin and iam not connected to the net when i tried to change my admin ACCOUNT to limted and the other user account into admin i ENDED having both limted user account. can you GUYS help me!!! My admin user account is miising...Is it a windows vista brico pack , if so remove ASAP!!! Those theme's cause all sorts of ISSUES...... Stick with X-P TONY but the two account is limited and i can use the admin account change.. how can i change it back to the original....Start XP in safe mode and log in as administrator, you should be able to remove it from there.

Discussion

3547.	Solve : found some virus on my computer, help (part 1)?
Answer» Hi, Please help again, I am in the process of removing some virus from my computer and was advised to install Service Parck 1a for windows XP, which I did. I was then advised to download Vundo Fix; however, the program found no infected files. I later downloaed VirtumundoBeGone and ran another HijfackThis scan. I was told to re-post my FINDING so below are these findings. I am new to forums and I receive NOTIFICATION indicating that my message was too long so i split it in two;I hope i am following the right procedures. Thanks a mil! Here is what I found with VirtumundoBeGone Scan: [07/28/2007, 17:47:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jason Grefski\My Documents\VirtumundoBeGone.exe" ) [07/28/2007, 17:48:10] - Detected System Information: [07/28/2007, 17:48:10] - Windows Version: 5.1.2600, [07/28/2007, 17:48:10] - Current Username: Jason Grefski (Admin) [07/28/2007, 17:48:10] - Windows is in SAFE mode with Networking. [07/28/2007, 17:48:10] - Searching for Browser Helper Objects: [07/28/2007, 17:48:10] - BHO 1: {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} () [07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\pgpwsdhk [07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\pgpwsdhk, continuing. [07/28/2007, 17:48:10] - BHO 2: {9B1620DE-F835-7274-BCB0-17E839C0AECB} () [07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\eygdlfmr [07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\eygdlfmr, continuing. [07/28/2007, 17:48:10] - BHO 3: {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} () [07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\wgpfumyy [07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\wgpfumyy, continuing. [07/28/2007, 17:48:10] - Finished Searching Browser Helper Objects [07/28/2007, 17:48:10] - Finishing up... [07/28/2007, 17:48:10] - Nothing found! Exiting... You could of saved us the trouble of opening a 2nd topic by posting it in a reply to this one. I apologize, I didn't know. Thanks! Hi, this is a continuation of found some virus on my computer (part1 ). Logfile of HijackThis v1.99.1 Scan saved at 5:57:43 PM, on 7/28/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\System32\confgldr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\winasp.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\vwgwrbds.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\ojndgbtm.exe C:\WINDOWS\System32\wumgr.exe C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\America Online 9.0b\waol.exe C:\Program Files\Microsoft Office\Register\Remind32.exe C:\Program Files\Microsoft Office\programs\alarm.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Microsoft Office\programs\dad9.exe C:\Palm\HOTSYNC.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Netropa\OSD.exe C:\WINDOWS\System32\wuauclt.exe c:\program files\common files\aol\1102561437\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe c:\program files\common files\aol\1102561437\ee\aolsoftware.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\America Online 9.0b\shellmon.exe C:\Documents and Settings\Jason Grefski\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgrhttp://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/ R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe O2 - BHO: (no name) - {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} - C:\WINDOWS\System32\pgpwsdhk.dll O2 - BHO: (no name) - {9B1620DE-F835-7274-BCB0-17E839C0AECB} - C:\WINDOWS\System32\eygdlfmr.dll O2 - BHO: (no name) - {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} - C:\WINDOWS\System32\wgpfumyy.dll (file missing) O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe O4 - HKLM\..\Run: [vwgwrbds] C:\WINDOWS\System32\vwgwrbds.exe O4 - HKLM\..\Run: [Video Process] winasp.exe O4 - HKLM\..\Run: [qyslqvcl] C:\WINDOWS\System32\qyslqvcl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ojndgbtm] C:\WINDOWS\System32\ojndgbtm.exe O4 - HKLM\..\Run: [Microsoft Update Manager] wumgr.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [Com+ Sys] csrs.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Configuration Loader] confgldr.exe O4 - HKLM\..\RunServices: [Configuration Loader] confgldr.exe O4 - HKLM\..\RunServices: [Video Process] winasp.exe O4 - HKLM\..\RunServices: [Com+ Sys] csrs.exe O4 - HKLM\..\RunServices: [Microsoft Update Manager] wumgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Update Manager] wumgr.exe O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Microsoft Office\Register\Remind32.exe O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Microsoft Office\programs\ccwin9.exe O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Microsoft Office\programs\alarm.exe O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Microsoft Office\programs\dad9.exe O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX CONTROL) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v11/ticker.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/23c1c0030ac94826fe15/netzip/RdxIE2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185654450389 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185654429499 O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/lsacd_xmlwebservices/Http/OIFActiveX/ofmctl.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Configuration Loader - Unknown owner - C:\WINDOWS\System32\confgldr.exe" -service (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: ritmtqunjmkh (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing) O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Video Process - Unknown owner - C:\WINDOWS\System32\winasp.exe" -service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Let's STICK to the original thread. I'm going to go AHEAD and lock this one.

Discussion

3548.	Solve : Which would you prefer??
Answer» I've been using AVG for a while now, but I am starting to like Avast! more. (Been using mother's lappy as a guinea PIG.) I'm curious, though: Of the people who've tried them both, which do you think works better? I'm REFERRING to the free editions of each, naturally. Hey there Dilbert Well to be frank.... I dont' like either of them i USE kaspersky 7.0 i know its not free , but its really good.....i do like some of AVGS 7.5 features but overall its not great.... im not fully virus literate but i think a good anti-virus should not only pick up virus's and destroy them but it should also look good as well and be easy to use.... Tony Thanks. Any other OPINIONS? (Kapersky is a good AV, by the way. I'm just on a budget of $0)AVG and Avast are both good programs, but I've had a BIT more success with AVG, so I have to go with that. I can't say that one is actually better than the other (they're somewhat equal, I think); it's just a matter of preference. ClamWin is also a pretty good choice, but mainly as an on-demand scanner.Oh Joy..........Another Poll.Oh Joy..........Another Patio.For me, it's AVG all the way. I have tried the free versions of Antivir, Avast and AVG, and personally I much prefer AVG. Avast took longest to scan, then Antivir, and AVG takes the least time. Also, they went in that order from most resource intensive to least. These are only my personal experiences and opinions remember, but I also liked the interfaces in the same order, from least to best. So for me, AVG gets full marks, Antivir slightly less, and Avast much less.

Discussion

3549.	Solve : I think my computer's done for...?
Answer» I didn't mean to make it sound like I was ACCUSING. There's no need to provide proof; I'll take your word for it. Keygens are still trouble, though. Next time, you should give the company a call. Usually, if you can prove that you own a legal copy (they'll tell you how), they will provide you with a new key. It's much safer this WAY. Anyway...you say AVG AS keeps picking up a hijacker... Where is the infected file located? Have you tried deleting it manually? Perhaps you could post an AVG log?I just did a full AVG Antispyware scan and it come out totally clean.. that's a plus, I guess. I've been doing scans all day, and I've been using the downstairs computer. Right now, SPYBOT S&D is scanning... so we'll see. First, I did an a-squared scan, and it took several hours. It came back with a few piece of adware and tracking COOKIES, but other than that, clean. I then did AVG Antispyware it it came back totally clean.. hmm. Now, I'm doing a Spybot scan, and after it's finished, I'll do another deep scan with avast! antivirus. For the record, I tried calling EA Games, and they told me I need to send them a request for a new serial# along with my disk, and $10, I think. I just thought a keygen would be easier... I won't do that anymore.. I can't find the infection for the life of me. Is there any way just to clear EVERYTHING besides the OS itself? * Jade is hopeful. Thanks for all the help so far, by the way.what kind of computer is it and how old?Quote from: unlovedwarrior on July 30, 2007, 08:55:39 AM what kind of computer is it and how old? It's an emachines that my grandparents purchased me at Wal-Mart, I believe. It's about 4 years old, give or take a year.ummm... you might be able to contact them and order the cds for a reasonable price if you continue to have problems later on.Quote from: unlovedwarrior on July 30, 2007, 02:48:27 PM ummm... you might be able to contact them and order the cds for a reasonable price if you continue to have problems later on. Yeah, I hate to say it, but this might be your best bet as of right now. Just give eMachines/Gateway a call and there's a good chance they'll help you out. Keep us updated.Quote from: CBMatt on July 30, 2007, 03:15:47 PM Quote from: unlovedwarrior on July 30, 2007, 02:48:27 PM ummm... you might be able to contact them and order the cds for a reasonable price if you continue to have problems later on. Yeah, I hate to say it, but this might be your best bet as of right now. Just give eMachines/Gateway a call and there's a good chance they'll help you out. Keep us updated. Alrighty then. There's no way I can, like, wipe everything and just re-install XP? I can save the Windows file to disk or anything?Sorry you can't reinstall Windows without a Windows XP install disc.Quote from: Deerpark on July 30, 2007, 04:06:09 PM Sorry you can't reinstall Windows without a Windows XP install disc. Is there a way to delete EVERYTHING besides the OS?Yes. But how do you plan to re-install ? ?I don't think wiping anything but the OS will do any good since its sounds like it's your OS that's messed up.Any idea how much they'd charge me for back-up disks?I've never had to order any, so I don't know how much they charge, but I wouldn't expect it to be too much. Check here for contact info... http://www.emachines.com/support/upgrades.html If you don't want to call, you can chat with a tech.

3549.

Solve : I think my computer's done for...?

Answer»

I didn't mean to make it sound like I was ACCUSING. There's no need to provide proof; I'll take your word for it. Keygens are still trouble, though. Next time, you should give the company a call. Usually, if you can prove that you own a legal copy (they'll tell you how), they will provide you with a new key. It's much safer this WAY.

Anyway...you say AVG AS keeps picking up a hijacker... Where is the infected file located? Have you tried deleting it manually? Perhaps you could post an AVG log?I just did a full AVG Antispyware scan and it come out totally clean.. that's a plus, I guess.

I've been doing scans all day, and I've been using the downstairs computer. Right now, SPYBOT S&D is scanning... so we'll see.

First, I did an a-squared scan, and it took several hours. It came back with a few piece of adware and tracking COOKIES, but other than that, clean.

I then did AVG Antispyware it it came back totally clean.. hmm.

Now, I'm doing a Spybot scan, and after it's finished, I'll do another deep scan with avast! antivirus.

For the record, I tried calling EA Games, and they told me I need to send them a request for a new serial# along with my disk, and $10, I think. I just thought a keygen would be easier... I won't do that anymore.. I can't find the infection for the life of me.

Is there any way just to clear EVERYTHING besides the OS itself?
* Jade is hopeful.
Thanks for all the help so far, by the way.what kind of computer is it and how old?Quote from: unlovedwarrior on July 30, 2007, 08:55:39 AM

what kind of computer is it and how old?

It's an emachines that my grandparents purchased me at Wal-Mart, I believe. It's about 4 years old, give or take a year.ummm... you might be able to contact them and order the cds for a reasonable price if you continue to have problems later on.Quote from: unlovedwarrior on July 30, 2007, 02:48:27 PM

ummm... you might be able to contact them and order the cds for a reasonable price if you continue to have problems later on.

Yeah, I hate to say it, but this might be your best bet as of right now. Just give eMachines/Gateway a call and there's a good chance they'll help you out. Keep us updated.Quote from: CBMatt on July 30, 2007, 03:15:47 PM

Quote from: unlovedwarrior on July 30, 2007, 02:48:27 PM
ummm... you might be able to contact them and order the cds for a reasonable price if you continue to have problems later on.

Yeah, I hate to say it, but this might be your best bet as of right now. Just give eMachines/Gateway a call and there's a good chance they'll help you out. Keep us updated.

Alrighty then. There's no way I can, like, wipe everything and just re-install XP? I can save the Windows file to disk or anything?Sorry you can't reinstall Windows without a Windows XP install disc.Quote from: Deerpark on July 30, 2007, 04:06:09 PM

Sorry you can't reinstall Windows without a Windows XP install disc.

Is there a way to delete EVERYTHING besides the OS?Yes.
But how do you plan to re-install ? ?I don't think wiping anything but the OS will do any good since its sounds like it's your OS that's messed up.Any idea how much they'd charge me for back-up disks?I've never had to order any, so I don't know how much they charge, but I wouldn't expect it to be too much. Check here for contact info...

http://www.emachines.com/support/upgrades.html

If you don't want to call, you can chat with a tech.

Discussion

3550.	Solve : Norton antivirus interferes with Start?
Answer» When my Norton antivirus does an UPDATE it is followed by interference with the Start BUTTON or starting PROGRAMS with lower toolbar icons. This INCLUDES but is not limited to starting AOL. Also, since nothing happens when Start is pressed, I can't get a listing of programs or other things on the start menu. Eventually it gets back to normal.more info please? LIKE what version of norton? what OS and SP?Norton interferes with alot more than Start...Quote from: patio on August 01, 2007, 06:17:52 PM Norton interferes with alot more than Start... very true patioI think a lot of us would agree that you're better off ditching Norton and using a free alternative such as AVG.

3550.

Solve : Norton antivirus interferes with Start?

Answer»

When my Norton antivirus does an UPDATE it is followed by interference with the Start BUTTON or starting PROGRAMS with lower toolbar icons. This INCLUDES but is not limited to starting AOL. Also, since nothing happens when Start is pressed, I can't get a listing of programs or other things on the start menu. Eventually it gets back to normal.more info please? LIKE what version of norton? what OS and SP?Norton interferes with alot more than Start...Quote from: patio on August 01, 2007, 06:17:52 PM

Norton interferes with alot more than Start...

very true patioI think a lot of us would agree that you're better off ditching Norton and using a free alternative such as AVG.

Discussion

Explore topic-wise InterviewSolutions in .

Solve : I do not know if it is a virus or what ... but please help!?

Solve : cannot check viruses on mac?

Solve : Possible Virus or Spyware?

Solve : Does this look right, Help ??

Solve : Windows activation Trojan can catch the unwary?

Solve : run two at once?

Solve : BHO just won't quit?

Solve : my pc crashed after installing NOD32 antivirus?

Solve : Thank you for this forum!?

Solve : ATTN.: UnLoved Warrior; FROM: Walker93268; RE.: The "Zango" Adware/Virus.?

Solve : Microsoft to patch zero-day DNS flaw?

Solve : Major Malware/Adware Prob?

Solve : Any help is needed....?

Solve : I dont know what's going on !!!?

Solve : Malware, Trojan, Virus, Spyware??

Solve : help, please..?

Solve : Norton is disliked, OK why??

Solve : computer sometimes acts sluggish?

Solve : infeted with Known Bad Sites?

Solve : lots of problems - virus??

Solve : NAV 2007 question?

Solve : boot virus?

Solve : Viruses inside the flash drive or else?

Solve : Maybe a virus??

Solve : email virus quesiton?

Solve : Possible Virus.. have no clue what to do?

Solve : IE7 internet search redirection problem?

Solve : missing registry files?

Solve : Voices on my computer?

Solve : Two Anti Virus programs?

Solve : Very bad problem plz help :(?

Solve : Suspicious "comment" on my Opera blog?

Solve : What firewall should I get??

Solve : Suspicious Messages In Security Log?

Solve : Internet Security Question?

Solve : email address stolen?

Solve : Folder option?? losssss?

Solve : add/remove program button gone missing/unkown programs?

Solve : I need help... I don't know what's happening to my computer!!?

Solve : come's up as unknown trojen?

Solve : Potential Dangerous Trojan - Please help!!!?

Solve : Unwanted pop ups and more...?

Solve : A strange virus! please help me!?

Solve : Flashing flash drive??

Solve : search for [program removed] licence key?

Solve : Both my user account is limited!!!?

Solve : found some virus on my computer, help (part 1)?

Solve : Which would you prefer??

Solve : I think my computer's done for...?

Solve : Norton antivirus interferes with Start?