InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 3901. |
Solve : virusheat.com? |
|
Answer» Somehow I have acquired "virusheat.com" on my computer and I can't get rid of it. I don't know how I got it, but I want it gone!Print these instructions out. |
|
| 3902. |
Solve : IE hijacker and unsolicited web sites open? |
|
Answer» I gave a false status report, problem still exists, it worked one time then VUNDO got reloaded....this comes up in the Malwarebytes log everytime I run a scan, it's in my system 32. Random letters for DLL file names. |
|
| 3903. |
Solve : xfly - virus?? how do I get rid? |
|
Answer» Xfly has APPEARED on my DESK top. I cant unistall it as when I try a pop appears saying programe is open close before uninstalling - I have closed it but apparently not. What do I do please help |
|
| 3904. |
Solve : Track an attack? |
|
Answer» If someone want to run exploit on my computer,How can I track him?Which FIREWALL do you suggest? Thanks! What KIND of SECURITY protection do you have installed now? Windows version?I USE windows,AnitvirusWhat Windows version, what TYPE of antivirus? Are you having any particular problems with your computer? |
|
| 3905. |
Solve : Trojans!!!!!? |
|
Answer» I was scaning my dell dimension 2350 with Avast an it found four of them. I thought I could just get RID of them but it said it couldnt delete or REPAIR them to be deleted. Sorry not good with this kind of thing if any other needed info is required I'll try an post it asap.Follow These INSTRUCTIONS and post the required logs and one of our Malware Removal Specialists will be ALONG shortly....Cool will try it later, Patio |
|
| 3906. |
Solve : Glitchy monitor, freezing computer, etc. Pretty much the works.? |
| Answer» ALRIGHT, thank you for all your help, I REALLY APPRECIATE it.Well, we had to go through it, just to make sure... | |
| 3907. |
Solve : Internet Browser redirection? |
|
Answer» I am using Win Vista IE7. Whenever I get to the search page in Google or Yahoo and click on a link, the browser ALWAYS REDIRECT me to a sight that has nothing to do with what I am searching for. How do I fix this?Print these instructions out. |
|
| 3908. |
Solve : HELP PLEASE IM GOING INSANE!? |
|
Answer» Quote i do not have my computer under start menu?? Another way to get there is to go Start>Run, type in: C:\WINDOWS\system32\Restore\rstrui.exe Click OK. Click System Restore Settings, put checkmark in Turn off System Restore, and click OK. Quote and new java refuses to downloadDownload, or install?right done system restore done c/cleaner and turned system restore BACK on java gets about half way through downloading and says error downloading and then deltes whats already been downloaded have tried it 5 times now same thing every time all other PROBLEMS sorted Try here: http://www.java.com/en/download/index.jsp[hi just want to say a massive THANKYOU for helping me with my computer problem all is running great at the moment managed to download java and all works brilliant thanks again dale wiggettSuper |
|
| 3909. |
Solve : Data Execution Program..? |
|
Answer» Could you help me about the data execution program please... |
|
| 3910. |
Solve : Error loading C:\WINDOWS\system32\xfvwmuke.dll on startup? |
|
Answer» When I start my computer I get a message saying: |
|
| 3911. |
Solve : Trojan.win32.Blackbird help please? |
|
Answer» I wanted to start by saying thank you for the great information already posted together with the links which make it so easy to help myself. |
|
| 3912. |
Solve : What is vcsron, csvnro, svconr??!!? |
|
Answer» Does anyone KNOW what these are?
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As...
Please copy and paste the Kaspersky Online Scanner Report in your next post.[/list]Ok, wish me luck. I hope it completes smoothly, unlike last time.Scan completed and everything's clean. Log attached [recovering space - attachment deleted by admin]Download PANDA Anti-Rootkit.zip Unzip it and run the PAVARK.exe file. Tick the box that says In depth scan and follow the on screen instructions. Let me know the results in your reply. PLease Note: Panda Antirootkit is not comaptible with Windows Vista. If you are running Vista, please download the AVG Antirootkit Run the scan and be sure to check mark the In depth scan. ---------- Download Deckard's SYSTEM Scanner (DSS) and save it to your Desktop.
I just ok'd for Winpatrol to add Pavark.exe to the startup list. Have you go tit running? Just follow the instructions, it will tell you everything. |
|
| 3913. |
Solve : AVG Free 7.5 uninstall problems? |
|
Answer» The AVG 7.5 anti-virus program I currently have on the computer will not UNINSTALL. I need it to be uninstall so I can add another program as I'm currently having virus problems. start >run > "regedit" > Find > "AVG" > delete I wouldn't do this, because if you did, all the registry keys would be left behind.I tried the disk cleaner and it failed and had to close. I ran the chkdsk and said to run it again with the f option. Didn't read more after that due to nagging pop ups. and yes i am still getting the AVG error.Quote as I'm currently having virus problems. Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be CREATED on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To ENTER Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal INFORMATION after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press VIEW log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log. |
|
| 3914. |
Solve : Administrator has disable Task Manager? |
|
Answer» I read a previous answer to this problem. I have downloaded the suggested programs including Super AntiSpyware, Malewarebytes Anti-Maleware, HijackThis-renamed sniper.exe. I have logs and will attach. I have not been able to detect any virus or spyware currently in my system. This is probably left over from from a removed spyware.;
---------- Next post add SDFix log |
|
| 3915. |
Solve : java byte verify? |
|
Answer» I woke up this morning and both my anti virus and spy sweeper went nuts and I wasn't even online anyways the anti viru quarentined it. Has anyone had this beforeYou better.... |
|
| 3916. |
Solve : Viruses and Adware? |
|
Answer» My DAUGHTER has a gateway laptop with XP. The sp1 has been downloaded and all updates for that. She has a big problem with the virus/worm.... BV:Malware-gen, Trojan horse, and a couple others. There is even a desktop wallpaper that takes over and appears. If you try to get rid of it it automatically sends you to the internet and a website to download a program to get rid of viruses and malicious spyware. Then when you get rid of it on the internet it keeps popping up every so often, again. This all started Saturday morning when a message came up and SAID SOMEONE was trying to access the computer. Go through the steps here and post the required logs. I followed the directions that Deerpark gave but still have the problem. Here is one of the web addresses that comes up...ucleaner.com/main.php?wmd=MjI Here is only a part of another address that the internet goes to......Systemerrorfixer.com/clean/index.php?57520-d0d16- There is more web address disappeare before I could jot it all down. The wallpaper that takes over the desktop reads.....YOUR PRIVACY IS IN DANGER! DOWNLOAD PRIVACY PROTECTION SOFTWARE NOW And last but not least, the following are some things I was WONDERING if I should remove Brower Address Error Redirecor DVD Solution gtw_logo OneStepSearch 1.0 Build 166 Power2go 4.0 Power DVD Again THANKS for the attention given for this problem. Quote I followed the directions that Deerpark gave but still have the problem. Then you should have three logs to post. We need the logs to be able to see what to do next. |
|
| 3917. |
Solve : Cannot even see Control Panel...Loaded with restrictions? |
|
Answer» Hello evilfantacy, |
|
| 3918. |
Solve : Avast ruined my pc? |
|
Answer» OK, so I just CALLED my pc manufacturer and they said that Avast has cleaned my whole pc off. I have nothing at all. The only way to get it back to working conditions is to recover it back to when I purchased it. Now I have to go to the shop and spend over $100 to see what they can do. This is just crazy. SORRY but Avast simply does NOT do that...ignore what the shop told you. Remove that HDD from that machine and jumper it as a slave drive and install it in a working machine preferably with the same ver. of Windows. Open Windows EXPLORER and you will probably see all your data intact. Copy and burn what you need to CD and i'd then suggest a clean re-install of XP.if you installed avast right, it shouldn't destroy your computer. So just get a new copy of the windows operating system onto your computer and it'll be fine. And install the avast or whatever programs before you do anything else then ...Quote if you installed avast rightRight, or wrong, as patio said, it couldn't have happened. BTW...how do you install program wrong?i meant if you followed all the directions right and it didn't cause you any errors anytime in between. There's no technically WRONG way to install a program but to not follow any instructions program may have been giving you.What happen was the viruses attached themselves to my regular files. So when Avast started deleting the viruses, it took the files also. I spent the whole day calling circuit city, best buy etc. asking them how to get it fixed. All of them said I am going to have to restore it back to when I first bought it and they will try to transfer my files back to it or to a new pc. Luckly, I found a pc company here that will restore my pc back to when it was last good and install the anti-virus software for $100. Everywhere else was going to charge at least $400. I wish I was as SMART as you guys then I would Remove the HDD and all that stuff but I'd rather let a professional handle it. Thanks to everyone who tried to help me though. This day has been awful.$100 is not bad...Quote from: Broni on April 18, 2008, 11:25:31 PM $100 is not bad... $100 is not bad to get a new computer or what appears to be a computer that will work fine and nobody would've ever guessed it's been used before. I would suggest to invinciblejones that he disable windows firewall and install comodo firewall. And now, that your computer is supposedly clean, I would suggest you install the anti-virus immediately and get it updated and running before you touch anything else. |
|
| 3919. |
Solve : Ad-Aware 2008 BETA? |
|
Answer» I stopped using Ad-Aware a while BACK but it is still one of the most reliable adware removal tools there is. Looks like they are working on a new release. Redesigned Engine – Benefit from superior PROGRAM flexibility and more accurate scanning methods with all-new program architecture.it hanged up on my computer and appeared to run slowly but it's a beta so I didn't expect it to be perfect enough |
|
| 3920. |
Solve : Help! Malware Bytes, SuperAntispyware and Hijack this logs included? |
|
Answer» Well, you have to select, which threat, you're gonna stay in.Hey broni, since u have been very helpful, want to tell me how this new hijackthis log looks? |
|
| 3921. |
Solve : virus has took over my computer? |
|
Answer» I will try to explain ,every thing I click on my windows 2000 pro, says file cannot be FOUND,all I can access is the,control panel,and documents.I have trojan remover on it which failed to remove it,I have a-sguared also,I cannot access ANYONE them,I even TRIED to down load new antivirus ,called combofix,it said access to files or folders denied.what can I do,I can download nothing to try to remove it? Thanks for your time KenI'd suggest clean Windows reinstall.before complete clean windows reinstall, try booting windows to the safe MODE with networking and then going to some site like TrendMicro Housecall or Bitdefender free scan or panda active scan and get a check out. |
|
| 3922. |
Solve : Infection? |
|
Answer» Hi Guys,
---------- Next post MBAM log NEW Hijackthis logHi, Thanks for your help. I deleted the items from Hijack This, then I did a scan using MBAM. It found quite a few things, so I had it remove everything, then did a reboot. I NOTICED that the anti virus was still finding infected files in the system restore folder, so I disabled system restore, then rebooted. I was also getting an error message when booting up: RUNDLL Error loading C:\WINDOWS\System32\wldibtay.dll The specified module could not be found I'm not sure what this refers to, so I opened MSCONFIG and disabled wldibtay.dll in startup. I ran the scan with MBAM again and then scanned with Hijack This again. I have attached both MBAM logs and the new Hijack This log. Cheers Nick [recovering space - attachment deleted by admin]Hello, sorry it has taken so long for me to get back to this. If you still need help then please post a new Hijackthis log. Thanks.I think everything is SORTED on this one. Thanks for you help - I'll repost if I have any more issues with it. |
|
| 3923. |
Solve : How to stop random nternet sites from popping up? |
|
Answer» Please download Vundofix.exe to your desktop. |
|
| 3924. |
Solve : I need help removing 02 - BHO files! From HijackThis? |
|
Answer» Looks fine. How is everything now?Workin better than ever Thank you so much, ALONG with Broni, who have helped my girlfreind's computer.... she says THATNK you as WELL you have been a GREAT help |
|
| 3925. |
Solve : Virus has my computer froze? |
|
Answer» my latest hijack log |
|
| 3926. |
Solve : Strange things happening? |
|
Answer» Over the past few days i have been having PROBLEMS ,with OUTLOOK express |
|
| 3927. |
Solve : AVG Free 8.0 download problem? |
|
Answer» Hello Forum. I have tried twice to download the new AVG 8.0 Free software program from Download.com. (45.5 MB) Both times the download reached a point where it gave me an error message in a dialog box saying that " CRC failed in files.dat Unexpected end of archive " On my first attempt to download I got the message early on . After about 2 megs were downloaded. I tried again and on the 2nd attempt I got as far as 37megs downloaded before I got the same message. I have dialup so you know how long I had been downloading.( 3hours) All in vain. I am wary about uninstalling 7.5 first, since many on the AVG forum said they had done that and still could not download AVG 8.0 . They downloaded another free anti-virus program called Avast. I'm one of them. My opinion 'was' AVG and Avast were the best. I am now down to Avast. I couldn't wait to figure out why it wouldn't download. You have to have an antivirus. Look here http://www.av-comparatives.org Avast tops the list. The free version has the same detection rate and database as the Pro version so don't worry about there being any difference in the free and paid version giving you protection. Stay away from McAfee, or Norton. No, you don't have to uninstall 7.5, while downloading 8.0. Yes, you have to uninstall 7.5, before installing 8.0. Avast is very good program. I'm considering switching to it, if AVG won't fix their problem by the end of the month.Hello Forum. Thanks for all your replies and help. Here is what I did. I went to majorgeeks.com as advised. I downloaded and saved AVG 8.0(45.5 mb) to desktop. It downloaded without any problem. No error messages as twice before. Then I opened it and ran it from desktop. It completely installed without a hitch. (miracle?)At that point AVG 7.5 disappeared from system tray and Windows could not locate it with its flashlight. I presume the 8.0 installer must have uninstalled it. I LOOKED in program list and 7.5 folder was there but it had 0 bytes. It is now in recycle bin. AVG 8.0 is now entered on program list. All OK so far. I downloaded the latest updates etc. and ran 8.0. It took 45 min to scan the whole computer. It did find 199 items including 5 or 6 Trojans. I never got a warning about Trojans with 7.5. So..I will play it by ear for now. If I have any problems I will go to Avast as you have recommended. Again, thanks for all your help. It is appreciated.Thats quite a few items to be found and could explain why you were having problems installing it to start with. You could post a HJT log so we can make sure everything nasty is actually gone. Download and rename HijackThis (HJT)
Scan saved at 2:30:31 PM, on 5/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\NetZero\exec.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\NetZero\exec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file) O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation TOOL) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://www.driveragent.com/files/driveragent.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{108D86AC-BE6E-4842-AEFE-582F860D3D44}: NameServer = 64.136.44.74 64.136.52.74 O17 - HKLM\System\CS1\Services\Tcpip\..\{108D86AC-BE6E-4842-AEFE-582F860D3D44}: NameServer = 64.136.44.74 64.136.52.74 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7136 bytes ere is HJT log file. Sorry it took me a while to get back to you. The email went to my spam box for some reason. Any way... I don't see any malware but there are a few things that need to be taken care of. Open Hijackthis and select Do a system scan only. Place a check mark next to the following entries: (if there) O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file) Important: Close all windows except for Hijackthis and then click Fix checked. Exit Hijackthis. --------- You have Viewpoint installed. Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". See Viewpoint to Plunge Into Adware It is suggested to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop. Run ViewpointKiller, and select File > Do All Killings Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with. A logfile will be created in the folder you unzipped ViewpointKiller to, please paste the contents here. Let me know how everything is now. Broni: Thanks for reply. I ran HJT "System Scan Only". found the specific entry and deleted it. Also went to 'Add/Remove Programs' and found ' Viewpoint Manager' and 'Viewpoint Media Player'. Removed both. No other Viewpoint programs were listed. Did not yet download 'Viewpoint Killer' program. Presume it is not necessary now. If it is necessary to view logfile, let me know and I will download Killer and copy the log file and paste it here. Thanks again for your help. BillNot necessary to post the log as long as the uninstall went OK. One more thing. Use the Secunia Software Inspector
You might also have a look through this article for tips on KEEPING your PC running smooth. Slow Computer/browser? It May Not Be Malware Let us know if anything else comes up. Safe surfing...Evil, I'm studying Hijack this logs and I'm curious why you re-named it to sniper.exe?Some forms of malware can detect the hijackthis.exe and "hide" from it. You have a better chance of seeing certain infections. |
|
| 3928. |
Solve : How to turn on AVG Free Edition Antivirus?? |
|
Answer» I just installed AVG Free Edition antivirus on my SYSTEM and I'm not able to "turn on" AVG antivirus..How do I do it?? Where is that option??...This is the first time I'm using it...Pls see the snapshot of it..... You should see an icon in your systray, like this: That is what you should see normally but if not... click start button on the bottom-left of the screen, hover over where it says "All Programs". A menu should slide to the right, and if you're up-to-date then just hover over where it says AVG 7.5. A smaller menu should appear then you just click on "AVG CONTROL Center." This should get it working if the AVG is properly installed and it's just a matter of the AVG not being started.Hi all, Thanx for your replies....The problem got solved...It was due to an expired installation package that I used for installation...Again I download it and installed..Now its working properly....Hurry...... [recovering space - attachment deleted by admin]Good going |
|
| 3929. |
Solve : Slowing, freezing, stopping altogether? |
|
Answer» My computer has moved from Noosa, QLD to Melbourne, VIC, and for some reason hasn't liked the move! |
|
| 3930. |
Solve : Another AVG 8 problem? |
|
Answer» C:\Documents, and Settings\Mike\Local Settings\Temp\AVG8INST.log and, disregard the warning, you just posted. Click Next. I did and got as faras post 1 [recovering space - attachment deleted by admin]Error 0x80070005 basically is "Access denied" error. There are some permission issues here. I checked AVG log, and bunch of other registry keys were created. For some reason, AVG is denied to create a new key in: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Go START>Run, type in: regedit Click OK. Navigate to the above key, and post a screenshot of right pane listings related to the above key.Here is this what you need and THANKS again for your TIME [recovering space - attachment deleted by admin]This is weird. There should be several keys in right pane. Go Start>Run, type in: sfc /scannow Click OK. Have Windows XP CD ready.Quote Go Start>Run, type in:This is the first things i tried yesterday ,do you want me to have another try ? SkyblueNo. That's fine. Try to COMPLETELY uninstall AVG 7.Ok used revo UNINSTALLER which seems to have cleared it out Where do we go from here?Try to install AVG 8 again. If no go, go for Avast, because I'm sick, and tired of these AVG problems. This is what I did on Vista.Thanks anyway ,no go with 8 so went back to avg 7.5 for now ,if you have any second thoughts i will be lurking, CheersThis is what I initially did (went back to 7.5), when I wasn't able to install 8.0. Maybe AVG will release some update, because there is a lot of problems around the net with 8.0 installation, |
|
| 3931. |
Solve : Hijack this.? |
|
Answer» I ran a log and (I am not a geek.com) says I need to remove this file- HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeCtfmon.exe This is a valid program, but it is up to you whether or not you want it to run on startup. Although it is legitimate it isn't needed for most users it can be REMOVED. If you would like to remove ctfmon then go HERE for instructions. It isn't as easy as you would think it is but can be done.Wow, I am so glad I got a second opinion ! Just go's to show that you cannot believe EVERYTHING you read on the net. Thank you Knowledgeable One!No problem. And the log looks fine by the way. Safe surfing.... |
|
| 3932. |
Solve : virus and speed? |
|
Answer» hello in my pc speed is very slow especially when i open word document it takes lot of time...... |
|
| 3933. |
Solve : messy desktop? |
|
Answer» Hi,new menber. Hope some can give some help to my problem.I have a laptop with xp/sp2.
|
|
| 3934. |
Solve : pls help me mr evil..i have problem with malware files .. :(? |
|
Answer» Malwarebytes' Anti-Malware 1.11 |
|
| 3935. |
Solve : Root kit? |
|
Answer» Good evening gentlemen,
---------- . Use the Secunia Software Inspector to check for out of date software.
Here are some great tools to help you keep from getting infected again. To prevent unknown applications from being installed on your computer install WinPatrol 2007 Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Let us know if anything else comes up.Hi Evil and thanks for your reply, I followed all of your suggestions. Deleted O20 - Winlogon Notify: WinNt32 - WinNt32.dll (file missing) entry and actually that entry did cause me a certain amount of interest however, I couldn't find any pertinant information regarding the .dll so I left it alone. Upon attempting to use the cleanup command in run, defrag started (), no options tab was shown (Only English commands will work in the German command console,I believe thats the same for every Windows foreign language versions ). Perhaps there is a small difference? A tip from you here would be helpful as the rootkit deleted all of my restore points and set a new one. That alone causes some anxiety. The other info you posted is also usefull. I know for example, exactly how, where and why the rootkit was installed on my pc: My own stupidity! I broke my own rules for downloading or viewing information on the internet and paid for it. Four days of work lost for moment of unattentiveness. This forum is very interesting indeed. Thanks for your help! ~SAF-B If removing the WinNt32.dll caused problems I apologize. Do you mean that system restore no longer works?No, no! No need to apologise. You're right on the money! I removed the entry without any problems. Initially, I found the WinNt32.dll to be interesting because I thought it didn't belong , however, I couldn't find any information on the internet regarding the situation with my pc. So I didn't remove it. I removed the entry with no NEGATIVE or noticeable effects. The system restore is in fact working. Oddly, all of my system restore points before April 27th 2008 are "missing" or are not being shown. Only April 27th 2008 which obviously contains the rootkit. So I'm assuming this "rootkit" hid or deleted my previous system restore points. ( I believe I have this XP pro version running since 2004 ) I followed your instructions this morning: Go to Start > All Programs > Accessories > System Tools > System Restore Select Create a restore point, and click Next. That worked fine and did in fact create a restore point Next, go to Start > Run and type in cleanmgr Select the More options tab Next to System Restore click Clean up... After typing in "cleanmgr", defrag started. No options tab was shown. I started the console ( CMD) typed in cleanmgr and once again defrag started. Am I doing something wrong? ~SAF-B Try putting in cleanmgr.exe and see if it helps.Hmm. Same thing. Defrag starts. Try this. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup. Pffft. That was a hit. Got it. Thanks for your help!Thats odd though that it isn't working with the run command. |
|
| 3936. |
Solve : Need to get rid of the Malware again (Outerinfo, Internet speed monitor, etc)? |
|
Answer» Not sure. Lets give it 24 hours or so and see if everything starts to come back to normal. |
|
| 3937. |
Solve : Rootkit found, but cannot remove-HELP Please.... worked on this for a week!? |
|
Answer» Ok, HJT DELETED those for me. Also froze my AOL, and had to reboot to GET it to do anything. Oh, oh. Two glasses of Sangria and I confuse zonealarm with antivir. Sorry Broni. My BAD. I'll be "passive" until I learn more from you gentlemen. |
|
| 3938. |
Solve : WGA importance? |
|
Answer» I've been researching this topic about Windows Genuine Advantage for some TIME and I haven't FOUND anything conclusive. My question is: how important is WGA? Does getting all the updates really protect your computer even though one has all the necessary Anti-viral, spyware and malware installed. I'll bet there are thousands out there surfing the net with Windows 98 who haven't had an update on over 10 years. In another 2 months MS will no LONGER be doing anything with Windows XP. Does this mean that we will be less protected. A friend gave me her old computer which is running XP. I went on-line to check if it was validated and it wasn't yet she was on-line every day. I ran all kind of checks and there were only a few tracking cookies on it. This is why I started to question WGA. Please give my your input.WGA is Windows Genuine Advantage and is used to verify if your copy of Windows is genuine. Unpatched old software is a security hazard to your computer. Windows or Mac or Linux or any other operating system. Security updates are released for the SOLE REASON of patching holes that open your computer to vulnerabilities. Full read Why Users Still Don’t Get The Importance Of Update SoftwareSo what happens in June when XP is cut loose? Will we all have to update to Vista in order to remain secure?I see what you mean now. Sales will end for XP but support for the OS (updates) will reportedly continue through 2014. Quote from: evilfantasy on May 01, 2008, 03:59:11 PM I see what you mean now. Sales will end for XP but support for the OS (updates) will reportedly continue through 2014.That's better news. Thanks |
|
| 3939. |
Solve : Trojan.Win32.Blackbird strikes again!!? |
|
Answer» It turns out my kids got on my computer to look up something,and clicked on something wrong and put a trojan on my computer. I keep losing my desk top..... it blinks on and off but I can I can get on line if I click IE fast when I log in to the computer. I ran SUPERAntiSpyware, Malwarebytes' Anti-Malware and HijackThis. I really dont know what to do next...Thanks |
|
| 3940. |
Solve : Unable to boot in any mode except Safe Mode? |
|
Answer» I'm helping a coworker with her personal computer, and she's run into a major issue that I don't know how to fix. WinFixer, WinAntiVirus, WinAntiVirusPro, ErrorSafe, SystemDoctor, WinAntiSpyware, AVSystemCare, WinAntiSpy, Performance Optimizer, StorageProtector, PrivacyProtector and others are very similar computer programs available only for Microsoft Windows that claim to repair computer system problems [1][2][3], but do not actually do so. They are sometimes installed without the user's consent, usually through Internet Explorer. They display false information about the user's computer, confusing the user into believing that their PC is infected with viruses, spyware and/or other forms of malware. The advertisements pop up a display with notifications to convince the user that SOMETHING may be amiss with the computer, or run a fake diagnostic. The program repeatedly prompts the user to purchase a licensed copy of the program. Due to these problems, WinFixer and its sister applications are generally considered SCAREWARE spyware through misleading popups and forced downloads. Boot to safe mode and un-install WinFixer. Re-boot and see what happens...if it's stubborn as most scumware is we may need a lobotomy. Post back with the results...is it possible that you can use system restore? And restore to the point right before the winfixer got installed or some known clean restore point? the system restore can be run in safe mode so give it a shot (unless no system restore point exists which I doubt...)Do you have a flash drive to transfer over Vundofix Removal Steps: 1. Please print these instructions as they will be needed later when Internet access is not available. 2. Save these instructions in word or notepad to the desktop where they can be easily found. 3. Download Vundo Fix and save it to your desktop. 4. When it has completed downloading, double-click VundoFix.exe to run it. 5. Click the Scan for Vundo button. 6. Once it's done scanning, click the Remove Vundo button. 7. You will now receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo. 8. When completed, it will prompt that it will shutdown your computer, click the OK button. 9. When the computer has shutdown, turn your computer back on. The WinFixer and Vundo infection should now be removed from your computer. Next go HERE and do the instructions and post the logs back in the Computer Viruses and Spyware forum. Quote from: evilfantasy on April 19, 2008, 05:45:13 PM Do you have a flash drive to transfer over Vundofix That I think should fix the problem unless you have a system restore point and restoring earlier configurations don't matter to you too mucgh. In doing system restore, you might lose things that you did recently (more likely, you'll just have to reinstall any recent programs you installed so that the registry reads it right and cause no problem when loading)Yes it will fix it. Problem is what all else might be wrong. Winfixer shouldn't be blocking the internet. Malware writers don't profit on broken connections......... How To Remove Winfixer / Virtumonde / Msevents / Trojan.vundo.bWell, thank ya'll for the advice so far. Last night, I got the chance to go try it out on her computer, and here are my notes: - First, I took VundoFix over on CD, which seemed to work fine, since the program DLed and RAN on her computer. - I booted her computer up, and the first time it went into Safe Mode, the Safe Mode popup came up 5 times. - While VF was running, the WinFixer popups came up. One is a yellow yield sign in the system tray, and the other is a Windows-designed error message. After a while, a screensaver would consist of bugs crawling across the screen, eating the desktop. - VF took a half-hour to run, but found 6 infections, which I removed. When it began to remove them, a new Windows-designed error message popped up for a second that said due to a major problem, this computer would be shut down in 30 seconds. Then, all three error messages disappeared, and VF said it needed to restart the computer. - Upon restart, the computer still could not start in any mode except Safe Mode. As soon as it booted up to the desktop, the error messages reappeared. - I decided to just check out System Restore and see if I could find when it would restore to. Choosing System Restore from the Start MENU resulted in the following message: System Restore is not able to protect your computer. Please restart and run System Restore again. - I restarted one more time and System Restore gave the exact same error message again. I left off at this point because the first instruction didn't work. VF didn't remove the program, so I wasn't sure if I should go through with anything else before checking back with ya'll. Also, as I looked closely at it, the program is actually called WinIFixer, not just WinFixer. Not sure if they're the same thing. So, any more ideas?I am moving this to the virus and spyware forum. You need to run SmitFraudFix. Then post a Hijackthis log. Download and rename HijackThis (HJT)
Okay, I apologize about the massive absence, but she was unable to print/save the HiJackThis log, so she had to hand-write the entire thing and I had to retype it all. Please excuse any slight typos (O's where 0's should be, uncapitalized letters, etc.) So, here it is: Logfile of trend micro hijackthis v2.0.2 Scan saved at 9:09:25pm, on 4/23/2008 Platform: WindowsXP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes : C:\windows\system32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\explorer.exe C:\windows\system32\drivers\spools.exe C:\Program Files\Trendmicro\HijackThis\sniper.exe.exe C:\Program Files\Internet Explorer\iexplore.exe R1_HKCU\Software\Microsoft\Windows\Current version\internet setting.proxyoverride=*.local R3_URLSearchHook:Yahoo! Toolbar_{EF99BD32-C1FB-11D2-892F0090271D4F88}-C:\PROGRA~1\Yahoo!\companion\Installs\cpn\yt.dll F2-Reg:system.ini:Shell=Explorer.exe C:\windows\Shell.exe F2-Reg:system.ini:userInit=C:\windows\system32\userint.exe, C:\programFiles\Common Files\Microsoft Shared\sysctc.exe, O2-BHOLno name)-{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}-C:\Windows\system32\jfiehayd.dll O2-BHO:C:\windows\system32\jfiehayd.dll-{C5AF49A2-94F3-42BD-F434-2604812C897D}-C:\windows\system32\jfiehayd.dll O3-Toolbar:Hpview-{B2847E28-SD7D-4DE8-8B67-05D28BCF79F5}-C:\Program Files\HP\Digital imaging\bin HPDTLKO2.dll O3-Toolbar:Yahoo! Toolbar-{EF99BD32-C1FB-11D2-892F-0090271D4F88}-C:\PROGRA~1\Yahoo!\companion\installs\cpn\yt.dll O4-HKLM\..\Run:[YsearchProtection]”C:\Program Files\Yahoo!\search protection\searchprotection.exe” O4-HKLM\..\Run:[QuickTime Task]”C:\Program Files\QuickTime\QTTASK.exe”-atboottime O4-HKLM\..Run:[itunesHelper]”C:\Program Files\itunes\ituneshelper.exe” O4-HKLM\..\Run:[Postsetupcheck]C:\windows\system32\Rundll32.exe”C:\windows\system32\atgban.dll” Dllstart O4-HKLM\..\Run:[runner1 C:\windows\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01FOB3E35B6 638993F4661AA4EBD86D67C56389B284534F310 F3D1DC7E4638E8323A15806F97BDE4417E6FD96 7002BA754E2C2832213329D26033AAC O4-HKLM\..\Run:[b4fe43bd]rundll32.exe”C:\windows\system32\fqvtivpi.dll”,b O4-HKLM\..\Run:[ntuser]C:\windows\system32\drivers\spools.exe 04-HKLM\..\Run:[autoload]C:\Documents and Settings\Adriana\cftmon.exe O4-HKLM\..\Run:[BluetoothAutorizationAgent]C:windows\system32\BluetoothAuthorizationAgent.exe O4-HKLM\..\Run:[WinIFixer]C:\Program Files\WinIFixer\WinIFixer.exe O4-HKLM\..\Run:[antivirus Pro]C:Program Files\AntivirusPro\AntivirusPro.exe O4-HKLM\..\Run:[jdgf894jrghoiistd]C:\windows\Temp\winlogan.exe O4-HKLM\..\Run:[advap32]C:windows\TEMP\loader2.exe\v O4-HKLM\..\Run:[SystemDrive]C:windows\system32\maxpaynow1.exe O4-HKLM\..\Run:[taskmon]C:windows\taskmon.exe O4-HKLM\..\Run:[msvtt]C:windows\system32\mmhkj.exe O4-HKLM\..\Run:[BMb7cd7021]Rundll32.exe “C:\windows\system32\amcakabk.dll”,s O4-HKLM\..\Run:[kernelFaultCheck]%systemroot%\system32\dumprep O-K O4-HKCU\..\Run:[ctfmon.exe]C:Windows\system32\ctfmon.exe O4-HKCU\..\Run:[Yahoo! Pager]”C:\PROGRA~1\Yahoo\MESSEN~1\YAHOOM~1.EXE”-quiet O4-HKCU\..\Run:[MSMSGS]”C:\Program Files\Messenger\msmsgs.exe”/background O4-HKCU\..\Run:[YsearchProtection]C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4-HKCU\..\Run:[srro]”C:\DOCUME~1\adriana\MYDOCU~1\SSTEM~1\winlogon.exe” –vt ya2b O4-HKCU\..\Run:[Odog] “C:\Documents and settings\adriana\My Documents\M?crosoft.net\??rvices.exe” O4-HKCU\..\Run:[ntuser]C:\Windows\system32\drivers\spools.exe O4-HKCU\..\Run:[jdgf894jrghoiiskd]C:\Windows\TEMP\winlogan.exe O4-HKCU\..\Run:[Jnskdfmf9eldfd]C:\Docume~1\adriana\LOCALS~1\Temp\csrssc.exe O4-HKCU\..\Run:[ServicePack1]C:\Windows\system32\vedxgbame4.exe O4-HKCU\..\Run:[autoload]c:\Documents and settings\adriana\cftmon.exe O4-HKUS\S-1-5-18\..\Run:[autoload]C:\Documents and settings\\local service\cftmon.exe (user ‘SYSTEM’) O4-HKUS\S-1-5-18\..\Run:[jdgf894jrghoiiskd]C:\windows\temp\winlogan.exe (user ‘system’) O4-HKUS\S-1-5-18\..\Run:[jnskdfmf9eldfd]C:\windows\temp\csrssc.exe (user ‘system’) O4-HKUS\S-1-5-18\..\Run:[spoolsv]C:\windows\system32\spoolvs.exe (user ‘system’) O4-HKUS\S-1-5-18\..\Run:[windows update loader]C:\windows\xpupdate.exe (user ‘system’) O4-HKUS\.DEFAULT\..\Run:[ntuser]C:\windows\system32\drivers\spools.exe (user ‘Default user’) O4-Startup:DW-Start.lnk=C:\windows\system32\rwwnwb4d.exe O4-Global startup:adobe reader speed launch.lnk=c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe O4-Global startup:Lumix simple viewer.lnk=? O7-HKCU\software\Microsoft\windows\current version\policies\system.disableregedit=1 O8-Extra content menu item: Add to HP organize… -C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\sendTo.html O8-Extra content menu item: E &xopt to Microsoft Excel – res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9-Extra button: (no name)-{O8BOE5CO-4FCB-11CF-AAA5-00401C608501}-C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9-Extra ‘tools’ menuitem:sunjava Console-{08BDE5CO-4FCB-11CF-AAA5-004016608501}C:\Program Files\java\j2re1.4.2_03\bin\npjpi142-03.dll O9 Extra button: Yahoo! Messenger-{E5012C4E-7B4F-11D3-B5C9-005004563C96}-C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 Extra ’Tools’ menuitem: Yahoo! Messenger-{E5D12C4E-7B4F-11D3-B5C9-0050045C3L96}-C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe 09-Extra button:Messenger-{FB5F1910-F110-11dz-BB9E-00C04F795683}-C:\Program Files\Messenger\msmsgs.exe 09 Extra ’Tools’ menuitem:windows messenger-{FB5F1910-F110-11dz-BB9E-00C04F795683}-C:\Program Files\Messenger\msmsgs.exe OI7-HKLM\System\ccs\services\tcpip\..\{7345DF05-A119-4931-9OE6-666CF5AEA1DA}:nameserver 85.255.116.168.85.255.112.209 OI7-HKLM\System\ccs\services\tcpip\..\{CD941F95-643F-460F-856B-CSD8263728DC}: nameserver 85.255.116.168.85.255.112.209 OI7-HKLM\system\cs1\services\Tcpip\Parameters:Name Server=85.255.116.168.85.255.112.209 OI7-HKLM\system\cs1\services\Tcpip\..\{7345DF05-A119-4931-90E6-666CF5AEA1DA}NameServer=85.255.116.168.85.255.112.209 OI7- HKLM\system\cs1\services\Tcpip\parameters:Nameserver=85.255.116.168.85.255.112.209 O20-Applnit_DLLS:C:\windows\system32\wowfx.dll O20-Winlogon Notify:awtttus-C:\windows\system32\awtttus.dll O20-Winlogon Notify:ibudu-C:\windows\system32\ibudu.dll O20-Winlogon Notify:partnershipreg-C:\Documents and settings\All users\\Documents\Settings\partnership.dll O20-Winlogon Notify:wlctrl32-C:\windows\system32\WLCtrl32.dll O21-SSODL:BeaQtlcG-{B4FE4313-1E54-E9B9-2D3B-2B96A415245B}-C:\windows\system32\zckmib.dll O21-SSODL:PrxRam-{439e5852-9e59-4240-84c8-fe09995e25c8}-C:windows\Installer\\{439e5852-9e59-4240-84c8-fe09995e25c8}\PrxRam.dd O21-SSODL:AlrtAlrt-{8bb3b421-ce22-4132-9140-a1fdefbfdo29}-C:\windows\Resources\AlrtAlrt.dll O21-SSODL:zip-{da053baf-f7e9-4f4f-b41d-a5139124b1a2}-C:\windows\Installer\{da053baf-f7e9-4f4f-b41d-a5139124b1a2}\zip.dll O22-Sharedtaskscheduler:jhsf8d984jief8dsfus98jkefn-{C5AF49A2-94F3-42BD-F434-Z604812C8970}-C:\window\system32\jfiehayd.dll O23-Service: Apple Mobile Device-Apple, Inc.-C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23-Service :Bonjour Service-Apple Inc.-C:\Program Files\Bonjour\mdNSRejponder.exe O23-Service : Command Service (cmdservice) –unknown owner- C:\windows\IA\command.exe O23-Service :FC1 (fci)-unknown owner-C:\windows\system32\svchost.exe:ext.exe O23-Service:Google Online Services-Unknown owner-C:\Documents and settings\Adriana\ie_updates3r.exe O23-Service: iPod service-Apple Inc.-C:\Program Files\ipod\bin\ipodservice.exe O23-Service:Network Monitor-unknown owner-C:\Program Files\Network Monitor\netmon.exe O23-Service:task scheduler (schedule)-unknown owner-C:\windows\system32\drivers\spools.exe -- End of File – 8463 bytes You have a massive problem. Do the steps in this post in order and then post all of the logs including a new hijackthis log.Well, the problem is that she still can't connect to the internet in any way, shape, or form. How would you recommend going about everything in that post without any type of access? Note that the computer can't reboot in any mode except Safe Mode either. Anything that requires an online verification won't work.It appears that all the downloads will have to be done by you and transferred using a flashdrive or CD.I would probably be easier to reinstall. When I say "You have a massive problem." I'm not exaggerating.Ah. Bummer. I appreciate the help, anyway. I'll pass the word along to her. |
|
| 3941. |
Solve : Dual boot and AV programs? |
|
Answer» I'm planning on adding Ubuntu as a dual boot on one of my computers. Will I need to ADD the USUAL AV & Anti-Spyware to that boot ALSO?Yes.Quote from: Broni on May 02, 2008, 07:59:05 PM Yes.So, there won't be a problem with running two AV's at the same TIME? What about a firewall?You won't be running 2 at a time...you will have 2 installations. You can only run one OS at a time so this wouldn't apply....What about firewalls. Do I need two?Yes. |
|
| 3942. |
Solve : system error dangerous virus message? |
|
Answer» You didn't do anything wrong, it won't scan 0 byte files.
. The above procedure will:
Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Use the Secunia Software Inspector to check for out of date software.
Here are some great tools to help you keep from getting infected again. To prevent unknown applications from being installed on your computer install WinPatrol 2007 Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Spybot Search & Destroy - A safe and effective spyware scanner. * Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers AVG Anti-Spyware Free Edition - Very reliable with a high detection rate. * AVG Anti-Spyware User Manual SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running MOZILLA based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware Comodo BOClean - Stops trojans and many more malicious attacks. Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. * Click here for a list of free firewalls. * Why would I consider a third party firewall? * Understanding and Using Firewalls UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com[/b]]http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Let us know if anything else comes up. |
|
| 3943. |
Solve : don't know what to do.....help? |
|
Answer» I noticed agent.exe was causing issues with one of my profiles on my computer. I also noticed a new "3 search with google" that I can't delete. I ran hijackthis but don't know what to do next. I have included the logfile nothing foundThis is good. Before we get to HJT log, I need you to perform couple more steps... 1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/ Note: This Scanner is for Internet Explorer Only 1. You will notice that the "Start" button is grayed out. Place a CHECK mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it. 2. If it wants to install an ActiveX component allow it 3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation) 4. Once ActiveX control is installed click on the "Start" button to initialize the scanner 5. After initialization is complete, make sure, that "Remove found threats", and "Scan unwanted applications" are checkmarked. 6. Click the "Scan" button 7. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt Post ESET's log. 2. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ Print these instructions out. * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your DESKTOP. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "CONFIGURATION and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply with a new HijackThis log. * Click Close to exit the program. Post SUPERAntiSpyware log. 3. Post new HijackThis log.I downloaded programs as instructed and ran them as instructed. I seemed to have a few spyware items. I have included the text version of everything. [file cleanup - saving space - attachment deleted by admin]1. Print this post out, since you won't have an access to it, at some point. 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed): - O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - C:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL (file missing) - O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) - *O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup - *O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start 4. Click on "Fix checked" button. 5. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 6. Restart in Normal Mode. 7. Turn System Restore on. 8. Post new HijackThis log. |
|
| 3944. |
Solve : I have no clue what is wrong with my computer.? |
|
Answer» I have a Dell laptop Latitude D500. Ok so my dad gave me his old work laptop for school. It has a tiny harddrive, only 27 gigs. When I got it there was MAYBE 5 gigs of free space. So in order for me to have music and games I got an external drive. Well everything was fine until about a week ago. I could of swore that when i got the external I had around 3 gigs left on the old harddrive. Well last week my harddrive was down to 1 gig, but problem is that the memory just kept draining. As of right now my computer is saying the C drive has 15mb of space left. Funny thing is, is that when i reboot it goes back up to around 200 mb but just drains back down. Any help with this problem would be much appreciated. |
|
| 3945. |
Solve : I have viruses and would like help? |
|
Answer» I have tried my ANTI virus and it will not get rid of the problem. I have asus ,windows xp sp2, intel pentium dual E2140, nivida Gforce 8500 gt. sound max, I do have hijack this saved on p.c . I am using mcafee enterprize 7.1 and spybot, spydoctor(free)1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/ |
|
| 3946. |
Solve : Key stroke recorders.? |
|
Answer» When scanning for spy ware with Spybot, I noticed that " SmartKey Stroke recorder" no problem. btw- I enjoy your name. nice.I called my dog Pooper. His rl name was Prince Johnathan, or PJ, but he was ALWAYS "Pooper" to me.cheers to pooper. Quote from: pooper on February 04, 2008, 07:49:13 AM When scanning for spy ware with Spybot, I noticed that " SmartKey Stroke recorder"where did you get that keystrokker and is it any good?Quote from: robrowboski on February 05, 2008, 05:12:20 PM Quote from: pooper on February 04, 2008, 07:49:13 AMWhen scanning for spy ware with Spybot, I noticed that " SmartKey Stroke recorder"where did you get that keystrokker and is it any good? If you would've read the REST of the posts, you would have realized that he never had the keylogger INSTALLED. GEEZ. |
|
| 3947. |
Solve : Possible virus on my memory stick? |
|
Answer» My memory stick is continually creating duplicate folders I have run a virus scan with Mcafee but it detects nothing. The Mcafee is up to date and the version is 8.5.0i.
Running sUBs Flash Disinfector will target alot of auto run infections and create a hidden folder named autorun.inf on each partition and any USB drive you plug in, these dummy autorun.inf files will help protect your PC from reinfection because if the infected flash drive is then inserted, autorun looks for autorun.inf which would normally run the infection but its then prevented by the dummy autorun.inf that is in place. If you have any USB drives please insert them when prompted when running the tool. You can easily delete the new autorun.inf if you choose. |
|
| 3948. |
Solve : Broni need help here.? |
|
Answer» SUPERANTISPYWARE Scan Log http://www.superantispyware.com Generated 04/30/2007 at 05:06 AM Application Version : 3.9.1008 Core Rules Database Version : 3396 Trace Rules Database Version: 1388 Scan type : Custom Scan Total Scan Time : 00:15:44 Memory items scanned : 315 Memory threats detected : 0 Registry items scanned : 4472 Registry threats detected : 24 File items scanned : 20270 File threats detected : 12 Trojan.Net-RoAM HKLM\Software\Classes\CLSID\{4C579E8B-92F1-44d1-9444-66A4355E9386} HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386} HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386} HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386}\InprocServer32 HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386}\InprocServer32#ThreadingModel HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386}\ProgID HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386}\TypeLib ROZMCHILD.DLL Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{85911752-BC96-4fff-9121-6EB9D8F438E1} HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1} HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1} HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1}\InprocServer32 HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1}\InprocServer32#ThreadingModel HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1}\ProgID HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1}\TypeLib HYPERCONN.DLL HKLM\Software\Classes\CLSID\{B87D203B-B43D-4af9-9E1B-9C20478CBB74} HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74} HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74} HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\InprocServer32 HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\InprocServer32#ThreadingModel HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\ProgID HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\TypeLib TARDEME2.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B87D203B-B43D-4af9-9E1B-9C20478CBB74} Adware.WhenU HKCR\WUSN.1 HKCR\WUSN.1#WUSN_Id Adware.Tracking Cookie C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][2].txt Trojan.Net-BSNH/Ambler C:\WINDOWS\SYSTEM32\STRIKE12.DLL Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:25:07, on 30/4/2550 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system\svchosl.exe C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Windows LIVE\Messenger\msnmsgr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,START Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = iLLUSiON R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [svchosl] C:\WINDOWS\system\svchosl.exe O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: SPYWARE Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 6536 bytes *** I can't see any antivirus program running. Download, and install AVG free antivirus: http://free.grisoft.com/ After installation, run full scan. *** Make sure, your Windows firewall is ON... Click Start, click Run, type Firewall.cpl, and then click OK. On the General tab, click On (recommended), and then click OK. *** Run free ESET Online Scanner at: http://www.eset.com/onlinescan/ Note: This Scanner is for Internet Explorer Only 1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it. 2. If it wants to install an ActiveX component allow it 3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation) 4. Once ActiveX control is installed click on the "Start" button to initialize the scanner 5. After initialization is complete, make sure, that "Remove found threats", and "Scan unwanted applications" are checkmarked. 6. Click the "Scan" button 7. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt Post ESET's log. *** Post new HJT log. |
|
| 3949. |
Solve : anylise hijack log? |
|
Answer» please see the attached logs. |
|
| 3950. |
Solve : anti-virus and spyware for Intel Celeron processor and Comodo firewall? |
|
Answer» Hi- I have a Dell computer with an Intel Celeron processor with 128MB of RAM and 996hz processor. I downloaded a Comodo firewall. Now I NEED anti-virus(preferably free) and spyware(preferably free). I checked the system requirements for Avast, AVG, and Comomdo anti-virus and they all require an Intel Pentium processor(or equivalent). Can I still get one of these products with an Intel Celeron processor? Or what anti-virus can I get with an Intel processor? I can't afford to get a new processor right now. ALso, do you know of any registry cleaner that I can download for free that will scan and CLEAN my computer. One more thing, do you recommend more than one spyware PROGRAM for a computer?Yes all the software you mention will work with your processor. |
|
