InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 3951. |
Solve : Norton or McAfee.......? |
|
Answer» I have two free sercurity Cd's. One is McAfee Internet Sercurity SUITE 2008 w/ Site Advisor, the other, Norton Internet Sercurity 2008. I need to install one of these, if you had a choice, which do you think is the better one. I know many people don't either one, but I know a little more on how to work these two in case something should happen. I know nothing about that free AVG or if they even have a help support line.
I agree with patio, AVG Free Edition is a great AV product.i agree with broni, because before, i am running with 2 AV... and thats really slows down my computer. that's why i reformat my computer. 1 AV is enough in your system. try AVG free edition.If i had that choice i will leave both Norton and Macfee and go for AVG free adition its better...Quote i am running with 2 AVIt's always very bad idea....My friends Lap Top came with a 90 day free install of Norton...now he has had a @#$%load of problems & needed help to remove some trojans & viruses. He is now very happy with AVG Free.I had Norton three years ago and I thought all files were removed and gone and now out of the blue I'm having a problem with my emails because Norton is lurking somewhere on my computer and I haven't figured out a way to get rid of it. I have tried everything. I highly recommend AVG.Quote from: pepper on February 06, 2008, 07:15:15 PM I had Norton three years ago and I thought all files were removed and gone and now out of the blue I'm having a problem with my emails because Norton is lurking somewhere on my computer and I haven't figured out a way to get rid of it. I have tried everything. I highly recommend AVG. From Our Archives |
|
| 3952. |
Solve : Analyse hijack log and combofix? |
|
Answer» I will go ahead and post this.
. Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. 1. Double click OTMoveIt2.exe to launch it. 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other DEFENSIVE PROGRAMS alerts you, allow it access. 4. Click YES at the next prompt (list DOWNLOADED, Do you want to begin cleanup process?)
Learn more about how to PROTECT yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? |
|
| 3953. |
Solve : Trying to scan with ESET NOD32 to obtain log..problem? |
|
Answer» Hi, |
|
| 3954. |
Solve : Just need to check something? |
|
Answer» I was trying to find something that would record keystrokes on my computer and i downloaded this thing called keyprowlerhttp://www.download.com/KeyProwler-Pro-Keylogger/3000-2132_4-10767600.html |
|
| 3955. |
Solve : My computer restartes itself? |
|
Answer» when i start my computer it loads up then acts LIKE you have pressed the reset button could you please help me i need it for workWelcome to the CH forums. When I had XPWhat Windows is it now?It was before I got a new laptop, but I have Vista now. |
|
| 3956. |
Solve : http://gaigoibaucat.xlphp.net virus?? |
|
Answer» is there any kind of virus like this one??? there's a text oftenly appears on my powerpoint. HELP!!!We can't tell unless you read post #1 and #2 HERE and attach the logs.i also have the same problem. |
|
| 3957. |
Solve : Symantec email problem....help!!!? |
|
Answer» I have a computer tech coming tomorrow morning around 9 am. I let you know what he says. I'll pray...Me too!!! Well he checked everything in the SYSTEM and couldn't FIND any symantec or norton. He copied and pasted the message that I'm getting into google and a bunch of things came up. Apparently I'm not the only one having this problem and there doesn't seem to be an ANSWER yet. Apparently I'm not the only one having this problem and there doesn't seem to be an answer yet. Actually the link had a pretty good answer. The Ahuma forums are well respected. It isn't anything to do with your computer, it is coming from a server that the email passes through. So, we're back to one of my very first suspicions: Quote This message may be just included with the email of the person, who is SENDING back the message, or even ISP- post #32.... Oh, well....at least computer is doing fineI'm not going to worry about it anymore. When I start to get that message I'll just copy and paste into a new email and tell the other person to do the same thing. It's just an annoyance. Thanks for trying to help. |
|
| 3958. |
Solve : this computer make the internet slow when it turn on.? |
|
Answer» i also have tried taking out the HDD and make it as a slave in my own COMPUTER (windows xp) then run full SCAN of avira but no resultGo HERE and install then run the Dr. Web CureIt and post that log.well, after the full scan, it didn't find anything in that "main computer" by i did try scanning the other computer ( PC 06 & PC 03 ) and found something. However, i still sure this main computer affecting the rest when it turn on.PC 06 Dr. Web CureIt Log
a) During BootUp process Press F8 continuously until selection appears b) Use Arrow Up+Down to select SafeMode on the selections menu. c) Hit Enter to proceed. 5. If it requires you to login please use the login name with administrative rights. Without this privilege, Sysclean will not delete/clean infected files located on SYSTEM folder. 6. Open the Sysclean folder on on your Desktop and Double-click Sysclean to run and do a full system scan. This may take time. Reboot when finished, repeat as desired to make sure that all threats are removed. well, it still shutting down I'm going to turn this computer on for a while to make sure that it is not caused by overheating...After that i post the resultfor a few days all of the computer acting fine, i mean the internet connection, and guess what, the ISP told us that they having problem ( They didn't mention earlier!) because of cables underseas thing... Probably related to this..... http://news.yahoo.com/s/ap/20080208/ap_on_hi_te/mideast_internet_outage I think this thread solve already.Thanks for letting us know. |
|
| 3959. |
Solve : Need help... Yahoo Messenger Virus?? |
|
Answer» i also have the same problem. |
|
| 3960. |
Solve : how to enable the registry editor? |
|
Answer» Please help again... Start with this thread.How are we supposed to help you if you don't follow the given advice? |
|
| 3961. |
Solve : Bl4cK P3g4sUs virus help!? |
|
Answer» I need help on this worm. It creates 240 kb files inside folders that when you try to open them, will freeze the computer. Won't allow system restore and can't start in safe mode. It disables antivirus softwares, or any other softwares. Missing RUN in start menu. And when you try to look at my computer properties, it is suddenly registerd to Bl4cK P3g4sUs. I'll attach some pics to better explain what i mean. |
|
| 3962. |
Solve : Adware Problems!? |
|
Answer» I have 3 Adware bugs on my computer that I cannot get ride of even with Spyware Doctor. Spyware Doctor finds Them, Removes them But when I open Internet Explorer they reappear. The list of Adware Bugs go's as follows( Adware.Leorvbar), (Adware.Admedia ),( Adware.Agent.BN), Please help. Running windows xp. 1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/ |
|
| 3963. |
Solve : need help recovering from trojan? |
|
Answer» i recently encountered a Trojan, I'm confident that the original file (and the ones it brought in) are gone, i used AVG scanning in safe mode to FIND and heal everything and it seems it did. the problem is that somewhere during this something took away my administrative properties. along with this the only audio i can get are the microsoft sounds, anything playing out of winamp or anything else will not play. winamp will even tell me that the driver is missing. |
|
| 3964. |
Solve : Should i have this many?? |
|
Answer» i have 6 "svchost.exe" RUNNING in my PROCESSES and TWO "rundll32.exe"It's normal.ok THANKS |
|
| 3965. |
Solve : computer for mobile maintenence? |
|
Answer» what r the tips 4 GOOD workig COMPUTER in mobile PHONE MAINTENANCE softwareDo you mean portable security? |
|
| 3966. |
Solve : Windows XP and gditst? |
|
Answer» Hello |
|
| 3967. |
Solve : total soln 4 formating a computer?? |
|
Answer» slow n restarting COMPUTER due to virus... iwant to format it but dont know n dont want to loose my files data....i myself want to make it NORMAL after formatingThis can't be done... |
|
| 3968. |
Solve : Help!! How to stop all the Popups, Adwares and Trojans??!!!? |
|
Answer» I don't know why OTmoveIt is doing that with your computer. Hopefully everything is OK now. Quote from: green tea on January 17, 2008, 12:37:18 AMbut the clock is still in that weird format. It's 23:34 right now Sweet!! It works, thank you! I love this place. I learn something new about the computer everytime ^__^ Glad it worked, I had never seen that either. Safe surfing...............Hey guys.. Does using ATF Cleaner a lot effect the memory?? For the past 2-3 weeks, I've been having trouble loading Yahoo.com. Usually that loads instantly since I have cable. But now, the SCREEN just stays blank and takes FOREVER. At first, I was hoping it was just Yahoo doing a maintenance check or something, but then it loads just fine at work. And most of the other websites I go to loads ok. And recently, I would open IE and go to a website, but then the browser closes, and a popup will appear with the following message: "The instruction @ "0x7e1t9afc" referenced memory at "0x01fa6ec8" memory could not be "red" Click ok to terminate program" I'm not sure what's going on, so I thought I'd ask here first It shouldn't effect the memory although it does clean the Prefetch which isn't advised to do on a regular basis. You can uncheck the Prefetch option before running ATF Cleaner. CCleaner is a safer alternative for a daily cleaner. It has a setting to clean Old Prefetch Data but must be enabled under Advanced Options. Quote Cleaning the Prefetch folder in Windows XP/Vista is a MYTH and will reduce performance. The Prefetch folder is self cleaning at 128 entries by Windows. When the 128 limit is reached Windows will keep the 32 most used prefetch files. Cleaning the folder before this will cripple Windows load and all application load times.Full Article Haven't heard of Prefetch before this.. I should have asked about the effects of using some of these programs before using them every now and then. So it looks like I have to let Yahoo load twice before it goes back to normal. I guess it makes sense since one of the comments on that article said the load time could go up 100% *doh*It is also a good idea to restart the computer immediately after doing a thorough cleaning, with either ATF or CCleaner.I have a Dell and run windows XP. In the tasktray a red X keeps popping up announcing that my computer is infected and wants me to buy a certain antispyware. How do I get this annoyance out of my tasktrayDon19wil49 you will need to read this post and start a new thread with the information. |
|
| 3969. |
Solve : Buffer Overflows? |
|
Answer» I apologize if this is the incorrect forum. I have all my movies and movie segments stored in a folder on my D drive. Every time I access the folder, I get a Buffer Overflow WARNING. These warning used to be limited to that movie folder but now the warnings come when I play certain movie cds on my F drive. How do I get rid of these warnings? Should I try deleting the process files mentioned in each warning?No, you can't. Those files are crucial Windows files, and it's not Windows fault, but McAfee being too protective. What is buffer overflow? A simple definition of buffer overflow is writing data outside designated memory blocks when the memory block is full. Most antivirus programs use pattern files to detect the buffer overflows. So, if antivirus code is overprotective, or flawed, it'll flag legit programs as virus activity, and block them. Since they're blocked = you can't play your DVDs. Why you can actually play movies from your HD, after the error, but not from DVD drive is beyond my knowledge. I don't like McAfee, but I assume, you paid your subscription, so you're stuck. In my opinion, you have two options. I'm not familiar with new McAfee versions, so you'll have to dig through its options... 1. You may turn buffer overflow protection off (it may have some sub-options), which isn't the best thing to do. 2. McAfee must have some way to exclude some processes from being flagged. I wish, I could have had more help for you.Thanks again, Broni, for the quick reply and additional info on the overflows. I kind of suspected the warnings may have been unique to McAfee since I never had them with other AV programs I used. I'm getting McAfee for free for one year through Scottrade Online Brokerage and have contacted the McAfee help forums to no avail. If I have to switch back to Norton or Trend Micro, it won't be the end of the world. I guess you get what you pay for, eh? Again, your help was much appreciated and if I find out anything new, I'll post it here for all. Broni, I also checked and found I have buffer overflow protection enabled within McAfee, which is why I get the warnings, but I'm reluctant to disable the feature because of the seriousness of problems that the overflows may cause (when the alerts appear, they always mention how serious overflows can be). Again, as I find out more from McAfee, I'll inform the forum.If you have it for free, I'd uninstall it right away. Stay away from Norton, and TrendMicro. You're gonna have similar problems. Go for free AVG, or Avast. |
|
| 3970. |
Solve : I can only assume this is a virus?? |
|
Answer» I'd LIKE to try that Eg0Death, but when I go into My Computer, the only "Properties" I can find is in the menu under FILE, and it is grayed out. |
|
| 3971. |
Solve : trojan i ant get healed? |
|
Answer» Can you tell by the log what starts when the computer is switched on because i know i don't use a lot of the stuff on the desktop but don't know what is what & don't want to switch something off which is important.
---------- Post the OTMoveIt log and let me know how things are now.OTMoveIt2 v1.0.20 log created on 02292008_204146 this is all i got i tried it twice but the same thing came up Go to C:\Program Files\AdVantage\AdVantage.exe Delete this file and folder AdVantage.exe and AdVantagehave not got that folder on the computer
The above procedure will:
Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it) 1. Double click OTMoveIt2.exe to launch it. 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Here are some great tools to help you keep from getting infected again. Spybot Search & Destroy - A safe and effective spyware scanner. * Official Spybot Tutorial * Spybot FAQ AVG Anti-Spyware Free Edition - Very reliable with a HIGH detection rate. * AVG Anti-Spyware User Manual SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * SpywareBlaster Tutorial Comodo BOClean - Stops trojans and many more malicious attacks. Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. * Click here for a list of free firewalls. * Why would I consider a third party firewall? UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet READ this article by Tony Klien: So how did I get infected in the first place? Let us know if anything else comes up. |
|
| 3972. |
Solve : Hi !? |
|
Answer» Hello Everyone ! Welcome to CH.Thanks so much for your help Evil ! I failed to mention in my post that I cannot use the computer , because of the freezing up so I can't start with the first steps. That would have helped huh ?!? I am on my FATHER's laptop, so I can't download any type of antivirus to the computer. I had antivirus on the computer but it either expired or was TAKEN off by the viruses , I don't know if that is possible or not !?!? I hope my computer is not beyond repair Can you start it in safe mode? If so download ClamWin to a flash drive and transfer it to the computer to run a virus scan. See if anything is found and remove it. Then see if you can log on in normal mode to run the rest of the scans. Quote from: evilfantasy on February 10, 2008, 01:02:19 PM Can you start it in safe mode?umm , what is safe mode ? ebarrassed ! Shows how computer literate I am ! This is safe mode. Basically, you tap F8 while the computer is starting, a menu will appear and you select safe mode.Quote from: needinghelppp on February 10, 2008, 01:16:29 PM Quote from: evilfantasy on February 10, 2008, 01:02:19 PMCan you start it in safe mode?umm , what is safe mode ? ebarrassed ! Shows how computer literate I am ! Ok , I can enter in safemode. However , I do not have a flashdrive , am I out of luck ? I hate to go buy one of these things , then these procedures not work , and I have to put it in the shop , so then I spent even more money than I needed to.Quote from: Deerpark on February 10, 2008, 01:49:57 PM This is safe mode.Thanks ! |
|
| 3973. |
Solve : can not coplete a syware scan? |
|
Answer» i run a a spyware scan and when it get to a FILE CALLED c:\WINDOWS\system32\aux.dyr it freezes. what is this file and how can i fix it? also when i put a disk in my cd drive it wont open automatically like it use to how can i fix that?What scan do you try to run? Windows version?and what spyware PROGRAM are you using?im am trying to run SUPERANTISPYWARE free edition. aux.dyr << Are you sure that is right? |
|
| 3974. |
Solve : CMIII running in the background? |
|
Answer» Hi, when I start Windows XP and I check the task manager I see 3 instances of CMIII running in the background and its USING up 100% of the cpu. I need to CLOSE all of them from the task manager or else everything SLOWS down. Is this a trojan and how do I get rid of it?Start here post the logs when finished. |
|
| 3975. |
Solve : SOMEONE PLEAAASEEEE HEELPP?!!?!?!? |
|
Answer» when i try to CHECK my messages or send a message on myspace i GET taken to this link... |
|
| 3976. |
Solve : Hijackthis.com help- Computer keeps freezing up- please help? |
|
Answer» ok so i just rebooted the computer and this message comes up, |
|
| 3977. |
Solve : An interesting tidbit of info about AVG? |
|
Answer» I DOUBT this would affect the average user, but for those of you that solve problems for others it just might someday be SOMETHING to know. |
|
| 3978. |
Solve : Has anyone heard of Output.cab?? |
|
Answer» I found this on my DESKTOP tonight and I don't know what it is or where it came from. I went to Add/Remove and I can't find it there. I'm sure I did something stupid again but I even GOOGLED it and couldn't find anything. Does anyone have any ideas on this one?How big is it? |
|
| 3979. |
Solve : PC Tools Threat Fire (Free) update problem.? |
|
Answer» Yes. I am the owner and only user. But I wasn't able to link into the Revo Uninstaller as suggested. Link fixed. http://www.majorgeeks.com/Revo_Uninstaller_d5706.htmlQuote I have another problemYou may want to start a new topic. |
|
| 3980. |
Solve : New and need help? |
|
Answer» First off HI!! i am new to the site and need some help. Well a while ago i got a virus or trojan horse dont remember for sure, anyways i got most of it all cleared up but there is one thing that i can not get back and thats my desktop background. It will not let me do patterns just solid colors. its hard to explain but i can choose solid colors and nothing else, cant USE my PICTURES or anything and its drivin me crazy haha. Any help would be really really really appreciated!!!!! Thanks in advance!!!Also when i shut the computer down the screen with the background i want on there comes up its kinda like my desktop has two layers, the solid color one on top and the one i want on bottom, also when i start the computer back up i get two boxes that come up. one looks like this anything else i can try? Posting the logs as requested in the instructions. We can't help without the logs. |
|
| 3981. |
Solve : what is a good/free spyware program?? |
|
Answer» Thanks, |
|
| 3982. |
Solve : MS Office & Norton AntiVirus definition issue.? |
|
Answer» Hello everyone, I have an issue with Norton LiveUpdate associated with MS OFFICE. |
|
| 3983. |
Solve : major help needed fast have had no luck elsewhere and need my computer 4 school!? |
|
Answer» im not enitrly sure of what it is yet ive tryed about 8 to 10 different instructions on how to GET rid of that icon in the tray with a red dot with a white X accross. i keep getting the balloon every 1 to 2 min saying your computer is infected! windows has detected spyware infrection! ... blah blah recomendes blah blah you know how its installs fake anti spyware and crap but yes majority of instructions calles for avg anti virus and hijackthis to install and run well when i try this i install like the instructions say and the instructions say start the avg and run the scan and then later use the hijackthis .SEE this is where the problem is everytime i try to start the program i CANT it just trys to load then nothing niether avg or hijackthis will load ? any way to get them to work or to get rid of this crap? (also i have unstalled and reinstalled both programs quiet a few times and same result and have tryed starting them in safe mode and still same problem) i also have a FAKE windows UPDATE icon and help and support center icon on my desktop and i dont want to CLICK it because i can see it has a shortcut to the internet then some website ALSO i have a balloon with a red dot and white X saying "a critical error could occur ***STOP: 0x000007B (0xF20184, 0x00000, 0xCC0034)**** Inaccessible handler or device. Click balloon to fis the problem" , obvously a fake random code to scare me but how to i get rid of the balloon and the fake windows icon (i have tried deleting the icons and new ones *magicaly* appear on my desktop LOL ok well im running XP on a DELL and i have used the smitfraud.exe program a good 12 times and followed online instructions about the same problem but still havent been fixed i have tried to download hijackthis and avg and go figure they wont START!!!! i have trend-micro anti spyware and ad-aware and they find the problem i think but never deletes it even thou it says it does. We at least need a Hijackthis log to start with. How did you get smitfraud fix to run but not the other programs? idk i just dowload smitfraud to my desktop when into safe mode and clicked it it worked but avg and hijackthis every time i install them and then try and run them they dont work?Go to this post and work as many as the steps as you can. Boot into safe mode to run Dr Web and SuperAntispyware. Then run the Online scan from normal boot mode. |
|
| 3984. |
Solve : Please spare a moment to help me out if you can?? |
|
Answer» Okay.. |
|
| 3985. |
Solve : Need help toRemove amvo.exe from my PC? |
|
Answer» Please help.........Please see this POST to begin the MALWARE REMOVAL process. |
|
| 3986. |
Solve : Help don't know what to do? |
|
Answer» I think I have a VIRUS or something |
|
| 3987. |
Solve : stubbern trojan? |
|
Answer» Im having trouble ridding my computer of a trojan. It causes IE to crash occaisionally, has caused trouble with warcraft and causes my comp to run slow.
Please download Combofix by sUBs from one of the below links. (Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
here is the SDFix log, however... SDFix: Version 1.141 Run by Sam on Tue 02/12/2008 at 08:28 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Name: 4fdw runtime Path: \??\C:\WINDOWS\system32\4fdw.dll \??\C:\WINDOWS\System32\drivers\runtime.sys 4fdw - Deleted runtime - Deleted Patched user32.dll detected! Note: SDFix Does Not Repair This File! "C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll" 577024 03/02/2005 01:09 PM "C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll" 577024 03/02/2005 01:19 PM "C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll" 578048 03/08/2007 10:48 AM "C:\WINDOWS\$NtServicePackUninstall$\user32.dll" 561152 03/02/2005 01:20 PM "C:\WINDOWS\$NtUninstallKB890859$\user32.dll" 577024 08/04/2004 02:56 AM "C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll" 560128 03/31/2003 07:00 AM "C:\WINDOWS\$NtUninstallKB925902$\user32.dll" 577024 03/02/2005 01:09 PM "C:\WINDOWS\ServicePackFiles\i386\user32.dll" 577024 08/04/2004 02:56 AM "C:\WINDOWS\system32\user32.dll" 577536 03/08/2007 10:36 AM "C:\WINDOWS\system32\dllcache\user32.dll" 577536 03/08/2007 10:36 AM Download the below update to restore original files: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default Schedule Service Path Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\4fdw.dll - Deleted C:\WINDOWS\system32\drivers\spool.exe - Deleted Folder C:\Program Files\Helper - Removed Removing Temp Files... ADS CHECK: Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-12 20:38:20 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation scanning hidden processes ... C:\WINDOWS\system32\.9c3322f5\9c3322f5.exe [492] 0x89076788 scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9c3322f5] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\9c3322f5] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_9C3322F5] "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\9c3322f5] "Type"=dword:00000110 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"C:\WINDOWS\system32\.9c3322f5\9c3322f5.exe" "DisplayName"="Microsoft DDE+ server" "ObjectName"="LocalSystem" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\9c3322f5] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\9c3322f5] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_9C3322F5] "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\9c3322f5] "Type"=dword:00000110 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"C:\WINDOWS\system32\.9c3322f5\9c3322f5.exe" "DisplayName"="Microsoft DDE+ server" "ObjectName"="LocalSystem" scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\.9c3322f5 C:\WINDOWS\system32\.9c3322f5\9c3322f5.Aff.config 224 bytes C:\WINDOWS\system32\.9c3322f5\9c3322f5.core.dll 162816 bytes executable C:\WINDOWS\system32\.9c3322f5\9c3322f5.exe 51712 bytes executable C:\WINDOWS\system32\.9c3322f5\9c3322f5.GR.config 190 bytes C:\WINDOWS\system32\.9c3322f5\9c3322f5.ServerPlugin.config 45 bytes scan completed successfully hidden processes: 1 hidden services: 1 hidden files: 6 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "G:\\Program Files\\iTunes\\iTunes.exe"="G:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: Sat 9 Feb 2008 784,896 A.SHR --- "C:\WINDOWS\wkssvc.exe~" Sun 10 Feb 2008 38,400 ..SHR --- "C:\WINDOWS\system32\advapi32v.exe" Sun 10 Feb 2008 41,427 ..SH. --- "C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe" Sun 10 Feb 2008 38,761 ..SH. --- "C:\Documents and Settings\Sam\Local Settings\Application Data\cftmon.exe" Finished! First: Go to www.windowsupdate.microsoft.com and get all critical updates. ---------- Second: Download and install AVG Anti-Spyware Free to your desktop. * Once you have downloaded AVG Anti-Spyware Free , locate the icon on the desktop and double-click it to launch the set up program. * Once the setup is complete you will need run AVG and update the definition files * On the main screen select the icon Update then select the Update now link. * Next select the Start Update button, the update will start and a progress bar will show the updates being installed. * Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab. * Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this * Under Reports * Select Automatically generate report after every scan * Un-Select Only if threats were found * Under "What to scan"? "Select Scan every file". * Close AVG Anti-Spyware Free <-- Do not run the scan yet. Copy and paste the rest of the AVG instructions into notepad and save them to the Desktop or print them out so you can read them from safe mode. Boot your computer into Safe mode * Go to Start > Shut Off your Computer > Restart * As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly. * This will bring up a menu. * Use the Up and Down Arrow Keys to scroll up to Safemode * Then press the Enter on your Keyboard * Launch AVG Anti-Spyware Free by double-clicking the icon on your desktop. * Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan * AVG will now begin the scanning process, be patient this may take a little time. * Once the scan is complete do the following: * If you have any infections you will prompted, then select Apply all actions <--be sure qaurantine is selected * Next select the Reports icon at the top. * Select the Save report as button in the lower left hand of the screen and save it to a text file on your system * Make sure to remember where you saved that file, this is important (usually the desktop) * Close AVG Anti-Spyware Free IMPORTANT:[/b] Do not open any other windows or programs while AVG is scanning, it may INTERFERE with the scanning process: * Add the AVG scan report in the next post. ---------- Third: Please run the F-Secure Online Scanner Note: This Scanner works with Internet Explorer Only!
Paste the log into Notepad and save it to the desktop so it can easily be posted later. This scan can take quite some time, so please be patient Be sure to restart the computer. . ---------- Fourth: After all of the above is complete and the computer restarted, run a NEW Hijackthis scan and post the log. ---------- Next post add AVG scan log F-Secure scan log New Hijackthis log ok, did all those....heres the logs: AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at:2:16:47 PM 2/13/2008 + Scan result: C:\ftxybq.exe -> Backdoor.Agobot.app : CLEANED with backup (quarantined). C:\pngdmrl.exe -> Backdoor.Agobot.app : Cleaned with backup (quarantined). C:\WINDOWS\system32\advapi32v.exe -> Backdoor.IRCBot.bga : Cleaned with backup (quarantined). C:\d.exe -> Backdoor.IRCBot.bga : Cleaned with backup (quarantined). C:\WINDOWS\system32\drivers\ip6fw.sys -> Rootkit.Agent.pr : Cleaned with backup (quarantined). C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][1].txt -> TrackingCookie.Abcsearch : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][1].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][1].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][1].txt -> TrackingCookie.Clickbank : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][1].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\WINDOWS\system32\config\systemprofile\Cookies\[emailprotected][1].txt -> TrackingCookie.Intelli-direct : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][1].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Sam\Cookies\[emailprotected][2].txt -> TrackingCookie.Zedo : Cleaned. ::Report end canning Report Wednesday, February 13, 2008 15:37:19 - 16:43:26 Computer name: HOUSE1 Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ G:\ -------------------------------------------------------------------------------- Result: 22 malware found Adware.Agent (spyware) System (Disinfected) Backdoor.Win32.Agent.eks (virus) C:\DOCUMENTS AND SETTINGS\SAM\LOCAL SETTINGS\TEMP\KJJ.EXE (Renamed & Submitted) C:\DOCUMENTS AND SETTINGS\SAM\LOCAL SETTINGS\APPLICATION DATA\CFTMON.EXE (Renamed & Submitted) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\CFTMON.EXE (Renamed & Submitted) SpyKillerPro (spyware) System (Disinfected) Stealth_application (hidden item) C:\WINDOWS\SYSTEM32\.9C3322F5\9C3322F5.EXE (Submitted) Stealth_file (hidden item) C:\WINDOWS\SYSTEM32\.9C3322F5\9C3322F5.CORE.DLL Tracking Cookie (spyware) System (Disinfected) System System System System System System System System System Trojan-Downloader.Win32.Diehard.ef (virus) C:\WINDOWS\TEMP\LOAD.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Small.hwc (virus) C:\WINDOWS\SYSTEM32\MSFTP.DLL (Renamed & Submitted) C:\DOCUMENTS AND SETTINGS\SAM\MSFTP.DLL (Renamed & Submitted) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\MSFTP.DLL (Renamed & Submitted) Trojan.Win32.DNSChanger.apn (virus) C:\WINDOWS\SYSTEM32\KDKGG.EXE (Renamed & Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 22986 System: 3400 Not scanned: 3 Actions: Disinfected: 3 Renamed: 8 Deleted: 0 None: 11 Submitted: 9 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:48:47 PM, on 2/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe G:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe G:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe G:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe G:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Attractive Clock] G:\Program Files\Attractive Clock\Attractive Clock.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184605009656 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184606985140 O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urikon.dll O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urikon.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Windows Image Acquisition (WIA) stisvcSchedule (stisvcSchedule) - Unknown owner - C:\WINDOWS\system32\advapi32v.exe (file missing) O23 - Service: Automatic Updates wuauservdmadmin (wuauservdmadmin) - Unknown owner - C:\WINDOWS\system32\1_exceptionv.exe -- End of file - 6195 bytes If combofix is still on the desktop download a new copy and try to run it again. Please download Combofix by sUBs from one of the below links. (Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
|
|
| 3988. |
Solve : trojan horse in captivity? |
|
Answer» ... for me too,.. thanks BroniDisable TeaTimer, as it'll interfere with the cleaning process: |
|
| 3989. |
Solve : IE Freezes or closes and lags bad!!? |
|
Answer» Hello!!!
OK.. I didn't find windows messenger in the add/remove programs.. I did however remove it from the windows components. Also in the service status on Boonty games.. you said to click the stop button, It was already stopped. dunno if makes a difference but figured I should tell you. OK I did all you asked and I am sending the logs. will be waiting if something else needs to be done...once again thanks so much for the help!! [file cleanup - saving space - attachment deleted by admin]
We will want to do some cleanup at this point. LET's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. The above procedure will:
This is a good time to clear your infected system restore points and establish a new clean restore point:
Here are some great tools to help you keep from getting infected again. Spybot Search & Destroy - A safe and effective spyware scanner. * Official Spybot Tutorial * Spybot FAQ AVG Anti-Spyware Free Edition - Very reliable with a high detection rate. * AVG Anti-Spyware User Manual SpywareBlaster - SECURE your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * SpywareBlaster Tutorial Comodo BOClean - Stops trojans and many more malicious attacks. Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. * Click here for a list of free firewalls. * Why would I consider a third party firewall? UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Let us know how things are now.Hey There.. evilfantasy!!! Thanks so Much for the help!!! Did the clean up you said and cleaned out the restore points. The Computer is running like I had done a reformat on it..lol... Girlfriend was stressing about it big time! ... She is so happy now that it is running smooth again.. and she wants to say thank you too! Really appreciate the time you put in to help us less knowledgeable folks!! Think I will take you up on some of the advice of adding a few more tools like the comodo firewall. I Have the a-squared scanner and avg antivirus on here. Was wondering about the superantispyware and if I should leave it on here too!! Also should I keep the Dr. Web cureit? You have a Great Day and Again Thank You!! Definately leave the SuperAntispyware and Dr. Web. They are free and make a great ADDITION to the arsenal. I will alternate scanning weekly (or so) AVG, Super and Dr Web are among the best and most reliable. Be careful with aSquared. It is powerful and has been known to pick up legit items and flag them as malicious. Glad everything worked out. Regular maintenance with CCleaner and a spyware scan now and then will do wonders. Safe surfing........... |
|
| 3990. |
Solve : Can Not Reboot In Safe Mode? |
|
Answer» Among other problems (mentioned in previous post) I can not reboot in safemode. So I can not download and anti virus , spyware or HJT software. Can the safe MODE prob be handled FIRST? |
|
| 3991. |
Solve : WinNT/Bagel.gen and Win32/Bagel.gen!C ARE THESE NEW?? |
|
Answer» Three days I have been working on this. |
|
| 3992. |
Solve : Multiple Personalitys!? |
|
Answer» My computer Lags, The mouse will not scroll, cannot exit websites esp google, And When I run Superantisyeware I keep getting tracking cookies!. And now nothing will OPEN like Hijack this Icons on desktop! Ok got this to work, Logfile of Trend MICRO HijackThis v2.0.2
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility ---------- Then use a third party defrag program to defrag the drive. http://filehippo.com/download_jkdefrag/I downloaded Cleanup.exe, But When I try to uncheck Newsgroups The arrow auto adjusts to custom setup? Also I have been using CC Cleaner, Is That close to the same thing?The instructions on Cleanup are slightly outdated so as long as the check boxes are correct everything will be fine. Sorry I need to update them. Cleanup will remove more then CCleaner. It is for a thorough cleaning where CCleaner is better for daily use.Alrighty Than! OW YEA, that worked really well. You guys are awsome, Thanks!Glad it worked. Safe surfing.............. |
|
| 3993. |
Solve : dns spoofing? |
|
Answer» is there any body run dnsspoof from dsniff program or dnsa program. i try to run these program to implement DNS SPOOFING but no RESULT appear to me. any body can help me please Be more specific on what you're trying to ACCOMPLISH. With the information you've give, there's no way anyone can help you. |
|
| 3994. |
Solve : Does anyone know what this error message means?? |
|
Answer» This started a few days ago and I have no idea what it means. Search Paretologic also Nothing for Paretologic either.Sorry I ran it again it's finding something. I had it as two words so I tried it as one word. It found two things so far. What do I do then.....delete them?It found two files. ParetoLogicDataRecover.msi and ParetoLogicRegistration.job I see you are off line now so I'm just GOING to go ahead and delete these files..msi is or was the installer for it or another PART of it. .job I'm not sure of. might have been the SCHEDULER? |
|
| 3995. |
Solve : Patch Tuesday - Microsoft releases six critical patches? |
|
Answer» 2-13-08 This month's "Patch Tuesday" did not include a patch that had been promised in Microsoft's advance notification for February 2008. Microsoft could not be reached for comment at the time of writing to say why the patch had not been included. Source The windows Vista SP1 patch that is rolling out via Automatic UPDATES today causes a SIGNIFICANT portion of the machines to ENTER a reboot loop during the update requiring a reinstall. No fix has been mentioned by MSFT yet. More info can be found here: http://forums.microsoft.com/TechNet/showpost.aspx?postid=2848906&siteid=17Quote SP1 RC Different update but still good info. The Patch Tuesday release is just regular updates and not to do with the Beta version of SP1.This isn't the Beta SP1. We're getting reports that the Vista SP1 is actually being pushed out via Automatic Update as of today. Just thought I would warn folk if they are looking to go grab the regular patches to watch out for the Vista SP1 trying to install itself as an automatic update.Well that wasn't quite what they had previously stated. It was supposed to be MID March. Maybe they should have waited as planned. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9063021Aha. Did some more checking around. Our users are morons. Some of them went and got the Vista update, then claimed it happened automagically. This compounded with the Slashdot story containing erroneous information led me to believe that the SP1 had been pushed out early. That is not the case. Please disregard all of my posts on this thread and go on about your business.It's a confusing trilogy trying to keep up with the release. I made a premature post last week myself. Still good info for what it has done to some of the PCs. I wonder how well the actual release will go.Quote We're getting reports that the Vista SP1 is actually being pushed out via Automatic Update as of today.Public release is planned for March....They RELEASED it to TechNet and MSDN subscribers on Valentines day. Quote Microsoft Corp. kept its promise and released Windows Vista Service Pack 1 yesterday to subscribers of its for-pay TechNet and Microsoft Developer Network (MSDN) services, the company said.I know that. I had a impression that TheEmperor post was referring to general public. |
|
| 3996. |
Solve : avg antivirus need local mirror? |
|
Answer» Hello everyone. I live in Serbia( thats in europe, sorry not sure if you know) I want to download AVG. I have a very slow dial up connection and was wondering if anyone knew of a site that had a mirror site I could download closer to HOME ( i can only FIND U.S and Austrailia)ok I just tried downloading it, 1 hour 30 into it the connect broke. I got to START over. is there any option?What site are you trying to download from?major geeks. I tried the file hippo site and its SLOWER. I got 2.6 kpbs around there. the most i get to dowmload is around 4.5Maybe you should ask a friend with broadband to download it for you...If FileHippo is slow then you may be out of luck. |
|
| 3997. |
Solve : please help me i m have trouble with computer? |
|
Answer» i have just reformatted my hard drivers for clean system .. Days later I'm finding popups ASKING me to scan and download programs to help me clean my system i know there is trouble some were but cant find so I'm looking for your help i have done all the log files and sending them in this post again thank you for looking and helping
Please let Vundo finish, sometimes it can take multiple passes ---------- Download SDFix.exe and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows DIRECTORY, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following:
---------- Run a new Hijackthis scan and post the log also. ---------- Next post please add Vundofix log SDFix log Hijackthis loghere are the logs you asked for again thanks so very much on helping out i cant tell you what this means to me thanks again [file cleanup - saving space - attachment deleted by admin]Download OTMoveIt2 by OldTimer.
---------- Next post OTMoveIt logOTMoveIt log File/Folder C:\WINDOWS\system32\bpepdgko.dll not found. OTMoveIt2 v1.0.20 log created on 02262008_034434 is this dll file important when i start windows it say run file error and i click OK then all seem fineNo it is part of the problem. This scanner works with Internet Explorer only Go to the BitDefender Online Scanner Click I Agree to the license and then install the ActiveX control. Please DO NOT change the Scanning Options. That will make your logs huge and we don't need to see clean files. Select Start Scan to begin. This scan can take a while so please be patient and let it complete. Once Bitdefender completes the scan: Click-on the Detected Problems tab. Then select Click here to export the scan report When the window comes up to save the report, change the Save as type: box to: Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later) This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us Post the bdscan.txt in the next post. ---------- Next post BitDefender log NEW Hijackthis loghere are the file logs you ask for hope i did this right [file cleanup - saving space - attachment deleted by admin]Open Hijackthis and select Do a system scan only. Place a check mark next to the following entries: (if there) O4 - HKLM\..\Run: [BMef98775c] Rundll32.exe "C:\WINDOWS\system32\bpepdgko.dll",s Important: Close all windows except for Hijackthis and then click Fix checked. Exit Hijackthis. ---------- Go to My Computer and locate then delete this file. C:\WINDOWS\system32\bpepdgko.dll ---------- Restert the computer and let me know how things are now.the dll file is gone and when i restarted the error did not show up is there any thing i can do from this happing to me again ? or is there still more things to do here I will leave some links to programs to use to help keep the computer safe near the bottom of this post. There are some final steps to do now. Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to launch it. 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 This is a good time to clear your infected system restore points and establish a new clean restore point:
Here are some great tools to help you keep from getting infected again. Spybot Search & Destroy - A safe and effective spyware scanner. * Official Spybot Tutorial * Spybot FAQ AVG Anti-Spyware Free Edition - Very reliable with a high detection rate. * AVG Anti-Spyware User Manual SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * SpywareBlaster Tutorial Comodo BOClean - Stops trojans and many more malicious attacks. Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. * Click here for a list of free firewalls. * Why would I consider a third party firewall? UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I GET infected in the first place? Let us know if anything else comes up. |
|
| 3998. |
Solve : Why some email addressee's are refused delivery?? |
|
Answer» No no, Thunderbird is just a mail client. You enter your server information in it and it goes out and picks up the mail. Just LIKE outlook express does. You don't require Firefox.By now you should know I'm a newbie but old enough to ask way to many questions before I just react. I hope you don't mind. Why does using my hotmail account not fail as well?Because Hotmail is an online service with its own mail servers. So any mail you send through Hotmail isn't handled by your ISP's spam filter.So?? Is is Declude that screens and labels my mail after it leaves my ISP and then it is refused somewhere when it is routed or refused by the ISP of the person I'm trying to send mail to??? In one case, it is a yahoo address that I can't get trhough too but the ISP is Comcast.... So I need to contact Comcast for the resolution? Declude won't tell me why my mail fails their tests. They just refer me to the definitions; saying NOTHING specific about my transmition that is catching Decludes attention. They also just say that they are not responsible for 'bouncing' the mail. They haven't been helpful at all. ?So? The rest of the folks in my address book that I correspond with "Don't" have declude??? Maybe Baracuda? You only have this problem when sending mail from one specific email address right? And the problem PERSIST regardless of what client you use to send mail? So to me this suggest either your email provider is using a outbound spam filter from Declude or the email provider is doing something to your emails that makes them fail an inbound spam filter. In the first post you showed a log from an email you had sent to comcast.net, hotmail.com and yahoo.com email addresses. Did none of the intended recipients receive the email or was it only for some of them it bounced?Yes. My mail is refused when I use my ISP domain 'mail.valp.net'. It is refused when using MS Outlook Express, MS Office Outlook and now TBird but not when I use hotmail. In that example (first post) I sent mail to 5 addresses. The return notice identifies (first line) which of the 5 intended addresses were refused. The other 4 received delivery. So delivery only failed for one of the Yahoo addresses?Yes in that example, One yahoo account was refused. That is what is driving me so crazy. And as I made mention before I think, it will be aloud (in my estimate) say 1 to 5% of the attemtped tries. In 100 emails I might successfully get thru 5 times and 95 are refused. Quote from: tpolcha on February 16, 2008, 06:00:47 AM And as I made mention before I think, it will be aloud (in my estimate) say 1 to 5% of the attemtped tries. In 100 emails I might successfully get thru 5 times and 95 are refused.Is this NUMBER for all the emails you send or just for emails to this one person?OK. In the example post. The mail recipient that was refused is my 'X'. She uses yahoo as her client and she subscribes to Comcast I think as her ISP. Clarification: If my x was the lone addressee in 100 times in one week that I needed to correspond by email, I would expect to have at least 95 of my attempted sent mailings to be refused. It must be a filter at her end then. Either installed on her computer or at Yahoo. OK! I have some direction again to go in now. Thanks. I will task yahoo with some questions and return here to C/H with the next set of answers. C/H has proven to 'this beginner', they have their act together time and time again. From what I can find Declude is what Yahoo uses for an incoming spam filter. So the issue looks to be on the receiving end. You could try to contact Yahoo customer service and see what it takes to make sure your email gets through. |
|
| 3999. |
Solve : Its a virus..? |
|
Answer» THANKS man. I have an admin account that i think can do that also but i dont want to change ANYTHING i might get in trouble. Thanks alot man this computer should be ok now. I'll just RESTART now and i'll let you know about the status. Thanks alotNo probllem, glad we got it sorted out. Safe surfing...........Looks EVERYTHING is ok but its only background picture is not displaying COMPLETELY its only half way. ThanksNo now its showing |
|
| 4000. |
Solve : Computer running slow... HJT log posted? |
|
Answer» HI my uncle's computer is RUNNING slow i've tried running Norton virus scan, Spybot search & destroy, defragging the computer and Scan disk error checking. but it still seems to run slow. i was wondering if someone could look at this log and tell me what i need to do to speed things up. thanks ALOT! Which start ups can i disable?Please, give me new HJT log, downloaded from here: http://www.snapfiles.com/get/hijackthis.html. Your version is outdated. You need to update your Java: http://java.sun.com/javase/downloads/index.jsp #4 - Java Runtime Environment (JRE) 6 Update 4 Uninstall all previous versions of Java through Add\Remove. Did you run CCleaner? One of your problems is amount of RAM. I'd add a stick of 512MB, and you'll see the difference.updated java ran ccleaner also got updated HJT i'll ask my uncle to get some more RAM. any recommendations? new HJT log added thanks for the help [file cleanup - saving space - attachment deleted by admin]Quote i'll ask my uncle to get some more RAM. any recommendations?Go to www.crucial.com, enter your computer brand, and model - it'll tell you. Disable TeaTimer, as it'll interfere with the cleaning process: Right click Spybot's TeaTimer System Tray Icon. Click Exit Spybot-S&D Resident. TeaTimer closes. Open HJT, checkmark following startups (no actual program will be removed; they'll be prevented from starting with Windows): - O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" - O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe - O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup - O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start - O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime - O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot - O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe - O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 - O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC - O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC - O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (if you use ASIAN characters in MS Office, leave the above 4 entries in green alone) - O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe - O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Click "Fix checked". Restart computer.thanks running a bit faster on start up thanks for the website i didn't think 2 Gigs of ram was that cheap. he does use some of the asian fonts so i didn't get rid of those 4 lines new HJT log posted. [file cleanup - saving space - attachment deleted by admin]It looks better... All, you need to do is to get more RAM. That should do it.Thanks alot for the help. i'm wondering how do u learn what all those values mean in HJT log and wether or not it's safe to remove? is there like some magic glossary list i could look at and remove them myself without having to bug u guys? As with any learning, it takes time. If you like to play with computer, and have some spare time, you can always sign up here: http://www.malwareremoval.com/forum/viewtopic.php?t=233 It's free. For now, you better "bug" us, then make your computer unstable. |
|
