Explore topic-wise InterviewSolutions in .

Sorry in advance: I wasn't sure where to post this.

So my situation is: I have a password for a user and I want to store an encrypted version of the password in a database.

I was doing some reading and was overwhelmed by all the different ways to encrypt things.
All I want want to do is encrypt a password in such a way that it does not have a key to decrypt it. (I have no need to decrypt it, I plan on just encrypting the password again and CHECKING to see if they match)

One of the articals I read, and found easy to read was here: https://crackstation.net/hashing-security.htm
Now I don't fully trust this artical because it left out details not MENTIONED in others and the author promoted his own library. I don't want to use his library I just want to understand what needs to be done to encrypt a password in the way I have described.

I'm using .net btw.

Am I on the right track?

Code: [Select]//TODO Come back and CATCH exceptions
public static byte[] generateSalt(){
System.Security.Cryptography.RNGCryptoServiceProvider rng = new System.Security.Cryptography.RNGCryptoServiceProvider();
byte[] ben = new byte[32];
rng.GetNonZeroBytes(ben);
return ben;
}
//TODO Come back and catch exceptions
public static string hashPassword(string password, byte[] salt){
System.Security.Cryptography.Rfc2898DeriveBytes rfc = new System.Security.Cryptography.Rfc2898DeriveBytes(password,salt);
System.Security.Cryptography.Ri+
byte[] key = rfc.CryptDeriveKey("TripleDES","SHA1",0,iv);
string res = System.Text.Encoding.ASCII.GetString(key);
return res;
}Quote

All I want want to do is encrypt a password in such a way that it does not have a key to decrypt it. (I have no need to decrypt it, I plan on just encrypting the password again and checking to see if they match)

I have a laptop with 2 hard drive ports, it's own hard drive, and another hard drive from a dead CPU. Both drives fit in the laptop, but the native hard drive is loaded with Malware! I was using Safe Mode with Networking & tried running Malwarebytes on one drive, and it let me scan & clean both drives. So i know this is POSSIBLE, and i'm looking for a solutionWhen the screen's full size was smaller than usual, i looked up a solution.

It said i had Malware & to download Spyhunter (which i didn't know was a paid program). It scanned the CPU and found a MASS amount of Malware, one of them blocking Malwarebytes from working. Then i was lead into MWB Chameleon, which is supposed to REMOVE MWB blocking Malware. It said to click all the links until one works, but none of them did.

After that, i found a thread linking me to a multitude of removal programs, and that actually worked! ...for a few weeks. After that, i opened the FRST folder (a program i was told to install), and the hard drive crashed completely! Even when i try Safe mode, a Blue screen flashes with a small bit of text & restarts, with no end. I'm afraid it will destroy the other hard drive if i plug them both into the same laptop.
Can anyone help me through removing Malware off the main drive?BSOD's are usually caused by a HARDWARE problem such as a defective HD or RAM. You may or may not be able to run some tests using these tools.

Run hard drive diagnostics: tacktech.com
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to DISC" option), and make the CD bootable.
For Toshiba hard drives, see here:

Note : If you do not know how to SET your computer to boot from CD follow the steps here
**********************************************
That could be a problem with bad RAM. Please run this check just to eliminate that possibility.
Test your RAM here.Quote from: SuperDave on October 29, 2016, 12:38:37 PM

BSOD's are usually caused by a hardware problem such as a defective HD or RAM. You may or may not be able to run some tests using these tools.

Run hard drive diagnostics: tacktech.com
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here:

Note : If you do not know how to set your computer to boot from CD follow the steps here
**********************************************
That could be a problem with bad RAM. Please run this check just to eliminate that possibility.
Test your RAM here.

First off, what am i doing exactly & how does it help me?
Second, which drive to i do it on?

So my one friend contacted me that they got hit by a POP up telling them to call a phone number and it was Microsoft. I told them to hold on and let me remote into them with teamviewer since we use this as a means to show each other remotely what we are doing with character builds for video games etc. So I was able to run taskmgr and kill edge. And then start edge back up and it brings you back to this hijacker. I then killed it again in task manager. I then brought up command prompt and ran an INSTRUCTION to call edge to run but to "www.google.com" this way i can bypass the hijacker that was taking the focus of edge and not allowing any browser use. I was able to get to google this way and then download and install Firefox and told it NOT to get any info from edge. I then from firefox was able to download and install malwarebytes. Ran malwarebytes and it found 16 problems with 2 detections for the hijacker. Told malwarebytes to go and fix the problems.

Malwarebytes then wanted to reboot. No problem, so i rebooted her system remotely.

Her system came back up and I remoted back into it. Ran another scan and everything shows clean. However edge the minute you go to launch it, it flashes quick and disappears so edge is dead.

Launched firefox and firefox runs with no troubles.

She SAID she prefers firefox anyways and will just use that, BUT, I dont like how edge is dead and was wondering if there is a way to fix this for her remotely?

When she got her new laptop I remoted in and created the system recovery media for her and so worst case scenario I walk her through a full system recovery using the USB stick that I created for her when she boots off that. However she doesnt want to do a full system restore if she doesnt have to because she has data on it and its customized, so I figured I'd check into a way to fix edge. So not sure if there is a repair tool for edge or if its more involved. I was thinking i got lucky in installing firefox before malwarebytes tombstoned edge by removal of the hijacker. I'm not sure if this will work on Win 10 but did you try turning Edge off and on in Control Panel?Didnt try that, I will give that a shot. Thanks for your suggestion to fix edge.Quote from: SuperDave on October 31, 2016, 12:32:21 PM

I'm not sure if this will work on Win 10 but did you try turning Edge off and on in Control Panel?

Go to Control Panel, Add/Remove programs and you should be able to turn it off and then back on on the left-hand side.

And, Windows 10 does not have an option to "turn off " Edge.

It does on my laptop.

I took a look and they had installed a Remote Access Trojan in the form of an unsecured TeamViewer (Which I suppose is right now every copy of TeamViewer because of the exploit?)

The passwords they are talking about are not per-session pins but account passwords for accounts in the service i.e. on their site. Those can't be randomized per session.

It's a good laptop but it works nowhere close to how it should. I even tried formatting it and reinstalled windows but it still is crap. I'll post all the logs and hopefully someone can help me# AdwCleaner v6.040 - Logfile created 06/12/2016 at 14:54:59
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-06.1 [SERVER]
# Operating System : Windows 10 Home (X64)
# Username : William - DESKTOP-5MOG9AD
# Running from : C:\Users\William\Downloads\adwcleaner_6.040.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej


***** [ Files ] *****

FILE Found: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\c74juvxm.default\searchplugins\yahoo! powered.xml
File Found: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious KEYS found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found: Yahoo! Powered lodef


***** [ Registry ] *****

Key Found: HKU\S-1-5-21-1927688727-635054299-1412645329-1001\Software\PRODUCTSETUP
Key Found: HKU\S-1-5-21-1927688727-635054299-1412645329-1001\Software\csastats
Key Found: HKCU\Software\PRODUCTSETUP
Key Found: HKCU\Software\csastats
Key Found: [x64] HKCU\Software\PRODUCTSETUP
Key Found: [x64] HKCU\Software\csastats
Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_49&param1=1&param2=f%3D1%26b%3DIE%26cc%3Du
Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_49&param1=1&param2=f%3D1%26b%3DIE%26cc%3
Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
Key Found: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej


***** [ Web browsers ] *****

Firefox PREF Found: [C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\c74juvxm.default\prefs.js] - "browser.search.defaultenginename" - "Yahoo! Powered"
Firefox pref Found: [C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\c74juvxm.default\prefs.js] - "browser.search.selectedEngine" - "Yahoo! Powered"
Chrome pref Found: [C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pilplloabdedfmialnfchjomjmpjcoej

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3386 Bytes] - [06/12/2016 14:54:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3459 Bytes] ##########
If you formatted and reinstalled the OS, it's not a malware problem.

Hello! I'm new here and I want to ask you if you can help me with OSIRIS virus. This virus or ransomware infected my computer 2 days ago via misleading e-mail. Now ALMOST all my files are locked and hackers demand 1.5 bitcoins for decryption. I've already tried different antiviruses and antimalware TOOLS (Cureit, Adwcleaner, AVZ, Malwarebytes antimalware) but result is zero files decrypted. So I've used google and found this guide that promotes SpyHunter tool and assures that it will help me. But... this tool costs 50$ and on the other hand bleeping computer SAYS: Quote

Unfortunately, there is still no way to decrypt Locky encrypted files for free.

Ok,,,,I am an idiot.

My laptop always disconnects from the internet and when it does connect,,,runs very slow,,,,my laptop is under 2 years old and is a Dell.
Do I need to buy virus software,,,and will it work if I already have a virus?

I work on a computer everyday and I didn't think I was that DUMB,,,,but I don't know anything when it comes to this stuff.
I have a work laptop that works fine when I connect at home,,,but some sites are blocked my employer. The only THING I really do is surf facebook, amazon, ETC, And I play poker online.

Please help,,,what do I need to do??
What MODEL computer is it so we can determine its specs?

Friend of mine contacted me looking for better security coverage to prevent virus's and ransomeware as seen below. Curious what suggestions you guys might have for him.

Quote

Looking to improve security on my on-line devices (desktop at home, office laptop, and smartphone). I’m thinking of something a little more tailored than just buying McAfee or Norton coverage every year. It seems like it’s just a matter of time before I get hacked for ransom or something like that.

• It should update automatically if the computer is connected to the internet.
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)

I’m thinking of something a little more tailored than just buying McAfee or Norton coverage every year.

Myself I am very low risk for virus's and have been using AVG for a few years now without any problems. But he gets e-mail with attachments regularly and so he is at a greater risk for something to try to slip on in.

Most of the clean up things seemed to run as I expected.
However don't be surprised if I missed something.
As far as I can tell the computer is RUNNING normally.
My wife plays the games and I run WORD; it all seems up to par.
My wife thanks you and I thank you!
You do have a way with these computers!
Keep up the good work, and Thanks! Again!

CopasYou're WELCOME. Happy wife, happy LIFE. I will lock this thread. If you need it re-opened, please send me a pm.

I need advice as to how I may remove this picture that appears when I boot and lies across the desk top icons. It is about TWO inches tall and crosses the screen LEAVING a two in. margin, either end. Part of the middle is some translucent and the icons are visible there.

This picture resists all my efforts to move it with the mouse, quite like the wall paper. Won't delete or give any sign it is there. But I see it.

I have looked in the LIST of programs in control panel and don't see anything strange to me. However this thing appeared today.

I ran Malwarebytes, didn't show anything amisss, I ran JRT gave me a page of things to delete, didn't seem to help.

Any help, appreciated!
Always Happy to know you GUYS are there.
Ivan Copas

Hello, My good wife found a FIX for this problem.
The fault was in my walpaper.
Reinstalling the walpaper cured the problem.
The girl brain is truly great!
Cheers,
Copas

My free trial is over, & I get messages that I have 'junk files' not cleared away, & various other issues. I'm encouraged to buy AVG Antivirus, as none of these issues will be taken care of otherwise. Can't afford this. What to do instead ?Junk files are harmless. If you aren't GOING to buy the PAID version of AVG, uninstall it and replace it with a GOOD, free anti virus.Hello and welcome to COMPUTER Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
You should download and install MicroSoft Security Essentials. Uninstall AVG and run a scan with your MS. Please let me know how that goes.

MicroSoft Security Essentials All versions and all languages.

which is BEST antivirus to delete trojon virus?You can ask 100 people what is the best AV and you will receive 100 answers. Everyone has a different opinion. If you SUSPECT that your computer is infected I can HELP you. Please RESPOND yes or no.

My laptop is SERIOUSLY messed up. I had to call again my internet service provider and the TECH who took care of me told me either change the wireless card inside the laptop (which I don't KNOW how to do) or to buy a wireless USB router (which is what I am going to do). THANK YOU SO MUCH FOR ALL YOUR HELP! I thought it could be solved with software, but can't be.

Take care, wish you well!That's what I was thinking could be the trouble. A wireless USB is a good way to go and they are not that expensive. I think I paid about $40 for mine. Good luck.Quote from: SuperDave on July 02, 2017, 04:10:46 PM

The switch is in your F keys. CHECK with the site of your laptop to find out which one. If you can't download the scanner try it in Safe Mode with NetWorking.

A 8 MIN videos and videos that short takes a lot of space , It must be a viruse that my avast cannot detect

Note: they don't have that high QUALITY it was the old NOKIA so there must be an error
Any suggestions? RIGHT click on the video and see what size it is.

Greetings

I have a very old VIDEOS and photos from years ago , EVERY time O try to open these files my LAPTOP becomes very slow plus I can't even copy or move them to other places ( actually copying or MOVING then is available but in a very slow way almost 20 kb/sec and itsn't ever a real ratio in real there is no movement in the mbs )
Even when I'm trying to cancel the move process I can't it remains a canceling window . They are virus free ( I have avast ) .

Is there any way to open those files and copy them normally? Without damaging them ?

ThanksYou COULD copy them to an external or USB drive or you could burn them to a DVD.

Quote from: SuperDave on August 09, 2017, 01:12:03 PM

While I'm looking through these logs could you please check something for me? Did you make any changes to this computer prior to being infected? Did you download or install any new programs? Go to your installed programs and see if there are any programs that you do not recognize or did not install. If you find any that are suspicious check that date it was installed.

Please download Malwarebytes Anti-Malware from here.
Make sure you re-name this before you save it. Name it something like dave-setup.exe Double Click dave-setup.exe to install the application.

• It should update automatically if the computer is connected to the internet.
• Click on Threat Scan and click on Scan Now.
  
• The scan MAY take some time to finish,so please be patient.
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "APPLY actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)

Please launch Task Manager. CTRL+Alt+Delete and stop any suspicious processes you find and then try to run MBAM.

I see a program labeled "DragonBoost", this is adware, but I am unable to uninstall it, as the uninstall and modify buttons are grayed out.

• -> ERROR [5]

• -> ERROR [5]

Could you please post a screenshot of the re-direct?here it is

[attachment deleted by admin to conserve space]here is the link to file droper if the picture does not open
http://www.filedropper.com/untitled_29I will NEED you to open your Task Manager. CTRL+Alt+delete should do it and look for redirect.cheapred in the processes. If you can find it, click End process. Next, check your browsers for plug-ins.
Chrome
Click the Chrome menu button on the browser toolbar.
Click Tools.
Select Extensions.
Click the trash can icon to delete redirect.cheapred.info extension.
Make sure to remove all extensions you do not know or need.
A confirmation dialog appears, click Remove.

Firefox
Click the menu button and choose Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions panel.
Make sure to remove all extensions you do not know or need.
Click Disable or Remove button of redirect.cheapred.info.
Click Restart now if it pops up.

Internet Explorer
Open the IE, click the Tools button , and then click Manage add-ons.
Click Toolbars and Extensions on left side of the window., and then select redirect.cheapred.info
Make sure to remove all BHO’s you do not know or need.
If the add-on can be deleted, you’ll see the Remove option. Click Remove and then click Close. Otherwise click Disable button.

Next, Go to Control Panel, Programs and Features and look for the program and un-install it.it is not found in the task manager process ... and i do not have any extension to uninstall at all yet this redirect still occurPlease download the latest VERSION of Hitman Pro

• After the download completes please double click the program to run it.
• Accept the terms of the license agreement and click Next
  
• Let the scan run. It will not take long
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  
• Upload log.xml here for review please
  

it was fine for a while but it keeps coming back for no reason i do not know what is wrong about it

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create Registry backup
• Purge System Restore Points
• Re-set system settings

Hello,

Do I have a trojan on my computer?

The following messages are in my PC Device manager Under 'Device Manager – Computer – ACCPI x64-based PC' in the 'Events Folder'

timestamp description
14-jul 17 11:11:36 PMDevice migrated
14-jul 17 11:11:36 PMDevice configured (hal.inf)
14-jul 17 11:11:36 PMDevice started (ACPI_HAL)

The INFORMATION window below each description states the following

Information (window) - Device migrated
Device ROOT\ACPI_HAL\0000 was migrated.

Last Device Instance Id: ROOT\ACPI_HAL\0000
Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318}
LOCATION PATH:
Migration Rank: 0x0
Present: true

Information (window) - Device configured (hal.inf)
Device ROOT\ACPI_HAL\0000 requires a system reboot to complete configuration.

Driver Name: hal.inf
Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318}
Driver Date: 06/21/2006
Driver Version: 10.0.15063.0
Driver PROVIDER: Microsoft
Driver Section: ACPI_AMD64_HAL
Driver Rank: 0xFF0000
Matching Device Id: acpiapic
Outranked Drivers:
Device Updated: false
Status: 0x0
Parent Device: HTREE\ROOT\0

Information (window) - Device started (ACPI_HAL)
Device ROOT\ACPI_HAL\0000 was started.

Driver Name: hal.inf
Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318}
Service: \Driver\ACPI_HAL
Lower Filters:
Upper Filters:


Thanks
Please check your Device Manager for any yellow warning icons.

I now have two drives, C & E. I downloaded what I thought was the free version of Malwarebytes, but it gave me the trial version. I have uninstalled it the correct way from the control panel, but Malwarebytes is still shown in the program section of C & E. How can I get rid of it entirely, and how can I download the absolutely free copy with no ties instead of the free trial?What is the "Program section of C & E"?

current versions of Malwarebytes Anti-Malware install to a folder called "Malwarebytes Anti-Malware" by default. Older versions installed to "Malwarebytes' Anti-Malware" (extra single quote), and uninstalling them left the folder behind.

You can delete the folder if you uninstalled the program either way.

You can get the free version by not choosing to install the trial version during setup.Quote

What is the "Program section of C & E"?

You can delete the folder if you uninstalled the program either way.

You can get the free version by not choosing to install the trial version during setup

The Malwarebytes Folders both have stuff inside them. Is that still OK? It won't leave anything behind or interfere with the registry?

I set up to be connected for 1 hour. After struggling to type this on my CL phone it was lost when, booted out. Would love to see those posts saved to drafts so it's not a total loss.

I need to type this at the library a,d paste it here.

I worry that whatever I got is spreAding through .y network.

If you want me to tell the story with SPECIFIC details please tell MEI can't HELP you if you won't tell me the problem.

Quote from: BC_Programmer on February 10, 2018, 09:13:05 AM

A lot of companies make use of Akamai-based servers as they are a very large CDN (Content Delivery Network). Microsoft in particular have used it for Windows Update for around a decade now. Apple has actually been starting to MOVE away from the Akamai CDN for their own in-house Content Delivery Network for a few years but still utilize a number of nodes (eg. servers for certain geographic areas)

I can't answer your specific questions about why X or Y and such, but that would hardly be evidence to your underlying claims- Occam's Razor and all that. It could very well be user error or just a misinterpretation of errors or stuff happening on your system. By way of example, the other day I couldn't log in to Windows and was told my password was incorrect, and then on another one of my systems, I received an error message regarding my account credentials having been changed. This sounded suspicious of course but it turns out that Microsoft's account services were having problems.

Those lists of services and scheduled tasks appear to be normal services and tasks found in Windows. For scheduled tasks, Some of them don't indicate a executable or DLL file because the associated Actions are attached to a Custom Handler, so you get the "friendly" name for the Custom Handler which as I recall is part of the XML definition for that scheduled task. It lists something known as a "CLSID" which points at a registered Class definition. As an example, AUScheduledInstall is a scheduled task responsible for part of Windows Update. it references CLSID "{F3B4E234-7A68-4E43-B813-E4BA55A065F6}", which itself points at an AppID of "{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" which is the Windows Update Agent itself. When listing Scheduled tasks, it will simply say 'AUScheduledInstall" or list the service path (\Microsoft\Windows\WindowsUpdate\AUScheduledInstall) which of course doesn't EXIST on the file system.

AppV is a component of windows as are several "vm" named services. They do not appear in the services Snap-in (services.msc) because that only lists services managed by the Service Control Manager. Services with startup type 0 are boot-time services, and services with startup type 1 are services loaded with the initial kernel load. This includes the various HyperV and AppV Services included with Windows 10, many of which are services with names starting with "vm". On my desktop, most of these are disabled- however that is likely because I have VMWare installed, as on my other Windows 10 systems they appear to be enabled. If you have been disabling these it could- somewhat ironically - explain the source of unusual behaviours you might have been having.

I think your latest post was cut-off, or hit the post limit as the log APPEARS to be truncated. FWIW, a search brought up a number of issues surrounding MSI's various driver packages not providing signed/WHQL DRIVERS, so it is not necessarily an indicator of anything untoward.

DJ.....what operating system are you using.....and do you have any idea which tool bar it is that you cant remove.
let us know

dl65 Thanks for your input... I have Windows XP as my OS and the toolbar was something my son downloaded... it was some sort of web search toolbar that materialized everytime I opened a browser, even though I unchecked it and deleted it from add/remove programs... plus the two favorites folders must have been a part of that. There was a gambling folder and a site for male *ahem* ENLARGEMENT. lol Fortunately, as ascribed to my DILIGENCE, I have since resolved the issue. I ran Ad-aware and found that these sites had embedded themselves in my registry and files. DJ.....glad to hear that you got it with Ad_Aware ....its a good tool......and BTW there is a new update for it make sure you get it .....
Even if your son isn't................LOL
It might just work ......ROTFL

dl65 TRY either this>http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder or spysweeper from www.webroot.com

YellowRose......go to ....
http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

D/L the free Ad-Aware 6.0 build 181 it has a hijacker tool in it and should REMOVE and fix your problem.....
BE sure to click on the UPDATE button after you have D/L and installed Ad-Aware
Ad-Aware is a good tool ........you should probably RUN it every day or so .....

let us know how you make out

dl65 Just ran ad-aware.248 OBJECTS found.Sounds like a lot.Hopefully this will work.

Anyone have any ideas how this happened?Is it a virus or spyware?I don't want it to happen again.

Thanks guys.I REALLY appreciate the help.Again,3 young kids that love to play on the computer&don't want them to see this stuff.YellowRose.......Glad to hear it worked for you...you didnt say if you were able to reset your home page to the one you wanted and it stayed there ......As for how did it happen ......don't know for sure but someone using the p/c must have clicked on something and presto .........there they were.....Are you on dialup or Hi-speed and do you have any sort of firewall installed ....

let us know

dl65

Joanna....SOUNDS like you may have a virus or trojan....
what operating system are you USING ?

let us know

dl65 I have miscrosoft XP.... its a toshiba SATELLITE computer... umm.... the only REASON I didn't think it was a virus was that I just renewed my Norton Anti-Virus, so I thought it would definitely pick up a trojan or something. I have had the trojan virus before.... and usually Norton would pick it up and get rid of it before anything would happen.. Ugh... I am so frustrated. I do appreciate any help you have to offer.

thankssasser worm try a removal tool....and are there any stop/error messages...and have you winupdating it? pity..

eloz all,
I've had some prob with my modem driver coz there was no DIAL sound.. after re-installing the driver its working fine now. But the problem is the internet pages are connecting.. every site i try to visit, it says "page cannot be displayed" and there are loadsaa spywares as well.. coz my "home page" is set to "about:blank" but still it connects to some advertising website.
So does these spywares cause problems in visiting other webites?? or is it something wrong with my modem again? will it be solved if i try installing other browsers like opera?
thank you.aQtheR.....Sounds like you may have a hijacker.......
try downloading Ad-Aware.......
http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
It has a hijacker detector and remover in it .....and be sure to get the LATEST updates after you D/L it and then scan your p/c......is it safe to assume that you have a working and current anti-virus.....
let us know how you make out ...

dl65
Hi DL,
Thanks for that.. i am d/l that ad-aware and well, i got norton UPDATED antivirus run active. Leme check it with this ad-aware.. thank ya again or try shredder>http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

Jennifer......Hummmmmmmm it sound like you may have a virus or a hijacker .......I would suspect sasser .......If you go to Symantec site ...and D/l the sasser removal tool ....SAVE it to DISK .......then with the infected p/c offline ........run the removal tool and it should get rid of it ......
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html

Do you have Ad-Aware on your infected P/C .......if so again do not connect to internet and run Ad-aware .....

let us know how you make out
any error messages or anything running ....LOOK in your task manager and SEE if you see anything that looks odd.

dl65
try this if you wish>http://www.wilderssecurity.net/bhblaster.html

Recently my computer started acting up. For no reason it SHUTS down unexpectedly. I thought there was a virus but the antivirus didn't detect any viruses on my computer MAYBE is hidden. I really need your help what programs can I use or buy in order to protect from all viruses, spyware, adware, hacker you name it. Any suggestion of how to STOP these? I'm concern about security and privacy when SURFING the Internet. Need guidance. thanksteck2k.....perhaps you could give us a little more info....like what O/S are you running , what kind of Anti virus are you using..Are all your patches and updates
current and how often is your puter shutting down ? On regular time intervals or just random? Has it been doing anything else that is unusual?

Let us know,

dl65 I am running Windows ME and using 2002 norton antivirus and downloaded the most recent patches and updates. The computer shutsdown Ramdonly right in the middle of my Work. I thought that there could be a virus but the problem is the antivirus didn't detect anything.
The computer's performance is so sluggish. I getting so fed ud with system. Might as well wipe out the hard drive and start all over again.Hi tech2K....Is your NAV 2002 current check your subscription date on the status page .....the latest virus definitions were dated 05/05/2004 Read th following...
Reminiscent of last summer's Lovsan/MS Blaster worm, W32/Sasser.worm.a and W32/Sasser.worm.b are Medium Risk Internet worms that exploit a vulnerability in the Microsoft Windows operating system, especially 2000 and XP.
The sasser worm will do exactly as you describe.
When your looking at the sasser info run the test from that page and see if your Norton AV activates a warning for you when you download the "TEST page"

Hope this helps you,

dl65 Hi teck2K.....ooops I fouled up the last post .......go to
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125007&cid=10152

this should work.

dl65 http://www.javacoolsoftware.com/spywareblaster.html

Check that out. Meant to stop spyware getting on your comp in the first place.

Have to clean it up first of course. If it is not a virus or spyware you might want to take a look at your power supply. It may be on the brink of dying. download adaware and spybot, they will wipe out most of the spyware, you can find the links at www.spywareinfo.comok to run winme and any other pc here is what i recomend people should DONT UPDATE ANYTHING FROM M$OFT disable updates it was ok before when i first got it? i hear you say next stop paying for software loads of free stuff out there just what watch what you are downloading?next a firewall from sygate and antivir from majorgeeks and skin you pc ...maybe later on this...this pc has been RUNING fault free for four years and not an update insight...after all any download from m$oft can fail and so does your pc with it...and the biggest place virus lurk is system restore...disable it...

I think I have a virus problem. A week ago, when I booted up, I started getting a "Kernel" message, the desktop appears to be in the Safe Mode and my mouse does not function. A friend suggested adaware. My son seems to have downloaded adaware USING only the keyboard but we cannot navigate within the adaware (without our mouse). What can we do? Does this sound like a virus? We have Norton Anti-Virus running.
Thanks! the kernel is part of win 32 system and the TERM kernel come from nut or shell have you re-starting this pc in msdos prompt?just guessing that this is win98? is this message ...xyz has caused an error in kernel32 xyz...and you are right in saying a trojan/worm/virus has caused this nav sometimes may miss them?try a trojan hunter killer..Thank you, Merlin-
We have not tried starting in msdos, but we will. WindowsME is our OPERATING system. Can trojan hunter KILLERS be downloaded or is this software one needs to buy? It's wonderful to have some guidance. We'll get on it.options *re-install winme dont panic...here is how search for the c:\windows\options\cab folder next to the scanreg icon is the setup icon if you click this with the winme install disk in the cdrom drive it will re-install winme.. without losing any files or try this in the start menu programs\ accessories\ MSDOS prompt.......type scanreg\restore after so the command looks like this C:\WINDOWS SCANREG\RESTORE and chose the last good cab file and answer yes to all and windows will do the rest*..then download this progam>http://www.webroot.com/wb/products/spysweeper/index.php?rc=940 and have you got ie6 on your pc? *this should restore you mouse problem etc..*

I just notified Gator about it carrying Spy Ware and Add-Ons in its PROGRAM, and their reply was that in the agreement section of the program, it is explicit about not having or useing any such related spammers.
Well I've went into numerous free download Spy ware sites , to see what they come up with, and Gator comes up #1 everytime.
I use this primarily for all my internet payments and passwords.
Just want to see what others think about this program, or have any suggestions on which one is better.
Thanks,
Plumbcrazywhy not just use a bank THATS deals with internet banking gator bonzai buddy weather search gain and so on have been nothing but a pain to pc users..and the eec have banned spamming?PlumbCrazy......If you believe what they told you .....I've got a pallet of gold BRICKS I'll let you have CHEAP.....LOL
I have Gator BLOCKED and most of the Bug utilities all remove Gator......so what does that tell you ......

Stay clear of it .....


dl65 Good enough, but your not my wife.Gator is part of the Axis of Evil as noted by George Dubya.

I have RUN the latest Ad-Aware and Spy-bot. I have run BPS (BulletProof Software). Everytime I try to scan with TrendMicro, or get to some other online scan --- whatever virus or hijackers I have, shuts down my Internet Explorer. How can I get rid of this vermin!!! Please, I'm not that cyber-friendly; but I need my system to work when I need it to work!!! Can anybody help me??? If I had MILLIONS of dollars, I would hire a hacker --- to trace back whatever hacker is hijacking me, and I would find out where that hijacker lives; and I would visit him ... or her ... and I would chop-off his ... or her ... hands and give them a lobotomy with no anesthetic, so he ... or she ... could never hijack or HACK anyone ever again I'm a liberated avenger! Anybody else WANT to help with THAT DREAM!!! Dwayne .....What kind of Anti Virus do you have installed on your P/C


dl65

I have a problem w/ adware on my computer. I have Windows XP for my O/s and Norton Anti-virus 2004. I have run several system scans, and more than 20 adware files are found. However, Norton is unable to delete them and my attempts at deleting them manually have also failed. How do I get RID OF THEM??!!

Thank you very much for your TIME!Get a program such as Ad-Aware (http://www.lavasoft.de - Free Trial)

or Spybot (http://www.safer-networking.org/ - Freeware (I BELIEVE)

These programs are more sophisticated and can check the memory (At STARTUP) before the Adware can load it's self into your memory and give Norton (Or anything else that's not specifically designed to REMOVE Ad/malware) a hard time removing it.

Good luck in your endeavours..

RAPTOR

Whenever I try to start up my computer, instead of going through the normal startup routine, the blue Windows XP screen comes on, and no matter what I try (pressing F8; Cntrl, Alt, Dlt; or puttin in my XP Installation CD, the computer is stuck on that screen. What to do? What HAPPENED before this event occured?the only thing that i can think of was a couple of MESSAGES came up saying that a file wasn't working and needed to be reinstalled. but they were all pretty periferal files like messaging systems and stuff. this happened the last TIME i turned the COMPTUER on.
You should get an installation/restore screen when you enter the XP CD whilst booting.

Did you set your CD-ROM to 'First Boot DEVICE'?I don't get an installation/restore screen. I guess I didn't reset cd. I didn't know to. Just get blue logo screen after it loads.Do you know how to change the boot device?

Do you know how to enter the BIOS?

(P.S. Can we go back on topic somewhat? Thanks for the message.)

Hi, upon start-up on my computer i recieve this message which says it cant find this MODULE or something
p2esocks_1012.dll

I have used HijackThis but dont know how to interpet the information after i have scanned. What do i delete?

Logfile of HijackThis v1.97.7
Scan saved at 17:41:22, on 02/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\redirect7.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent_.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Packard Bell (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN_XP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Could anyone help? It would be GREATLY appreciated.
full of spyware and MAYBE trojans try spysweeper from www.webroot.com and this >http://vil.nai.com/vil/stinger/ and this >http://www.thespykiller.co.uk/ shredder and get another firewall...Please Read This First - Viruses & spyware

Download the programs recommended.

chelc.....are you not able SET BIOS to boot from floppy....shut down .....insert floppy and restart then using the bootdisk ....REMOVE the partition and then format .......set the bios to start with cd assistance ....PUT in the win cd and let it load ?

Everytime I get on my computer, it says EXPLORER has performed and illegal operation. I cannot open any of the programs. When I click "ok" the screen goes to just my wallpaper and sometimes it then repeats the same process. Once, after I kept clicking ok the WORD "kernal" came up at the top of one of the illegal operation bars. I tried restarting my computer from a new Norton Anti-virus cd and it searched for over 5 hours until it said no virus found on the C drive. I can't load the cd while in safe mode. When I try to get on the internet it won't get online and only says the communications port it busy. Is there a virus on there or is there something else? Please help me. Thanks.........It certainly sounds like a virus is present.....and the problem using the NAV cd is that it doesnt have all the current virus updates......and there a lot of them.......
can you be a bit more specific as to the ERROR messages you have been getting and what operating system are you using


dl65I am using Windows 98. The only thing I can exlplain is that it just shows one of those illegel operations windows in the MIDDLE of the screen and it says that the program performing the illegel operation is explorer. The kernal thing only happened once and now it just goes to the wallpaper screen after I click ok on the illegel operation box.

So i ran SpyDoctor which got rid of some things and after that i kept getting an error message every minute or so, it would pop up with a message like "Error LOADING 'file name here'..." so my friend had me type 'msconfig' into RUN and it got rid of that certain file's problem but then i get a new error that says "Error loading C:\PROGA~1\INTERN~2\inetkw.dl the specified module could not be found" and it pops up every minute like the other error only when i tried msconfig in run, it didn't stop the problem. i don't know how to get rid of it. can anyone help?Please Read This First - Viruses & Spyware

Install the programs RECOMMEND to see if they are the SOLUTION to your problem.thanks for the link, but i've tried all the solutions i found but nothing has worked and i'm still having the problem.. :-/DISPITE DOWNLOADING a bunch of programs and virus scanners my problem has not gone away. i am at lost of what to do! i think i might've deleted a file that windows xp needed. and i tried system restore but nothing has worked.I never quite heard of Spydoctor. Does it create backups of what it removes? If yes, I suggest you load those, remove Spydoctor and use an adware remover such as Adaware SE or Spybot Search & Destroy to remove any spyware that may have come with loading the backup files.hey thank you for the help. i don't know what my brother did but he fixed it for me. and i currently run adware on my computer now. Thanks for all the help!

I need HELP! My wallpaper turns black and changes into an image of a "spiderweb tattooed a**hole"! I've got adaware, spybot, avast and zone alarm running and updated but they don't detect the problem! The pest puts a bmp file in winnt folder that sets as wallpaper. Even if i delete it and the temporary files, the wallpaper changes after a short time!
I tried to run spybot and adware in safemode and also to delete a value in regedit in which I found the bmp file "WALLCHANG.BMP" but it doesn't fix! I NOTICED that the pest add 2 files in winnt:
WALLCHANG.BMP
WP.JPG
they are the same image but the one DISPLAYED in the desktop properties is only the first one.

I DON'T KNOW WHAT TO DO! HELP!
thanks!
Lolinza
HijackThis! may help you.

I wonder what kind of websites you VISIT to end up with something like that.. i just have it...i can paste my start up here so that you have a look? in the meantime i tried to lock my wallpaper settings in the registry ADDING NoChangingWallpaper DWORD in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
ActiveDesktop]
it seems to work but, veven if so, i haven't solve the problem...

ps...i don't visit that kind of websites!


HERE'S THE LOGFILE:

Logfile of HijackThis v1.97.7
Scan saved at 13.46.04, on 31/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashserv.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\MSTask.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Speed Disk\nopdb.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Programmi\tbridge\Flatbed.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Programmi\WLAN\802.11 Wireless LAN\WWlanMonitor.exe
C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Documenti\mp3\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.fastweb.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: load=C:\Progra~1\TBridge\Flatbed.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NAVAPIW32] C:\WINDOWS\SYSTEM32\NAVAPIW32.exe
O4 - HKLM\..\Run: [avast!] C:\Programmi\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU\..\Run: [UninstallAbility] "C:\Programmi\UninstallAbility\uability.exe" /AUTO
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WLAN Monitor Utility.lnk = C:\Programmi\WLAN\802.11 Wireless LAN\WWlanMonitor.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/222563200ebb1e3fa717/netzip/RdxIE601_it.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

I donot see anything out of the ordinary. Did you?

Perhaps you should allow either Adaware or Spybot S&D (Not at the same time) to boot at startup (Check settings) They may be able to remove the culprit by accessing the memory before other programs can.

I installed my av program a few days ago. It won't let me register my produce, receive live updates or get on the tech web site.
Everytime I try to update or register, it says that I am not connected to the internet and to check that I am able to connect, and this is as the internet is running. Every TIME I try to get on the website, it comes up that the page is not AVAILABLE. Does anyone have any ideas for me?
The software will do a full scan, but it says that my virus definition is not up to date. I am worried that I could get a virus while I am trying to figure this out.
Any help would be appreciated.

Thank you very much.angie....there's a very good possibility that you have a virus on your machine........so try this go to the symantec site ......
http://www.symantec.com/index.htm and scroll down to the download section and click on the free security check......when it opens up click on virus scan ......and it will scan your system with the most current updates.....
(before you do the scan be sure to shut down your Nortn Anti virus) ......and after it finishes I would go off line and uninstall the NORTON antivirus and reinstall it then try to activate and update .......the odd thing is even if you havent activated Norton antivirus it should let you update .......
Is it Norton 2004 you have and do you have a firewall which may be preventing connection......Also do you have auto update turned on ?
let us know how you make out ...

dl65 I had just gotten my computer back from the computer store, (had a virus) where I purchased the av software. I got home and installed the program. It ran the preinstall and then installed. I ran a full scan and everything was fine. I then connected to the internet and tried to register the program, and it wouldn't let me, and then I tried to do the live update and once again, it wouldn't do it because it said that it didn't have a connection to the internet, even though it was running the whole time. It was NAV 2004, and I do have a firewall on and the auto update on the av is on.

Any ideas???
Thank youangie.....did the store happen to mention which virus your pc had......because there's a new one in the last few day......CALLED W32.Korgo.l .....and what it does is prevents you from getting any Norton or Microsoft updates.......however there is a removal tool on symantecs site.... http://www.symantec.com/index.htm
look at latest threats and click on the above one and you will go to the page on which the removal tool is......you may have to use another pc to get there and D/L it to a DISK or cd and then run it on your machine ...
The other thing is perhaps disable the firewall when your trying to get to Norton on the off chance that the firewall is stopping you .
let us know how you make out

dl65 Thank you for your reply. I tried disabling the firewall earlier, but it didn't help. I will have to try the D/L tomorrow, and go from there. I ran the scan again and found three trojan viruses, which NAV quarantined and removed. Will I have to do anything else, or did the av really take care of it? Once again, thanks for the advice. I really do appreciate it.If Norton Anti Viruses quarantined them, you should be safe and sound.

You should do an extra online scan just in case.

I dont kno whats happened but i only REALISED i had comp problems when i couldnt access my emails through hotmail.com. I have scanned my comp with a number of adware and spyware SCANNERS but i still cannot access my emails. I tried entering the registry editor but when i try to OPEN it (start/run/regedit/open) it doesnt open could anyone PLEASE help me.

OS is XPI cant access safe mode either
Try doing a system restore.

If that doesn't help, you can attempt to repair Windows XP by using the Windows XP CD as a boot DISK.

I have run Ad Aware and SPYBOT and there are a few files that neither one can get rid of. I have tried to remove them myself and it tells me "cannot delete:ACCESS denied". What can I do?FIRST you can GIVE us some idea as to what the files are. Does Adaware or spybot recommend any actions?You can tell Ad-aware to start it's self before the rest of the programs load into the memory.

This will prevent ad/malware to be loaded into the memory.

Usually when Ad-aware cannot remove certain Ad/malware infections it will ask if it has to run at startup.

Press the settings button -> General -> Run at Windows Start Up

I've successfuly used Norton (Symantec) for years on Windows 98. Recently upgraded to Windows 2000 and added the RIM Blakberry synchronization software.

To GET the Blackberry to work, I had to DISENGAGE the Norton anti-virus. Now I can't enable it again. Tried to uninstall & reinstall. No help there.

Any thoughts??Did you cleanse your registry before installing Norton again?

http://www.snapfiles.com/get/regseeker.html - Regseeker - Freeware

Do as the programs tells you. Always tag the 'backup' option.

And what is Quote

RIM Blakberry synchronization software

Hi I don't know what happen but I cannot log into my hotmail account. I can't SEND my from my school's mailing account. I can't hit submit when i try to change my profile on some forums. I can't hit submit when i post on some forums. I think it the problem worsen everyday. I don't know what to do. I have try reinstalling WINDOWS XP but that just wiped out my entire computer w/o resolving the issue. I try rebooting my computer using the 4 system restore but that also only wiped out my computer w/o resolving the issue. As I write this I can only hope the submit button works. I don't know what to do. I have tried posting it on some random forums on the INTERNET but no one seems to be able to help me. I can't even access windows update. It gives me an error and says "we're sorry." I try running the troubleshooter for windows update but it was hard to understand. More or less, my problem is still at hand. I can't check my mails, i can't send it, i can't post things. What good is this internet now? I have even ran the latest version of NORTON Anti Virus and clean out everythign with SpyDoctor. The problem still exist. Please help me, I beg of you. Did you format before reinstalling Windows XP or only uninstalled Windows XP?

I suggest you format before reinstalling Windows XP.

Please Read This First - Viruses & Spyware

But before you do so, try a few of these applications to see if they can help you out of this situation.tools /internet/options /advanced /security verify the site you want is not BLOCKED.
If you have cookies enabled,but specific ones blocked the sites just error out, but do not inform you of a cookie failure the sites just check for cookies not for blocked ones or try this >http://support.msn.com/contactus_emailsupport.aspx?productkey=messenger&ct=eformfree

I recently RECEIVED a letter in my Hotmail junk mail informing me that something that I am supposed to have ordered had been shiped and my credit card had been billed. There was a place I was to click if I wanted to SEE what it was all about. Well I clicked it as I had not ordered anything. Now if I click on a shortcut on my desktop nothing happens and also on my program list. I am useing windows 2000. Is there ANYWAY to fix this without formating my hard drive?I'd boot into safe mode and SCAN for VIRUSES. Are you able to get out to the internet?You can also try if Ad-aware or Spybot Search & Destroy will help you.

http://www.lavasoftusa.com/ - Ad-aware 6.0 - Free Trial

http://www.safer-networking.org/ - Spybot S&D - Freeware

how to REMOVE malware & data miner?avocada...go to ......
http://download.com.com/3000-2144-10214379.html?tag=lst-0-1

GET Ad-Aware ..........then d/l the UPDATES and it will rid you of the pests


dl65 Get SPYBOT Search & DESTROY too.

Data miner are just harmelss cookies in my experience. You delete thewhen you delete cookies.

I recently got a new computer and WANTED to use some files I SAVED ONTO a CD-R disk from my old computer, but when I try to do anything on the disk I get a W32.pinfi virus warning. I did what the instructions on the Norton site said but it didn't HELP. How can I eliminate the virus?

PS- I don't know if the problem is because I wrote the files using DirectCD on WinME.Tell Norton to ignore the warning, install the files that are not infected and then run a full virus scan once done INSTALLING.

Hi,

I have been having a lot of problems lately, with my computer slowing down considerably. The major nuisance is that I keep getting alerts from Norton and Ewido telling me that a TROJAN was found in x or y file, which is always in my windows temp folder. I click okay for it to clean it, but this just happens over and over, generally with different files. ALSO, cleaned files come back. Ewido tells me I have Worm.Hantaner.A and Norton tells me I have W32.HLLP.Handy, which I believe are the same files. Sometimes it appears as Trojan.Bispy.

I realized that the VIRUS has been creating all these temp files, usually in the windows temp folder and about 40MB in size, and thus eating up all my hard drive space. My computer would crash when I tried to delete these files, but I was able to get rid of them using a program called Empty Temp Folders. However, the virus is still in here somewhere because these temp files come back.

Also, for a while, I got these alerts linking the trojan to webrebates, a spyware program that infiltrated my system. I think I got rid of webrebates, but now the trojan is showing up as being in the temp files.

I ran a Norton SCAN, after running liveupdate, and it found nothing. I downloaded a bunch of anti-spyware programs, and I now have SpeedyUpMyPC, Ewido, SpyGuard, SpyBlaster, TrojanHunter, Spybot, Ad-Aware, and Registry Medic to try to keep my computer safe. I also use Firefox instead of Internet Explorer now. I also ran an online virus scan from Trend Micro, and I ran The Cleaner 4.1. All the scans tell me that I don't have any spyware, and they don't find any viruses either. But I keep getting the alerts.

I'm REALLY not sure what to do. Any help would be great.

This link may be of use:

W32.HLLP.Handy

That packs a punch with trojans and alike >http://vil.nai.com/vil/stinger/ it pay to keep it on you pc ..you NEVER know when it MIGHT come in handy Merlin, what does this program have that a (decent) virus SCANNER cannot offer?Raptor....... Here's the scoop on Stinger.......
McAfee AVERT Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next GENERATION scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.


This version of Stinger includes detection for all known variants, as of August 16th, 2004:
BackDoor-AQJ BackDoor-CFB BackDoor-CHR
BackDoor-JZ Bat/Mumu.worm Exploit-DcomRpc
IPCScan IRC/Flood.ap IRC/Flood.bi
IRC/Flood.cd NTServiceLoader PWS-Narod
PWS-Sincom.dll W32/Anig.worm W32/[emailprotected]
W32/Blaster.worm (Lovsan) W32/[emailprotected] W32/Deborm.worm.gen
W32/Doomjuice.worm W32/Dumaru W32/Elkern.cav
W32/[emailprotected] W32/FunLove W32/Klez
W32/Korgo.worm W32/Lirva W32/Lovgate
W32/Mimail W32/MoFei.worm W32/Mumu.b.worm
W32/MyDoom W32/Nachi.worm W32/Netsky
W32/Nimda W32/Pate W32/Polybot
W32/Sasser.worm W32/Sdbot.worm.gen W32/[emailprotected]
W32/Sober W32/Sobig W32/SQLSlammer.worm
W32/[emailprotected] W32/[emailprotected] W32/Zafi
W32/Zindos.worm

I hope Merlin doesnt mind me answering , but I saw your question.

cheers
dl65

Thanks, DL65.thanks dl65 m_2....his bark is worst than his bite >http://www.ucmp.berkeley.edu/diapsids/eoraptor.html and its just a joke....