Results 1 to 8 of 8

Thread: Continuous Problems.

  1. 2007-08-05, 06:18 #1
    darkomen
    darkomen is offline
    Junior Member
    Join Date
    Aug 2007
    Posts
    4

    Default Continuous Problems.

    I had Nortons, but it slowed my laptop to a snails pace. So I removed it and got the infamous spylocked. I installed Zone Alarm and Spybot per a techs advice when I got spylocked and had to spend 2 hours trying to fix it myself. I also swapped to firefox since I was told it was a lower risk for internet threats. Now, I'm still getting numerous issues that I can't explain. I'm pc literate but not a tech, and frankly frustrated trying to remove threats that reappear constantly. Please Advise.

    ____________________________________________

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:14:49 PM, on 8/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
    c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\EzButton\EzButton.EXE
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\System32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
    C:\toshiba\ivp\ism\ivpsvmgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_DIR~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
    O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-2796700682-2971222393-2700038078-1003\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
    O4 - HKUS\S-1-5-21-2796700682-2971222393-2700038078-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

    --
    End of file - 7477 bytes
  2. 2007-08-05, 13:09 #2
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,538

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    See this: http://forums.spybot.info/showpost.p...80&postcount=2
    C:\Program Files\Java\j2re1.4.2_05\ <<< if your out of date Java has not gotten you infected, it is just a matter of time. Download the newest version and uninstall all old versions in Add Remove programs.

    Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm
    If you must run it from the Desktop, at least create a folder like this: C:\Documents and Settings\Owner\Desktop\HJT\HiJackThis.exe
    logs and backups will store in that folder safely also.
    Now, I'm still getting numerous issues that I can't explain
    Frankly, I wish you had tried. The HJT log is showing some adware and virtually nothing else. This is not unusual, much malware can hide from HJT, and we depend on feedback from the user, symptoms, error message, to give us a direction. I would appreciate it if you would take the time to try to describe what is going on with your computer. If you receive any error messages, please post those "word for word". You said:
    and frankly frustrated trying to remove threats that reappear constantly.
    Please tell me more about what is appearing constantly.

    The one word you did give me is "Spylocked", and that is usually part of a Smitfraud infection, let's have a look for that:
    http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.

    Search:
    Double-click SmitfraudFix.exe
    Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consultin...rocessutil.htm

    All I need now is more information and the C:\rapport.txt from Smitfraudfix.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  3. 2007-08-05, 19:12 #3
    darkomen
    darkomen is offline
    Junior Member
    Join Date
    Aug 2007
    Posts
    4

    Default rapport

    I created an HJT file, but apparently I can't figure out how to move hijackthis into it. As for examples, yesterday my computer was opening C:/ prompt dos windows on its own, I keep getting requests for program access to the internet from bad sites, and spybots keeps reporting the same issues everytime I run a scan. I will report more this evening. Here is the rapport...

    SmitFraudFix v2.208

    Scan done at 10:08:02.23, Sun 08/05/2007
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
  4. 2007-08-05, 22:32 #4
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,538

    Default

    I created an HJT file, but apparently I can't figure out how to move hijackthis into it.
    Please delete everything, remove HJT from your computer. Once that is done, go here:
    http://hijack1.trend-braintree.com/h...HJTInstall.exe
    This is a self-installer and it will put HJT in the right place if you just follow the prompts.
    As for examples, yesterday my computer was opening C:/ prompt dos windows on its own, I keep getting requests for program access to the internet from bad sites, and spybots keeps reporting the same issues everytime I run a scan.
    You have told me absolutely nothing there, read what you said and you should see what I mean.

    Smitfraudfix reports nothing, remove it completely from your computer.

    Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.
    (You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)

    AVG Anti-Spyware has updated, let's give it a try to see what it reports.
    The tutorial is new, so please let me know how it works.

    1. Download AVG Anti-Spyware Free Edition
    2. http://free.grisoft.com/doc/download.../frt/0?prd=asf
    3. Save the Installation files to your Desktop
    4. Double click the installer on the Desktop
    5. Choose the Language using the drop down menu then click OK
    6. Recommended that you close all other applications before clicking NEXT
    7. Install in the default location: C:\Program Files\Grisoft\Anti-Spyware 7.5
    8. Make sure Run AVG Anti-Spyware 7.5 is checked then click Finish.
    9. Update first then choose "Scan Now"
    10. Choose Complete System Scan
    11. Chose Recommended actions and choose Delete or quarantine.
    You can also choose Ignore if there is something you think may be valid.
    12. Click Reports then Save Report as. Save it to your Desktop.
    13. Open the Report on the Desktop and click on Edit then Select All.
    14. Copy and Paste that information to this topic.


    Restart the computer and post the uninstall list and the AVG Anti-Spyware scan report.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  5. 2007-08-06, 08:25 #5
    darkomen
    darkomen is offline
    Junior Member
    Join Date
    Aug 2007
    Posts
    4

    Default I should've kept better notes =(

    Adobe Acrobat 5.0
    Adobe Flash Player 9 ActiveX
    ALPS Touch Pad Driver
    Atheros Wireless LAN MiniPCI card Driver
    CD/DVD Drive Acoustic Silencer
    DVD-RAM Driver
    Easy Button
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB926239)
    HP Customer Participation Program 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart and Deskjet 7.0 Software
    HP Photosmart Essential
    HP Software Update
    HP Solution Center 7.0
    Intel(R) Extreme Graphics 2 Driver
    InterVideo WinDVD for Toshiba
    Java DB 10.2.2.0
    Java(TM) 6 Update 2
    Java(TM) SE Development Kit 6 Update 2
    Learn2 Player (Uninstall Only)
    Microsoft .NET Framework 1.1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office OneNote 2003
    Microsoft Office XP Media Content
    Microsoft Office XP Professional
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Works 7.0
    Mozilla Firefox (2.0.0.6)
    MS Access 97 SP2
    MUSICMATCH Jukebox
    Notebook Maximizer
    Odyssey Client
    QuickTime
    RealPlayer
    Realtek AC'97 Audio
    Realtek Fast Ethernet Adapter Driver
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    SMSC IrCC V5.1.3600.5
    Sonic DLA
    Sonic RecordNow!
    Spybot - Search & Destroy 1.4
    SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
    Symantec KB-DocID:2003093015493306
    TOSHIBA Access
    TOSHIBA ConfigFree
    TOSHIBA Console
    TOSHIBA Fax Extension
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Management Utility
    Toshiba Registration
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    Toshiba Tbiosdrv Driver
    TOSHIBA Zooming Utility
    Touch and Launch
    TouchPad On/Off Utility
    TurboTax Basic 2006
    TurboTax ItsDeductible 2006
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB936357)
    Viewpoint Media Player
    WexTech AnswerWorks
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893086
    Wireless-G Notebook Adapter with SpeedBooster
    ZoneAlarm
    _____________________________________________________________
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 11:18:36 PM 8/5/2007

    + Scan result:



    C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP229\A0037860.exe -> Adware.SpyLocked : Cleaned.
    :mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oeqsvzfp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.


    ::Report end
    _________________________________

    I meant earlier that my computer opened 4-5 Command Prompt screens as if something was trying to execute on the DOS level. I think a few of the repeat issues appear to simply be cookies from firefox. I unfortunately can't give any further information other than I was getting zonealarm alerts on programs that when I googled them were said to be malware and possibly trojans. I apologize that I don't remember the names of the programs. If these reports reveal anything further great, if not I guess I'll simply have to wait it out until I have better and more concise information for you. Thank you for your help and patience.
  6. 2007-08-06, 13:07 #6
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,538

    Default

    Thanks for returning your information.
    I should've kept better notes =(
    Exactly, what I do when I get an error message is make a screenshot of it and file it in MyDocuments, if it happens again or if I need to show it I have it.
    http://www.google.com/search?hl=en&q...=Google+Search

    Uninstall list, I am looking for malware or security issues, good chance for you to look for stuff you no longer use or do not know.

    Viewpoint Media Player <<< do you use this?http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
    http://www.spywareinfo.com/newslette....php#viewpoint
    http://www.clickz.com/news/article.php/3561546

    AVG Anti-Spyware - Scan Report
    C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP229\A0037860.exe -> Adware.SpyLocked : Cleaned
    Instance of SpyLocked backed up in System Restore, we will clean those files before we finish.
    4-5 Command Prompt screens as if something was trying to execute on the DOS level.
    If you can get information about this, try posting a query in a good XP related forum, here are two:
    http://www.bleepingcomputer.com/forums/forum56.html
    http://forums.tomcoyote.org/Other_Co...blems_f83.html
    I unfortunately can't give any further information other than I was getting zonealarm alerts on programs
    I also run ZoneAlarm and if I would have it set to prompt me everytime malware from the internet tries to access my computer I would go nuts. I block all attempts silently and nothing has internet access I do not know.
    You may want to view the Flash Tutorial available at the ZA control center, on the status tab to the upper right corner. Since I updated I have had 101 intrusions that have been blocked, but since I block them silently I am not bothered by these. This is going to happen if you surf the net, for instance:
    http://www.theregister.com/2007/05/1...e_malware_map/
    http://redtape.msnbc.com/2007/05/the_next_net_th.html

    Here is information that may help improve your computers performance:
    http://www.castlecops.com/postitle175256-0-0-.html
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.microsoft.com/atwork/gets...a&mg_id=20292b

    I would say you are probably good to go, let's clean System Restore:
    System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

    Some good information for you:
    http://users.telenet.be/bluepatchy/m...revention.html

    Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    Last edited by pskelley; 2007-08-06 at 13:09. Reason: add information
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  7. 2007-08-06, 18:07 #7
    darkomen
    darkomen is offline
    Junior Member
    Join Date
    Aug 2007
    Posts
    4

    Default thank you

    I removed Viewpoint. I'll take some time later and go through to see what garbage has been here since purchase. I appreciate you looking into everything and once again thank you.
  8. 2007-08-15, 20:17 #8
    tashi
    tashi is online now
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,479

    Default

    As the problem appears to be resolved this topic has been archived.

    If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

    Cheers.
    UNITE-ASAP

    Microsoft MVP. Consumer Security 2006-2013

    Please help us improve Spybot, download our distributed testing client
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules