2 Questions:
1. Did we get the Firefox login issue sorted out?
2. How did you get on with the firewall & the shutdown issue?
Ad.yieldmanager.com Hijacker? [RESOLVED]
Started by
mismi
, Aug 14 2008 01:07 PM
-
This topic is locked
#16
Posted 29 August 2008 - 04:55 PM
sage5
-
- Retired Staff
-
- 2,646 posts
RIP 10/2009
2 Questions:
1. Did we get the Firefox login issue sorted out?
2. How did you get on with the firewall & the shutdown issue?
#17
Posted 30 August 2008 - 07:29 AM
mismi
- Topic Starter
-
- Member
-
- 18 posts
Member
Hi sage5.
Sorry for the slow reply. I`m still new to this forum and I didn`t realize that you had sent a reply because it was on another page that I didn`t see as being there.
No Sir, I haven`t worked through this fix yet. I went to work yesterday and my wife and I went out last night, so I`m just getting back into this. I`m pretty slow when It comes to computer issues because I`m learning as I go.
Thank you for checking back with me! I`ll get back with you shortly on this.
Thanks sage5,
mismi
Sorry for the slow reply. I`m still new to this forum and I didn`t realize that you had sent a reply because it was on another page that I didn`t see as being there.
No Sir, I haven`t worked through this fix yet. I went to work yesterday and my wife and I went out last night, so I`m just getting back into this. I`m pretty slow when It comes to computer issues because I`m learning as I go.
Thank you for checking back with me! I`ll get back with you shortly on this.
Thanks sage5,
mismi
#18
Posted 30 August 2008 - 06:15 PM
mismi
- Topic Starter
-
- Member
-
- 18 posts
Member
Hi sage5.
Well, I did as you asked. I re-installed Firefox as you said by copying my Firefox profile folder to the desktop/downloaded the Firefox setup file to there as well/uninstalled Firefox/ (using Revo uninstaller - more on this in a bit) re-booted and reinstalled Firefox with no problems and it seems (for the moment) to be working OK.
However, I keep getting signed off from my Google home page when I close Firefox, even though the Yahoo account works fine by keeping me signed in for the maximum 2 week period with the same browser cooking settings of allowing cookies until I close Firefox. When I check, Firefox is allowing cookies from Google.com & Yahoo.com. Those two are the only ones that I allow to stay and are stored on my computer. I can check the View Page Info with Firefox 3 by right clicking on the Google page to see what the permission setting is and instead of just allowing cookies for the session which is the default setting, I check Allow and it works like it should. Then I go back to the View Page Info and reset it back to the default setting of Allow For Session and it will work for a while before reverting back to signing me off every time that I close Firefox. One would say that it is doing exactly as it should with the Allow For Session selection that I am choosing by signing me out after I close Firefox. The question that I have is; why is my Yahoo account working just fine with the same Allow For Session setting selection. I don`t mean to be long winded and get bogged down here with this, but the last part of this post may explain the reason for my elevated eyebrows.
Oh yes, when I read your first reply/post to my problem, I saw that you use the COMODO firewall, so I began to do a little research on it. As usual, you can find people that like and dislike any product. Several of those that didn`t care for it for whatever the reason used Revo Uninstaller to remove it. So I did some research on that as well. Glad I did. On my first post regarding the problem that I was having to this forum, I said "I had just purchased the new Tecra and immediately deleted Norton then loaded AVG and updated". Or so I thought. Today before I uninstalled Firefox, I decided to download Revo Uninstaller. When I pulled up Revo to see the list of programs on my machine to compare it to the list in the Windows Add or Remove utility, guess what was there? Yeah you`re right, Norton 360. Hidden from view. All 3.4 mbs and 167 objects of the program waiting to be installed just like I left it when I thought that it was uninstalled. Revo took care of that nicely. Funny how it was not on the list of programs in the Add/Remove utility. Just a thought.
Now here is the portion of the post that causes me concern:
While working on this today, after re-activating AVG Resident Shield, I had a pop-up window from AVG telling me that it had found the BackDoor.Hupigon virus and gave me the option to move this to the Virus Vault, which I did. Then over an hour later, I got another security notice warning me of the "Potentially Unwanted Program"; HideExec.EV and over an hour later I received that security warning again. I`m wondering if the virus is trying to use the PUP HideExec.EV to launch itself and run unseen in the background out of the system restore points?
Here is what is in the AVG vault:
Infection type: Infection
Virus found: BackDoor.Hupigion
Path to file: C:\System Volume Information\_restore{77D9D35D-FC5B-4939-BA43-F3D91D209A31}\RP28\A0002163.old 8/30/2008, 1:14:12 PM
Infection type: PUP
Potentially harmful program: HideExec.EV
Path to file: C:\System Volume Information\_restore{77D9D35D-FC5B-4939-BA43-F3D91D209A31}\RP28\A0002181.exe 8/30/2008, 2:01:54 PM
Infection type: PUP
Potentially harmful program: HideExec.EV
Path to file: C:\System Volume Information\_restore{77D9D35D-FC5B-4939-BA43-F3D91D209A31}\RP28\A0002327.exe 8/30/2008, 3:26:58 PM
This is where I am at this point.
Thanks again for your help sage5. Really
mismi
Well, I did as you asked. I re-installed Firefox as you said by copying my Firefox profile folder to the desktop/downloaded the Firefox setup file to there as well/uninstalled Firefox/ (using Revo uninstaller - more on this in a bit) re-booted and reinstalled Firefox with no problems and it seems (for the moment) to be working OK.
However, I keep getting signed off from my Google home page when I close Firefox, even though the Yahoo account works fine by keeping me signed in for the maximum 2 week period with the same browser cooking settings of allowing cookies until I close Firefox. When I check, Firefox is allowing cookies from Google.com & Yahoo.com. Those two are the only ones that I allow to stay and are stored on my computer. I can check the View Page Info with Firefox 3 by right clicking on the Google page to see what the permission setting is and instead of just allowing cookies for the session which is the default setting, I check Allow and it works like it should. Then I go back to the View Page Info and reset it back to the default setting of Allow For Session and it will work for a while before reverting back to signing me off every time that I close Firefox. One would say that it is doing exactly as it should with the Allow For Session selection that I am choosing by signing me out after I close Firefox. The question that I have is; why is my Yahoo account working just fine with the same Allow For Session setting selection. I don`t mean to be long winded and get bogged down here with this, but the last part of this post may explain the reason for my elevated eyebrows.
Oh yes, when I read your first reply/post to my problem, I saw that you use the COMODO firewall, so I began to do a little research on it. As usual, you can find people that like and dislike any product. Several of those that didn`t care for it for whatever the reason used Revo Uninstaller to remove it. So I did some research on that as well. Glad I did. On my first post regarding the problem that I was having to this forum, I said "I had just purchased the new Tecra and immediately deleted Norton then loaded AVG and updated". Or so I thought. Today before I uninstalled Firefox, I decided to download Revo Uninstaller. When I pulled up Revo to see the list of programs on my machine to compare it to the list in the Windows Add or Remove utility, guess what was there? Yeah you`re right, Norton 360. Hidden from view. All 3.4 mbs and 167 objects of the program waiting to be installed just like I left it when I thought that it was uninstalled. Revo took care of that nicely. Funny how it was not on the list of programs in the Add/Remove utility. Just a thought.
Now here is the portion of the post that causes me concern:
While working on this today, after re-activating AVG Resident Shield, I had a pop-up window from AVG telling me that it had found the BackDoor.Hupigon virus and gave me the option to move this to the Virus Vault, which I did. Then over an hour later, I got another security notice warning me of the "Potentially Unwanted Program"; HideExec.EV and over an hour later I received that security warning again. I`m wondering if the virus is trying to use the PUP HideExec.EV to launch itself and run unseen in the background out of the system restore points?
Here is what is in the AVG vault:
Infection type: Infection
Virus found: BackDoor.Hupigion
Path to file: C:\System Volume Information\_restore{77D9D35D-FC5B-4939-BA43-F3D91D209A31}\RP28\A0002163.old 8/30/2008, 1:14:12 PM
Infection type: PUP
Potentially harmful program: HideExec.EV
Path to file: C:\System Volume Information\_restore{77D9D35D-FC5B-4939-BA43-F3D91D209A31}\RP28\A0002181.exe 8/30/2008, 2:01:54 PM
Infection type: PUP
Potentially harmful program: HideExec.EV
Path to file: C:\System Volume Information\_restore{77D9D35D-FC5B-4939-BA43-F3D91D209A31}\RP28\A0002327.exe 8/30/2008, 3:26:58 PM
This is where I am at this point.
Thanks again for your help sage5. Really
mismi
#19
Posted 30 August 2008 - 08:16 PM
sage5
-
- Retired Staff
-
- 2,646 posts
RIP 10/2009
Hi mismi ,
To the best of my knowledge, any files in the C:\System Volume Information\_restore{77D9D35D-FC5B-4939-BA43-F3D91D209A31} folders are in "quarantine" & cannot run, so I'd say that those warnings are probably triggered by:
the Indexing Service scanning your C:\ drive in the background, and AVG's real time protection doing its job.
Lets go the general cleanup first to get rid of thos files:
Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Time for some housekeeping:
That should fix the issue of those files, but if you want you could do a Panda ActiveScan as a check.
http://www.pandasoftware.com/products/activescan.htm
That Google login issue could be due to a number of things.
I think that you really should start a new thread in the Web Browsers and Email forum
To the best of my knowledge, any files in the C:\System Volume Information\_restore{77D9D35D-FC5B-4939-BA43-F3D91D209A31} folders are in "quarantine" & cannot run, so I'd say that those warnings are probably triggered by:
the Indexing Service scanning your C:\ drive in the background, and AVG's real time protection doing its job.
Lets go the general cleanup first to get rid of thos files:
Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Exit on the Main menu to close the program.
Time for some housekeeping:
- Follow these steps to uninstall Combofix and tools used in the removal of malware
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.
To Clear Restore points, please do the following:- Go to Start > Control Panel.
- Double-click the System icon.
NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
- Click the System Restore tab.
- Put a check by Disable System Restore.
- Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
- Go back to the Troubleshooting tab.
- UNcheck Disable System Restore.
- Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
That should fix the issue of those files, but if you want you could do a Panda ActiveScan as a check.
http://www.pandasoftware.com/products/activescan.htm
- Once you are on the Panda site click the Scan your PC button.
- Enter your Country, State/Province & email address
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it.
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Perhaps as C:\panda log.txt
That Google login issue could be due to a number of things.
I think that you really should start a new thread in the Web Browsers and Email forum
Edited by sage5, 30 August 2008 - 08:19 PM.
#20
Posted 30 August 2008 - 10:22 PM
mismi
- Topic Starter
-
- Member
-
- 18 posts
Member
Hi sage5.
Thank you for the awesome responses to the malware issues I`ve had.
Yes, you`re right. I knew that I was pushing the envelope by discussing something as off topic as the Google log in issue.
Hope that you`re having a good afternoon down under.
I`ll get back with you shortly.
mismi
Thank you for the awesome responses to the malware issues I`ve had.
Yes, you`re right. I knew that I was pushing the envelope by discussing something as off topic as the Google log in issue.
Hope that you`re having a good afternoon down under.
I`ll get back with you shortly.
mismi
#21
Posted 31 August 2008 - 11:58 AM
mismi
- Topic Starter
-
- Member
-
- 18 posts
Member
Hi sage5.
1. I ran ATF.
2. I uninstalled Combofix.
3. I cleared the restore points/re-booted/turned System Restore back on.
4. I ran a scan at http://www.pandasoft.../activescan.htm .
5. I ran a fresh Hijackthis scan.
Question; do you suggest leaving the Windows Recovery Console installed? Do you have this on your machine?
Here are the scan logs.
Panda:
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-08-31 12:29:08
PROTECTIONS: 1
MALWARE: 0
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG Anti-Virus Free 8.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location r
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description r
;===============================================================================
=================================================================================
===================
182048 HIGH MS07-069 r
182043 HIGH MS07-064 r
176382 HIGH MS07-057 r
170907 HIGH MS07-046 r
170906 HIGH MS07-045 r
170904 HIGH MS07-043 r
164913 HIGH MS07-033 r
160623 HIGH MS07-027 r
150253 HIGH MS07-016 r
133387 MEDIUM MS06-065 r
;===============================================================================
=================================================================================
===================
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:58 PM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...shibadirect.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
--
End of file - 10337 bytes
Thank you for your help sage5.
mismi
1. I ran ATF.
2. I uninstalled Combofix.
3. I cleared the restore points/re-booted/turned System Restore back on.
4. I ran a scan at http://www.pandasoft.../activescan.htm .
5. I ran a fresh Hijackthis scan.
Question; do you suggest leaving the Windows Recovery Console installed? Do you have this on your machine?
Here are the scan logs.
Panda:
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-08-31 12:29:08
PROTECTIONS: 1
MALWARE: 0
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG Anti-Virus Free 8.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location r
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description r
;===============================================================================
=================================================================================
===================
182048 HIGH MS07-069 r
182043 HIGH MS07-064 r
176382 HIGH MS07-057 r
170907 HIGH MS07-046 r
170906 HIGH MS07-045 r
170904 HIGH MS07-043 r
164913 HIGH MS07-033 r
160623 HIGH MS07-027 r
150253 HIGH MS07-016 r
133387 MEDIUM MS06-065 r
;===============================================================================
=================================================================================
===================
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:58 PM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...shibadirect.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
--
End of file - 10337 bytes
Thank you for your help sage5.
mismi
#22
Posted 31 August 2008 - 05:18 PM
sage5
-
- Retired Staff
-
- 2,646 posts
RIP 10/2009
Hi mismi ,
You have done a great job with this & I think we are done now.
I would like you to get rid of one more non functioning service using the batch file below:
Delete bad services:
Please hgihlight all of the text in the Code box below.
Now, copy (Ctrl+C) and paste (Ctrl+V) the following to a new Notepad file.
Save the file, making sure that the Save as type box is set to "All Files", and name it FixServices.bat Please save it on your desktop.
Double click FixServices.bat. A window will open and close. This is normal.
Now you can delete the FixServices.bat file.
All Done.
However, if you really want to remove the Recovery Console, Microsoft provides the instructions Here
Lastly, some extra or better security for your PC:
The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-
Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here
Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.
Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera
Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.
Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)
All the best & safe surfing in the future,
sage5
You have done a great job with this & I think we are done now.
I would like you to get rid of one more non functioning service using the batch file below:
Delete bad services:
Please hgihlight all of the text in the Code box below.
Now, copy (Ctrl+C) and paste (Ctrl+V) the following to a new Notepad file.
Save the file, making sure that the Save as type box is set to "All Files", and name it FixServices.bat Please save it on your desktop.
@echo off sc stop CLTNetCnService sc delete CLTNetCnService exit
Double click FixServices.bat. A window will open and close. This is normal.
Now you can delete the FixServices.bat file.
All Done.
If you can put up with the extra few seconds on the startup routine, I think it is a good thing to have installed.Question; do you suggest leaving the Windows Recovery Console installed? Do you have this on your machine?
However, if you really want to remove the Recovery Console, Microsoft provides the instructions Here
Lastly, some extra or better security for your PC:
The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-
Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here
Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.
Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera
Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.
Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)
All the best & safe surfing in the future,
sage5
#23
Posted 02 September 2008 - 10:37 AM
mismi
- Topic Starter
-
- Member
-
- 18 posts
Member
Hi sage5.
I deleted bad services as you instructed by copying the code contents into a All Files type file that I name FixServices.bat and saved to the desktop. Then double clicked & deleted the file.
Thank you for that.
I realize that I may need to start a new topic for this, but I have a question.
Two days ago, (before I did the Delete bad services fix) at start up, I began to receive a notification window informing me that my Intel Active Management Technology was disabled. How can I re-enable this? I`ve tried but as of yet I can`t seem to do this.
Thank you for all your help sage5.
mismi
I deleted bad services as you instructed by copying the code contents into a All Files type file that I name FixServices.bat and saved to the desktop. Then double clicked & deleted the file.
Thank you for that.
I realize that I may need to start a new topic for this, but I have a question.
Two days ago, (before I did the Delete bad services fix) at start up, I began to receive a notification window informing me that my Intel Active Management Technology was disabled. How can I re-enable this? I`ve tried but as of yet I can`t seem to do this.
Thank you for all your help sage5.
mismi
Edited by mismi, 02 September 2008 - 10:52 AM.
#24
Posted 02 September 2008 - 06:57 PM
sage5
-
- Retired Staff
-
- 2,646 posts
RIP 10/2009
Two days ago, (before I did the Delete bad services fix) at start up, I began to receive a notification window informing me that my Intel Active Management Technology was disabled. How can I re-enable this? I've tried but as of yet I can`t seem to do this.
That is really odd given that all the Services listed in the HJT log are unchanged & all processes seem to still be running
It's hard to imagine how, but could it be something that Revo might have done? The timing looks about right.
Did you use the Tools > Autorun Manager to untick anything?
If not, you may have to uninstall it & reinstall it.
You should be able to do that via the Add/remove programs page of the Control Panel & using the CD or DVD that came with your laptop.
I am assuming that would have been part of the preloaded software that shipped on it.
Otherwise you might get a new copy of this at http://www.csd.toshiba.com/cgi-bin/tais/su/su_sc_modSel.jsp
Note: You will need to put in you model type/number, Operating System etc.
Or you might be able to get help from the folks at Notebookreview.com or forums.computers.toshiba-europe.com
Cheers,
sage5
#25
Posted 02 September 2008 - 09:39 PM
mismi
- Topic Starter
-
- Member
-
- 18 posts
Member
Hi sage5.
I haven`t tried that feature in Revo yet, however, not knowing enough about the Comodo firewall at this point, I was looking at "My Pending Files" and while there I clicked on the "Look Up" feature on a file. When I did this, the program sent it to a list of "Certified Files" and I don`t know if I can access that list just to see which file was sent. But whatever...I suspect this is something that I inadvertently did and I will go through Toshiba to rectify this.
Sage5 - You have been a great help to me. I very much appreciate your willingness to share your knowledge (as well as your time) through assistance to others, such as myself. I owe you.
All the best to you sage5.
mismi
It's hard to imagine how, but could it be something that Revo might have done? The timing looks about right.
Did you use the Tools > Autorun Manager to untick anything?
I haven`t tried that feature in Revo yet, however, not knowing enough about the Comodo firewall at this point, I was looking at "My Pending Files" and while there I clicked on the "Look Up" feature on a file. When I did this, the program sent it to a list of "Certified Files" and I don`t know if I can access that list just to see which file was sent. But whatever...I suspect this is something that I inadvertently did and I will go through Toshiba to rectify this.
Sage5 - You have been a great help to me. I very much appreciate your willingness to share your knowledge (as well as your time) through assistance to others, such as myself. I owe you.
All the best to you sage5.
mismi
#26
Posted 02 September 2008 - 10:06 PM
sage5
-
- Retired Staff
-
- 2,646 posts
RIP 10/2009
You are very welcome mismi 
All the best,
sage5
All the best,
sage5
Edited by sage5, 02 September 2008 - 10:07 PM.
#27
Posted 02 September 2008 - 10:07 PM
sage5
-
- Retired Staff
-
- 2,646 posts
RIP 10/2009
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
