|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
06-23-2008, 09:31 PM
|
#21 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 28
OS: xp
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
I couldn't scan with kaspersky because it said that i don't have the latest Java, even though i do.
Did you disable a lot of services using msconfig? No I didn't. File has already been analysed: MD5: 2a51f6176a685c3205f6ca5d1220d0fe First received: 01.15.2008 17:16:31 (CET) Date: 04.15.2008 02:42:30 (CET) [>70D] Results: 24/32 Permalink: analisis/659dd065e2cc7fdc157562ac0f675488 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:31 PM, on 6/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\program files\common files\mcafee\mna\mcnasvc.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\15171C1A1D1E20.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Xerox\NWWia\XrxFTPLt.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 8251 bytes |
|
     |
|
06-23-2008, 09:46 PM
|
#22 (permalink) | |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,727
OS: XP
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
Hi,
What browser did you use to do the kaspersky scan? If you used firefox, please use IE instead. *please answer this question: Quote:
*click start > run > msconfig Go to the services tab then click the enable all button. That should bring back all those services. When it asks if you want to reboot, click exit without restarting. *Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold. O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe Close your browsers and all open windows except for HijackThis, then click "Fix checked". Click "main menu"
Let me know how it goes.
__________________
Proud member of UNITE and ASAP since 2006  If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
|
06-23-2008, 10:49 PM
|
#24 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,727
OS: XP
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
add this then:
click start > run > copy and paste: reg delete "HKLM\software\policies\microsoft\windows\windowsupdate\au" /v NoAutoUpdate /f could you get kaspersky to scan now?
__________________
Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
06-23-2008, 10:58 PM
|
#25 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 28
OS: xp
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
After the reboot, a message popped up saying that something was change and that i should reboot the computer to undo that change. But I just cancelled out.
And I still can't scan. |
|
|
|
|
06-23-2008, 11:10 PM
|
#27 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 28
OS: xp
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
Now it says: "Starting Java applet has failed! Please go online to use this program."
Another prompt comes up saying that the program has failed to launch... |
|
|
|
|
06-23-2008, 11:12 PM
|
#28 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 28
OS: xp
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
oh I almost forgot, I was unable to uninstall the symantec software, it always stop half way I wait for a while. I mean I even went to the grocery store and came back and it wasn't done.
|
|
|
|
|
06-24-2008, 12:06 AM
|
#29 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,727
OS: XP
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
Please run the tool HERE to clean all the leftovers of your Norton Antivirus..
Did you try the scan using IE? If it still won't work, use this one instead: Go here to run an online scannner from ESET.
__________________
Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
06-24-2008, 02:22 PM
|
#31 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,727
OS: XP
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
Which scan are you referring to?
The file may be big and so the scan will take some time. Please try to wait for it and if it continues to stop there for a long time, let me know.
__________________
Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
06-24-2008, 03:43 PM
|
#32 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 28
OS: xp
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
KasperSky won't even open in IE because it can't start the Java Applet. However, in Firefox it downloads those updates needed, but the acutal scan doesn't take place because of the same reason, Java Applet won't start. And I've redownloaded Java and it still won't work.
The Eset Scan starts and everything, however, it stops on that file I mentioned prior. I search for that file and discovered it was in a Symantec folder. About the Symantec Antivirius, the link you gave me doesn't uninstall symantec, only norton. I discovered this because when I used the Norton Removal Tool in safe mode (it wouldn't work normally) it said that Symantec had to be uninstalled through the "Add/Remove Programs" in the Control Panel. Oddly enough, when I tried to uninstall it again it said there was a fatal error due to a file called: APQA.tmp . weird huh? Sorry about having such a weirdo computer... |
|
|
|
|
06-25-2008, 07:00 PM
|
#33 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,727
OS: XP
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
Please try to delete that APQA.tmp file and see if symantec av would uninstall correctly. If it won't work, please let me know what kind of symantec av is installed (ie. Exact name of product and version)
__________________
Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
06-25-2008, 10:16 PM
|
#34 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 28
OS: xp
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
I have Symantec Antivirus
Full Version: 10.0.2.2000 I found this to manually uninstall Symantec. http://service1.symantec.com/SUPPORT...05050210381448 Should i use it? Last edited by Miniia : 06-25-2008 at 10:25 PM. |
|
|
|
|
06-25-2008, 10:51 PM
|
#35 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,727
OS: XP
|
Re: Constant Warnings - The operation has been cancelled due to restrictions in effec
Yes, that's the right one. The procedure requires a lot of registry editing. A little mistake could be fatal.
Have you tried deleting that APQA.tmp file first before uninstalling? If it won't work, I'm going to make a batch file to automate the process for you.
__________________
Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
