|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
07-14-2005, 05:32 PM
|
#1 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 102
OS: XP Pro/Win Vista
|
HJT Log of Captainbarred(Dr Watson issue)
this thread continued from http://techsupportforum.com/showthread.php?t=61010
Hey Guys, think you can help me out please? Some guys in the XP forum looked at this, told me to come here and run HJT. I ran adaware and then the online virus scan, the virus scan could not clean everything, it left these: Results: We have detected 2 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed. Risk Level Issue How to Fix Important This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes.;The vulnerability is caused by an unchecked buffer in the Microsoft Office WordPerfect Converter. http://www.trendmicro.com/en/securit...s/MS04-027.htm Critical This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes. http://www.trendmicro.com/en/securit...s/MS04-028.htm I am about to run the HJT and the analyzer, will post the log in a few minutes... |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-14-2005, 05:36 PM
|
#2 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 102
OS: XP Pro/Win Vista
|
Logfile of HijackThis v1.99.1
Scan saved at 7:34:45 PM, on 7/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4E80892B-187B-4250-9490-4EC7EDB9FC63}: NameServer = 207.69.188.185,207.69.188.186,207.69.188.187 O17 - HKLM\System\CS1\Services\Tcpip\..\{4E80892B-187B-4250-9490-4EC7EDB9FC63}: NameServer = 207.69.188.185,207.69.188.186,207.69.188.187 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe this didnt work exactly like the thing in the read this first thread said, but im allowing that its due to updates. I selected run this and create a log file and this popped right up... I copied then closed out of the program and pasted here. |
|
|
|
|
07-14-2005, 06:27 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2005
Location: Upstate NY
Posts: 207
OS: Windows 7 RC1, Mac OS X 10.5, Ubuntu 9.04, Windows XP, Mandriva Spring 2009
|
Damn... I only have like 20
Edit:Read my other post Please refrain from answering anymore logs
__________________
Slow and Steady Wins the Race... Uhm, unless it's a real race. Last edited by Lobos; 07-14-2005 at 07:06 PM. |
|
|
|
|
07-14-2005, 06:36 PM
|
#4 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 102
OS: XP Pro/Win Vista
|
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
Steam, the program that runs HL2 and all the valve games one says nero-check, i have nero.... I have Creative audio drivers... |
|
|
|
|
07-14-2005, 06:51 PM
|
#5 (permalink) |
|
Troubled
Join Date: Apr 2004
Location: California
Posts: 943
OS: Windows XP
|
Hello, phaenilda and Welcome to TSF.
I'm sure you have the best intentions, but please refrain from offering advice to users in our HJT forum. Please see this thread: Who Is Helping You? If you have interest in helping folks in our HJT forum, please register and join our Academy to learn the proper malware fighting techniques. This takes a certain level of commitment, but if this sort of thing interests you, please do it the correct way. We'd love to have you join us. This is serious stuff, and doing the wrong thing can permanently mess up someones computer. Thank you. Sincerely, Lobos Last edited by Lobos; 07-14-2005 at 07:06 PM. |
|
|
|
|
07-14-2005, 06:54 PM
|
#6 (permalink) |
|
Troubled
Join Date: Apr 2004
Location: California
Posts: 943
OS: Windows XP
|
Hello Captainbarred
Someone will be by to help you. Im working on something right now, but if your still have not been helped when i check back i will answer your log for you Lobos Last edited by Lobos; 07-14-2005 at 07:08 PM. |
|
|
|
|
07-14-2005, 07:38 PM
|
#7 (permalink) |
|
1337 C0D3R
Join Date: Mar 2005
Location: Canada
Posts: 1,460
OS: Server 2K3/XP Pro/XP MCE/Win 98/Ubuntu Linux/BackTrack 2
|
Ahoy Capitan,
unfortunately all those things you discussed with the other user are legit and likely necessary. Furthermore, i hate to tell you, but your log is clean!  so in such case, lets try some other things alright? 1. Further Scanning Please run a Scan at the Following site Panda ActiveScan When the scan is finished you will be given the option to save a log of the scan, SAVE THAT LOG and post its results here for analysis. 2. Please empty any Quarantine folder in your antivirus programS and purge all recovery items in the Spybot program (if you use it) before running this tool. Download the Mwav Virus Checker (Use Link 3) Boot Into Safe Mode Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). 1. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything. 2. Put a check next to the below items before scanning:
4. In the Virus Log Information Pane...... Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file *Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files. Once you copy that to a Notepad file, reboot back to normal mode, highlight the text and copy it here. Skate_Punk_21 |
|
|
|
|
07-14-2005, 08:43 PM
|
#8 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 102
OS: XP Pro/Win Vista
|
ok, number 1, nothing was found, it did not give me an option to save a log as nothing was found...
I have to get up early tomorow so i might do the second step tomorow after work, thanks for the help, ill get back to you ASAP! :) |
|
|
|
|
07-15-2005, 01:38 PM
|
#9 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 102
OS: XP Pro/Win Vista
|
A guy I work with thought it might be my mouse, as the initial problem was right-clicking. I have a logitech, but am using the basic mouse dirvers, I have not installed the specific drivers for this mouse.
I do not believe it is the issue though as 1) it also freezes when I hit the delete key on my keyboard and 2) I can right-click and delete items on a removable thumb drive... I will be going through the second step above in a few hours when I get home... |
|
|
|
|
07-15-2005, 05:31 PM
|
#10 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 102
OS: XP Pro/Win Vista
|
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\CTDetect.cpl". Action Taken: No Action Taken. Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. File C:\DOCUME~1\Tim\LOCALS~1\Temp\tmp-2.xpi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Tim\Local Settings\Temp\tmp-2.xpi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\AIM\Unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Call of Duty\Uninstall\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Creative\SBAudigy2ZS\Program\WDM\COMMON\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. File C:\Program Files\EA GAMES\Battlefield 2 Demo\Redist\ArcadeInstallBATTLEFIELD2_20.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Valve\Steam\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\Temp\CRF000\creaf_ms.cab tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. File C:\WINDOWS\Temp\CRF000\Drivers\WDM\COMMON\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. File C:\WINDOWS\Temp\CTZAPXX\Drivers\WDM\Common\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. File E:\BitTorrent-4.0.1.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken. File E:\program downloads\aaw6.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\program downloads\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\program downloads\BitTorrent-4.0.2.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken. File E:\program downloads\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken. File E:\program downloads\sysreset253.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken. File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP44\A0000718.exe infected by "Backdoor.Win32.Delf.bz" Virus! Action Taken: No Action Taken. File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP88\A0008827.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP88\A0008830.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP88\A0008831.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP88\A0008832.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP88\A0008835.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\System Volume Information\_restore{AAC25452-B7B0-48B2-8337-937FD0788B6F}\RP141\A0061108.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\System Volume Information\_restore{AAC25452-B7B0-48B2-8337-937FD0788B6F}\RP90\A0014363.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File E:\System Volume Information\_restore{AAC25452-B7B0-48B2-8337-937FD0788B6F}\RP90\A0014365.exe tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken. File C:\Documents and Settings\Tim\Local Settings\Temp\tmp-2.xpi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\AIM\Unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Call of Duty\Uninstall\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Creative\SBAudigy2ZS\Program\WDM\COMMON\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. File C:\Program Files\EA GAMES\Battlefield 2 Demo\Redist\ArcadeInstallBATTLEFIELD2_20.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Valve\Steam\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\WINDOWS\Temp\CRF000\creaf_ms.cab tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. File C:\WINDOWS\Temp\CRF000\Drivers\WDM\COMMON\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. File C:\WINDOWS\Temp\CTZAPXX\Drivers\WDM\Common\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken. there it is, good luck 
|
|
|
|
|
07-18-2005, 02:06 AM
|
#12 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
  |
Few Items...
First, download and install CleanUp! but do not run it yet. *NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: *Click "Options..." *Move the arrow down to "Custom CleanUp!" *Put a check next to the following:
Press the CleanUp! button to start the program. Reboot/logoff when prompted. That will take care of the files in your TEMP folder. Second.... Disable DrWatson. This debugger tool is useless to the average user as it's used for programmers to get the code from whatever issue the OC is having. It's just not needed for the average user. How to disable it.... http://www.windowsnetworking.com/kba.../DrWatson.html Third... Those 2 vulnerability's that TrendMicro found can be patched. It even listed the MS Update articals with links to the microsoft sites patchs. Visit windows update page and make sure XP and IE is patched. MS04-027 MS04-028 I don't see any virus/adware in the logs..other then some old registy entrys that can be cleared with a registry cleaner.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
   Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
07-18-2005, 05:13 PM
|
#13 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 102
OS: XP Pro/Win Vista
|
OK,
I ran cleanup, I disabled Drwatson, I made sure I had all the updates... still no luck, I am now getting this error: http://photobucket.com/albums/b58/ca...rent=error.jpg this happens when i hit the delete key or right-click on anything on my local drives. I can view all files fine... when the error comes up I hit ok, explorer.exe closes then reopens(I lose the startbar/icons and then they come back in a few seconds. If I hit cancel the mouse pointer becomes the hour glass and nothing happens for several minutes then I get it back. Any more ideas? Or do I have to blow it away?? |
|
|
|
|
07-18-2005, 07:07 PM
|
#14 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Please check event viewer in your Admin control panel and see what programs are erroring and if they all list this same "Memory Location" error. The "error message" is a windows error which I think is unrelated to spyware.
Did your run sfc /scannow and check for missing/corrupt windows files? Also run Memtest88 on your systems memory and see if it picks up any errors.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
07-19-2005, 07:19 AM
|
#15 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 102
OS: XP Pro/Win Vista
|
I ran the scannow, everything seemed fine, I have 2 - 512 sticks in my pc, im gunna trying pulling 1 then the other and run on one stick and see if that resolves anything, if it doesnt I will then run memtest, I just hate running that cause it takes so long!!
Ill update later, I will also run some of the prior scans and see if those security issues were cleared up... |
|
|
|
|
07-19-2005, 09:26 PM
|
#17 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 102
OS: XP Pro/Win Vista
|
ok, running memtest86.
yup, it looks live my memory is corupt. what should i note once its complete and what should i post here? or should I just get new ram and if that solves the problem call it a day? |
|
|
|
|
07-20-2005, 12:45 AM
|
#18 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
You don't need to post anything. Your issue is hardware related and there's nothing we can do to fix this issue. You will need to replace the defective RAM in the system.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
| Thread Tools | |
|
|
