Author Topic: Please take a look. (Read 39990 times)

Ivy · « **on:** September 22, 2007, 07:44:55 AM »

Today my virus scan detected Trojans but they were cleaned(deleted),
i have expreanced repeated infections on my comp before, and i want to prevent it this time.
Im using Windows XP Pro., comodo and McAfee antivirus, i have run HJT and here are the logfile , could someone please tell me if there is anything suspecious on it.

Logfile of HijackThis v1.99.1
Scan saved at 7:04:22 PM, on 9/22/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Documents\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
O1 - Hosts: 203.27.235.25 www.payseal.icicibank.com
O1 - Hosts: 210.210.19.82 www.sifymall.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6543E2C5-829D-414B-B44F-96201B0C51B6}: NameServer = 202.144.13.50,202.144.66.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

Thankyou.

Ivy · « **Reply #1 on:** September 22, 2007, 08:53:23 AM »

http://www.payseal.icicibank.com/
BTW i have never seen or visited the above mentioned site (or that sifimall thing) $:-\$ , i just saw them for the first time on the logfile itself.
Thankyou

Safety_First · « **Reply #2 on:** September 22, 2007, 10:25:06 AM »

I would recommend dowloading Ad-Aware (if you don't already have it [custom scan>scan within archives] ) - scan with that (although it is an adware/malware scanner) , reboot and scan again (with all your AV scanners.) , that's what I do. Additionally do you have system restore turned on I've heard that viruses can restore themselves via system restore. However don't count on me wait for an expert to seal the deal

hope your problem gets sorted soon.
Additionally, your log file looks fine but again wait for the pro's

Ivy · « **Reply #3 on:** September 22, 2007, 10:37:21 AM »

Thanks !

and yes lets wait for CBmatt to have a look at this.

unlovedwarrior · « **Reply #4 on:** September 22, 2007, 11:33:59 AM »

wait to mess with the restore after we have cleared you.. google trend micro house call and give that a try and see if it finds something

Ivy · « **Reply #5 on:** September 22, 2007, 12:13:00 PM »

Okay im gonna go to http://housecall.trendmicro.com/ and see what the results are.

unlovedwarrior · « **Reply #6 on:** September 22, 2007, 12:31:55 PM »

post them here too

Fed · « **Reply #7 on:** September 22, 2007, 05:45:53 PM »

Update your Windows (critical updates)

Use HJT to remove the following.
O1 - Hosts: 203.27.235.25 www.payseal.icicibank.com
O1 - Hosts: 210.210.19.82 www.sifymall.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Change the attributes on your HOSTS file to 'read only'.

Consider installing Spybot S&D and using the realtime protection offered in the 'Tools' section.

Ivy · « **Reply #8 on:** September 22, 2007, 07:41:20 PM »

Thankyou Fed,
i will do the rest of the above mentioned, how do i do this?

Quote from: Fed on September 22, 2007, 05:45:53 PM

Change the attributes on your HOSTS file to 'read only'.

Ivy · « **Reply #9 on:** September 22, 2007, 08:05:19 PM »

As you know that since yesterday i have been trying to scan my comp with this http://housecall.trendmicro.com/ but everytime it trys to scan my computer i lose my server, i dont usually have any troubles with my internet connection , as soon as i close the site windw my internet starts working again!!!!!! even on the site when it starts scanning my computer it displays a message saying my internet speed is too slow , when i troubleshoot it says'' unable to reach server'', but as soon as i close that window it starts working again.
please help.

Fed · « **Reply #10 on:** September 22, 2007, 09:06:59 PM »

Navigate to your HOSTS file, it will be in the following directory.

C:\Windows\system32\drivers\etc

Right click on the file and select 'Properties' and 'Read Only'.
Click Apply OK etc...

For the online scan try Panda Activescan

You should run Ccleaner Slim first just to clear the clutter.
If Panda finds anything it doesn't clean for you then clean up the rest at Ewido/AVG Anti-Spyware Online Scan in fact you're better off going there first anyway.

Ivy · « **Reply #11 on:** September 22, 2007, 09:22:37 PM »

I have Changed the attributes on my HOST file to 'read only'.im gonna follow the next steps now.

Fed · « **Reply #12 on:** September 22, 2007, 09:29:38 PM »

We'll keep the light on Ivy, Good Luck!
When you come back there's one thing I'd like to share with you.

Ivy · « **Reply #13 on:** September 22, 2007, 09:32:23 PM »

Im here what would you like to share Fed?

Ivy · « **Reply #14 on:** September 22, 2007, 10:24:39 PM »

Do i need to click on scan now or download now?
here--->(http://www.ewido.net/en/)

Ivy · « **Reply #15 on:** September 23, 2007, 02:05:55 AM »

Here is the Logfile of HJT after deleting
O1 - Hosts: 203.27.235.25 www.payseal.icicibank.com
O1 - Hosts: 210.210.19.82 www.sifymall.com

Logfile of HijackThis v1.99.1
Scan saved at 1:32:00 PM, on 9/23/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Documents and Settings\All Users\Documents\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6543E2C5-829D-414B-B44F-96201B0C51B6}: NameServer = 202.144.13.50,202.144.66.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

Fed · « **Reply #16 on:** September 23, 2007, 02:27:24 PM »

Quote from: Fed on September 22, 2007, 05:45:53 PM

Update your Windows (critical updates)

Use HJT to remove the following.
~~O1 - Hosts: 203.27.235.25 www.payseal.icicibank.com~~
~~O1 - Hosts: 210.210.19.82 www.sifymall.com~~
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

~~Change the attributes on your HOSTS file to 'read only'.~~

Consider installing Spybot S&D and using the realtime protection offered in the 'Tools' section.

Just use the 'Scan Now' button, the program will still download and open on your computer but there will be no trace of it when you're finished.

Ivy · « **Reply #17 on:** September 23, 2007, 11:27:25 PM »

Here is the Report from Ewido Scan:
_______________________________________ ___________
ewido anti-spyware online scanner
http://www.ewido.net
_______________________________________ ___________

Name: Adware.Generic
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-21-1004336348-1708537768-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A}
Risk: Medium

Name: TrackingCookie.Msn
Path: C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
Risk: Medium

Name: Not-A-Virus.RiskTool.Win32.Reboot.e
Path: C:\System Volume Information\_restore{396B25D7-0623-44D8-8639-682B127B9B19}\RP2\A0001182.exe
Risk: Low

Name: Downloader.Agent.bgk
Path: C:\System Volume Information\_restore{396B25D7-0623-44D8-8639-682B127B9B19}\RP7\A0012074.dll
Risk: High

Name: Not-A-Virus.Tool.Win32.RestartCounter
Path: C:\WINDOWS\system32\Tools\Restart.exe
Risk: Low

Name: Downloader.Agent.bgk
Path: C:\WINDOWS\Winhelp.dll
Risk: High

Infections Removed.

Ivy · « **Reply #18 on:** September 23, 2007, 11:33:22 PM »

Here is the Logfile Of HJT after running Ewido :
Logfile of HijackThis v1.99.1
Scan saved at 10:53:20 AM, on 9/24/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Documents\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6543E2C5-829D-414B-B44F-96201B0C51B6}: NameServer = 202.144.13.50,202.144.66.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

I also have my windows updates on , do i still need to check for updates?My antivirus McAFee tries to connect to the internet for updates, do i allow it?
Thanks a lot .

Ivy · « **Reply #19 on:** September 23, 2007, 11:51:25 PM »

I ran the Ewido scan again after cleaning the previous infections, here are the results.
_______________________________________ ___________
ewido anti-spyware online scanner
http://www.ewido.net
_______________________________________ ___________

Name: Not-A-Virus.Tool.Win32.RestartCounter
Path: C:\System Volume Information\_restore{396B25D7-0623-44D8-8639-682B127B9B19}\RP7\A0013314.exe
Risk: Low

Name: Downloader.Agent.bgk
Path: C:\System Volume Information\_restore{396B25D7-0623-44D8-8639-682B127B9B19}\RP7\A0013315.dll
Risk: High

Update: I ran the scan again after cleaning the above mentioned infections and now it shows no infection found.

(i know i know, im a good student , i do all my homework

)

The Saviour · « **Reply #20 on:** September 24, 2007, 12:26:53 AM »

Ivy...

It seems the remaining infections are in your system restore folder.

You may want to:

Turn System Restore Off.
Boot into Safe Mode and run your malware scan(s) again.

Please note that turning System Restore off will clear all System Restore points from your computer.

Once the scans in Safe Mode are done and your malware protection has found and deleted and/or quarantined any infections...you should then turn System Restore back on and then run the Ewido scan again and post your results.

Keep your fingers crossed...

Ivy · « **Reply #21 on:** September 24, 2007, 12:36:41 AM »

Quote from: Ivy on September 23, 2007, 11:51:25 PM

Update: I ran the scan again after cleaning the above mentioned infections and now it shows no infection found.

Steve did you read the update in my post? do i still need to do the above suggested steps? if yes then i will just start doing that.
If all System Restore points from my computer will be clared what will i need to do then?
Thanks

The Saviour · « **Reply #22 on:** September 24, 2007, 12:44:01 AM »

Sorry, Ivy...I misread that post...I thought they were still there...I'm just a little tired and apologize.

Now that you know your system is clean...it would be a good idea to turn System Restore off and then back on again.

The reason being is that you want to start creating System Restore points for the times and dates when you knew your system was clean.

If you are confident your system is now free of any and all infections...I would clear all previous System Restore points and start anew.

I hope you understand what I'm referring to...I am a little tired and need to get some shut-eye. However, if you'd like to wait for CBMatt's recommendation...by all means.

I won't say that he'd approve 100% of my recommendation, but he will understand where I'm coming from. I can't speak for him...know what I mean?

-Steve

Ivy · « **Reply #23 on:** September 24, 2007, 12:55:15 AM »

Thankyou so much Steve, i will do as directed .

Always keep the kid under your teaching hand

.
thanks again.

The Saviour · « **Reply #24 on:** September 24, 2007, 12:56:56 AM »

You're welcome, Ivy...

Good-night...

Fed · « **Reply #25 on:** September 24, 2007, 02:59:43 PM »

Allow your Antivirus program to update.
Update WIndows using the Start Menu.
Do NOT remove the following...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6543E2C5-829D-414B-B44F-96201B0C51B6}: NameServer = 202.144.13.50,202.144.66.6

Ivy · « **Reply #26 on:** September 24, 2007, 08:37:23 PM »

Thankyou Fed,
I will let my antivirus to connect to the internet as from now.
I wonder why unlovedwarriour deleted his previous posts here

unlovedwarrior · « **Reply #27 on:** September 24, 2007, 08:40:11 PM »

tried to modify it and deleted on accident, doing 3 things at once

Ivy · « **Reply #28 on:** September 25, 2007, 01:37:27 AM »

Thanks a lot Fed , i really really appreciate your help.

I have set comodo to allow my antivirus updated, and i went to the start menu from there to control panel anf from there to Security Centre and there it says that windows updates are on.

im going to try the other scans now, please let me know what i need to do further.
thankyou once again, thanks a lot for help.

Fed · « **Reply #29 on:** September 25, 2007, 04:05:02 PM »

Hi Ivy, can you post a fresh HJT log please.
I think it's time to harden your computer against future infections.
BTW, do you have a Windows Update entry in your Start Menu?

Ivy · « **Reply #30 on:** September 25, 2007, 08:19:18 PM »

Here is the fresh HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:45:49 AM, on 9/26/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Documents and Settings\All Users\Documents\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6543E2C5-829D-414B-B44F-96201B0C51B6}: NameServer = 202.144.13.50,202.144.66.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

Thankyou Fed for so much help, and no i dont have windows update in start menu , but i have windows updates enabled , its in the control panel ,in security settings.
Thankyou again.

Fed · « **Reply #31 on:** September 26, 2007, 02:05:27 PM »

Your Internet Explorer has an 'odd' version number have you ever had IE7 on that machine? It may be mis-reporting the number.

I see you haven't used the Spybot S&D realtime protection, any reason?

Ivy · « **Reply #32 on:** September 26, 2007, 07:15:37 PM »

I dont know where to get Spybot S&D realtime protection from. I dont know about the number of IE ,could you please help me with this Fed, thankyou so much for so so much help already.
Thankyou.

The Saviour · « **Reply #33 on:** September 26, 2007, 07:35:35 PM »

You can get SpyBot Search and Destroy from here, Ivy:

Spybot Search and Destroy

To find out what version of IE you have...from IE's toolbar menu click Help/About Internet Explorer and copy the version number down.

-Steve

Fed · « **Reply #34 on:** September 26, 2007, 07:40:57 PM »

If you already have Spybot S&D then just open it up then change the 'Mode' at he top of the screen to 'Advanced', if you don't have Spybot S&D then get it from here.
Spybot S&D
Then we can go on from there.

I don't know about your IE6 Version number either, perhaps someone with IE7 can help with the Version Number.
I don't think it's anything to worry about at this stage.

You can check it in IE>Help>About Internet Explorer.

Edit: When I hit post and saw that you had posted Saviour I thought, "I'm not wasting my additional typing so I posted anyway. LOL!"

Ivy · « **Reply #35 on:** September 26, 2007, 07:46:21 PM »

Thankyou ,
Here is the IE version number:
Version-6.0.2900.2096
Cipher strength:128bit
Update version:;SP2;
Now im gonna try the Spybot real time protection.
Thankyou again.

Ivy · « **Reply #36 on:** September 26, 2007, 07:54:51 PM »

It has the options to downdolad it from a number of locations , do i select just one location at random?

These are the options given.
Download Spybot-S&D [link]
Here comes a list of available download locations for Spybot-S&D. Select one in this list to download Spybot-S&D from that page.

Safer-Networking thanks all of our mirrors for their contribution!

BN FileForum
Freeware-Archiv
PlanetMirror
Download from our server
Safer-Networking Ltd.
Download from our server
Safer-Networking Ltd.

Further Mirrors
InternetSecurity.cc
Spybot-Download.net
XTeq
SecurityWonks
Download.com
ZoNE-X

patio · « **Reply #37 on:** September 26, 2007, 08:05:39 PM »

Any choice should be fine.
This is common for popular DLoads as the huge amount of traffic can bog things down.
A mirror is simply another server who has volunteered to host the file for DLoad.

Ivy · « **Reply #38 on:** September 26, 2007, 08:31:19 PM »

Thankyou ,
I downloaded the file but at 21% it says download complete, and when i try to run it, my comp displays the message that the setup files are corrupted please obtain new copy of the program.

(Same thing happening on youtube , downloads only half of the video)

Fed · « **Reply #39 on:** September 26, 2007, 08:37:56 PM »

Spybot S&D

Ivy · « **Reply #40 on:** September 26, 2007, 08:43:40 PM »

Again the same message.
setup files are corrupted please obtain new copy of the program.
Im gonna cry. why is my computer so horribly against anything i wanna do!!!!!!!!

Fed · « **Reply #41 on:** September 26, 2007, 08:50:23 PM »

Clear your Temporary Internet Files, they can do some 'odd' things to downloads, don't ask me why.

IE>Tools>Internet Options>Delete Cookies, Delete Files, Clear History.

Ivy · « **Reply #42 on:** September 26, 2007, 08:56:49 PM »

I have set the settings of IE on default, and till now it is downloading , hope it survives till 100%, I have cleared all cookies, files, history, actually i ran ccleaner

.
Im waiting,it seems to be working right now.

patio · « **Reply #43 on:** September 26, 2007, 09:27:54 PM »

What type of connection are we talking about ? ?

Ivy · « **Reply #44 on:** September 26, 2007, 09:35:38 PM »

OH NO!
I tried again ,at 82% it again stopped, and then again i tried downloading it and at 46% it again stopped.
pleeeeeeeeeeeease help me.
Could it be that comodo is doing somthing?

Quote from: patio on September 26, 2007, 09:27:54 PM

What type of connection are we talking about ? ?

Im sorry , im unable to understand this.

Fed · « **Reply #45 on:** September 26, 2007, 09:40:08 PM »

Disable Comodo, I saw talk in another thread that it drops out because of inactivity.
I use Sygate so that's about as much as I know of Comodo.
It won't hurt to try.

Ivy · « **Reply #46 on:** September 26, 2007, 09:50:01 PM »

OH MY GOD, i ran ccleaners and everything on my start menu has dissapeared!!!!!!!

Quote from: Fed on September 26, 2007, 09:40:08 PM

Disable Comodo, I saw talk in another thread that it drops out because of inactivity.
I use Sygate so that's about as much as I know of Comodo.
It won't hurt to try.

How?

Fed · « **Reply #47 on:** September 27, 2007, 03:51:27 AM »

You should be able to turn off the firewall from within Comodo but if you can't find where then try the startup tab of msconfig.
You will need to reboot for changes made in the msconfig startup tab to take affect. (Same when you re-enable it)

Fed · « **Reply #48 on:** September 27, 2007, 03:54:10 AM »

Quote

OH MY GOD, i ran ccleaners and everything on my start menu has dissapeared!!!!!!!

You must have done something else, ccleaner is a safe as houses.

Ivy · « **Reply #49 on:** September 27, 2007, 06:37:13 AM »

Here are the options that were given on CCleaner;
Internet explorer options
Windows Explorer
>Recent documents
>Run(in start menu)
>Search Assistant Autocomplete
>Other explorer MRUs
Advanced
>Old Prefetch data
>Menu order cache
>Tray notification Cache
>Windows size/location catche
>User assist history
>IIS Log files
>Hotfix U ninstallers
>Custom Files and Folders

In applicatonns there was
Office 2003
Yahoo toolbar
Adobe flash player
Windows media player
MS paint
RegEdit
All this is gone!!!!!!

What am i to do now , plllllllllllease help.
Thankyou Fed for being patient with me.
Thankyou.

Fed · « **Reply #50 on:** September 27, 2007, 04:05:58 PM »

Check for the little arrow at the bottom of your menus to re-expand them again.

Ivy · « **Reply #51 on:** September 29, 2007, 04:47:37 AM »

Here is the list of things that happened:
Firstly i ran msconfig and uncheked comodo option , i clicked apply but a message appeared saying i need to log on with the Administrator account,then i clicked it again , it says windows will restart , i let it restart, but when it restarts , a message appears telling me to choose one of the options:
1)Normal start up.
2)Diagnostic start up
3)selective start up.
I clicked Normal start up and Diagnostic start up one by one repeating all the procedure, but both of the times comodo was still running, i decided to start up normally and not experiment any furthur , I thought it will be better to let you know first.

Also these days after closing sites like youtube and photobucket etc a message is displayed telling
The instruction 0*62304390 refered memory at 0*62304390.
The memory could not be read
Click OK to terminate the program.

Thanks a lot Fed , im waiting for help.

Fed · « **Reply #52 on:** September 29, 2007, 03:12:11 PM »

Quote

OH MY GOD, i ran ccleaners and everything on my start menu has dissapeared!!!!!!!

Quote

Check for the little arrow at the bottom of your menus to re-expand them again.

Has this issue now been resolved?

Quote

Firstly i ran msconfig and uncheked comodo option , i clicked apply but a message appeared saying i need to log on with the Administrator account,

Log on as Admin and use msconfig to disable Comodo (reboot) or disable it from within the Comodo program then try the Spybot S&D download.

One step at a time & read every screen carefully.

Richenstony · « **Reply #53 on:** September 29, 2007, 03:14:27 PM »

Quote from: Ivy on September 22, 2007, 10:37:21 AM

Thanks !
and yes lets wait for CBmatt to have a look at this.

Not being funny ivy but CBmatt isnt the only one around here that can tackle these kind of problems......

Fed

Unlovedwarrior

......

Fed · « **Reply #54 on:** September 29, 2007, 03:56:17 PM »

I'm sure Chris is watching & laughing as we try to keep this thread on track.

Just to recap, our objective at the moment is to disable Comodo to see if that will allow Ivy to download Spybot S&D.
It would seem that all of Ivy's downloads are being cut short and there was talk of Comodo being the culprit in another thread.
If this is a setting within Comodo I'd hope someone will chime in with a fix.

We can address any remaining issues later, I don't want this thread to wander aimlessly so we need to stay focussed.

Richenstony · « **Reply #55 on:** September 29, 2007, 03:59:39 PM »

Quote from: Fed on September 29, 2007, 03:56:17 PM

I'm sure Chris is watching & laughing as we try to keep this thread on track.

Just to recap, our objective at the moment is to disable Comodo to see if that will allow Ivy to download Spybot S&D.
It would seem that all of Ivy's downloads are being cut short and there was talk of Comodo being the culprit in another thread.
If this is a setting within Comodo I'd hope someone will chime in with a fix.

We can address any remaining issues later, I don't want this thread to wander aimlessly so we need to stay focussed.

Yeah hes just extremely busy with his studys...... and social life.... Im sure once hes sorted he will be back full time in no-time.....

Ivy · « **Reply #56 on:** September 29, 2007, 08:05:44 PM »

Quote from: Safety_First on September 22, 2007, 10:25:06 AM

I would recommend dowloading Ad-Aware (if you don't already have it [custom scan>scan within archives] ) - scan with that (although it is an adware/malware scanner) , reboot and scan again (with all your AV scanners.) , that's what I do. Additionally do you have system restore turned on I've heard that viruses can restore themselves via system restore. However don't count on me wait for an expert to seal the deal hope your problem gets sorted soon.
Additionally, your log file looks fine but again wait for the pro's

In Reply to this i had said lets wait for Chris to take a look at this, at this point Fed had not taken a look at the thread, and i was not aware that he helps in viruses too, since Fed took up the thread i have been taking only his help, im sure CBmatt must be busy and thanks for the information Tony.

Fed,
The start menu is filling up again as im using programs, they appear in it.
I clicked on the programs from clicking the arrow.
Fed i already have the administrators account, what should i do now
Please help.

Fed · « **Reply #57 on:** September 29, 2007, 11:33:41 PM »

Quote

Log on as Admin and use msconfig to disable Comodo (reboot) or disable it from within the Comodo program then try the Spybot S&D download.

One step at a time & read every screen carefully.

Ivy · « **Reply #58 on:** September 30, 2007, 06:28:00 AM »

IM SICK OF THIS!!!!!!!
EVERYONE SEEMS TO PAY ATTENTION TO WHAT EVERYONE ELSE SAYS ON THIS PATHETIC THREAD , EXCEPT WHAT IM SAYING!!!!!
I HAVE SAID SO MANY TIMES THAT IM UNABLE TO MAKE CHANGES TO MY MSCONFG DESPITE LOGGING AS THE ADMINISTRATOR!!!!!!
OH MY GOD , IM GOING TO BREAK THIS FREAKIN COMPUTER.

Richenstony · « **Reply #59 on:** September 30, 2007, 06:30:37 AM »

Quote from: Ivy on September 30, 2007, 06:28:00 AM

IM SICK OF THIS!!!!!!!
EVERYONE SEEMS TO PAY ATTENTION TO WHAT EVERYONE ELSE SAYS ON THIS PATHETIC THREAD , EXCEPT WHAT IM SAYING!!!!!
I HAVE SAID SO MANY TIMES THAT IM UNABLE TO MAKE CHANGES TO MY MSCONFG DESPITE LOGGING AS THE ADMINISTRATOR!!!!!!
OH MY GOD , IM GOING TO BREAK THIS FREAKIN COMPUTER.

lol

CBMatt · « **Reply #60 on:** September 30, 2007, 08:15:05 AM »

I have been quite busy, but I've looked into this thread a few times. I hadn't chimed because it looked like things were mostly under control and I didn't want to get in Fed's way.

Ivy,
When I use msconfig, I get the same error message, but it still works for me. When you were presented with the different options, did you try Selective Startup? Try going through the steps once again just to see what happens. If you're still having trouble, it may be an issue for the Windows board.

If we have to disable Comodo from startup and msconfig won't work for you, we can do it through HijackThis. But for now, when you want to disable Comodo, just right-click on its icon in the system tray (bottom right corner) and then click on Exit. Then try downloading Spybot. Also try SUPERAntiSpyware.

Let us know if it works or if you're still having trouble.

Ivy · « **Reply #61 on:** September 30, 2007, 08:43:02 AM »

Thankyou CBmatt,
Couldnt you say this before , i have done everything to disable comodo, n NOW you are telling me this!!!!!!!!!!!
Im just gonna try your instructions and see what happens.
Thankyou.

Ivy · « **Reply #62 on:** September 30, 2007, 08:50:08 AM »

Thankyou ,
Comodo IS FINALLY disabled.
Now i hope it downloads spybot.......... $:-\$

Ivy · « **Reply #63 on:** September 30, 2007, 08:58:11 AM »

NOOOOOOOOOOOOOOOO
ITS NOT STILL DOWNLOADING!!!!!
DONT WORRY EVERYONE IM GOING TO BREAK THE PIECE OF CRAP!!!!!!
Thankyou for help everyone.
I wish i knew what the h**l was wrong with this junkbox of mine.

Now my comodo icon says ''COMODO Firewall pro is being initialised...'' hope this is normal.

CBMatt · « **Reply #64 on:** September 30, 2007, 10:29:16 AM »

I have to ask...does this problem only happen when trying to download Spybot, or does it happen with other downloads as well?
Are you on a dial-up or broadband connection?
Have you tried using Firefox when downloading?
Do you use a download manager of any sort?

Sorry for all of the questions, but sometimes, we must resort to the process of elimination.

Ivy · « **Reply #65 on:** September 30, 2007, 10:44:00 AM »

Its not downloading anything( i mentioned this so many times but no one seems to notice, everyone only cares whose name i took n where

)
Im using broadband connection.
I have never tried firefox.
I have never used a download manager.
Thanks for helping.

patio · « **Reply #66 on:** September 30, 2007, 01:36:01 PM »

Quote

i mentioned this so many times but no one seems to notice, everyone only cares whose name i took n where

What does this mean ? ?

Fed · « **Reply #67 on:** September 30, 2007, 03:09:33 PM »

Go back to msconfig and make sure your Comodo entries are ticked again and that Comodo is operational.

One step at a time Ivy and stay focussed.

You started this thread with a request to check your HJT log, I think you should have started with 'Why are my downloads being cut short'.

I think your downloading problem is all we should be concerned with at the moment, after that's solved we can move on.

Your thoughts?

Richenstony · « **Reply #68 on:** September 30, 2007, 03:13:13 PM »

Quote from: patio on September 30, 2007, 01:36:01 PM

Quote
i mentioned this so many times but no one seems to notice, everyone only cares whose name i took n where

What does this mean ? ?

Im looking im looking

This book DOESN'T HAVE ANY answers !!

Ivy · « **Reply #69 on:** September 30, 2007, 08:02:57 PM »

Quote from: Richenstony on September 29, 2007, 03:14:27 PM

Quote from: Ivy on September 22, 2007, 10:37:21 AM
Thanks !
and yes lets wait for CBmatt to have a look at this.
Not being funny ivy but CBmatt isnt the only one around here that can tackle these kind of problems......

Fed

Unlovedwarrior

......

Quote from: patio on September 30, 2007, 01:36:01 PM

Quote
i mentioned this so many times but no one seems to notice, everyone only cares whose name i took n where

What does this mean ? ?

This is what i mean.

I WOULD REQUEST EVERYONE TO HELP ME IF THEY CAN ...PLEASE...IF THEY HAVE ANY PERSONAL ISSUES ,PLEASE DONT USE THE THREAD FOR THAT CAUSE IM REALLY GETTING ANNOYED AT PEOPLE USING MY THREAD FOR PERSONAL ISSUES.
THIS CHILDISH BEHAVIOUR IS MAKING ME SICK.

Richenstony · « **Reply #70 on:** September 30, 2007, 08:07:02 PM »

Quote from: Ivy on September 30, 2007, 08:02:57 PM

Quote from: Richenstony on September 29, 2007, 03:14:27 PM
Quote from: Ivy on September 22, 2007, 10:37:21 AM
Thanks !
and yes lets wait for CBmatt to have a look at this.
Not being funny ivy but CBmatt isnt the only one around here that can tackle these kind of problems......

Fed

Unlovedwarrior

......

Quote from: patio on September 30, 2007, 01:36:01 PM
Quote
i mentioned this so many times but no one seems to notice, everyone only cares whose name i took n where

What does this mean ? ?
This is what i mean.

I WOULD REQUEST EVERYONE TO HELP ME IF THEY CAN ...PLEASE...IF THEY HAVE ANY PERSONAL ISSUES ,PLEASE DONT USE THE THREAD FOR THAT CAUSE IM REALLY GETTING ANNOYED AT PEOPLE USING MY THREAD FOR PERSONAL ISSUES.
THIS CHILDISH BEHAVIOUR IS MAKING ME SICK.

oooo touchy.....

Ivy · « **Reply #71 on:** September 30, 2007, 08:13:36 PM »

I HAVE HAD ENOUGH OF THIS *censored*.
IM NOT TAKIN THIS ANYMORE.
IM GOING TO LOCK THIS THREAD CAUSE IM NOT IN A MOOD TO TAKE SUCH CHILDISH BEHAVIOUR.

Ivy · « **Reply #72 on:** September 30, 2007, 09:40:49 PM »

Quote from: Fed on September 30, 2007, 03:09:33 PM

Go back to msconfig and make sure your Comodo entries are ticked again and that Comodo is operational.

One step at a time Ivy and stay focussed.

You started this thread with a request to check your HJT log, I think you should have started with 'Why are my downloads being cut short'.

I think your downloading problem is all we should be concerned with at the moment, after that's solved we can move on.

Your thoughts?

Thankyou Fed,
I would like to bring to your notice that i started this thread on HJT log ,but then after following your steps , we reached the point where i had to download spybot , that is where the downloading issue came up, and since then it has been going on , and disabling comodo and everything else was done just to download spybot.
The downloading issue came up because it was one of the instructions to download spybot and all i have been doing is to follow that instruction.
I have never strayed offtopic on this thread and followed every step carefully.
Thankyou so much for help Fed and everyone else.

CBMatt · « **Reply #73 on:** October 01, 2007, 04:01:51 AM »

Quote from: Ivy on September 30, 2007, 10:44:00 AM

Its not downloading anything( i mentioned this so many times but no one seems to notice, everyone only cares whose name i took n where )

Sorry, I only saw you mention Spybot. I didn't see you mention not being able to download anything else. When a thread gets up to 5 pages, it's very easy to become lost.

I would like for you to give Firefox a try and see if it helps. If you have no luck, then perhaps you download the suggested programs on another computer and transfer them via CD or flash drive.

I am temporarily unlocking your thread. If you wish to keep it locked, then so be it.

Spero-T · « **Reply #74 on:** October 01, 2007, 04:14:54 AM »

Quote from: patio on September 30, 2007, 01:36:01 PM

Quote
everyone only cares whose name i took

I dont understand ?

Ivy · « **Reply #75 on:** October 01, 2007, 04:44:23 AM »

Thankyou for your help CBmatt,
I will like to keep this topic locked for sometime, till the downloading issue gets solved in the other thread that has already been started.

This thread was flamed unnessarily and the topic was changed so many times that it sure was hard to keep track of what is being solved.

Thankyou .

Computer Hope Forum

News:

Author Topic: Please take a look. (Read 39990 times)

Ivy

Ivy

Safety_First

Ivy

unlovedwarrior

Ivy

unlovedwarrior

Fed

Ivy

Ivy

Fed

Ivy

Fed

Ivy

Ivy

Ivy

Fed

Ivy

Ivy

Ivy

The Saviour

Ivy

The Saviour

Ivy

The Saviour

Fed

Ivy

unlovedwarrior

Ivy

Fed

Ivy

Fed

Ivy

The Saviour

Fed

Ivy

Ivy

patio

Ivy

Fed

Ivy

Fed

Ivy

patio

Ivy

Fed

Ivy

Fed

Fed

Ivy

Fed

Ivy

Fed

Richenstony

Fed

Richenstony

Ivy

Fed

Ivy

Richenstony

CBMatt

Ivy

Ivy

Ivy

CBMatt

Ivy

patio

Fed

Richenstony

Ivy

Richenstony

Ivy

Ivy

CBMatt