Computer Hope
Microsoft => Microsoft Windows => Windows NT/2000 => Topic started by: Meerkat on March 06, 2006, 05:04:49 PM
-
All of a sudden my monitor isn't displaying colours properly. Reds show as black and everything else is muted shades of blues grey and yellow. It's an emachines bought nov 2005. I have no idea what I did. As far as I know I just restarted it and the colours were gone. I have also been getting a #$^%#!!! message from Norton saying that a remote system wants to access my computer, and no matter what option I choose, the msg comes back immediately. It's driving me nuts.
Can anyone help? please?
-
Start here and let us know what you find:
http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1134123580
-
Start here and let us know what you find:
http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1134123580
Thanks, X_Man. I ran Avast anti-virus. It's updated, but listed no viruses or other spooky stuff. Maybe the colours are wrong if I am in Safe Mode? How do I know if I am in Safe Mode and how do I get out?
Many gracious thanks.
-
Safe mode will state this when you boot up and you will see "Safe Mode" in all 4 corners of the screen.
What shows in Device Manager? Any yellow exclamation marks? What video adapter is listed? Is that correct?
By the way an antivirus, ANY ANTIVIRUS, is not enough protection. I encourage you to run the full suite just to be sure your system is clean before we proceed further.
-
By the way, I am cyber retarded, so It would be great if you dumb it down for me. Meaning, if you tell me to check my BIOS or load my GPX Converter 2000 into my USB wizard and then run my F portal from my win32 application and launch my fatal exception doo-hickey and spin my daisy chain, I'll still be lost.
Many thanks
-
Safe mode will state this when you boot up and you will see "Safe Mode" in all 4 corners of the screen.
What shows in Device Manager? Any yellow exclamation marks? What video adapter is listed? Is that correct?
By the way an antivirus, ANY ANTIVIRUS, is not enough protection. I encourage you to run the full suite just to be sure your system is clean before we proceed further.
Oh Wise One,
I knew this would happen. I don't know what my Device shows, I really only look at it when I take a shower. Meaning, what the sam-hill is a device manager?
As far as a full suite, I am taking a guess that you mean I need to use some of those spyware and ghost ware and other-ware scanner thingies that you listed in your other post. I will immediately proceed with attempting to install or download from the sites that you graciously listed, and I will advise you of the results. If I'm off base here, please guide me back. Be gentle, though. I bruise easily.
-
Start/Settings/Control Panel/System/Device Manager is where to look. I am assuming you are running XP but please confirm.
Yes, do all the scans.
-
Start/Settings/Control Panel/System/Device Manager is where to look. I am assuming you are running XP but please confirm.
Yes, do all the scans.
Houston, we have a problem...
I tried to download the spybotware and Yahoo anti-spy and both got, uuummm...stuck. A little box showed up saying
FILE DOWNLOAD...set up is now downloading files to your computer blah blah blah getting file information...
but guess what? Nothing happens!
I cannot even 'cancel' the download. The little box will not go away. When I click 'cancel, the little box gives birth to a baby box that says 'do you want to cancel the download?' to which I politely reply 'yes' and it simply reverts back to the mama box, laughing in my face! The only way I can even type this to you is because I have dragged the little box family off to the side of the screen, where they maliciously lurk.
Next I downloaded the ZoneAlarm Firwall protection thingy that you listed, and I guess the download went OK...not sure because all the instructions were in French, which fortunately I do speak, however, my technical French is a bit limited. At any rate, nothing seemed to happen after I downloaded the French ZoneAlarm. But then, do the French ever do much? Just kidding of course. we make lovely patés.
-
O Gifted Guru:
I am currently running that Stinger thingie. Will debrief you upon return.
-
O Gifted Guru:
I am currently running that Stinger thingie. Will debrief you upon return.
Some marginal success thanks to You, O X_Man Wizard.
The cursed Norton pop up has vanished into cyber nether regions! Thank you! Thank you! Thank you!
Now, I am still trying to get my colours back. What's next, O Mighty Mega-Byte?
-
Please?
-
Did Stinger actually find anything? If so, what?
-
Did Stinger actually find anything? If so, what?
Backdated,
no, Stinger found nothing. But I think it said it only checks for 54 or so bugs.
-
Yes, running XP
-
Carry out the procedures listed here (http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1140729094/1#1) and post a Hijackthis logfile here when done.
-
Is this what you wanted me to do? I have no clue what this gobbedly gook means/
Logfile of HijackThis v1.99.1
Scan saved at 18:03:18, on 07/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1123361264\ee\AOLHostManager.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1123361264\ee\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123361264\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C7549
-
So far I found a virus called win32CTX
-
This isn't a full logfile because the forum posting limit has truncated it. You need to split it into sections of 5500 characters or less and post it over several posts.
Please remove the Hijackthis folder out of your temporary files folder and place it on the desktop or somewhere else that's easily accessible. The reason for this is that all temp files should be cleared before attempting any of these operations and doing so will delete Hijackthis and perhaps more importantly, any backups that it has made.
Are you absolutely certain that you carried out all the procedures in the post that I listed? It is very important that you follow those instructions to the letter! If there's anything that you don't understand, ask.
-
Thank you, let me try again...will let you know.
-
I'm starting all over with your instructions. But I got this msg when I tried to do Panda:
An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:
Not allowing the application's ActiveX control to be downloaded.
Problems with the Internet connection.
The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...
I restarted the system and all that, but I still got the error msg. Will try the next one you listed!
-
TrendMicro brings up this page, which I do not understand: http://http://housecall65.trendmicro.com/http://
-
Panda Active Scan had some kind of error
Trend Housecall was in French (I only speak conversational)
AboutBuster ran fine.
CWshredder ran fine
Adaware found no ads.
Spybot , Soptdoctor found 36 infections (I don't know what it did, does it kill them?)
A2 went fine after reboot
Blacklight was fine
Download, install, update if necessary and run the following:
AboutBuster. Close all other windows and fix anything it finds.
CW Shredder. Close all other windows and let it fix anything it finds.
Ad-Aware. Close all other windows and fix everything it finds.
Spybot S&D. Close all other Windows and fix anything it finds.
A² Free. Close all other Windows and fix anything that it finds.
F-Secures Blacklight Beta. Run this and remove anything that it finds.
Download and safely store LSP Fix. You may need this to reinstate connectivity if the likes of NewDotNet, WebHancer and other LSP hijackers are erroneously removed.
Download and safely store Pocket Killbox.
Download HijackThis and extract it to it's own unique folder.
If anything is found at any point, disable System Restore or similar type programs if used, reboot and restart the procedure. Run HijackThis and post a log file.
Reinstate System Restore etc only when you know that you're clean.
To take preventative measures against infection and exploits download, install and regularly update the following:
SywareBlaster.
IE-SpyAd.
Install and maintain a decent HOSTS file.
Install and maintain reliable anti virus and firewall software. There are some free offerings here.
Ensure that your computer is fully updated via Windows Update and Office Update etc but install only the components that you need. For example, if you don't use DotNet etc, then don't install it.
Show Hidden Files.
Disable System Restore.
Reboot to Safe Mode.
-
I'm going to try to repost your hijack thingie log
Logfile of HijackThis v1.99.1
Scan saved at 21:49:27, on 07/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1123361264\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1123361264\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123361264\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-F7AQ0.exe" /REG
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
-
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37670.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
There ya go...that's the whole log.
-
The last part of your post from the link you gave me says this:
Install and maintain reliable anti virus and firewall software. There are some free offerings here.
Ensure that your computer is fully updated via Windows Update and Office Update etc but install only the components that you need. For example, if you don't use DotNet etc, then don't install it.
I'm confused. Didn't I just do that with all those bloody downloads? I'll be back later. I'm going to go relieve some of this stress by putting my hand in a rusty kitchen grinder. It won't hurt half as much as this does.
-
The last part of your post from the link you gave me says this:
Install and maintain reliable anti virus and firewall software. There are some free offerings here.
Ensure that your computer is fully updated via Windows Update and Office Update etc but install only the components that you need. For example, if you don't use DotNet etc, then don't install it.
I'm confused. Didn't I just do that with all those bloody downloads? I'll be back later. I'm going to go relieve some of this stress by putting my hand in a rusty kitchen grinder. It won't hurt half as much as this does.
No you didn't do any of that with "all those bloody downloads". A computer is a tool and if you don't like maintaining it then buy a toy such as an X-Box or similar! What is it about the last part of that post that is so difficult to understand?
-
Panda Active Scan had some kind of error
Trend Housecall was in French (I only speak conversational)
AboutBuster ran fine.
CWshredder ran fine
Adaware found no ads.
Spybot , Soptdoctor found 36 infections (I don't know what it did, does it kill them?)
A2 went fine after reboot
Blacklight was fine
Download, install, update if necessary and run the following:
AboutBuster. Close all other windows and fix anything it finds.
CW Shredder. Close all other windows and let it fix anything it finds.
Ad-Aware. Close all other windows and fix everything it finds.
Spybot S&D. Close all other Windows and fix anything it finds.
A² Free. Close all other Windows and fix anything that it finds.
F-Secures Blacklight Beta. Run this and remove anything that it finds.
Download and safely store LSP Fix. You may need this to reinstate connectivity if the likes of NewDotNet, WebHancer and other LSP hijackers are erroneously removed.
Download and safely store Pocket Killbox.
Download HijackThis and extract it to it's own unique folder.
If anything is found at any point, disable System Restore or similar type programs if used, reboot and restart the procedure. Run HijackThis and post a log file.
Reinstate System Restore etc only when you know that you're clean.
To take preventative measures against infection and exploits download, install and regularly update the following:
SywareBlaster.
IE-SpyAd.
Install and maintain a decent HOSTS file.
Install and maintain reliable anti virus and firewall software. There are some free offerings here.
Ensure that your computer is fully updated via Windows Update and Office Update etc but install only the components that you need. For example, if you don't use DotNet etc, then don't install it.
Show Hidden Files.
Disable System Restore.
Reboot to Safe Mode.
Panda Active scan runs just fine and Trend Housecall is in plain English. You have to accept the ActiveX controls and therefore you need to be running Internet Explorer.
What did Spybot find? Run it again and click on the "Recovery" button for info.
What is Soptdoctor???
What "found" [highlight]Win32 CTX (http://www.avp.ch/avpve/newexe/win32/ctx.stm)[/highlight]? This is the cause of your colour inversion and there will be several instances of it.
-
Your logfile is clean but you need to understand that computer security is not an option, it's a necessity!
You have a duty to other network users!
-
Easy! I'm trying, can't you SEE that?
-
Do you think I'm just making it up that Panda won't run and that the other one shows up in French? Well, I assure you, I'm not. Here, if you don't believe me, look for yourself:
Trend Micro HouseCall est un service de scan antivirus innovant, disponible en ligne, grâce auquel les utilisateurs de PC peuvent rechercher sur leurs systèmes la présence d'infections virales contractées lors de la navigation sur Internet. HouseCall est simple d'utilisation et constitue une solution idéale pour les utilisateurs novices.
HouseCall propose deux services : le premier permet de scanner l'ordinateur et de détecter une infection par virus, et le deuxième nettoie l'infection trouvée. Le scan est gratuit et fournit des informations détaillés sur tout virus et tout autre programme malveillant détecté sur l'ordinateur analysé.
Questions fréquemment posées
1. Quelles sont les fonctionnalités de HouseCall ?
HouseCall peut être utilisé pour vérifier la présence de virus et de programmes espions sur un ordinateur et pour nettoyer toutes les infections trouvées. Veuillez noter que les scanners antivirus en ligne tels que HouseCall ne peuvent vous aider que si l'ordinateur est infecté.
HouseCall ne fournit pas de protection proactive. Il vous est donc recommandé de protéger également votre ordinateur à l'aide d'un logiciel antivirus. Trend Micro offre des solutions antivirus personnalisables. Pour obtenir des informations complètes sur les produits dont vous avez besoin, veuillez consulter notre site Web :
http://www.trendmicro.com/ HouseCall ne doit être considéré que comme un service d'urgence.
HouseCall est-il capable de trouver tous les types de virus et de programmes malveillants ?
HouseCall peut détecter la plupart des virus et des programmes malveillants. Malheureusement, le nombre croissant de virus et de programmes malveillants déjà existants ou en phase de développement rend la tâche de détection plus difficile et il est impossible d'en garantir l'infaillibilité.
-
How many antivirus programs and how many firewalls are you running?
Never run more than one of each unless you know exactly what you're doing. If Avast is your main AV program, it needs reinstalling.
Try as hard as I might, I cannot get Trend Micro to load a French language page unless I specifically redirect to it's French language version. I've tried on six different machines from two different locations.
Why is PrismXL installed?
Do you use SoftThinks CD Creator?
What I can see is that you haven't answered some of the questions that I've asked. I can also see that you're frustrated with what you have to go through. You need to calm down, look at things logically and carry out any instructions exactly.