As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[Computer Security Thread] Lastpass Compromised (Again)

1356794

Posts

  • DrIanMalcolmDrIanMalcolm Registered User regular
    edited January 2010
    So I can't click on the task manager icon at all (not through ctrl+alt+del or by right-clicking the time in the corner) and I'm fairly certain that I didn't cause this. Anybody know how I can fix this? I'm ran an AVG scan and I'm running MSE right now to see if it'll help. I'd appreciate any advice!

    If you can download, run, and update MBAM, I'd highly recommend a scan with that software.

    As a quick test, try downloading Process Explorer. If you're running Vista/Win7, run the Process Explorer task as Administrator. This will basically give you exactly the same information as the task manager, plus extra info. Take a good look at the list to see if anything looks suspect - As an added bonus, Process Explorer will show you the publisher name, so if something looks fishy and is digitally signed by Microsoft, it might be a system process.

    If you're unsure of the running tasks, someone might be able to take a look at a HiJackThis log for you.

    Unfortunately when I do a full scan with MBAM it freezes near the end of it. Quick-scan works fine though, but task-manager is still greyed out.

    I did make a HiJackThis log if somebody would be willing to look at it:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:19:09 PM, on 1/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16945)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\dlcdcoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [NuonSoft Wallpaper Cycler 3 StartupHelper] C:\Program Files\NuonSoft\WallpaperCycler3\StartupHelper.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [barolibiso] Rundll32.exe "C:\WINDOWS\system32\yeyunuda.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [barolibiso] Rundll32.exe "C:\WINDOWS\system32\yeyunuda.dll",s (User 'NETWORK SERVICE')
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://otter1.vanaqua.org/activex/AxisCamControl.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: jlyvdx.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 14426 bytes

    DrIanMalcolm on
  • LoneIgadzraLoneIgadzra Registered User regular
    edited January 2010
    Lord Jezo wrote: »
    oh yeah, and I assume microsoft got this figured out, but does MSSE conflict with windows defender? Do the two programs offer different or overlapping functionality?

    It sort of takes the place of Defender..

    http://social.answers.microsoft.com/Forums/en-US/msestart/thread/5309cb8d-02e1-40e8-974f-0dcedb9ab9fd

    thanks

    LoneIgadzra on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited January 2010
    So I can't click on the task manager icon at all (not through ctrl+alt+del or by right-clicking the time in the corner) and I'm fairly certain that I didn't cause this. Anybody know how I can fix this? I'm ran an AVG scan and I'm running MSE right now to see if it'll help. I'd appreciate any advice!

    If you can download, run, and update MBAM, I'd highly recommend a scan with that software.

    As a quick test, try downloading Process Explorer. If you're running Vista/Win7, run the Process Explorer task as Administrator. This will basically give you exactly the same information as the task manager, plus extra info. Take a good look at the list to see if anything looks suspect - As an added bonus, Process Explorer will show you the publisher name, so if something looks fishy and is digitally signed by Microsoft, it might be a system process.

    If you're unsure of the running tasks, someone might be able to take a look at a HiJackThis log for you.

    Unfortunately when I do a full scan with MBAM it freezes near the end of it. Quick-scan works fine though, but task-manager is still greyed out.

    I did make a HiJackThis log if somebody would be willing to look at it:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:19:09 PM, on 1/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16945)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\dlcdcoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [NuonSoft Wallpaper Cycler 3 StartupHelper] C:\Program Files\NuonSoft\WallpaperCycler3\StartupHelper.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [barolibiso] Rundll32.exe "C:\WINDOWS\system32\yeyunuda.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [barolibiso] Rundll32.exe "C:\WINDOWS\system32\yeyunuda.dll",s (User 'NETWORK SERVICE')
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://otter1.vanaqua.org/activex/AxisCamControl.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: jlyvdx.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 14426 bytes

    First, I notice you're running both AVG and MSE at the same time. I know some folks like to run two real-time AV suites at once, but in my experience it's best to only run one at a time. Real time protection software will conflict with other resident scanners if they're both running at once. Run as many on-demand scanners as you want, though! Your MBAM freezing issue might have something to do with two on-access scanners running at once, which basically means that a full system scan would have MBAM, MSE, and AVG all accessing every file during the scan. One AV plus MBAM is fine, but I'm not sure about two.

    Second, I'm not a HijackThis expert, but a few things jump out at me. None of them looks definitively 'maware', but several of them might be things you might not want around:
    • C:\Program Files\Viewpoint\Common\ViewpointService.exe (There's some discussion here about it on Bleepingcomputer - Probably not malware, but maybe something you don't want / didn't agree to).
    • Ask and Yahoo toolbars: Did you mean to install these?
    • SQL server service: Do you need this?

    Again, none of those are glaringly bad to my eye, but keep in mind I'm not well-skilled with HijackThis. Someone else might be able to provide more thorough advice. I'd start by uninstalling AVG, then rebooting. This might be a quirk caused by a conflict between MSE and AVG. Afterward, try a full MBAM scan again to see it it can go through all the way, or if it freezes again. If it persists, try rebooting in safemode and scanning with MBAM.

    TetraNitroCubane on
    VuIBhrs.png
  • SynthesisSynthesis Honda Today! Registered User regular
    edited January 2010
    I've been using MSE for a while now, in the place of AVG and Avast! (a little too demanding memory wise, and too buggy and clumsy) and am quite pleased. I somehow picked up a trojan dropper a while ago downloading mods for a game, and MSE dutifully found, reported, and offered to delete each trojan copy.

    It also found the responsible executable, but Malwarebyte's was faster to the punch.

    Synthesis on
  • MKRMKR Registered User regular
    edited January 2010
    I had to get rid of MSE. It would randomly make the CPU spike to 100% with no disk activity (spynet update in the log), or randomly scan files that weren't being accessed (idle scan in the log). I replaced it with avast. :rotate:

    MKR on
  • SynthesisSynthesis Honda Today! Registered User regular
    edited January 2010
    MKR wrote: »
    I had to get rid of MSE. It would randomly make the CPU spike to 100% with no disk activity (spynet update in the log), or randomly scan files that weren't being accessed (idle scan in the log). I replaced it with avast. :rotate:

    Wow. That sucks.

    I had to get rid of Avast! because I disliked the interface and it disagreed with minor side functions of Vista.

    Synthesis on
  • stigweardstigweard Registered User regular
    edited January 2010
    TetraNitroCubane is right, you should never run two real time av scanners at once. It will bog down any system to make it nearly unusable. MSE has been a mixed bag for me. I ran across an older machine (p3 w/ 512mb of ram) that had nod32 with an expired license on it. I uninstalled nod and put mse on and the pf usage almost doubled. It might not be resource intensive compared to some, but it cannot compete with nod at all in that regard.

    stigweard on
  • TofystedethTofystedeth Registered User regular
    edited January 2010
    They will also often report each other as malicious due to the nature of what they do.

    Tofystedeth on
    steam_sig.png
  • DrIanMalcolmDrIanMalcolm Registered User regular
    edited January 2010
    Yeah when I was running MBAM there were constant pop-ups from MSE and AVG about "trojans" that kept getting activated. I wasn't saavy enough with this stuff to realize what was happening until you guys told me to turn them off. Good news though, MBAM did a complete scan and now my task manager works again!

    Thanks for the help everybody! Especially you TetraNitroCubane!

    DrIanMalcolm on
  • SynthesisSynthesis Honda Today! Registered User regular
    edited January 2010
    Isn't one of the most obvious problems because each client will scan the other's virus vaults? Or am I thinking of an earlier time, with simpler antivirus software?

    Synthesis on
  • Dark ShroudDark Shroud Registered User regular
    edited January 2010
    Synthesis wrote: »
    Isn't one of the most obvious problems because each client will scan the other's virus vaults? Or am I thinking of an earlier time, with simpler antivirus software?

    No that can still happen to a limited degree.

    Dark Shroud on
  • Dark ShroudDark Shroud Registered User regular
    edited January 2010
    Sorry about the double post but I wanted to keep this separate.

    Anyway I'm guessing many of you have heard about the massive cyber attacks have came from China in the last few weeks. And how Google was hacked through IE.

    Anyway here is the MS Security Advisory on this particular bug in IE. Make sure IE's protected mode is enabled as well as UAC & (hardware) DEP and you shouldn't have any problems.

    http://www.microsoft.com/technet/security/advisory/979352.mspx

    Dark Shroud on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited January 2010
    Yeah when I was running MBAM there were constant pop-ups from MSE and AVG about "trojans" that kept getting activated. I wasn't saavy enough with this stuff to realize what was happening until you guys told me to turn them off. Good news though, MBAM did a complete scan and now my task manager works again!

    Thanks for the help everybody! Especially you TetraNitroCubane!

    You're very welcome! Glad to hear it's working out. As an aside, just to clarify what I said earlier: I'd certainly leave one of those AV suites running - just not both at once. And I'd probably use MSE, from all I've been hearing about AVG.
    Sorry about the double post but I wanted to keep this separate.

    Anyway I'm guessing many of you have heard about the massive cyber attacks have came from China in the last few weeks. And how Google was hacked through IE.

    Anyway here is the MS Security Advisory on this particular bug in IE. Make sure IE's protected mode is enabled as well as UAC & (hardware) DEP and you shouldn't have any problems.

    http://www.microsoft.com/technet/security/advisory/979352.mspx

    Link added to the new section! Thanks very much for passing it along.

    This brings me to a point I've wanted to ask for a while, though: DEP. In Vista/Win7, is it worth it to set DEP to "Turn on DEP for all programs and services except those I select", or is it best to leave it on "Turn on DEP for essential Windows programs and services only"? I'm not sure if the benefit inherent to turning it 'always on' outweigh the possible compatibility/stability issues which might arise.

    TetraNitroCubane on
    VuIBhrs.png
  • Dark ShroudDark Shroud Registered User regular
    edited January 2010
    Link added to the new section! Thanks very much for passing it along.

    This brings me to a point I've wanted to ask for a while, though: DEP. In Vista/Win7, is it worth it to set DEP to "Turn on DEP for all programs and services except those I select", or is it best to leave it on "Turn on DEP for essential Windows programs and services only"? I'm not sure if the benefit inherent to turning it 'always on' outweigh the possible compatibility/stability issues which might arise.

    Let's back up for a second, are you talking about hardware DEP or software DEP? Because hardware DEP in the bios should always be enabled. Windows Software DEP is another story. In Vista Software DEP was enabled by default and I believe it's the same for Win7.

    Dark Shroud on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited January 2010
    Link added to the new section! Thanks very much for passing it along.

    This brings me to a point I've wanted to ask for a while, though: DEP. In Vista/Win7, is it worth it to set DEP to "Turn on DEP for all programs and services except those I select", or is it best to leave it on "Turn on DEP for essential Windows programs and services only"? I'm not sure if the benefit inherent to turning it 'always on' outweigh the possible compatibility/stability issues which might arise.

    Let's back up for a second, are you talking about hardware DEP or software DEP? Because hardware DEP in the bios should always be enabled. Windows Software DEP is another story. In Vista Software DEP was enabled by default and I believe it's the same for Win7.

    I'm mostly talking about the Windows side of things (which I thought used the hardware DEP? I'm very uneducated in this topic). As far as I know, the default behavior in Vista and 7 is "Turn on DEP for essential Windows programs and services only", which means DEP won't necessarily be active for every program you use (IM clients, Browsers, etc). The alternative, which is not default, is "Turn on DEP for all programs and services except those I select", which I've heard can cause conflicts with programs like Steam or older applications.

    Of course, you can always add non-compatible programs to the exception list, but in those situations I'm always concerned about getting an error and having no way to know what it was from.

    TetraNitroCubane on
    VuIBhrs.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited January 2010
    The IE vulnerability got so bad and so publicized after the Google hullabaloo that Microsoft actually released an out-of-band patch for the issue today. Windows update will deliver it to you, or else you can check this link for more information. It is strongly recommended that you apply this patch, even if IE is not your primary browser. Unless you're on Win 7, chances are IE is still on your (Windows) system. Remember that some programs, like Steam, use IE regardless of your browser of choice.

    Patch on up!

    TetraNitroCubane on
    VuIBhrs.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited January 2010
    Wooo, hat trick.

    Just a quick update to alert everyone to a deal going down this Friday. On Friday, January 29th, the full version of WinPatrol is going to be available for $0.99. That's a lifetime license for one computer.

    WinPatrol is a bit of a different dog than most A/V and antimalware software. It's more of a realtime monitor that alerts you to changes in HOST files, startup processes, the registry, etc. It's supposed to allow quick reversal of said changes, too. I've not had hands-on experience, but I've been looking for another layer of protection for Win 7 x64, so I'll probably take the plunge. The main website is here, though I'll note that the design looks like a damn GeoCities page.

    TetraNitroCubane on
    VuIBhrs.png
  • Lord JezoLord Jezo Registered User regular
    edited January 2010
    Why the heck is AdAware 87 megs now?

    Lord Jezo on
    Clipboard03.jpg
    I KISS YOU!
  • Dark ShroudDark Shroud Registered User regular
    edited January 2010
    Lord Jezo wrote: »
    Why the heck is AdAware 87 megs now?

    Because it's a rather useless program now.

    Dark Shroud on
  • Lord JezoLord Jezo Registered User regular
    edited January 2010
    Lord Jezo wrote: »
    Why the heck is AdAware 87 megs now?

    Because it's a rather useless program now.

    ?

    Lord Jezo on
    Clipboard03.jpg
    I KISS YOU!
  • GreenishGreenish Registered User regular
    edited January 2010
    Its the endlessly confusing Adobe/Symantec style software business model...

    Apparently when a ton of people start using your software and it gets really popular you have to screw it up by loading it down with bloatware and unnecessary features. You do this so that when the next thing comes along (to do it better than you) all your users jump ship and get wary when you make similar offerings in the future.

    I don't get it either.

    Greenish on
  • Dark ShroudDark Shroud Registered User regular
    edited January 2010
    Greenish wrote: »
    Its the endlessly confusing Adobe/Symantec style software business model...

    Apparently when a ton of people start using your software and it gets really popular you have to screw it up by loading it down with bloatware and unnecessary features. You do this so that when the next thing comes along (to do it better than you) all your users jump ship and get wary when you make similar offerings in the future.

    I don't get it either.

    +1

    We can also add AVG to this list.

    If you specificly want anti-spyware software go with Malwarebytes Anti-malware or Super Antispyware.

    Dark Shroud on
  • SolventSolvent Econ-artist กรุงเทพมหานครRegistered User regular
    edited January 2010
    Hi all!
    I don't post in G&T (at all), but my girlfriend recently came to me wailing (well not really) that the year's subscription to McAfee she received when she bought her laptop had run out. When I clicked 'update subscription' it said it would be $129.95 for the year, and we both thought 'screw that', and I came to this thread for help.

    Anyway, in the first instance: thanks. She now has Avast and MBAM (MSE wouldn't play nice with her computer).


    However, in the second instance, I have a question. I've had automatic updates for Windows turned off for ages, and that annoying bubble telling me to turn it on comes up everytime I boot up (Windows XP). The reason being was that it always seemed to want to download updates and slowed me down like a really annoying slow thing.
    So I just manually do a big download once a month or so (or every two months... or when I remember...)

    Is that really such a bad thing?
    I run XP, use Firefox, and thanks to this thread now I'm using MSE, MBAM on my own computer and I've also put in NoScript.

    Solvent on
    I don't know where he got the scorpions, or how he got them into my mattress.

    http://newnations.bandcamp.com
  • AyulinAyulin Registered User regular
    edited January 2010
    Eh, I'd say just leave Automatic Updates on. It's never a bad thing to patch your system, and it shouldn't slow it down that much (if at all).

    Ayulin on
    steam_sig.png
  • stigweardstigweard Registered User regular
    edited January 2010
    I don't know if you can qualify it as rare or uncommon, but bad patches hitting Windows update have caused plenty of mayhem over the years. It isn't usually much of an issue for home users, but anyone looking after a network has to test the effect of updates before installing them to avoid potentially major catastrophes. I've had to clean up enough messes that I make it a practice to notify of new updates, check for their safety first, and then install them.

    stigweard on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited January 2010
    Automatic updates can sometimes cause havoc, it's true. There were some weird updates just released yesterday for x64 Win 7 that have caused some odd behavior in my own machine, I'll admit, but nothing damaging. Fortunately, Windows has a pretty decent rollback if anything goes awry, so unless you're running a network as stigweard mentioned, I'd leave them on.

    Sometimes it's pretty dang important. For example, if you've not updated in the last week or so, you're unpatched for the 'Aurora' exploit, which was critical enough for the guys at Microsoft to release an 'out-of-band' patch for last week. Right now that exploit is rapidly being leveraged across the net, and it's pretty damn nasty. Waiting a month to close the hole is probably a bad idea.

    Keep in mind, this applies to more than just Windows update. It's a good idea to update everything, including your browser, whenever you're notified it's available.

    If you're feeling uneasy about it, you can always set Windows auto-update to just tell you when an update is available instead of automatically installing it. That way you're alerted to when it's online, and you can install it whenever it's best for you (i.e. not in the middle of writing a big paper or somesuch).

    As always, this is just my $0.02, so feel free to go with what works best for you!

    TetraNitroCubane on
    VuIBhrs.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited January 2010
    The WinPatrol $0.99 sale started four hours early. From now until Tomorrow at 9:00 PM PST you can get the fully registered version of WinPatrol for a buck. It's good only for a single computer, but it's a lifetime activation - including all future versions.

    Homepage for WinPatrol is here.

    TetraNitroCubane on
    VuIBhrs.png
  • ArthilArthil Registered User regular
    edited January 2010
    So just to ask whether what I'm using is any good. Did note the little conversation about AdAware up there, but otherwise I'm using Microsoft Security Essensials, was previously using Nortons 2009. I also got a firewall since MSE doesn't have one, 'PC Tools Firewall Plus' is what it's called. To be honest I didn't get either of them, was planning on using MSE instead anyway but wanted to check on this PC Tools thing.

    Arthil on
    PSN: Honishimo Steam UPlay: Arthil
  • Dark ShroudDark Shroud Registered User regular
    edited January 2010
    Arthil wrote: »
    So just to ask whether what I'm using is any good. Did note the little conversation about AdAware up there, but otherwise I'm using Microsoft Security Essensials, was previously using Nortons 2009. I also got a firewall since MSE doesn't have one, 'PC Tools Firewall Plus' is what it's called. To be honest I didn't get either of them, was planning on using MSE instead anyway but wanted to check on this PC Tools thing.

    I have no clue on PC Tools security software quality. I will however say the built in Windows firewall is good enough. Just keep MSE running.

    Dark Shroud on
  • SynthesisSynthesis Honda Today! Registered User regular
    edited January 2010
    Arthil wrote: »
    So just to ask whether what I'm using is any good. Did note the little conversation about AdAware up there, but otherwise I'm using Microsoft Security Essensials, was previously using Nortons 2009. I also got a firewall since MSE doesn't have one, 'PC Tools Firewall Plus' is what it's called. To be honest I didn't get either of them, was planning on using MSE instead anyway but wanted to check on this PC Tools thing.

    I have no clue on PC Tools security software quality. I will however say the built in Windows firewall is good enough. Just keep MSE running.

    And as a whole, it'll be a nice change from Norton 2009, I'd say. If my memories of Norton are correct.

    Synthesis on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited January 2010
    I'm not terribly familiar with PC Tools Firewall, but I have heard some grumblings about its invasive nature over on Wilders. If you can suffer the popups it doles out, then it'll probably be fine for you. Though unless you really desire and outbound firewall, I do echo Dark Shroud on this point.

    Also, just for grins I looked up the latest AV comparatives results for 2009. Their top rankings, in order, were (3rd) ESET NOD32, (2nd) Kaspersky, and... (1st) Symantec.

    I find this claim highly dubious, given my experiences with Symantec/Norton in the past.

    TetraNitroCubane on
    VuIBhrs.png
  • theSquidtheSquid Sydney, AustraliaRegistered User regular
    edited January 2010
    What a joke. I have no doubt in my mind that entire anti-virus segment is a giant corporate bullshitfest.

    theSquid on
  • autono-wally, erotibot300autono-wally, erotibot300 love machine Registered User regular
    edited January 2010
    norton probably bogs a system down more than most malware does

    autono-wally, erotibot300 on
    kFJhXwE.jpgkFJhXwE.jpg
  • Dark ShroudDark Shroud Registered User regular
    edited January 2010
    I'm not terribly familiar with PC Tools Firewall, but I have heard some grumblings about its invasive nature over on Wilders. If you can suffer the popups it doles out, then it'll probably be fine for you. Though unless you really desire and outbound firewall, I do echo Dark Shroud on this point.

    Also, just for grins I looked up the latest AV comparatives results for 2009. Their top rankings, in order, were (3rd) ESET NOD32, (2nd) Kaspersky, and... (1st) Symantec.

    I find this claim highly dubious, given my experiences with Symantec/Norton in the past.

    Let me try to clear this up, Symantec AV has never been that bad. It was a corporate product so they never bloated the hell out of it like they did Norton AV. I know a few people whom I trust that have told me Symantec AV is decent.

    Does that mean I'll buy a copy? Cold day in hell when I can just use MSE now. The only AV I'll pay for is NOD 32. Maybe McAfee if they get their system resource back down. I have a soft spot for McAfee because it saved a few of my systems & networks back in the day.

    Dark Shroud on
  • SynthesisSynthesis Honda Today! Registered User regular
    edited February 2010
    norton probably bogs a system down more than most malware does

    I seriously doubt that (unless you're dealing with wimpy circa-1999 malware), but it is much more consistent (and there immediately) in its boginess.

    Synthesis on
  • AyulinAyulin Registered User regular
    edited February 2010
    Norton 2009 and 2010 are a lot less bloated than 2008 and before, though. I was using 2010 up until a few weeks ago, when I switched to MSE.

    Ayulin on
    steam_sig.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited February 2010
    In the way of news: SandBoxie with x64 support is out of beta and released as a stable version. I've not used it, but it's a proactive layer of security that's bound to add some good protection. It's particularly useful if you're not in a position to run fully Sandboxed. I'll probably start working with it eventually. You can find the SandBoxie page in the OP, or I'll just link it here.

    From the 'Lessons Learned the Hard Way' file: One of the workhorse servers where I'm employed was recently discovered gaming and redirecting Google traffic. Turns out it got hacked pretty hard, a LONG time ago. The server was an OS X PowerPC based machine running 10.4.11 - The intrusion likely leaked in from vulnerable web-facing materials (I'm not a very competent Sysadmin or Webmaster, sadly). Apparently the thing was silently owned for almost a year because there was some misconception of its being secure.

    Now obviously this was sloppy on my part. The lesson that struck me from all this was, as always, Patch your apps as soon as you can. For everything. Regardless of operating system!

    TetraNitroCubane on
    VuIBhrs.png
  • TofystedethTofystedeth Registered User regular
    edited February 2010
    Heads Up! Another IE security flaw!

    A good reason to run in Protected Mode and as a non administrator.

    Or not use IE.

    Tofystedeth on
    steam_sig.png
  • Dark ShroudDark Shroud Registered User regular
    edited February 2010
    Heads Up! Another IE security flaw!

    A good reason to run in Protected Mode and as a non administrator.

    Or not use IE.

    I heard about this one around a week ago. I feel that if someone is actively disabling security (Protected Mode & UAC) on their system for ease of use or no real reason they deserve whatever they get.

    Ironically enough SandBoxie should take care of this on XP.

    Dark Shroud on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited February 2010
    Heads Up! Another IE security flaw!

    A good reason to run in Protected Mode and as a non administrator.

    Or not use IE.

    I heard about this one around a week ago. I feel that if someone is actively disabling security (Protected Mode & UAC) on their system for ease of use or no real reason they deserve whatever they get.

    Ironically enough SandBoxie should take care of this on XP.

    I think there's been an even newer exploit in addition to the one above: Apparently there was recently a Proof-Of-Concept attack against IE8 that was able to bypass ALSR and DEP in Windows 7. It seems to leverage Flash to do it, too.

    This quote stood out to me, but I'm not sure if it's FUD :
    This isn't the first time attackers have figured out how to bypass memory protections built into Microsoft software. After a technique known as heap spraying came into vogue, Microsoft added protections to thwart it in IE 8, Pouvesle said. This time around, it's not at all clear Microsoft will be able to prevent the newfangled attacks so easily.

    "A change in the memory allocator could prevent" JIT-spraying," he said. "That is, I think, way too complex to do. I don't think we're going to see that happen anytime soon."

    TetraNitroCubane on
    VuIBhrs.png
Sign In or Register to comment.