So I can't click on the task manager icon at all (not through ctrl+alt+del or by right-clicking the time in the corner) and I'm fairly certain that I didn't cause this. Anybody know how I can fix this? I'm ran an AVG scan and I'm running MSE right now to see if it'll help. I'd appreciate any advice!
If you can download, run, and update MBAM, I'd highly recommend a scan with that software.
As a quick test, try downloading Process Explorer. If you're running Vista/Win7, run the Process Explorer task as Administrator. This will basically give you exactly the same information as the task manager, plus extra info. Take a good look at the list to see if anything looks suspect - As an added bonus, Process Explorer will show you the publisher name, so if something looks fishy and is digitally signed by Microsoft, it might be a system process.
If you're unsure of the running tasks, someone might be able to take a look at a HiJackThis log for you.
Unfortunately when I do a full scan with MBAM it freezes near the end of it. Quick-scan works fine though, but task-manager is still greyed out.
I did make a HiJackThis log if somebody would be willing to look at it:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:09 PM, on 1/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
oh yeah, and I assume microsoft got this figured out, but does MSSE conflict with windows defender? Do the two programs offer different or overlapping functionality?
So I can't click on the task manager icon at all (not through ctrl+alt+del or by right-clicking the time in the corner) and I'm fairly certain that I didn't cause this. Anybody know how I can fix this? I'm ran an AVG scan and I'm running MSE right now to see if it'll help. I'd appreciate any advice!
If you can download, run, and update MBAM, I'd highly recommend a scan with that software.
As a quick test, try downloading Process Explorer. If you're running Vista/Win7, run the Process Explorer task as Administrator. This will basically give you exactly the same information as the task manager, plus extra info. Take a good look at the list to see if anything looks suspect - As an added bonus, Process Explorer will show you the publisher name, so if something looks fishy and is digitally signed by Microsoft, it might be a system process.
If you're unsure of the running tasks, someone might be able to take a look at a HiJackThis log for you.
Unfortunately when I do a full scan with MBAM it freezes near the end of it. Quick-scan works fine though, but task-manager is still greyed out.
I did make a HiJackThis log if somebody would be willing to look at it:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:09 PM, on 1/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
First, I notice you're running both AVG and MSE at the same time. I know some folks like to run two real-time AV suites at once, but in my experience it's best to only run one at a time. Real time protection software will conflict with other resident scanners if they're both running at once. Run as many on-demand scanners as you want, though! Your MBAM freezing issue might have something to do with two on-access scanners running at once, which basically means that a full system scan would have MBAM, MSE, and AVG all accessing every file during the scan. One AV plus MBAM is fine, but I'm not sure about two.
Second, I'm not a HijackThis expert, but a few things jump out at me. None of them looks definitively 'maware', but several of them might be things you might not want around:
C:\Program Files\Viewpoint\Common\ViewpointService.exe (There's some discussion here about it on Bleepingcomputer - Probably not malware, but maybe something you don't want / didn't agree to).
Ask and Yahoo toolbars: Did you mean to install these?
SQL server service: Do you need this?
Again, none of those are glaringly bad to my eye, but keep in mind I'm not well-skilled with HijackThis. Someone else might be able to provide more thorough advice. I'd start by uninstalling AVG, then rebooting. This might be a quirk caused by a conflict between MSE and AVG. Afterward, try a full MBAM scan again to see it it can go through all the way, or if it freezes again. If it persists, try rebooting in safemode and scanning with MBAM.
I've been using MSE for a while now, in the place of AVG and Avast! (a little too demanding memory wise, and too buggy and clumsy) and am quite pleased. I somehow picked up a trojan dropper a while ago downloading mods for a game, and MSE dutifully found, reported, and offered to delete each trojan copy.
It also found the responsible executable, but Malwarebyte's was faster to the punch.
I had to get rid of MSE. It would randomly make the CPU spike to 100% with no disk activity (spynet update in the log), or randomly scan files that weren't being accessed (idle scan in the log). I replaced it with avast. :rotate:
I had to get rid of MSE. It would randomly make the CPU spike to 100% with no disk activity (spynet update in the log), or randomly scan files that weren't being accessed (idle scan in the log). I replaced it with avast. :rotate:
Wow. That sucks.
I had to get rid of Avast! because I disliked the interface and it disagreed with minor side functions of Vista.
TetraNitroCubane is right, you should never run two real time av scanners at once. It will bog down any system to make it nearly unusable. MSE has been a mixed bag for me. I ran across an older machine (p3 w/ 512mb of ram) that had nod32 with an expired license on it. I uninstalled nod and put mse on and the pf usage almost doubled. It might not be resource intensive compared to some, but it cannot compete with nod at all in that regard.
Yeah when I was running MBAM there were constant pop-ups from MSE and AVG about "trojans" that kept getting activated. I wasn't saavy enough with this stuff to realize what was happening until you guys told me to turn them off. Good news though, MBAM did a complete scan and now my task manager works again!
Thanks for the help everybody! Especially you TetraNitroCubane!
Isn't one of the most obvious problems because each client will scan the other's virus vaults? Or am I thinking of an earlier time, with simpler antivirus software?
Isn't one of the most obvious problems because each client will scan the other's virus vaults? Or am I thinking of an earlier time, with simpler antivirus software?
Sorry about the double post but I wanted to keep this separate.
Anyway I'm guessing many of you have heard about the massive cyber attacks have came from China in the last few weeks. And how Google was hacked through IE.
Anyway here is the MS Security Advisory on this particular bug in IE. Make sure IE's protected mode is enabled as well as UAC & (hardware) DEP and you shouldn't have any problems.
Yeah when I was running MBAM there were constant pop-ups from MSE and AVG about "trojans" that kept getting activated. I wasn't saavy enough with this stuff to realize what was happening until you guys told me to turn them off. Good news though, MBAM did a complete scan and now my task manager works again!
Thanks for the help everybody! Especially you TetraNitroCubane!
You're very welcome! Glad to hear it's working out. As an aside, just to clarify what I said earlier: I'd certainly leave one of those AV suites running - just not both at once. And I'd probably use MSE, from all I've been hearing about AVG.
Sorry about the double post but I wanted to keep this separate.
Anyway I'm guessing many of you have heard about the massive cyber attacks have came from China in the last few weeks. And how Google was hacked through IE.
Anyway here is the MS Security Advisory on this particular bug in IE. Make sure IE's protected mode is enabled as well as UAC & (hardware) DEP and you shouldn't have any problems.
Link added to the new section! Thanks very much for passing it along.
This brings me to a point I've wanted to ask for a while, though: DEP. In Vista/Win7, is it worth it to set DEP to "Turn on DEP for all programs and services except those I select", or is it best to leave it on "Turn on DEP for essential Windows programs and services only"? I'm not sure if the benefit inherent to turning it 'always on' outweigh the possible compatibility/stability issues which might arise.
Link added to the new section! Thanks very much for passing it along.
This brings me to a point I've wanted to ask for a while, though: DEP. In Vista/Win7, is it worth it to set DEP to "Turn on DEP for all programs and services except those I select", or is it best to leave it on "Turn on DEP for essential Windows programs and services only"? I'm not sure if the benefit inherent to turning it 'always on' outweigh the possible compatibility/stability issues which might arise.
Let's back up for a second, are you talking about hardware DEP or software DEP? Because hardware DEP in the bios should always be enabled. Windows Software DEP is another story. In Vista Software DEP was enabled by default and I believe it's the same for Win7.
Link added to the new section! Thanks very much for passing it along.
This brings me to a point I've wanted to ask for a while, though: DEP. In Vista/Win7, is it worth it to set DEP to "Turn on DEP for all programs and services except those I select", or is it best to leave it on "Turn on DEP for essential Windows programs and services only"? I'm not sure if the benefit inherent to turning it 'always on' outweigh the possible compatibility/stability issues which might arise.
Let's back up for a second, are you talking about hardware DEP or software DEP? Because hardware DEP in the bios should always be enabled. Windows Software DEP is another story. In Vista Software DEP was enabled by default and I believe it's the same for Win7.
I'm mostly talking about the Windows side of things (which I thought used the hardware DEP? I'm very uneducated in this topic). As far as I know, the default behavior in Vista and 7 is "Turn on DEP for essential Windows programs and services only", which means DEP won't necessarily be active for every program you use (IM clients, Browsers, etc). The alternative, which is not default, is "Turn on DEP for all programs and services except those I select", which I've heard can cause conflicts with programs like Steam or older applications.
Of course, you can always add non-compatible programs to the exception list, but in those situations I'm always concerned about getting an error and having no way to know what it was from.
TetraNitroCubane on
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited January 2010
The IE vulnerability got so bad and so publicized after the Google hullabaloo that Microsoft actually released an out-of-band patch for the issue today. Windows update will deliver it to you, or else you can check this link for more information. It is strongly recommended that you apply this patch, even if IE is not your primary browser. Unless you're on Win 7, chances are IE is still on your (Windows) system. Remember that some programs, like Steam, use IE regardless of your browser of choice.
Patch on up!
TetraNitroCubane on
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited January 2010
Wooo, hat trick.
Just a quick update to alert everyone to a deal going down this Friday. On Friday, January 29th, the full version of WinPatrol is going to be available for $0.99. That's a lifetime license for one computer.
WinPatrol is a bit of a different dog than most A/V and antimalware software. It's more of a realtime monitor that alerts you to changes in HOST files, startup processes, the registry, etc. It's supposed to allow quick reversal of said changes, too. I've not had hands-on experience, but I've been looking for another layer of protection for Win 7 x64, so I'll probably take the plunge. The main website is here, though I'll note that the design looks like a damn GeoCities page.
Its the endlessly confusing Adobe/Symantec style software business model...
Apparently when a ton of people start using your software and it gets really popular you have to screw it up by loading it down with bloatware and unnecessary features. You do this so that when the next thing comes along (to do it better than you) all your users jump ship and get wary when you make similar offerings in the future.
Its the endlessly confusing Adobe/Symantec style software business model...
Apparently when a ton of people start using your software and it gets really popular you have to screw it up by loading it down with bloatware and unnecessary features. You do this so that when the next thing comes along (to do it better than you) all your users jump ship and get wary when you make similar offerings in the future.
I don't get it either.
+1
We can also add AVG to this list.
If you specificly want anti-spyware software go with Malwarebytes Anti-malware or Super Antispyware.
Hi all!
I don't post in G&T (at all), but my girlfriend recently came to me wailing (well not really) that the year's subscription to McAfee she received when she bought her laptop had run out. When I clicked 'update subscription' it said it would be $129.95 for the year, and we both thought 'screw that', and I came to this thread for help.
Anyway, in the first instance: thanks. She now has Avast and MBAM (MSE wouldn't play nice with her computer).
However, in the second instance, I have a question. I've had automatic updates for Windows turned off for ages, and that annoying bubble telling me to turn it on comes up everytime I boot up (Windows XP). The reason being was that it always seemed to want to download updates and slowed me down like a really annoying slow thing.
So I just manually do a big download once a month or so (or every two months... or when I remember...)
Is that really such a bad thing?
I run XP, use Firefox, and thanks to this thread now I'm using MSE, MBAM on my own computer and I've also put in NoScript.
Solvent on
I don't know where he got the scorpions, or how he got them into my mattress.
I don't know if you can qualify it as rare or uncommon, but bad patches hitting Windows update have caused plenty of mayhem over the years. It isn't usually much of an issue for home users, but anyone looking after a network has to test the effect of updates before installing them to avoid potentially major catastrophes. I've had to clean up enough messes that I make it a practice to notify of new updates, check for their safety first, and then install them.
stigweard on
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited January 2010
Automatic updates can sometimes cause havoc, it's true. There were some weird updates just released yesterday for x64 Win 7 that have caused some odd behavior in my own machine, I'll admit, but nothing damaging. Fortunately, Windows has a pretty decent rollback if anything goes awry, so unless you're running a network as stigweard mentioned, I'd leave them on.
Sometimes it's pretty dang important. For example, if you've not updated in the last week or so, you're unpatched for the 'Aurora' exploit, which was critical enough for the guys at Microsoft to release an 'out-of-band' patch for last week. Right now that exploit is rapidly being leveraged across the net, and it's pretty damn nasty. Waiting a month to close the hole is probably a bad idea.
Keep in mind, this applies to more than just Windows update. It's a good idea to update everything, including your browser, whenever you're notified it's available.
If you're feeling uneasy about it, you can always set Windows auto-update to just tell you when an update is available instead of automatically installing it. That way you're alerted to when it's online, and you can install it whenever it's best for you (i.e. not in the middle of writing a big paper or somesuch).
As always, this is just my $0.02, so feel free to go with what works best for you!
TetraNitroCubane on
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited January 2010
The WinPatrol $0.99 sale started four hours early. From now until Tomorrow at 9:00 PM PST you can get the fully registered version of WinPatrol for a buck. It's good only for a single computer, but it's a lifetime activation - including all future versions.
So just to ask whether what I'm using is any good. Did note the little conversation about AdAware up there, but otherwise I'm using Microsoft Security Essensials, was previously using Nortons 2009. I also got a firewall since MSE doesn't have one, 'PC Tools Firewall Plus' is what it's called. To be honest I didn't get either of them, was planning on using MSE instead anyway but wanted to check on this PC Tools thing.
So just to ask whether what I'm using is any good. Did note the little conversation about AdAware up there, but otherwise I'm using Microsoft Security Essensials, was previously using Nortons 2009. I also got a firewall since MSE doesn't have one, 'PC Tools Firewall Plus' is what it's called. To be honest I didn't get either of them, was planning on using MSE instead anyway but wanted to check on this PC Tools thing.
I have no clue on PC Tools security software quality. I will however say the built in Windows firewall is good enough. Just keep MSE running.
So just to ask whether what I'm using is any good. Did note the little conversation about AdAware up there, but otherwise I'm using Microsoft Security Essensials, was previously using Nortons 2009. I also got a firewall since MSE doesn't have one, 'PC Tools Firewall Plus' is what it's called. To be honest I didn't get either of them, was planning on using MSE instead anyway but wanted to check on this PC Tools thing.
I have no clue on PC Tools security software quality. I will however say the built in Windows firewall is good enough. Just keep MSE running.
And as a whole, it'll be a nice change from Norton 2009, I'd say. If my memories of Norton are correct.
Synthesis on
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited January 2010
I'm not terribly familiar with PC Tools Firewall, but I have heard some grumblings about its invasive nature over on Wilders. If you can suffer the popups it doles out, then it'll probably be fine for you. Though unless you really desire and outbound firewall, I do echo Dark Shroud on this point.
Also, just for grins I looked up the latest AV comparatives results for 2009. Their top rankings, in order, were (3rd) ESET NOD32, (2nd) Kaspersky, and... (1st) Symantec.
I find this claim highly dubious, given my experiences with Symantec/Norton in the past.
I'm not terribly familiar with PC Tools Firewall, but I have heard some grumblings about its invasive nature over on Wilders. If you can suffer the popups it doles out, then it'll probably be fine for you. Though unless you really desire and outbound firewall, I do echo Dark Shroud on this point.
Also, just for grins I looked up the latest AV comparatives results for 2009. Their top rankings, in order, were (3rd) ESET NOD32, (2nd) Kaspersky, and... (1st) Symantec.
I find this claim highly dubious, given my experiences with Symantec/Norton in the past.
Let me try to clear this up, Symantec AV has never been that bad. It was a corporate product so they never bloated the hell out of it like they did Norton AV. I know a few people whom I trust that have told me Symantec AV is decent.
Does that mean I'll buy a copy? Cold day in hell when I can just use MSE now. The only AV I'll pay for is NOD 32. Maybe McAfee if they get their system resource back down. I have a soft spot for McAfee because it saved a few of my systems & networks back in the day.
Norton 2009 and 2010 are a lot less bloated than 2008 and before, though. I was using 2010 up until a few weeks ago, when I switched to MSE.
Ayulin on
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited February 2010
In the way of news: SandBoxie with x64 support is out of beta and released as a stable version. I've not used it, but it's a proactive layer of security that's bound to add some good protection. It's particularly useful if you're not in a position to run fully Sandboxed. I'll probably start working with it eventually. You can find the SandBoxie page in the OP, or I'll just link it here.
From the 'Lessons Learned the Hard Way' file: One of the workhorse servers where I'm employed was recently discovered gaming and redirecting Google traffic. Turns out it got hacked pretty hard, a LONG time ago. The server was an OS X PowerPC based machine running 10.4.11 - The intrusion likely leaked in from vulnerable web-facing materials (I'm not a very competent Sysadmin or Webmaster, sadly). Apparently the thing was silently owned for almost a year because there was some misconception of its being secure.
Now obviously this was sloppy on my part. The lesson that struck me from all this was, as always, Patch your apps as soon as you can. For everything. Regardless of operating system!
A good reason to run in Protected Mode and as a non administrator.
Or not use IE.
I heard about this one around a week ago. I feel that if someone is actively disabling security (Protected Mode & UAC) on their system for ease of use or no real reason they deserve whatever they get.
Ironically enough SandBoxie should take care of this on XP.
A good reason to run in Protected Mode and as a non administrator.
Or not use IE.
I heard about this one around a week ago. I feel that if someone is actively disabling security (Protected Mode & UAC) on their system for ease of use or no real reason they deserve whatever they get.
Ironically enough SandBoxie should take care of this on XP.
I think there's been an even newer exploit in addition to the one above: Apparently there was recently a Proof-Of-Concept attack against IE8 that was able to bypass ALSR and DEP in Windows 7. It seems to leverage Flash to do it, too.
This quote stood out to me, but I'm not sure if it's FUD :
This isn't the first time attackers have figured out how to bypass memory protections built into Microsoft software. After a technique known as heap spraying came into vogue, Microsoft added protections to thwart it in IE 8, Pouvesle said. This time around, it's not at all clear Microsoft will be able to prevent the newfangled attacks so easily.
"A change in the memory allocator could prevent" JIT-spraying," he said. "That is, I think, way too complex to do. I don't think we're going to see that happen anytime soon."
Posts
Unfortunately when I do a full scan with MBAM it freezes near the end of it. Quick-scan works fine though, but task-manager is still greyed out.
I did make a HiJackThis log if somebody would be willing to look at it:
Scan saved at 2:19:09 PM, on 1/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [NuonSoft Wallpaper Cycler 3 StartupHelper] C:\Program Files\NuonSoft\WallpaperCycler3\StartupHelper.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [barolibiso] Rundll32.exe "C:\WINDOWS\system32\yeyunuda.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [barolibiso] Rundll32.exe "C:\WINDOWS\system32\yeyunuda.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://otter1.vanaqua.org/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: jlyvdx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 14426 bytes
thanks
First, I notice you're running both AVG and MSE at the same time. I know some folks like to run two real-time AV suites at once, but in my experience it's best to only run one at a time. Real time protection software will conflict with other resident scanners if they're both running at once. Run as many on-demand scanners as you want, though! Your MBAM freezing issue might have something to do with two on-access scanners running at once, which basically means that a full system scan would have MBAM, MSE, and AVG all accessing every file during the scan. One AV plus MBAM is fine, but I'm not sure about two.
Second, I'm not a HijackThis expert, but a few things jump out at me. None of them looks definitively 'maware', but several of them might be things you might not want around:
Again, none of those are glaringly bad to my eye, but keep in mind I'm not well-skilled with HijackThis. Someone else might be able to provide more thorough advice. I'd start by uninstalling AVG, then rebooting. This might be a quirk caused by a conflict between MSE and AVG. Afterward, try a full MBAM scan again to see it it can go through all the way, or if it freezes again. If it persists, try rebooting in safemode and scanning with MBAM.
It also found the responsible executable, but Malwarebyte's was faster to the punch.
Wow. That sucks.
I had to get rid of Avast! because I disliked the interface and it disagreed with minor side functions of Vista.
Thanks for the help everybody! Especially you TetraNitroCubane!
No that can still happen to a limited degree.
Anyway I'm guessing many of you have heard about the massive cyber attacks have came from China in the last few weeks. And how Google was hacked through IE.
Anyway here is the MS Security Advisory on this particular bug in IE. Make sure IE's protected mode is enabled as well as UAC & (hardware) DEP and you shouldn't have any problems.
http://www.microsoft.com/technet/security/advisory/979352.mspx
You're very welcome! Glad to hear it's working out. As an aside, just to clarify what I said earlier: I'd certainly leave one of those AV suites running - just not both at once. And I'd probably use MSE, from all I've been hearing about AVG.
Link added to the new section! Thanks very much for passing it along.
This brings me to a point I've wanted to ask for a while, though: DEP. In Vista/Win7, is it worth it to set DEP to "Turn on DEP for all programs and services except those I select", or is it best to leave it on "Turn on DEP for essential Windows programs and services only"? I'm not sure if the benefit inherent to turning it 'always on' outweigh the possible compatibility/stability issues which might arise.
Let's back up for a second, are you talking about hardware DEP or software DEP? Because hardware DEP in the bios should always be enabled. Windows Software DEP is another story. In Vista Software DEP was enabled by default and I believe it's the same for Win7.
I'm mostly talking about the Windows side of things (which I thought used the hardware DEP? I'm very uneducated in this topic). As far as I know, the default behavior in Vista and 7 is "Turn on DEP for essential Windows programs and services only", which means DEP won't necessarily be active for every program you use (IM clients, Browsers, etc). The alternative, which is not default, is "Turn on DEP for all programs and services except those I select", which I've heard can cause conflicts with programs like Steam or older applications.
Of course, you can always add non-compatible programs to the exception list, but in those situations I'm always concerned about getting an error and having no way to know what it was from.
Patch on up!
Just a quick update to alert everyone to a deal going down this Friday. On Friday, January 29th, the full version of WinPatrol is going to be available for $0.99. That's a lifetime license for one computer.
WinPatrol is a bit of a different dog than most A/V and antimalware software. It's more of a realtime monitor that alerts you to changes in HOST files, startup processes, the registry, etc. It's supposed to allow quick reversal of said changes, too. I've not had hands-on experience, but I've been looking for another layer of protection for Win 7 x64, so I'll probably take the plunge. The main website is here, though I'll note that the design looks like a damn GeoCities page.
I KISS YOU!
Because it's a rather useless program now.
?
I KISS YOU!
Apparently when a ton of people start using your software and it gets really popular you have to screw it up by loading it down with bloatware and unnecessary features. You do this so that when the next thing comes along (to do it better than you) all your users jump ship and get wary when you make similar offerings in the future.
I don't get it either.
+1
We can also add AVG to this list.
If you specificly want anti-spyware software go with Malwarebytes Anti-malware or Super Antispyware.
I don't post in G&T (at all), but my girlfriend recently came to me wailing (well not really) that the year's subscription to McAfee she received when she bought her laptop had run out. When I clicked 'update subscription' it said it would be $129.95 for the year, and we both thought 'screw that', and I came to this thread for help.
Anyway, in the first instance: thanks. She now has Avast and MBAM (MSE wouldn't play nice with her computer).
However, in the second instance, I have a question. I've had automatic updates for Windows turned off for ages, and that annoying bubble telling me to turn it on comes up everytime I boot up (Windows XP). The reason being was that it always seemed to want to download updates and slowed me down like a really annoying slow thing.
So I just manually do a big download once a month or so (or every two months... or when I remember...)
Is that really such a bad thing?
I run XP, use Firefox, and thanks to this thread now I'm using MSE, MBAM on my own computer and I've also put in NoScript.
http://newnations.bandcamp.com
Sometimes it's pretty dang important. For example, if you've not updated in the last week or so, you're unpatched for the 'Aurora' exploit, which was critical enough for the guys at Microsoft to release an 'out-of-band' patch for last week. Right now that exploit is rapidly being leveraged across the net, and it's pretty damn nasty. Waiting a month to close the hole is probably a bad idea.
Keep in mind, this applies to more than just Windows update. It's a good idea to update everything, including your browser, whenever you're notified it's available.
If you're feeling uneasy about it, you can always set Windows auto-update to just tell you when an update is available instead of automatically installing it. That way you're alerted to when it's online, and you can install it whenever it's best for you (i.e. not in the middle of writing a big paper or somesuch).
As always, this is just my $0.02, so feel free to go with what works best for you!
Homepage for WinPatrol is here.
I have no clue on PC Tools security software quality. I will however say the built in Windows firewall is good enough. Just keep MSE running.
And as a whole, it'll be a nice change from Norton 2009, I'd say. If my memories of Norton are correct.
Also, just for grins I looked up the latest AV comparatives results for 2009. Their top rankings, in order, were (3rd) ESET NOD32, (2nd) Kaspersky, and... (1st) Symantec.
I find this claim highly dubious, given my experiences with Symantec/Norton in the past.
Let me try to clear this up, Symantec AV has never been that bad. It was a corporate product so they never bloated the hell out of it like they did Norton AV. I know a few people whom I trust that have told me Symantec AV is decent.
Does that mean I'll buy a copy? Cold day in hell when I can just use MSE now. The only AV I'll pay for is NOD 32. Maybe McAfee if they get their system resource back down. I have a soft spot for McAfee because it saved a few of my systems & networks back in the day.
I seriously doubt that (unless you're dealing with wimpy circa-1999 malware), but it is much more consistent (and there immediately) in its boginess.
From the 'Lessons Learned the Hard Way' file: One of the workhorse servers where I'm employed was recently discovered gaming and redirecting Google traffic. Turns out it got hacked pretty hard, a LONG time ago. The server was an OS X PowerPC based machine running 10.4.11 - The intrusion likely leaked in from vulnerable web-facing materials (I'm not a very competent Sysadmin or Webmaster, sadly). Apparently the thing was silently owned for almost a year because there was some misconception of its being secure.
Now obviously this was sloppy on my part. The lesson that struck me from all this was, as always, Patch your apps as soon as you can. For everything. Regardless of operating system!
A good reason to run in Protected Mode and as a non administrator.
Or not use IE.
I heard about this one around a week ago. I feel that if someone is actively disabling security (Protected Mode & UAC) on their system for ease of use or no real reason they deserve whatever they get.
Ironically enough SandBoxie should take care of this on XP.
I think there's been an even newer exploit in addition to the one above: Apparently there was recently a Proof-Of-Concept attack against IE8 that was able to bypass ALSR and DEP in Windows 7. It seems to leverage Flash to do it, too.
This quote stood out to me, but I'm not sure if it's FUD :