Guest village idiot Posted January 1, 2009 Posted January 1, 2009 Vista IE7 win live one care - up to date installed malwarebytes last night for very slow running new computer HP Pavilion I have new HP from Aug 08. All software above came w/laptop except the malwarebytes. Computer has been annoyingly slow for last few weeks. A couple of months ago I had an incident of multiple windows opening w/o prompting. Had to shut down computer to stop this. It happened again just a few ago. What causes this???? I have run winloc and malwarebytes. Nothing shows up. Please help. At the time of cascading windows, Event log shows............ Error 1/1/2009 1:59:25 AM DigitalPersona Pro 1283 (1280) Error 1/1/2009 1:59:20 AM WMI 10 None Warning 1/1/2009 1:59:19 AM HttpEvent 15301 None Warning 1/1/2009 1:59:19 AM HttpEvent 15300 None Error 1/1/2009 1:58:52 AM HttpEvent 15016 None Warning 1/1/2009 1:55:44 AM WLAN-AutoConfig 4001 None Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None Warning 1/1/2009 1:55:42 AM HttpEvent 15301 None Warning 1/1/2009 1:55:42 AM HttpEvent 15300 None Error 1/1/2009 1:55:25 AM DistributedCOM 10016 None Error 1/1/2009 1:54:44 AM DistributedCOM 10016 None Error 1/1/2009 1:54:43 AM DistributedCOM 10016 None Error 1/1/2009 1:54:42 AM DistributedCOM 10016 None Error 1/1/2009 1:54:39 AM DistributedCOM 10016 None Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None Error 1/1/2009 1:54:37 AM DistributedCOM 10016 None Error 1/1/2009 1:54:36 AM DistributedCOM 10016 None Error 1/1/2009 1:54:35 AM DistributedCOM 10016 None Error 1/1/2009 1:54:34 AM DistributedCOM 10016 None Error 1/1/2009 1:54:33 AM DistributedCOM 10016 None Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None Error 1/1/2009 1:54:31 AM DistributedCOM 10016 None Error 1/1/2009 1:54:30 AM DistributedCOM 10016 None Warning 1/1/2009 1:41:05 AM HttpEvent 15301 None Warning 1/1/2009 1:41:05 AM HttpEvent 15300 None Warning 1/1/2009 1:41:00 AM HttpEvent 15301 None Warning 1/1/2009 1:41:00 AM HttpEvent 15300 None Warning 1/1/2009 1:40:39 AM Dhcp-Client 1003 None Thanks and Happy and healthy 2009! the village idiot Quote
Guest PA Bear [MS MVP] Posted January 1, 2009 Posted January 1, 2009 Chances are that you're seeing the affects of a hijackware infection. 1. See if you can download/run the MSRT manually: http://www.microsoft.com/security/malwareremove/default.mspx 2. Run this online scan (in safe mode w/networking, if need be): http://onecare.live.com/site/en-us/center/howsafe.htm 3. Run additional checks for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2....emoving_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjuction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. Post your log to http://spywarehammer.com/simplemachinesfor....php?board=10.0, http://forums.spybot.info/forumdisplay.php?f=22, http://aumha.net/viewforum.php?f=30, or another appropriate forum for review by an expert in such matters, not here. If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ village idiot wrote:<span style="color:blue"> > Vista > IE7 > win live one care - up to date > installed malwarebytes last night for very slow running new computer > HP Pavilion > > I have new HP from Aug 08. All software above came w/laptop except the > malwarebytes. > > Computer has been annoyingly slow for last few weeks. A couple of months > ago I had an incident of multiple windows opening w/o prompting. Had to > shut > down computer to stop this. It happened again just a few ago. > > What causes this???? I have run winloc and malwarebytes. Nothing shows > up. > Please help. At the time of cascading windows, Event log > shows............ > > > Error 1/1/2009 1:59:25 AM DigitalPersona Pro 1283 (1280) > Error 1/1/2009 1:59:20 AM WMI 10 None > Warning 1/1/2009 1:59:19 AM HttpEvent 15301 None > Warning 1/1/2009 1:59:19 AM HttpEvent 15300 None > Error 1/1/2009 1:58:52 AM HttpEvent 15016 None > Warning 1/1/2009 1:55:44 AM WLAN-AutoConfig 4001 None > Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None > Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None > Warning 1/1/2009 1:55:42 AM HttpEvent 15301 None > Warning 1/1/2009 1:55:42 AM HttpEvent 15300 None > Error 1/1/2009 1:55:25 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:44 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:43 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:42 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:39 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:37 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:36 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:35 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:34 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:33 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:31 AM DistributedCOM 10016 None > Error 1/1/2009 1:54:30 AM DistributedCOM 10016 None > Warning 1/1/2009 1:41:05 AM HttpEvent 15301 None > Warning 1/1/2009 1:41:05 AM HttpEvent 15300 None > Warning 1/1/2009 1:41:00 AM HttpEvent 15301 None > Warning 1/1/2009 1:41:00 AM HttpEvent 15300 None > Warning 1/1/2009 1:40:39 AM Dhcp-Client 1003 None > > Thanks and Happy and healthy 2009! > the village idiot </span> Quote
Guest village idiot Posted January 3, 2009 Posted January 3, 2009 Hi PA! Thanks so much for the input. I am still working my way through all of the articles and advice you gave. I bought ad-aware 2008, and evidently the scan did not finish. So per the lavasoft folks, I uninstalled and reinstalled. The scan found win32.TrojanPWS.mapper I clicked remove. My first big question is this.......... If this is a password stealer, as i have read here somewhere....... is it safe to continue using my old pws, or do I need to change all of my pws????!!!!!!!!!!!!!!!! I still have strange things happening, such as, when I request a pw and it is sent to my email, I will find in my spam folder, an email re "my password trouble" at same time I sent the request for pw. I don't open the spam email, I just see the first sentence, and note that the time is the same. After the reinstall, ran a quick scan, and there were only cookies. I have not run a full scan again yet. I wanted to find out this....... Is it normal for full scans to take 2 hours?????? When I run one care, it always takes this long.....from the first scan on my NEW computer after I had used it for only a couple of weeks. And, my first ad-aware scan last night, that stopped b4 it was finished (per its log, I stopped the scan.. I did not,, and hence the unistall, reinstall) That scan was set to "full scan" and it had taken about an hour before it shut down. I don't mind the time........ IF it is supposed to take that long. But, I need to know, because I worry that it takes too long because of a problem. Please let me know!!! I am fixing to run through the procedures from the mvps site you listed, but I wanted to ask those questions first. Oh......... this is happening on my new laptop. I got a router from comcast, that is connected to my desktop. Could this problem come from my desktop to my laptop? And, if not, do you think it is safe to use my desktop at sites where I have to use my passwords????? Thanks for your help. I love you guys so much. You never let me down. the village idiot!!! "PA Bear [MS MVP]" wrote: <span style="color:blue"> > Chances are that you're seeing the affects of a hijackware infection. > > 1. See if you can download/run the MSRT manually: > http://www.microsoft.com/security/malwareremove/default.mspx > > 2. Run this online scan (in safe mode w/networking, if need be): > http://onecare.live.com/site/en-us/center/howsafe.htm > > 3. Run additional checks for hijackware, including posting your hijackthis > log to an appropriate forum. > > Checking for/Help with Hijackware > http://aumha.org/a/parasite.htm > http://aumha.org/a/quickfix.htm > http://aumha.net/viewtopic.php?t=5878 > http://mvps.org/winhelp2002/unwanted.htm > http://inetexplorer.mvps.org/data/prevention.htm > http://inetexplorer.mvps.org/tshoot.html > http://www.mvps.org/sramesh2k/Malware_Defence.htm > http://defendingyourmachine2.blogspot.com/ > http://www.elephantboycomputers.com/page2....emoving_Malware > > When all else fails, HijackThis v2.0.2 > (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in > conjuction with some other utilities). HijackThis will NOT fix anything on > its own, but it will help you to both identify and remove any > hijackware/spyware with assistance from an expert. Post your log to > http://spywarehammer.com/simplemachinesfor....php?board=10.0, > http://forums.spybot.info/forumdisplay.php?f=22, > http://aumha.net/viewforum.php?f=30, or another appropriate forum for review > by an expert in such matters, not here. > > If the procedures look too complex - and there is no shame in admitting this > isn't your cup of tea - take the machine to a local, reputable and > independent (i.e., not BigBoxStoreUSA) computer repair shop. > -- > ~Robear Dyer (PA Bear) > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > AumHa VSOP & Admin http://aumha.net > DTS-L http://dts-l.net/ > > village idiot wrote:<span style="color:green"> > > Vista > > IE7 > > win live one care - up to date > > installed malwarebytes last night for very slow running new computer > > HP Pavilion > > > > I have new HP from Aug 08. All software above came w/laptop except the > > malwarebytes. > > > > Computer has been annoyingly slow for last few weeks. A couple of months > > ago I had an incident of multiple windows opening w/o prompting. Had to > > shut > > down computer to stop this. It happened again just a few ago. > > > > What causes this???? I have run winloc and malwarebytes. Nothing shows > > up. > > Please help. At the time of cascading windows, Event log > > shows............ > > > > > > Error 1/1/2009 1:59:25 AM DigitalPersona Pro 1283 (1280) > > Error 1/1/2009 1:59:20 AM WMI 10 None > > Warning 1/1/2009 1:59:19 AM HttpEvent 15301 None > > Warning 1/1/2009 1:59:19 AM HttpEvent 15300 None > > Error 1/1/2009 1:58:52 AM HttpEvent 15016 None > > Warning 1/1/2009 1:55:44 AM WLAN-AutoConfig 4001 None > > Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None > > Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None > > Warning 1/1/2009 1:55:42 AM HttpEvent 15301 None > > Warning 1/1/2009 1:55:42 AM HttpEvent 15300 None > > Error 1/1/2009 1:55:25 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:44 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:43 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:42 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:39 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:37 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:36 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:35 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:34 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:33 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:31 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:30 AM DistributedCOM 10016 None > > Warning 1/1/2009 1:41:05 AM HttpEvent 15301 None > > Warning 1/1/2009 1:41:05 AM HttpEvent 15300 None > > Warning 1/1/2009 1:41:00 AM HttpEvent 15301 None > > Warning 1/1/2009 1:41:00 AM HttpEvent 15300 None > > Warning 1/1/2009 1:40:39 AM Dhcp-Client 1003 None > > > > Thanks and Happy and healthy 2009! > > the village idiot </span> > > </span> Quote
Guest village idiot Posted January 3, 2009 Posted January 3, 2009 OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on mvps.org, and one care tells me that I need to remove ad-aware because it is interferring with one care, and could cause problems. HELP please!!!!!!!!!!! village idiot "PA Bear [MS MVP]" wrote: <span style="color:blue"> > Chances are that you're seeing the affects of a hijackware infection. > > 1. See if you can download/run the MSRT manually: > http://www.microsoft.com/security/malwareremove/default.mspx > > 2. Run this online scan (in safe mode w/networking, if need be): > http://onecare.live.com/site/en-us/center/howsafe.htm > > 3. Run additional checks for hijackware, including posting your hijackthis > log to an appropriate forum. > > Checking for/Help with Hijackware > http://aumha.org/a/parasite.htm > http://aumha.org/a/quickfix.htm > http://aumha.net/viewtopic.php?t=5878 > http://mvps.org/winhelp2002/unwanted.htm > http://inetexplorer.mvps.org/data/prevention.htm > http://inetexplorer.mvps.org/tshoot.html > http://www.mvps.org/sramesh2k/Malware_Defence.htm > http://defendingyourmachine2.blogspot.com/ > http://www.elephantboycomputers.com/page2....emoving_Malware > > When all else fails, HijackThis v2.0.2 > (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in > conjuction with some other utilities). HijackThis will NOT fix anything on > its own, but it will help you to both identify and remove any > hijackware/spyware with assistance from an expert. Post your log to > http://spywarehammer.com/simplemachinesfor....php?board=10.0, > http://forums.spybot.info/forumdisplay.php?f=22, > http://aumha.net/viewforum.php?f=30, or another appropriate forum for review > by an expert in such matters, not here. > > If the procedures look too complex - and there is no shame in admitting this > isn't your cup of tea - take the machine to a local, reputable and > independent (i.e., not BigBoxStoreUSA) computer repair shop. > -- > ~Robear Dyer (PA Bear) > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > AumHa VSOP & Admin http://aumha.net > DTS-L http://dts-l.net/ > > village idiot wrote:<span style="color:green"> > > Vista > > IE7 > > win live one care - up to date > > installed malwarebytes last night for very slow running new computer > > HP Pavilion > > > > I have new HP from Aug 08. All software above came w/laptop except the > > malwarebytes. > > > > Computer has been annoyingly slow for last few weeks. A couple of months > > ago I had an incident of multiple windows opening w/o prompting. Had to > > shut > > down computer to stop this. It happened again just a few ago. > > > > What causes this???? I have run winloc and malwarebytes. Nothing shows > > up. > > Please help. At the time of cascading windows, Event log > > shows............ > > > > > > Error 1/1/2009 1:59:25 AM DigitalPersona Pro 1283 (1280) > > Error 1/1/2009 1:59:20 AM WMI 10 None > > Warning 1/1/2009 1:59:19 AM HttpEvent 15301 None > > Warning 1/1/2009 1:59:19 AM HttpEvent 15300 None > > Error 1/1/2009 1:58:52 AM HttpEvent 15016 None > > Warning 1/1/2009 1:55:44 AM WLAN-AutoConfig 4001 None > > Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None > > Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None > > Warning 1/1/2009 1:55:42 AM HttpEvent 15301 None > > Warning 1/1/2009 1:55:42 AM HttpEvent 15300 None > > Error 1/1/2009 1:55:25 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:44 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:43 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:42 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:39 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:37 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:36 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:35 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:34 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:33 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:31 AM DistributedCOM 10016 None > > Error 1/1/2009 1:54:30 AM DistributedCOM 10016 None > > Warning 1/1/2009 1:41:05 AM HttpEvent 15301 None > > Warning 1/1/2009 1:41:05 AM HttpEvent 15300 None > > Warning 1/1/2009 1:41:00 AM HttpEvent 15301 None > > Warning 1/1/2009 1:41:00 AM HttpEvent 15300 None > > Warning 1/1/2009 1:40:39 AM Dhcp-Client 1003 None > > > > Thanks and Happy and healthy 2009! > > the village idiot </span> > > </span> Quote
Guest PA Bear [MS MVP] Posted January 3, 2009 Posted January 3, 2009 Slow down, bucko! <wink> 1. You are NOT to install OneCare, just run the Safety scan here: http://onecare.live.com/site/en-us/center/howsafe.htm (I assume you already have an anti-virus application installed. In any event, should you choose to replace your current anti-virus application with OneCare, it's safe to ignore the false warning about Ad-Aware: Both can reside nicely on your machine. 2. You do NOT have to purchase Ad-Aware 2008. Just click on the green DOWNLOAD button on the left-hand side of http://www.lavasoft.com/single/trialpay.php; you'll then be redirected to the mirror site http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. (Yes, the first page is a little confusing.) 3. After complete Steps #1 and #2 in my first reply, following the instructions at http://aumha.net/viewtopic.php?t=4075, then Register and begin a new thread in this forum: http://aumha.net/viewforum.php?f=30 Don't try to overthink this, OK? PS: Thanks for your kind words. village idiot wrote:<span style="color:blue"> > OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on mvps.org, and > one care tells me that I need to remove ad-aware because it is > interferring > with one care, and could cause problems.</span> <paste> Thanks so much for the input. I am still working my way through all of the<span style="color:blue"> > articles and advice you gave. I bought ad-aware 2008, and evidently the > scan did not finish. So per the lavasoft folks, I uninstalled and > reinstalled. The scan found win32.TrojanPWS.mapper > I clicked remove. > > My first big question is this.......... If this is a password stealer, as > i > have read here somewhere....... is it safe to continue using my old pws, > or > do I need to change all of my pws????!!!!!!!!!!!!!!!! > > I still have strange things happening, such as, when I request a pw and it > is sent to my email, I will find in my spam folder, an email re "my > password > trouble" at same time I sent the request for pw. I don't open the spam > email, I just see the first sentence, and note that the time is the same. > > After the reinstall, ran a quick scan, and there were only cookies. I > have > not run a full scan again yet. I wanted to find out this....... > > Is it normal for full scans to take 2 hours?????? When I run one care, > it > always takes this long.....from the first scan on my NEW computer after I > had used it for only a couple of weeks. > > And, my first ad-aware scan last night, that stopped b4 it was finished > (per > its log, I stopped the scan.. I did not,, and hence the unistall, > reinstall) > That scan was set to "full scan" and it had taken about an hour before it > shut down. > > I don't mind the time........ IF it is supposed to take that long. But, I > need to know, because I worry that it takes too long because of a problem. > Please let me know!!! > > I am fixing to run through the procedures from the mvps site you listed, > but > I wanted to ask those questions first. > > Oh......... this is happening on my new laptop. I got a router from > comcast, that is connected to my desktop. Could this problem come from my > desktop to my laptop? And, if not, do you think it is safe to use my > desktop at sites where I have to use my passwords?????</span> </paste><span style="color:blue"> > > "PA Bear [MS MVP]" wrote: ><span style="color:green"> >> Chances are that you're seeing the affects of a hijackware infection. >> >> 1. See if you can download/run the MSRT manually: >> http://www.microsoft.com/security/malwareremove/default.mspx >> >> 2. Run this online scan (in safe mode w/networking, if need be): >> http://onecare.live.com/site/en-us/center/howsafe.htm >> >> 3. Run additional checks for hijackware, including posting your >> hijackthis >> log to an appropriate forum. >> >> Checking for/Help with Hijackware >> http://aumha.org/a/parasite.htm >> http://aumha.org/a/quickfix.htm >> http://aumha.net/viewtopic.php?t=5878 >> http://mvps.org/winhelp2002/unwanted.htm >> http://inetexplorer.mvps.org/data/prevention.htm >> http://inetexplorer.mvps.org/tshoot.html >> http://www.mvps.org/sramesh2k/Malware_Defence.htm >> http://defendingyourmachine2.blogspot.com/ >> http://www.elephantboycomputers.com/page2....emoving_Malware >> >> When all else fails, HijackThis v2.0.2 >> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use >> (in conjuction with some other utilities). HijackThis will NOT fix >> anything on its own, but it will help you to both identify and remove any >> hijackware/spyware with assistance from an expert. Post your log to >> http://spywarehammer.com/simplemachinesfor....php?board=10.0, >> http://forums.spybot.info/forumdisplay.php?f=22, >> http://aumha.net/viewforum.php?f=30, or another appropriate forum for >> review by an expert in such matters, not here. >> >> If the procedures look too complex - and there is no shame in admitting >> this isn't your cup of tea - take the machine to a local, reputable and >> independent (i.e., not BigBoxStoreUSA) computer repair shop. >> -- >> ~Robear Dyer (PA Bear) >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >> AumHa VSOP & Admin http://aumha.net >> DTS-L http://dts-l.net/ >> >> village idiot wrote:<span style="color:darkred"> >>> Vista >>> IE7 >>> win live one care - up to date >>> installed malwarebytes last night for very slow running new computer >>> HP Pavilion >>> >>> I have new HP from Aug 08. All software above came w/laptop except the >>> malwarebytes. >>> >>> Computer has been annoyingly slow for last few weeks. A couple of >>> months >>> ago I had an incident of multiple windows opening w/o prompting. Had to >>> shut >>> down computer to stop this. It happened again just a few ago. >>> >>> What causes this???? I have run winloc and malwarebytes. Nothing shows >>> up. >>> Please help. At the time of cascading windows, Event log >>> shows............ >>> >>> >>> Error 1/1/2009 1:59:25 AM DigitalPersona Pro 1283 (1280) >>> Error 1/1/2009 1:59:20 AM WMI 10 None >>> Warning 1/1/2009 1:59:19 AM HttpEvent 15301 None >>> Warning 1/1/2009 1:59:19 AM HttpEvent 15300 None >>> Error 1/1/2009 1:58:52 AM HttpEvent 15016 None >>> Warning 1/1/2009 1:55:44 AM WLAN-AutoConfig 4001 None >>> Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None >>> Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None >>> Warning 1/1/2009 1:55:42 AM HttpEvent 15301 None >>> Warning 1/1/2009 1:55:42 AM HttpEvent 15300 None >>> Error 1/1/2009 1:55:25 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:44 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:43 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:42 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:39 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:37 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:36 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:35 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:34 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:33 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:31 AM DistributedCOM 10016 None >>> Error 1/1/2009 1:54:30 AM DistributedCOM 10016 None >>> Warning 1/1/2009 1:41:05 AM HttpEvent 15301 None >>> Warning 1/1/2009 1:41:05 AM HttpEvent 15300 None >>> Warning 1/1/2009 1:41:00 AM HttpEvent 15301 None >>> Warning 1/1/2009 1:41:00 AM HttpEvent 15300 None >>> Warning 1/1/2009 1:40:39 AM Dhcp-Client 1003 None >>> >>> Thanks and Happy and healthy 2009! >>> the village idiot</span></span></span> Quote
Guest village idiot Posted January 27, 2009 Posted January 27, 2009 Too late PA! I have gone through all of your articles, downloads, google searches, etc.. I have had one care from the beginning. Ad-aware found the first and only critical thing that was the PWSmapper thing. It removed it. I have cleaned my registry. I have run onecare and ad aware everyday for weeks now. Nothing has worked. My laptop still opens continuous multiple windows at times, about once every few days. It freezes. And, it is slower than my first computer in 1995 that had dial up. I am using comcast cable with a router from my desktop now. So, before I lose my mind, I have decided that I should probably just do a full recovery. My HP laptop is new since Aug 08. I have no important files or downloads.... nothing that I cannot lose..... (other than my mind). I have 2 major questions before I start this. I did not make recovery discs, so I will be doing a recovery using HP recovery manager using the partition thingy. BIG QUESTION is......... is it possible that whatever is causing my problems got into this partition recovery part of my computer?????????????? Second question is......... is it possible that my desktop transferred this problem to my laptop? Desktop has been just as slow as my laptop is now, for quite a while. I'm pretty sure it was s-l-o-w before I got my laptop. Is it possible that my laptop could have "caught" something from the router that is connected to my desktop? Can't wait to hear your reply to this! hehe THE village idiot "PA Bear [MS MVP]" wrote: <span style="color:blue"> > Slow down, bucko! <wink> > > 1. You are NOT to install OneCare, just run the Safety scan here: > http://onecare.live.com/site/en-us/center/howsafe.htm (I assume you already > have an anti-virus application installed. > > In any event, should you choose to replace your current anti-virus > application with OneCare, it's safe to ignore the false warning about > Ad-Aware: Both can reside nicely on your machine. > > 2. You do NOT have to purchase Ad-Aware 2008. Just click on the green > DOWNLOAD button on the left-hand side of > http://www.lavasoft.com/single/trialpay.php; you'll then be redirected to > the mirror site > http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. (Yes, the > first page is a little confusing.) > > 3. After complete Steps #1 and #2 in my first reply, following the > instructions at http://aumha.net/viewtopic.php?t=4075, then Register and > begin a new thread in this forum: http://aumha.net/viewforum.php?f=30 > > Don't try to overthink this, OK? > > PS: Thanks for your kind words. > > village idiot wrote:<span style="color:green"> > > OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on mvps.org, and > > one care tells me that I need to remove ad-aware because it is > > interferring > > with one care, and could cause problems.</span> > <paste> > Thanks so much for the input. I am still working my way through all of the<span style="color:green"> > > articles and advice you gave. I bought ad-aware 2008, and evidently the > > scan did not finish. So per the lavasoft folks, I uninstalled and > > reinstalled. The scan found win32.TrojanPWS.mapper > > I clicked remove. > > > > My first big question is this.......... If this is a password stealer, as > > i > > have read here somewhere....... is it safe to continue using my old pws, > > or > > do I need to change all of my pws????!!!!!!!!!!!!!!!! > > > > I still have strange things happening, such as, when I request a pw and it > > is sent to my email, I will find in my spam folder, an email re "my > > password > > trouble" at same time I sent the request for pw. I don't open the spam > > email, I just see the first sentence, and note that the time is the same. > > > > After the reinstall, ran a quick scan, and there were only cookies. I > > have > > not run a full scan again yet. I wanted to find out this....... > > > > Is it normal for full scans to take 2 hours?????? When I run one care, > > it > > always takes this long.....from the first scan on my NEW computer after I > > had used it for only a couple of weeks. > > > > And, my first ad-aware scan last night, that stopped b4 it was finished > > (per > > its log, I stopped the scan.. I did not,, and hence the unistall, > > reinstall) > > That scan was set to "full scan" and it had taken about an hour before it > > shut down. > > > > I don't mind the time........ IF it is supposed to take that long. But, I > > need to know, because I worry that it takes too long because of a problem. > > Please let me know!!! > > > > I am fixing to run through the procedures from the mvps site you listed, > > but > > I wanted to ask those questions first. > > > > Oh......... this is happening on my new laptop. I got a router from > > comcast, that is connected to my desktop. Could this problem come from my > > desktop to my laptop? And, if not, do you think it is safe to use my > > desktop at sites where I have to use my passwords?????</span> > </paste><span style="color:green"> > > > > "PA Bear [MS MVP]" wrote: > ><span style="color:darkred"> > >> Chances are that you're seeing the affects of a hijackware infection. > >> > >> 1. See if you can download/run the MSRT manually: > >> http://www.microsoft.com/security/malwareremove/default.mspx > >> > >> 2. Run this online scan (in safe mode w/networking, if need be): > >> http://onecare.live.com/site/en-us/center/howsafe.htm > >> > >> 3. Run additional checks for hijackware, including posting your > >> hijackthis > >> log to an appropriate forum. > >> > >> Checking for/Help with Hijackware > >> http://aumha.org/a/parasite.htm > >> http://aumha.org/a/quickfix.htm > >> http://aumha.net/viewtopic.php?t=5878 > >> http://mvps.org/winhelp2002/unwanted.htm > >> http://inetexplorer.mvps.org/data/prevention.htm > >> http://inetexplorer.mvps.org/tshoot.html > >> http://www.mvps.org/sramesh2k/Malware_Defence.htm > >> http://defendingyourmachine2.blogspot.com/ > >> http://www.elephantboycomputers.com/page2....emoving_Malware > >> > >> When all else fails, HijackThis v2.0.2 > >> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use > >> (in conjuction with some other utilities). HijackThis will NOT fix > >> anything on its own, but it will help you to both identify and remove any > >> hijackware/spyware with assistance from an expert. Post your log to > >> http://spywarehammer.com/simplemachinesfor....php?board=10.0, > >> http://forums.spybot.info/forumdisplay.php?f=22, > >> http://aumha.net/viewforum.php?f=30, or another appropriate forum for > >> review by an expert in such matters, not here. > >> > >> If the procedures look too complex - and there is no shame in admitting > >> this isn't your cup of tea - take the machine to a local, reputable and > >> independent (i.e., not BigBoxStoreUSA) computer repair shop. > >> -- > >> ~Robear Dyer (PA Bear) > >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > >> AumHa VSOP & Admin http://aumha.net > >> DTS-L http://dts-l.net/ > >> > >> village idiot wrote: > >>> Vista > >>> IE7 > >>> win live one care - up to date > >>> installed malwarebytes last night for very slow running new computer > >>> HP Pavilion > >>> > >>> I have new HP from Aug 08. All software above came w/laptop except the > >>> malwarebytes. > >>> > >>> Computer has been annoyingly slow for last few weeks. A couple of > >>> months > >>> ago I had an incident of multiple windows opening w/o prompting. Had to > >>> shut > >>> down computer to stop this. It happened again just a few ago. > >>> > >>> What causes this???? I have run winloc and malwarebytes. Nothing shows > >>> up. > >>> Please help. At the time of cascading windows, Event log > >>> shows............ > >>> > >>> > >>> Error 1/1/2009 1:59:25 AM DigitalPersona Pro 1283 (1280) > >>> Error 1/1/2009 1:59:20 AM WMI 10 None > >>> Warning 1/1/2009 1:59:19 AM HttpEvent 15301 None > >>> Warning 1/1/2009 1:59:19 AM HttpEvent 15300 None > >>> Error 1/1/2009 1:58:52 AM HttpEvent 15016 None > >>> Warning 1/1/2009 1:55:44 AM WLAN-AutoConfig 4001 None > >>> Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None > >>> Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None > >>> Warning 1/1/2009 1:55:42 AM HttpEvent 15301 None > >>> Warning 1/1/2009 1:55:42 AM HttpEvent 15300 None > >>> Error 1/1/2009 1:55:25 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:44 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:43 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:42 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:39 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:37 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:36 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:35 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:34 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:33 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:31 AM DistributedCOM 10016 None > >>> Error 1/1/2009 1:54:30 AM DistributedCOM 10016 None > >>> Warning 1/1/2009 1:41:05 AM HttpEvent 15301 None > >>> Warning 1/1/2009 1:41:05 AM HttpEvent 15300 None > >>> Warning 1/1/2009 1:41:00 AM HttpEvent 15301 None > >>> Warning 1/1/2009 1:41:00 AM HttpEvent 15300 None > >>> Warning 1/1/2009 1:40:39 AM Dhcp-Client 1003 None > >>> > >>> Thanks and Happy and healthy 2009! > >>> the village idiot</span></span> > > </span> Quote
Guest Malke Posted January 27, 2009 Posted January 27, 2009 village idiot wrote: (snippage)<span style="color:blue"> > So, before I lose my mind, I have decided that I should probably just do a > full recovery.</span> <span style="color:blue"> > I have 2 major questions before I start this. > > I did not make recovery discs, so I will be doing a recovery using HP > recovery manager using the partition thingy. BIG QUESTION is......... is > it possible that whatever is causing my problems got into this partition > recovery part of my computer?</span> No. The recovery partition holds an image of the system as it was when it came from the factory. It takes a fair amount of time to do the HP recovery. Just follow the recovery wizard and then leave it alone for hours. Don't fiddle with it until it is really, truly finished. After it boots into Windows (not long after you start recovery), there is still at least an hour of more installations. Don't interrupt the process. After the recovery is complete, you will be able to create physical recovery disks. Do this in case your hard drive dies. Then update your computer at Windows Update, etc. <span style="color:blue"> > Second question is......... is it possible that my desktop transferred > this > problem to my laptop? Desktop has been just as slow as my laptop is now, > for > quite a while. I'm pretty sure it was s-l-o-w before I got my laptop. Is > it possible that my laptop could have "caught" something from the router > that is connected to my desktop?</span> Yes, although not by catching something from the router. If you had a network-aware worm, like the Conficker worm that has been running rampant lately, all machines on the network would be infected. There is also a stronger possibility that the people using both your Desktop and your Laptop don't practice "Safe Hex" and that's how the computers got infected. Safe Hex: http://www.getsafeonline.org/ https://www.mysecurecyberspace.com/ http://www.getnetwise.org/ http://www.claymania.com/safe-hex.html http://www.aumha.org/a/parasite.htm - The Parasite Fight http://msmvps.com/blogs/harrywaldron/archi...2/05/82584.aspx - MVP Harry Waldron - The Family PC - How to stay safe on the Internet Article I wrote for my clients. If you want it, you may download it. It's a .pdf document. http://www.elephantboycomputers.com/staying-safe.pdf Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ Quote
Guest PA Bear [MS MVP] Posted January 27, 2009 Posted January 27, 2009 > I have had one care from the beginning. Ad-aware found the first and only<span style="color:blue"> > critical thing that was the PWSmapper thing. It removed it. I have > cleaned > my registry. I have run onecare and ad aware everyday for weeks now. > Nothing has worked.</span> Please give us a link to the forum thread where you've posted your HijackThis log. [Think your Registry needs "cleaning" or "repairing"? Read http://aumha.net/viewtopic.php?t=28099 and draw your own conclusions.] No, the hidden Recovery/Restore partition had not been affected. <span style="color:blue"> > Second question is......... is it possible that my desktop transferred > this > problem to my laptop? Desktop has been just as slow as my laptop is now, > for quite a while. I'm pretty sure it was s-l-o-w before I got my laptop. > Is it possible that my laptop could have "caught" something from the > router > that is connected to my desktop?</span> Yes, no question about it (cf. http://aumha.net/viewtopic.php?f=30&t=36886 and http://aumha.net/viewtopic.php?f=48&t=37919). -- ~PA Bear village idiot wrote:<span style="color:blue"> > Too late PA! > > I have gone through all of your articles, downloads, google searches, > etc.. > I have had one care from the beginning. Ad-aware found the first and only > critical thing that was the PWSmapper thing. It removed it. I have > cleaned > my registry. I have run onecare and ad aware everyday for weeks now. > Nothing has worked. My laptop still opens continuous multiple windows at > times, about once every few days. It freezes. And, it is slower than my > first computer in 1995 that had dial up. I am using comcast cable with a > router from my desktop now. > > So, before I lose my mind, I have decided that I should probably just do a > full recovery. > > My HP laptop is new since Aug 08. I have no important files or > downloads.... nothing that I cannot lose..... (other than my mind). > > I have 2 major questions before I start this. > > I did not make recovery discs, so I will be doing a recovery using HP > recovery manager using the partition thingy. BIG QUESTION is......... is > it > possible that whatever is causing my problems got into this partition > recovery part of my computer?????????????? > > Second question is......... is it possible that my desktop transferred > this > problem to my laptop? Desktop has been just as slow as my laptop is now, > for quite a while. I'm pretty sure it was s-l-o-w before I got my laptop. > Is it possible that my laptop could have "caught" something from the > router > that is connected to my desktop? > > Can't wait to hear your reply to this! hehe > > THE village idiot > > > > "PA Bear [MS MVP]" wrote: ><span style="color:green"> >> Slow down, bucko! <wink> >> >> 1. You are NOT to install OneCare, just run the Safety scan here: >> http://onecare.live.com/site/en-us/center/howsafe.htm (I assume you >> already >> have an anti-virus application installed. >> >> In any event, should you choose to replace your current anti-virus >> application with OneCare, it's safe to ignore the false warning about >> Ad-Aware: Both can reside nicely on your machine. >> >> 2. You do NOT have to purchase Ad-Aware 2008. Just click on the green >> DOWNLOAD button on the left-hand side of >> http://www.lavasoft.com/single/trialpay.php; you'll then be redirected to >> the mirror site >> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. (Yes, >> the >> first page is a little confusing.) >> >> 3. After complete Steps #1 and #2 in my first reply, following the >> instructions at http://aumha.net/viewtopic.php?t=4075, then Register and >> begin a new thread in this forum: http://aumha.net/viewforum.php?f=30 >> >> Don't try to overthink this, OK? >> >> PS: Thanks for your kind words. >> >> village idiot wrote:<span style="color:darkred"> >>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on mvps.org, >>> and >>> one care tells me that I need to remove ad-aware because it is >>> interferring >>> with one care, and could cause problems.</span> >> <paste> >> Thanks so much for the input. I am still working my way through all of >> the<span style="color:darkred"> >>> articles and advice you gave. I bought ad-aware 2008, and evidently the >>> scan did not finish. So per the lavasoft folks, I uninstalled and >>> reinstalled. The scan found win32.TrojanPWS.mapper >>> I clicked remove. >>> >>> My first big question is this.......... If this is a password stealer, >>> as >>> i >>> have read here somewhere....... is it safe to continue using my old pws, >>> or >>> do I need to change all of my pws????!!!!!!!!!!!!!!!! >>> >>> I still have strange things happening, such as, when I request a pw and >>> it >>> is sent to my email, I will find in my spam folder, an email re "my >>> password >>> trouble" at same time I sent the request for pw. I don't open the spam >>> email, I just see the first sentence, and note that the time is the >>> same. >>> >>> After the reinstall, ran a quick scan, and there were only cookies. I >>> have >>> not run a full scan again yet. I wanted to find out this....... >>> >>> Is it normal for full scans to take 2 hours?????? When I run one >>> care, >>> it >>> always takes this long.....from the first scan on my NEW computer after >>> I >>> had used it for only a couple of weeks. >>> >>> And, my first ad-aware scan last night, that stopped b4 it was finished >>> (per >>> its log, I stopped the scan.. I did not,, and hence the unistall, >>> reinstall) >>> That scan was set to "full scan" and it had taken about an hour before >>> it >>> shut down. >>> >>> I don't mind the time........ IF it is supposed to take that long. But, >>> I >>> need to know, because I worry that it takes too long because of a >>> problem. >>> Please let me know!!! >>> >>> I am fixing to run through the procedures from the mvps site you listed, >>> but >>> I wanted to ask those questions first. >>> >>> Oh......... this is happening on my new laptop. I got a router from >>> comcast, that is connected to my desktop. Could this problem come from >>> my >>> desktop to my laptop? And, if not, do you think it is safe to use my >>> desktop at sites where I have to use my passwords?????</span> >> </paste><span style="color:darkred"> >>> >>> "PA Bear [MS MVP]" wrote: >>> >>>> Chances are that you're seeing the affects of a hijackware infection. >>>> >>>> 1. See if you can download/run the MSRT manually: >>>> http://www.microsoft.com/security/malwareremove/default.mspx >>>> >>>> 2. Run this online scan (in safe mode w/networking, if need be): >>>> http://onecare.live.com/site/en-us/center/howsafe.htm >>>> >>>> 3. Run additional checks for hijackware, including posting your >>>> hijackthis >>>> log to an appropriate forum. >>>> >>>> Checking for/Help with Hijackware >>>> http://aumha.org/a/parasite.htm >>>> http://aumha.org/a/quickfix.htm >>>> http://aumha.net/viewtopic.php?t=5878 >>>> http://mvps.org/winhelp2002/unwanted.htm >>>> http://inetexplorer.mvps.org/data/prevention.htm >>>> http://inetexplorer.mvps.org/tshoot.html >>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm >>>> http://defendingyourmachine2.blogspot.com/ >>>> http://www.elephantboycomputers.com/page2....emoving_Malware >>>> >>>> When all else fails, HijackThis v2.0.2 >>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to >>>> use >>>> (in conjuction with some other utilities). HijackThis will NOT fix >>>> anything on its own, but it will help you to both identify and remove >>>> any >>>> hijackware/spyware with assistance from an expert. Post your log to >>>> http://spywarehammer.com/simplemachinesfor....php?board=10.0, >>>> http://forums.spybot.info/forumdisplay.php?f=22, >>>> http://aumha.net/viewforum.php?f=30, or another appropriate forum for >>>> review by an expert in such matters, not here. >>>> >>>> If the procedures look too complex - and there is no shame in admitting >>>> this isn't your cup of tea - take the machine to a local, reputable and >>>> independent (i.e., not BigBoxStoreUSA) computer repair shop. >>>> -- >>>> ~Robear Dyer (PA Bear) >>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >>>> AumHa VSOP & Admin http://aumha.net >>>> DTS-L http://dts-l.net/ >>>> >>>> village idiot wrote: >>>>> Vista >>>>> IE7 >>>>> win live one care - up to date >>>>> installed malwarebytes last night for very slow running new computer >>>>> HP Pavilion >>>>> >>>>> I have new HP from Aug 08. All software above came w/laptop except >>>>> the >>>>> malwarebytes. >>>>> >>>>> Computer has been annoyingly slow for last few weeks. A couple of >>>>> months >>>>> ago I had an incident of multiple windows opening w/o prompting. Had >>>>> to >>>>> shut >>>>> down computer to stop this. It happened again just a few ago. >>>>> >>>>> What causes this???? I have run winloc and malwarebytes. Nothing >>>>> shows >>>>> up. >>>>> Please help. At the time of cascading windows, Event log >>>>> shows............ >>>>> >>>>> >>>>> Error 1/1/2009 1:59:25 AM DigitalPersona Pro 1283 (1280) >>>>> Error 1/1/2009 1:59:20 AM WMI 10 None >>>>> Warning 1/1/2009 1:59:19 AM HttpEvent 15301 None >>>>> Warning 1/1/2009 1:59:19 AM HttpEvent 15300 None >>>>> Error 1/1/2009 1:58:52 AM HttpEvent 15016 None >>>>> Warning 1/1/2009 1:55:44 AM WLAN-AutoConfig 4001 None >>>>> Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None >>>>> Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None >>>>> Warning 1/1/2009 1:55:42 AM HttpEvent 15301 None >>>>> Warning 1/1/2009 1:55:42 AM HttpEvent 15300 None >>>>> Error 1/1/2009 1:55:25 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:44 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:43 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:42 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:39 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:37 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:36 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:35 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:34 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:33 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:31 AM DistributedCOM 10016 None >>>>> Error 1/1/2009 1:54:30 AM DistributedCOM 10016 None >>>>> Warning 1/1/2009 1:41:05 AM HttpEvent 15301 None >>>>> Warning 1/1/2009 1:41:05 AM HttpEvent 15300 None >>>>> Warning 1/1/2009 1:41:00 AM HttpEvent 15301 None >>>>> Warning 1/1/2009 1:41:00 AM HttpEvent 15300 None >>>>> Warning 1/1/2009 1:40:39 AM Dhcp-Client 1003 None >>>>> >>>>> Thanks and Happy and healthy 2009! >>>>> the village idiot </span></span></span> Quote
Guest village idiot Posted January 27, 2009 Posted January 27, 2009 Thanks Malke. I will read the articles you posted b4 I do anything. "Malke" wrote: <span style="color:blue"> > village idiot wrote: > > (snippage)<span style="color:green"> > > So, before I lose my mind, I have decided that I should probably just do a > > full recovery.</span> > <span style="color:green"> > > I have 2 major questions before I start this. > > > > I did not make recovery discs, so I will be doing a recovery using HP > > recovery manager using the partition thingy. BIG QUESTION is......... is > > it possible that whatever is causing my problems got into this partition > > recovery part of my computer?</span> > > No. The recovery partition holds an image of the system as it was when it > came from the factory. > > It takes a fair amount of time to do the HP recovery. Just follow the > recovery wizard and then leave it alone for hours. Don't fiddle with it > until it is really, truly finished. After it boots into Windows (not long > after you start recovery), there is still at least an hour of more > installations. Don't interrupt the process. > > After the recovery is complete, you will be able to create physical recovery > disks. Do this in case your hard drive dies. Then update your computer at > Windows Update, etc. > <span style="color:green"> > > Second question is......... is it possible that my desktop transferred > > this > > problem to my laptop? Desktop has been just as slow as my laptop is now, > > for > > quite a while. I'm pretty sure it was s-l-o-w before I got my laptop. Is > > it possible that my laptop could have "caught" something from the router > > that is connected to my desktop?</span> > > Yes, although not by catching something from the router. If you had a > network-aware worm, like the Conficker worm that has been running rampant > lately, all machines on the network would be infected. There is also a > stronger possibility that the people using both your Desktop and your > Laptop don't practice "Safe Hex" and that's how the computers got infected. > > Safe Hex: > http://www.getsafeonline.org/ > https://www.mysecurecyberspace.com/ > http://www.getnetwise.org/ > http://www.claymania.com/safe-hex.html > http://www.aumha.org/a/parasite.htm - The Parasite Fight > http://msmvps.com/blogs/harrywaldron/archi...2/05/82584.aspx - MVP > Harry Waldron - The Family PC - How to stay safe on the Internet > > Article I wrote for my clients. If you want it, you may download it. It's > a .pdf document. > http://www.elephantboycomputers.com/staying-safe.pdf > > Malke > -- > MS-MVP > Elephant Boy Computers - Don't Panic! > FAQ - http://www.elephantboycomputers.com/#FAQ > > </span> Quote
Guest village idiot Posted January 27, 2009 Posted January 27, 2009 HI PA! AAARRRGGGHHHHHHHH and OH NO. So, I will have to do something to my desktop too?..... before I take care of my laptop?????? Okay........ here is the link to my hijack log. I posted it on the 15th. I first posted one on Jan. 2nd, and got no response, so I did a new hjt on the 15th, and reposted. Still no replies. http://www.lavasoftsupport.com/index.php?showtopic=22914 Will be waiting for your wonderful help. Uh, the hjt log from the 15th was before I cleaned the registry...... if that matters. Thanks so much!!!!!!! village idiot "PA Bear [MS MVP]" wrote: <span style="color:blue"><span style="color:green"> > > I have had one care from the beginning. Ad-aware found the first and only > > critical thing that was the PWSmapper thing. It removed it. I have > > cleaned > > my registry. I have run onecare and ad aware everyday for weeks now. > > Nothing has worked.</span> > > Please give us a link to the forum thread where you've posted your > HijackThis log. > > [Think your Registry needs "cleaning" or "repairing"? Read > http://aumha.net/viewtopic.php?t=28099 and draw your own conclusions.] > > No, the hidden Recovery/Restore partition had not been affected. > <span style="color:green"> > > Second question is......... is it possible that my desktop transferred > > this > > problem to my laptop? Desktop has been just as slow as my laptop is now, > > for quite a while. I'm pretty sure it was s-l-o-w before I got my laptop. > > Is it possible that my laptop could have "caught" something from the > > router > > that is connected to my desktop?</span> > > Yes, no question about it (cf. http://aumha.net/viewtopic.php?f=30&t=36886 > and http://aumha.net/viewtopic.php?f=48&t=37919). > -- > ~PA Bear > > village idiot wrote:<span style="color:green"> > > Too late PA! > > > > I have gone through all of your articles, downloads, google searches, > > etc.. > > I have had one care from the beginning. Ad-aware found the first and only > > critical thing that was the PWSmapper thing. It removed it. I have > > cleaned > > my registry. I have run onecare and ad aware everyday for weeks now. > > Nothing has worked. My laptop still opens continuous multiple windows at > > times, about once every few days. It freezes. And, it is slower than my > > first computer in 1995 that had dial up. I am using comcast cable with a > > router from my desktop now. > > > > So, before I lose my mind, I have decided that I should probably just do a > > full recovery. > > > > My HP laptop is new since Aug 08. I have no important files or > > downloads.... nothing that I cannot lose..... (other than my mind). > > > > I have 2 major questions before I start this. > > > > I did not make recovery discs, so I will be doing a recovery using HP > > recovery manager using the partition thingy. BIG QUESTION is......... is > > it > > possible that whatever is causing my problems got into this partition > > recovery part of my computer?????????????? > > > > Second question is......... is it possible that my desktop transferred > > this > > problem to my laptop? Desktop has been just as slow as my laptop is now, > > for quite a while. I'm pretty sure it was s-l-o-w before I got my laptop. > > Is it possible that my laptop could have "caught" something from the > > router > > that is connected to my desktop? > > > > Can't wait to hear your reply to this! hehe > > > > THE village idiot > > > > > > > > "PA Bear [MS MVP]" wrote: > ><span style="color:darkred"> > >> Slow down, bucko! <wink> > >> > >> 1. You are NOT to install OneCare, just run the Safety scan here: > >> http://onecare.live.com/site/en-us/center/howsafe.htm (I assume you > >> already > >> have an anti-virus application installed. > >> > >> In any event, should you choose to replace your current anti-virus > >> application with OneCare, it's safe to ignore the false warning about > >> Ad-Aware: Both can reside nicely on your machine. > >> > >> 2. You do NOT have to purchase Ad-Aware 2008. Just click on the green > >> DOWNLOAD button on the left-hand side of > >> http://www.lavasoft.com/single/trialpay.php; you'll then be redirected to > >> the mirror site > >> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. (Yes, > >> the > >> first page is a little confusing.) > >> > >> 3. After complete Steps #1 and #2 in my first reply, following the > >> instructions at http://aumha.net/viewtopic.php?t=4075, then Register and > >> begin a new thread in this forum: http://aumha.net/viewforum.php?f=30 > >> > >> Don't try to overthink this, OK? > >> > >> PS: Thanks for your kind words. > >> > >> village idiot wrote: > >>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on mvps.org, > >>> and > >>> one care tells me that I need to remove ad-aware because it is > >>> interferring > >>> with one care, and could cause problems. > >> <paste> > >> Thanks so much for the input. I am still working my way through all of > >> the > >>> articles and advice you gave. I bought ad-aware 2008, and evidently the > >>> scan did not finish. So per the lavasoft folks, I uninstalled and > >>> reinstalled. The scan found win32.TrojanPWS.mapper > >>> I clicked remove. > >>> > >>> My first big question is this.......... If this is a password stealer, > >>> as > >>> i > >>> have read here somewhere....... is it safe to continue using my old pws, > >>> or > >>> do I need to change all of my pws????!!!!!!!!!!!!!!!! > >>> > >>> I still have strange things happening, such as, when I request a pw and > >>> it > >>> is sent to my email, I will find in my spam folder, an email re "my > >>> password > >>> trouble" at same time I sent the request for pw. I don't open the spam > >>> email, I just see the first sentence, and note that the time is the > >>> same. > >>> > >>> After the reinstall, ran a quick scan, and there were only cookies. I > >>> have > >>> not run a full scan again yet. I wanted to find out this....... > >>> > >>> Is it normal for full scans to take 2 hours?????? When I run one > >>> care, > >>> it > >>> always takes this long.....from the first scan on my NEW computer after > >>> I > >>> had used it for only a couple of weeks. > >>> > >>> And, my first ad-aware scan last night, that stopped b4 it was finished > >>> (per > >>> its log, I stopped the scan.. I did not,, and hence the unistall, > >>> reinstall) > >>> That scan was set to "full scan" and it had taken about an hour before > >>> it > >>> shut down. > >>> > >>> I don't mind the time........ IF it is supposed to take that long. But, > >>> I > >>> need to know, because I worry that it takes too long because of a > >>> problem. > >>> Please let me know!!! > >>> > >>> I am fixing to run through the procedures from the mvps site you listed, > >>> but > >>> I wanted to ask those questions first. > >>> > >>> Oh......... this is happening on my new laptop. I got a router from > >>> comcast, that is connected to my desktop. Could this problem come from > >>> my > >>> desktop to my laptop? And, if not, do you think it is safe to use my > >>> desktop at sites where I have to use my passwords????? > >> </paste> > >>> > >>> "PA Bear [MS MVP]" wrote: > >>> > >>>> Chances are that you're seeing the affects of a hijackware infection. > >>>> > >>>> 1. See if you can download/run the MSRT manually: > >>>> http://www.microsoft.com/security/malwareremove/default.mspx > >>>> > >>>> 2. Run this online scan (in safe mode w/networking, if need be): > >>>> http://onecare.live.com/site/en-us/center/howsafe.htm > >>>> > >>>> 3. Run additional checks for hijackware, including posting your > >>>> hijackthis > >>>> log to an appropriate forum. > >>>> > >>>> Checking for/Help with Hijackware > >>>> http://aumha.org/a/parasite.htm > >>>> http://aumha.org/a/quickfix.htm > >>>> http://aumha.net/viewtopic.php?t=5878 > >>>> http://mvps.org/winhelp2002/unwanted.htm > >>>> http://inetexplorer.mvps.org/data/prevention.htm > >>>> http://inetexplorer.mvps.org/tshoot.html > >>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm > >>>> http://defendingyourmachine2.blogspot.com/ > >>>> http://www.elephantboycomputers.com/page2....emoving_Malware > >>>> > >>>> When all else fails, HijackThis v2.0.2 > >>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to > >>>> use > >>>> (in conjuction with some other utilities). HijackThis will NOT fix > >>>> anything on its own, but it will help you to both identify and remove > >>>> any > >>>> hijackware/spyware with assistance from an expert. Post your log to > >>>> http://spywarehammer.com/simplemachinesfor....php?board=10.0, > >>>> http://forums.spybot.info/forumdisplay.php?f=22, > >>>> http://aumha.net/viewforum.php?f=30, or another appropriate forum for > >>>> review by an expert in such matters, not here. > >>>> > >>>> If the procedures look too complex - and there is no shame in admitting > >>>> this isn't your cup of tea - take the machine to a local, reputable and > >>>> independent (i.e., not BigBoxStoreUSA) computer repair shop. > >>>> -- > >>>> ~Robear Dyer (PA Bear) > >>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > >>>> AumHa VSOP & Admin http://aumha.net > >>>> DTS-L http://dts-l.net/ > >>>> > >>>> village idiot wrote: > >>>>> Vista > >>>>> IE7 > >>>>> win live one care - up to date > >>>>> installed malwarebytes last night for very slow running new computer > >>>>> HP Pavilion > >>>>> > >>>>> I have new HP from Aug 08. All software above came w/laptop except > >>>>> the > >>>>> malwarebytes. > >>>>> > >>>>> Computer has been annoyingly slow for last few weeks. A couple of > >>>>> months > >>>>> ago I had an incident of multiple windows opening w/o prompting. Had > >>>>> to > >>>>> shut > >>>>> down computer to stop this. It happened again just a few ago. > >>>>> > >>>>> What causes this???? I have run winloc and malwarebytes. Nothing > >>>>> shows > >>>>> up. > >>>>> Please help. At the time of cascading windows, Event log > >>>>> shows............ > >>>>> > >>>>> > >>>>> Error 1/1/2009 1:59:25 AM DigitalPersona Pro 1283 (1280) > >>>>> Error 1/1/2009 1:59:20 AM WMI 10 None > >>>>> Warning 1/1/2009 1:59:19 AM HttpEvent 15301 None > >>>>> Warning 1/1/2009 1:59:19 AM HttpEvent 15300 None > >>>>> Error 1/1/2009 1:58:52 AM HttpEvent 15016 None > >>>>> Warning 1/1/2009 1:55:44 AM WLAN-AutoConfig 4001 None > >>>>> Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None > >>>>> Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None > >>>>> Warning 1/1/2009 1:55:42 AM HttpEvent 15301 None > >>>>> Warning 1/1/2009 1:55:42 AM HttpEvent 15300 None > >>>>> Error 1/1/2009 1:55:25 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:44 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:43 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:42 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:39 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:37 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:36 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:35 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:34 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:33 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:31 AM DistributedCOM 10016 None > >>>>> Error 1/1/2009 1:54:30 AM DistributedCOM 10016 None > >>>>> Warning 1/1/2009 1:41:05 AM HttpEvent 15301 None > >>>>> Warning 1/1/2009 1:41:05 AM HttpEvent 15300 None > >>>>> Warning 1/1/2009 1:41:00 AM HttpEvent 15301 None > >>>>> Warning 1/1/2009 1:41:00 AM HttpEvent 15300 None > >>>>> Warning 1/1/2009 1:40:39 AM Dhcp-Client 1003 None > >>>>> > >>>>> Thanks and Happy and healthy 2009! > >>>>> the village idiot </span></span> > > </span> Quote
Guest ~BD~ Posted January 27, 2009 Posted January 27, 2009 Hi! I copied and pasted your HJT log into www.hijackthis.de A comment I noticed was ....... "It seems that you don't use an anti-virus scanner or your scanner is not active. Only an anti-virus scanner can protect you against new viruses. You can look here for a good anti-virus scanner. " We didn't detect any active process of a firewall on your system. Reasons maybe: (1.) You are using the windows firewall or a hardware firewall. (2.) You are using a firewall of an unknown vendor. (3.) You are using a firewall, but for unknown reasons it is disabled (4.) You don't use any firewall at all. We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum. Try posting your log there for yourself! -- Dave "village idiot" <villageidiot@discussions.microsoft.com> wrote in message news:393652CB-642F-4BDD-9099-19A9479F4DA4@microsoft.com...<span style="color:blue"> > HI PA! > > AAARRRGGGHHHHHHHH and OH NO. So, I will have to do something to my > desktop > too?..... before I take care of my laptop?????? > > Okay........ here is the link to my hijack log. I posted it on the > 15th. I > first posted one on Jan. 2nd, and got no response, so I did a new hjt > on the > 15th, and reposted. Still no replies. > http://www.lavasoftsupport.com/index.php?showtopic=22914 > > Will be waiting for your wonderful help. Uh, the hjt log from the > 15th was > before I cleaned the registry...... if that matters. > > Thanks so much!!!!!!! > village idiot > > "PA Bear [MS MVP]" wrote: ><span style="color:green"><span style="color:darkred"> >> > I have had one care from the beginning. Ad-aware found the first >> > and only >> > critical thing that was the PWSmapper thing. It removed it. I >> > have >> > cleaned >> > my registry. I have run onecare and ad aware everyday for weeks >> > now. >> > Nothing has worked.</span> >> >> Please give us a link to the forum thread where you've posted your >> HijackThis log. >> >> [Think your Registry needs "cleaning" or "repairing"? Read >> http://aumha.net/viewtopic.php?t=28099 and draw your own >> conclusions.] >> >> No, the hidden Recovery/Restore partition had not been affected. >><span style="color:darkred"> >> > Second question is......... is it possible that my desktop >> > transferred >> > this >> > problem to my laptop? Desktop has been just as slow as my laptop >> > is now, >> > for quite a while. I'm pretty sure it was s-l-o-w before I got my >> > laptop. >> > Is it possible that my laptop could have "caught" something from >> > the >> > router >> > that is connected to my desktop?</span> >> >> Yes, no question about it (cf. >> http://aumha.net/viewtopic.php?f=30&t=36886 >> and http://aumha.net/viewtopic.php?f=48&t=37919). >> -- >> ~PA Bear >> >> village idiot wrote:<span style="color:darkred"> >> > Too late PA! >> > >> > I have gone through all of your articles, downloads, google >> > searches, >> > etc.. >> > I have had one care from the beginning. Ad-aware found the first >> > and only >> > critical thing that was the PWSmapper thing. It removed it. I >> > have >> > cleaned >> > my registry. I have run onecare and ad aware everyday for weeks >> > now. >> > Nothing has worked. My laptop still opens continuous multiple >> > windows at >> > times, about once every few days. It freezes. And, it is slower >> > than my >> > first computer in 1995 that had dial up. I am using comcast cable >> > with a >> > router from my desktop now. >> > >> > So, before I lose my mind, I have decided that I should probably >> > just do a >> > full recovery. >> > >> > My HP laptop is new since Aug 08. I have no important files or >> > downloads.... nothing that I cannot lose..... (other than my mind). >> > >> > I have 2 major questions before I start this. >> > >> > I did not make recovery discs, so I will be doing a recovery using >> > HP >> > recovery manager using the partition thingy. BIG QUESTION >> > is......... is >> > it >> > possible that whatever is causing my problems got into this >> > partition >> > recovery part of my computer?????????????? >> > >> > Second question is......... is it possible that my desktop >> > transferred >> > this >> > problem to my laptop? Desktop has been just as slow as my laptop >> > is now, >> > for quite a while. I'm pretty sure it was s-l-o-w before I got my >> > laptop. >> > Is it possible that my laptop could have "caught" something from >> > the >> > router >> > that is connected to my desktop? >> > >> > Can't wait to hear your reply to this! hehe >> > >> > THE village idiot >> > >> > >> > >> > "PA Bear [MS MVP]" wrote: >> > >> >> Slow down, bucko! <wink> >> >> >> >> 1. You are NOT to install OneCare, just run the Safety scan here: >> >> http://onecare.live.com/site/en-us/center/howsafe.htm (I assume >> >> you >> >> already >> >> have an anti-virus application installed. >> >> >> >> In any event, should you choose to replace your current >> >> anti-virus >> >> application with OneCare, it's safe to ignore the false warning >> >> about >> >> Ad-Aware: Both can reside nicely on your machine. >> >> >> >> 2. You do NOT have to purchase Ad-Aware 2008. Just click on the >> >> green >> >> DOWNLOAD button on the left-hand side of >> >> http://www.lavasoft.com/single/trialpay.php; you'll then be >> >> redirected to >> >> the mirror site >> >> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. >> >> (Yes, >> >> the >> >> first page is a little confusing.) >> >> >> >> 3. After complete Steps #1 and #2 in my first reply, following the >> >> instructions at http://aumha.net/viewtopic.php?t=4075, then >> >> Register and >> >> begin a new thread in this forum: >> >> http://aumha.net/viewforum.php?f=30 >> >> >> >> Don't try to overthink this, OK? >> >> >> >> PS: Thanks for your kind words. >> >> >> >> village idiot wrote: >> >>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on >> >>> mvps.org, >> >>> and >> >>> one care tells me that I need to remove ad-aware because it is >> >>> interferring >> >>> with one care, and could cause problems. >> >> <paste> >> >> Thanks so much for the input. I am still working my way through >> >> all of >> >> the >> >>> articles and advice you gave. I bought ad-aware 2008, and >> >>> evidently the >> >>> scan did not finish. So per the lavasoft folks, I uninstalled >> >>> and >> >>> reinstalled. The scan found win32.TrojanPWS.mapper >> >>> I clicked remove. >> >>> >> >>> My first big question is this.......... If this is a password >> >>> stealer, >> >>> as >> >>> i >> >>> have read here somewhere....... is it safe to continue using my >> >>> old pws, >> >>> or >> >>> do I need to change all of my pws????!!!!!!!!!!!!!!!! >> >>> >> >>> I still have strange things happening, such as, when I request a >> >>> pw and >> >>> it >> >>> is sent to my email, I will find in my spam folder, an email re >> >>> "my >> >>> password >> >>> trouble" at same time I sent the request for pw. I don't open >> >>> the spam >> >>> email, I just see the first sentence, and note that the time is >> >>> the >> >>> same. >> >>> >> >>> After the reinstall, ran a quick scan, and there were only >> >>> cookies. I >> >>> have >> >>> not run a full scan again yet. I wanted to find out this....... >> >>> >> >>> Is it normal for full scans to take 2 hours?????? When I run >> >>> one >> >>> care, >> >>> it >> >>> always takes this long.....from the first scan on my NEW computer >> >>> after >> >>> I >> >>> had used it for only a couple of weeks. >> >>> >> >>> And, my first ad-aware scan last night, that stopped b4 it was >> >>> finished >> >>> (per >> >>> its log, I stopped the scan.. I did not,, and hence the unistall, >> >>> reinstall) >> >>> That scan was set to "full scan" and it had taken about an hour >> >>> before >> >>> it >> >>> shut down. >> >>> >> >>> I don't mind the time........ IF it is supposed to take that >> >>> long. But, >> >>> I >> >>> need to know, because I worry that it takes too long because of a >> >>> problem. >> >>> Please let me know!!! >> >>> >> >>> I am fixing to run through the procedures from the mvps site you >> >>> listed, >> >>> but >> >>> I wanted to ask those questions first. >> >>> >> >>> Oh......... this is happening on my new laptop. I got a router >> >>> from >> >>> comcast, that is connected to my desktop. Could this problem >> >>> come from >> >>> my >> >>> desktop to my laptop? And, if not, do you think it is safe to >> >>> use my >> >>> desktop at sites where I have to use my passwords????? >> >> </paste> >> >>> >> >>> "PA Bear [MS MVP]" wrote: >> >>> >> >>>> Chances are that you're seeing the affects of a hijackware >> >>>> infection. >> >>>> >> >>>> 1. See if you can download/run the MSRT manually: >> >>>> http://www.microsoft.com/security/malwareremove/default.mspx >> >>>> >> >>>> 2. Run this online scan (in safe mode w/networking, if need be): >> >>>> http://onecare.live.com/site/en-us/center/howsafe.htm >> >>>> >> >>>> 3. Run additional checks for hijackware, including posting your >> >>>> hijackthis >> >>>> log to an appropriate forum. >> >>>> >> >>>> Checking for/Help with Hijackware >> >>>> http://aumha.org/a/parasite.htm >> >>>> http://aumha.org/a/quickfix.htm >> >>>> http://aumha.net/viewtopic.php?t=5878 >> >>>> http://mvps.org/winhelp2002/unwanted.htm >> >>>> http://inetexplorer.mvps.org/data/prevention.htm >> >>>> http://inetexplorer.mvps.org/tshoot.html >> >>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm >> >>>> http://defendingyourmachine2.blogspot.com/ >> >>>> http://www.elephantboycomputers.com/page2....emoving_Malware >> >>>> >> >>>> When all else fails, HijackThis v2.0.2 >> >>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred >> >>>> tool to >> >>>> use >> >>>> (in conjuction with some other utilities). HijackThis will NOT >> >>>> fix >> >>>> anything on its own, but it will help you to both identify and >> >>>> remove >> >>>> any >> >>>> hijackware/spyware with assistance from an expert. Post your >> >>>> log to >> >>>> http://spywarehammer.com/simplemachinesfor....php?board=10.0, >> >>>> http://forums.spybot.info/forumdisplay.php?f=22, >> >>>> http://aumha.net/viewforum.php?f=30, or another appropriate >> >>>> forum for >> >>>> review by an expert in such matters, not here. >> >>>> >> >>>> If the procedures look too complex - and there is no shame in >> >>>> admitting >> >>>> this isn't your cup of tea - take the machine to a local, >> >>>> reputable and >> >>>> independent (i.e., not BigBoxStoreUSA) computer repair shop. >> >>>> -- >> >>>> ~Robear Dyer (PA Bear) >> >>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since >> >>>> 2002 >> >>>> AumHa VSOP & Admin http://aumha.net >> >>>> DTS-L http://dts-l.net/ >> >>>> >> >>>> village idiot wrote: >> >>>>> Vista >> >>>>> IE7 >> >>>>> win live one care - up to date >> >>>>> installed malwarebytes last night for very slow running new >> >>>>> computer >> >>>>> HP Pavilion >> >>>>> >> >>>>> I have new HP from Aug 08. All software above came w/laptop >> >>>>> except >> >>>>> the >> >>>>> malwarebytes. >> >>>>> >> >>>>> Computer has been annoyingly slow for last few weeks. A couple >> >>>>> of >> >>>>> months >> >>>>> ago I had an incident of multiple windows opening w/o >> >>>>> prompting. Had >> >>>>> to >> >>>>> shut >> >>>>> down computer to stop this. It happened again just a few ago. >> >>>>> >> >>>>> What causes this???? I have run winloc and malwarebytes. >> >>>>> Nothing >> >>>>> shows >> >>>>> up. >> >>>>> Please help. At the time of cascading windows, Event log >> >>>>> shows............ >> >>>>> >> >>>>> >> >>>>> Error 1/1/2009 1:59:25 AM DigitalPersona Pro 1283 (1280) >> >>>>> Error 1/1/2009 1:59:20 AM WMI 10 None >> >>>>> Warning 1/1/2009 1:59:19 AM HttpEvent 15301 None >> >>>>> Warning 1/1/2009 1:59:19 AM HttpEvent 15300 None >> >>>>> Error 1/1/2009 1:58:52 AM HttpEvent 15016 None >> >>>>> Warning 1/1/2009 1:55:44 AM WLAN-AutoConfig 4001 None >> >>>>> Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None >> >>>>> Warning 1/1/2009 1:55:43 AM User Profile Service 1530 None >> >>>>> Warning 1/1/2009 1:55:42 AM HttpEvent 15301 None >> >>>>> Warning 1/1/2009 1:55:42 AM HttpEvent 15300 None >> >>>>> Error 1/1/2009 1:55:25 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:44 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:43 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:42 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:39 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:38 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:37 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:36 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:35 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:34 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:33 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:32 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:31 AM DistributedCOM 10016 None >> >>>>> Error 1/1/2009 1:54:30 AM DistributedCOM 10016 None >> >>>>> Warning 1/1/2009 1:41:05 AM HttpEvent 15301 None >> >>>>> Warning 1/1/2009 1:41:05 AM HttpEvent 15300 None >> >>>>> Warning 1/1/2009 1:41:00 AM HttpEvent 15301 None >> >>>>> Warning 1/1/2009 1:41:00 AM HttpEvent 15300 None >> >>>>> Warning 1/1/2009 1:40:39 AM Dhcp-Client 1003 None >> >>>>> >> >>>>> Thanks and Happy and healthy 2009! >> >>>>> the village idiot</span> >> >> </span></span> Quote
Guest village idiot Posted January 27, 2009 Posted January 27, 2009 Oh nutz!!!!!!!!!! I have had windows live one care from the first setup of this laptop. When I open it, it shows that the firewall is on, the virus thing is on....... all systems go..... But, when I went to control panel security just now, it showed that the firewall was off. Windows defender is also off. When I had XP and windows one care, I remember that I was told to turn off windows defender because it conflicted with one care. That is on my desktop...XP. I thought that in vista, and one care, that windows defender was integrated. So, do I need to turn on the firewall and windows defender through control panel security? I will wait for PA Bear to reply before I post my hjt log to the site that you listed. Thanks! village idiot "~BD~" wrote: <span style="color:blue"> > Hi! > > I copied and pasted your HJT log into www.hijackthis.de > > A comment I noticed was ....... > > "It seems that you don't use an anti-virus scanner or your scanner is > not active. Only an anti-virus scanner can protect you against new > viruses. You can look here for a good anti-virus scanner. " > > We didn't detect any active process of a firewall on your system. > Reasons maybe: > (1.) You are using the windows firewall or a hardware firewall. > (2.) You are using a firewall of an unknown vendor. > (3.) You are using a firewall, but for unknown reasons it is disabled > (4.) You don't use any firewall at all. > We recommend you to use a firewall. Download and install one or activate > windows xp´s own one. In case you got questions or you want us to add > the firewall you use to our database, contact us at our forum. > > > > Try posting your log there for yourself! > > -- > Dave > > > "village idiot" <villageidiot@discussions.microsoft.com> wrote in > message news:393652CB-642F-4BDD-9099-19A9479F4DA4@microsoft.com...<span style="color:green"> > > HI PA! > > > > AAARRRGGGHHHHHHHH and OH NO. So, I will have to do something to my > > desktop > > too?..... before I take care of my laptop?????? > > > > Okay........ here is the link to my hijack log. I posted it on the > > 15th. I > > first posted one on Jan. 2nd, and got no response, so I did a new hjt > > on the > > 15th, and reposted. Still no replies. > > http://www.lavasoftsupport.com/index.php?showtopic=22914 > > > > Will be waiting for your wonderful help. Uh, the hjt log from the > > 15th was > > before I cleaned the registry...... if that matters. > > > > Thanks so much!!!!!!! > > village idiot > > > > "PA Bear [MS MVP]" wrote: > ><span style="color:darkred"> > >> > I have had one care from the beginning. Ad-aware found the first > >> > and only > >> > critical thing that was the PWSmapper thing. It removed it. I > >> > have > >> > cleaned > >> > my registry. I have run onecare and ad aware everyday for weeks > >> > now. > >> > Nothing has worked. > >> > >> Please give us a link to the forum thread where you've posted your > >> HijackThis log. > >> > >> [Think your Registry needs "cleaning" or "repairing"? Read > >> http://aumha.net/viewtopic.php?t=28099 and draw your own > >> conclusions.] > >> > >> No, the hidden Recovery/Restore partition had not been affected. > >> > >> > Second question is......... is it possible that my desktop > >> > transferred > >> > this > >> > problem to my laptop? Desktop has been just as slow as my laptop > >> > is now, > >> > for quite a while. I'm pretty sure it was s-l-o-w before I got my > >> > laptop. > >> > Is it possible that my laptop could have "caught" something from > >> > the > >> > router > >> > that is connected to my desktop? > >> > >> Yes, no question about it (cf. > >> http://aumha.net/viewtopic.php?f=30&t=36886 > >> and http://aumha.net/viewtopic.php?f=48&t=37919). > >> -- > >> ~PA Bear > >> > >> village idiot wrote: > >> > Too late PA! > >> > > >> > I have gone through all of your articles, downloads, google > >> > searches, > >> > etc.. > >> > I have had one care from the beginning. Ad-aware found the first > >> > and only > >> > critical thing that was the PWSmapper thing. It removed it. I > >> > have > >> > cleaned > >> > my registry. I have run onecare and ad aware everyday for weeks > >> > now. > >> > Nothing has worked. My laptop still opens continuous multiple > >> > windows at > >> > times, about once every few days. It freezes. And, it is slower > >> > than my > >> > first computer in 1995 that had dial up. I am using comcast cable > >> > with a > >> > router from my desktop now. > >> > > >> > So, before I lose my mind, I have decided that I should probably > >> > just do a > >> > full recovery. > >> > > >> > My HP laptop is new since Aug 08. I have no important files or > >> > downloads.... nothing that I cannot lose..... (other than my mind). > >> > > >> > I have 2 major questions before I start this. > >> > > >> > I did not make recovery discs, so I will be doing a recovery using > >> > HP > >> > recovery manager using the partition thingy. BIG QUESTION > >> > is......... is > >> > it > >> > possible that whatever is causing my problems got into this > >> > partition > >> > recovery part of my computer?????????????? > >> > > >> > Second question is......... is it possible that my desktop > >> > transferred > >> > this > >> > problem to my laptop? Desktop has been just as slow as my laptop > >> > is now, > >> > for quite a while. I'm pretty sure it was s-l-o-w before I got my > >> > laptop. > >> > Is it possible that my laptop could have "caught" something from > >> > the > >> > router > >> > that is connected to my desktop? > >> > > >> > Can't wait to hear your reply to this! hehe > >> > > >> > THE village idiot > >> > > >> > > >> > > >> > "PA Bear [MS MVP]" wrote: > >> > > >> >> Slow down, bucko! <wink> > >> >> > >> >> 1. You are NOT to install OneCare, just run the Safety scan here: > >> >> http://onecare.live.com/site/en-us/center/howsafe.htm (I assume > >> >> you > >> >> already > >> >> have an anti-virus application installed. > >> >> > >> >> In any event, should you choose to replace your current > >> >> anti-virus > >> >> application with OneCare, it's safe to ignore the false warning > >> >> about > >> >> Ad-Aware: Both can reside nicely on your machine. > >> >> > >> >> 2. You do NOT have to purchase Ad-Aware 2008. Just click on the > >> >> green > >> >> DOWNLOAD button on the left-hand side of > >> >> http://www.lavasoft.com/single/trialpay.php; you'll then be > >> >> redirected to > >> >> the mirror site > >> >> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. > >> >> (Yes, > >> >> the > >> >> first page is a little confusing.) > >> >> > >> >> 3. After complete Steps #1 and #2 in my first reply, following the > >> >> instructions at http://aumha.net/viewtopic.php?t=4075, then > >> >> Register and > >> >> begin a new thread in this forum: > >> >> http://aumha.net/viewforum.php?f=30 > >> >> > >> >> Don't try to overthink this, OK? > >> >> > >> >> PS: Thanks for your kind words. > >> >> > >> >> village idiot wrote: > >> >>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on > >> >>> mvps.org, > >> >>> and > >> >>> one care tells me that I need to remove ad-aware because it is > >> >>> interferring > >> >>> with one care, and could cause problems. > >> >> <paste> > >> >> Thanks so much for the input. I am still working my way through > >> >> all of > >> >> the > >> >>> articles and advice you gave. I bought ad-aware 2008, and > >> >>> evidently the > >> >>> scan did not finish. So per the lavasoft folks, I uninstalled > >> >>> and > >> >>> reinstalled. The scan found win32.TrojanPWS.mapper > >> >>> I clicked remove. > >> >>> > >> >>> My first big question is this.......... If this is a password > >> >>> stealer, > >> >>> as > >> >>> i > >> >>> have read here somewhere....... is it safe to continue using my > >> >>> old pws, > >> >>> or > >> >>> do I need to change all of my pws????!!!!!!!!!!!!!!!! > >> >>> > >> >>> I still have strange things happening, such as, when I request a > >> >>> pw and > >> >>> it > >> >>> is sent to my email, I will find in my spam folder, an email re > >> >>> "my > >> >>> password > >> >>> trouble" at same time I sent the request for pw. I don't open > >> >>> the spam > >> >>> email, I just see the first sentence, and note that the time is > >> >>> the > >> >>> same. > >> >>> > >> >>> After the reinstall, ran a quick scan, and there were only > >> >>> cookies. I > >> >>> have > >> >>> not run a full scan again yet. I wanted to find out this....... > >> >>> > >> >>> Is it normal for full scans to take 2 hours?????? When I run > >> >>> one > >> >>> care, > >> >>> it > >> >>> always takes this long.....from the first scan on my NEW computer > >> >>> after > >> >>> I > >> >>> had used it for only a couple of weeks. > >> >>> > >> >>> And, my first ad-aware scan last night, that stopped b4 it was > >> >>> finished > >> >>> (per > >> >>> its log, I stopped the scan.. I did not,, and hence the unistall, > >> >>> reinstall) > >> >>> That scan was set to "full scan" and it had taken about an hour > >> >>> before > >> >>> it > >> >>> shut down. > >> >>> > >> >>> I don't mind the time........ IF it is supposed to take that > >> >>> long. But, > >> >>> I > >> >>> need to know, because I worry that it takes too long because of a > >> >>> problem. > >> >>> Please let me know!!! > >> >>> > >> >>> I am fixing to run through the procedures from the mvps site you > >> >>> listed, > >> >>> but > >> >>> I wanted to ask those questions first. > >> >>> > >> >>> Oh......... this is happening on my new laptop. I got a router > >> >>> from > >> >>> comcast, that is connected to my desktop. Could this problem > >> >>> come from > >> >>> my > >> >>> desktop to my laptop? And, if not, do you think it is safe to > >> >>> use my > >> >>> desktop at sites where I have to use my passwords????? > >> >> </paste> > >> >>> > >> >>> "PA Bear [MS MVP]" wrote: > >> >>> > >> >>>> Chances are that you're seeing the affects of a hijackware > >> >>>> infection. > >> >>>> > >> >>>> 1. See if you can download/run the MSRT manually: > >> >>>> http://www.microsoft.com/security/malwareremove/default.mspx > >> >>>> > >> >>>> 2. Run this online scan (in safe mode w/networking, if need be): > >> >>>> http://onecare.live.com/site/en-us/center/howsafe.htm > >> >>>> > >> >>>> 3. Run additional checks for hijackware, including posting your > >> >>>> hijackthis > >> >>>> log to an appropriate forum. > >> >>>> > >> >>>> Checking for/Help with Hijackware > >> >>>> http://aumha.org/a/parasite.htm > >> >>>> http://aumha.org/a/quickfix.htm > >> >>>> http://aumha.net/viewtopic.php?t=5878 > >> >>>> http://mvps.org/winhelp2002/unwanted.htm > >> >>>> http://inetexplorer.mvps.org/data/prevention.htm > >> >>>> http://inetexplorer.mvps.org/tshoot.html > >> >>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm > >> >>>> http://defendingyourmachine2.blogspot.com/ > >> >>>> http://www.elephantboycomputers.com/page2....emoving_Malware > >> >>>> > >> >>>> When all else fails, HijackThis v2.0.2 > >> >>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred > >> >>>> tool to > >> >>>> use > >> >>>> (in conjuction with some other utilities). HijackThis will NOT > >> >>>> fix > >> >>>> anything on its own, but it will help you to both identify and </span></span></span> Quote
Guest PA Bear [MS MVP] Posted January 27, 2009 Posted January 27, 2009 OneCare (in WinXP and Vista) includes its own firewall and its own version of Defender. When you install OneCare, it will automatically disable the Windows Firewall and Defender on its own. NB: Do not use or trust any HJT interpretation sites or tools like hijackthis.de. (It couldn't tell that OneCare was installed but disabled by the rootkit!) village idiot wrote:<span style="color:blue"> > Oh nutz!!!!!!!!!! > > I have had windows live one care from the first setup of this laptop. > When > I open it, it shows that the firewall is on, the virus thing is on....... > all systems go..... > > But, when I went to control panel security just now, it showed that the > firewall was off. Windows defender is also off. > > When I had XP and windows one care, I remember that I was told to turn off > windows defender because it conflicted with one care. That is on my > desktop...XP. > > I thought that in vista, and one care, that windows defender was > integrated. > So, do I need to turn on the firewall and windows defender through control > panel security? > > I will wait for PA Bear to reply before I post my hjt log to the site that > you listed. > > Thanks! > village idiot > > "~BD~" wrote: ><span style="color:green"> >> Hi! >> >> I copied and pasted your HJT log into www.hijackthis.de >> >> A comment I noticed was ....... >> >> "It seems that you don't use an anti-virus scanner or your scanner is >> not active. Only an anti-virus scanner can protect you against new >> viruses. You can look here for a good anti-virus scanner. " >> >> We didn't detect any active process of a firewall on your system. >> Reasons maybe: >> (1.) You are using the windows firewall or a hardware firewall. >> (2.) You are using a firewall of an unknown vendor. >> (3.) You are using a firewall, but for unknown reasons it is disabled >> (4.) You don't use any firewall at all. >> We recommend you to use a firewall. Download and install one or activate >> windows xp´s own one. In case you got questions or you want us to add >> the firewall you use to our database, contact us at our forum. >> >> >> >> Try posting your log there for yourself! >> >> -- >> Dave >> >> >> "village idiot" <villageidiot@discussions.microsoft.com> wrote in >> message news:393652CB-642F-4BDD-9099-19A9479F4DA4@microsoft.com...<span style="color:darkred"> >>> HI PA! >>> >>> AAARRRGGGHHHHHHHH and OH NO. So, I will have to do something to my >>> desktop >>> too?..... before I take care of my laptop?????? >>> >>> Okay........ here is the link to my hijack log. I posted it on the >>> 15th. I >>> first posted one on Jan. 2nd, and got no response, so I did a new hjt >>> on the >>> 15th, and reposted. Still no replies. >>> http://www.lavasoftsupport.com/index.php?showtopic=22914 >>> >>> Will be waiting for your wonderful help. Uh, the hjt log from the >>> 15th was >>> before I cleaned the registry...... if that matters. >>> >>> Thanks so much!!!!!!! >>> village idiot >>> >>> "PA Bear [MS MVP]" wrote: >>> >>>>> I have had one care from the beginning. Ad-aware found the first >>>>> and only >>>>> critical thing that was the PWSmapper thing. It removed it. I >>>>> have >>>>> cleaned >>>>> my registry. I have run onecare and ad aware everyday for weeks >>>>> now. >>>>> Nothing has worked. >>>> >>>> Please give us a link to the forum thread where you've posted your >>>> HijackThis log. >>>> >>>> [Think your Registry needs "cleaning" or "repairing"? Read >>>> http://aumha.net/viewtopic.php?t=28099 and draw your own >>>> conclusions.] >>>> >>>> No, the hidden Recovery/Restore partition had not been affected. >>>> >>>>> Second question is......... is it possible that my desktop >>>>> transferred >>>>> this >>>>> problem to my laptop? Desktop has been just as slow as my laptop >>>>> is now, >>>>> for quite a while. I'm pretty sure it was s-l-o-w before I got my >>>>> laptop. >>>>> Is it possible that my laptop could have "caught" something from >>>>> the >>>>> router >>>>> that is connected to my desktop? >>>> >>>> Yes, no question about it (cf. >>>> http://aumha.net/viewtopic.php?f=30&t=36886 >>>> and http://aumha.net/viewtopic.php?f=48&t=37919). >>>> -- >>>> ~PA Bear >>>> >>>> village idiot wrote: >>>>> Too late PA! >>>>> >>>>> I have gone through all of your articles, downloads, google >>>>> searches, >>>>> etc.. >>>>> I have had one care from the beginning. Ad-aware found the first >>>>> and only >>>>> critical thing that was the PWSmapper thing. It removed it. I >>>>> have >>>>> cleaned >>>>> my registry. I have run onecare and ad aware everyday for weeks >>>>> now. >>>>> Nothing has worked. My laptop still opens continuous multiple >>>>> windows at >>>>> times, about once every few days. It freezes. And, it is slower >>>>> than my >>>>> first computer in 1995 that had dial up. I am using comcast cable >>>>> with a >>>>> router from my desktop now. >>>>> >>>>> So, before I lose my mind, I have decided that I should probably >>>>> just do a >>>>> full recovery. >>>>> >>>>> My HP laptop is new since Aug 08. I have no important files or >>>>> downloads.... nothing that I cannot lose..... (other than my mind). >>>>> >>>>> I have 2 major questions before I start this. >>>>> >>>>> I did not make recovery discs, so I will be doing a recovery using >>>>> HP >>>>> recovery manager using the partition thingy. BIG QUESTION >>>>> is......... is >>>>> it >>>>> possible that whatever is causing my problems got into this >>>>> partition >>>>> recovery part of my computer?????????????? >>>>> >>>>> Second question is......... is it possible that my desktop >>>>> transferred >>>>> this >>>>> problem to my laptop? Desktop has been just as slow as my laptop >>>>> is now, >>>>> for quite a while. I'm pretty sure it was s-l-o-w before I got my >>>>> laptop. >>>>> Is it possible that my laptop could have "caught" something from >>>>> the >>>>> router >>>>> that is connected to my desktop? >>>>> >>>>> Can't wait to hear your reply to this! hehe >>>>> >>>>> THE village idiot >>>>> >>>>> >>>>> >>>>> "PA Bear [MS MVP]" wrote: >>>>> >>>>>> Slow down, bucko! <wink> >>>>>> >>>>>> 1. You are NOT to install OneCare, just run the Safety scan here: >>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm (I assume >>>>>> you >>>>>> already >>>>>> have an anti-virus application installed. >>>>>> >>>>>> In any event, should you choose to replace your current >>>>>> anti-virus >>>>>> application with OneCare, it's safe to ignore the false warning >>>>>> about >>>>>> Ad-Aware: Both can reside nicely on your machine. >>>>>> >>>>>> 2. You do NOT have to purchase Ad-Aware 2008. Just click on the >>>>>> green >>>>>> DOWNLOAD button on the left-hand side of >>>>>> http://www.lavasoft.com/single/trialpay.php; you'll then be >>>>>> redirected to >>>>>> the mirror site >>>>>> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. >>>>>> (Yes, >>>>>> the >>>>>> first page is a little confusing.) >>>>>> >>>>>> 3. After complete Steps #1 and #2 in my first reply, following the >>>>>> instructions at http://aumha.net/viewtopic.php?t=4075, then >>>>>> Register and >>>>>> begin a new thread in this forum: >>>>>> http://aumha.net/viewforum.php?f=30 >>>>>> >>>>>> Don't try to overthink this, OK? >>>>>> >>>>>> PS: Thanks for your kind words. >>>>>> >>>>>> village idiot wrote: >>>>>>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on >>>>>>> mvps.org, >>>>>>> and >>>>>>> one care tells me that I need to remove ad-aware because it is >>>>>>> interferring >>>>>>> with one care, and could cause problems. >>>>>> <paste> >>>>>> Thanks so much for the input. I am still working my way through >>>>>> all of >>>>>> the >>>>>>> articles and advice you gave. I bought ad-aware 2008, and >>>>>>> evidently the >>>>>>> scan did not finish. So per the lavasoft folks, I uninstalled >>>>>>> and >>>>>>> reinstalled. The scan found win32.TrojanPWS.mapper >>>>>>> I clicked remove. >>>>>>> >>>>>>> My first big question is this.......... If this is a password >>>>>>> stealer, >>>>>>> as >>>>>>> i >>>>>>> have read here somewhere....... is it safe to continue using my >>>>>>> old pws, >>>>>>> or >>>>>>> do I need to change all of my pws????!!!!!!!!!!!!!!!! >>>>>>> >>>>>>> I still have strange things happening, such as, when I request a >>>>>>> pw and >>>>>>> it >>>>>>> is sent to my email, I will find in my spam folder, an email re >>>>>>> "my >>>>>>> password >>>>>>> trouble" at same time I sent the request for pw. I don't open >>>>>>> the spam >>>>>>> email, I just see the first sentence, and note that the time is >>>>>>> the >>>>>>> same. >>>>>>> >>>>>>> After the reinstall, ran a quick scan, and there were only >>>>>>> cookies. I >>>>>>> have >>>>>>> not run a full scan again yet. I wanted to find out this....... >>>>>>> >>>>>>> Is it normal for full scans to take 2 hours?????? When I run >>>>>>> one >>>>>>> care, >>>>>>> it >>>>>>> always takes this long.....from the first scan on my NEW computer >>>>>>> after >>>>>>> I >>>>>>> had used it for only a couple of weeks. >>>>>>> >>>>>>> And, my first ad-aware scan last night, that stopped b4 it was >>>>>>> finished >>>>>>> (per >>>>>>> its log, I stopped the scan.. I did not,, and hence the unistall, >>>>>>> reinstall) >>>>>>> That scan was set to "full scan" and it had taken about an hour >>>>>>> before >>>>>>> it >>>>>>> shut down. >>>>>>> >>>>>>> I don't mind the time........ IF it is supposed to take that >>>>>>> long. But, >>>>>>> I >>>>>>> need to know, because I worry that it takes too long because of a >>>>>>> problem. >>>>>>> Please let me know!!! >>>>>>> >>>>>>> I am fixing to run through the procedures from the mvps site you >>>>>>> listed, >>>>>>> but >>>>>>> I wanted to ask those questions first. >>>>>>> >>>>>>> Oh......... this is happening on my new laptop. I got a router >>>>>>> from >>>>>>> comcast, that is connected to my desktop. Could this problem >>>>>>> come from >>>>>>> my >>>>>>> desktop to my laptop? And, if not, do you think it is safe to >>>>>>> use my >>>>>>> desktop at sites where I have to use my passwords????? >>>>>> </paste> >>>>>>> >>>>>>> "PA Bear [MS MVP]" wrote: >>>>>>> >>>>>>>> Chances are that you're seeing the affects of a hijackware >>>>>>>> infection. >>>>>>>> >>>>>>>> 1. See if you can download/run the MSRT manually: >>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx >>>>>>>> >>>>>>>> 2. Run this online scan (in safe mode w/networking, if need be): >>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm >>>>>>>> >>>>>>>> 3. Run additional checks for hijackware, including posting your >>>>>>>> hijackthis >>>>>>>> log to an appropriate forum. >>>>>>>> >>>>>>>> Checking for/Help with Hijackware >>>>>>>> http://aumha.org/a/parasite.htm >>>>>>>> http://aumha.org/a/quickfix.htm >>>>>>>> http://aumha.net/viewtopic.php?t=5878 >>>>>>>> http://mvps.org/winhelp2002/unwanted.htm >>>>>>>> http://inetexplorer.mvps.org/data/prevention.htm >>>>>>>> http://inetexplorer.mvps.org/tshoot.html >>>>>>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm >>>>>>>> http://defendingyourmachine2.blogspot.com/ >>>>>>>> http://www.elephantboycomputers.com/page2....emoving_Malware >>>>>>>> >>>>>>>> When all else fails, HijackThis v2.0.2 >>>>>>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred >>>>>>>> tool to >>>>>>>> use >>>>>>>> (in conjuction with some other utilities). HijackThis will NOT >>>>>>>> fix >>>>>>>> anything on its own, but it will help you to both identify and </span></span></span> Quote
Guest ~BD~ Posted January 27, 2009 Posted January 27, 2009 Pray tell how you , PA Bear, know that a Rootkit is involved. Are you clairvoyant now? -- Dave "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:u5N3JeNgJHA.5724@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > OneCare (in WinXP and Vista) includes its own firewall and its own > version of Defender. When you install OneCare, it will automatically > disable the Windows Firewall and Defender on its own. > > NB: Do not use or trust any HJT interpretation sites or tools like > hijackthis.de. (It couldn't tell that OneCare was installed but > disabled by the rootkit!) > > village idiot wrote:<span style="color:green"> >> Oh nutz!!!!!!!!!! >> >> I have had windows live one care from the first setup of this laptop. >> When >> I open it, it shows that the firewall is on, the virus thing is >> on....... >> all systems go..... >> >> But, when I went to control panel security just now, it showed that >> the >> firewall was off. Windows defender is also off. >> >> When I had XP and windows one care, I remember that I was told to >> turn off >> windows defender because it conflicted with one care. That is on my >> desktop...XP. >> >> I thought that in vista, and one care, that windows defender was >> integrated. >> So, do I need to turn on the firewall and windows defender through >> control >> panel security? >> >> I will wait for PA Bear to reply before I post my hjt log to the site >> that >> you listed. >> >> Thanks! >> village idiot >> >> "~BD~" wrote: >><span style="color:darkred"> >>> Hi! >>> >>> I copied and pasted your HJT log into www.hijackthis.de >>> >>> A comment I noticed was ....... >>> >>> "It seems that you don't use an anti-virus scanner or your scanner >>> is >>> not active. Only an anti-virus scanner can protect you against new >>> viruses. You can look here for a good anti-virus scanner. " >>> >>> We didn't detect any active process of a firewall on your system. >>> Reasons maybe: >>> (1.) You are using the windows firewall or a hardware firewall. >>> (2.) You are using a firewall of an unknown vendor. >>> (3.) You are using a firewall, but for unknown reasons it is >>> disabled >>> (4.) You don't use any firewall at all. >>> We recommend you to use a firewall. Download and install one or >>> activate >>> windows xp´s own one. In case you got questions or you want us to >>> add >>> the firewall you use to our database, contact us at our forum. >>> >>> >>> >>> Try posting your log there for yourself! >>> >>> -- >>> Dave >>> >>> >>> "village idiot" <villageidiot@discussions.microsoft.com> wrote in >>> message news:393652CB-642F-4BDD-9099-19A9479F4DA4@microsoft.com... >>>> HI PA! >>>> >>>> AAARRRGGGHHHHHHHH and OH NO. So, I will have to do something to my >>>> desktop >>>> too?..... before I take care of my laptop?????? >>>> >>>> Okay........ here is the link to my hijack log. I posted it on the >>>> 15th. I >>>> first posted one on Jan. 2nd, and got no response, so I did a new >>>> hjt >>>> on the >>>> 15th, and reposted. Still no replies. >>>> http://www.lavasoftsupport.com/index.php?showtopic=22914 >>>> >>>> Will be waiting for your wonderful help. Uh, the hjt log from the >>>> 15th was >>>> before I cleaned the registry...... if that matters. >>>> >>>> Thanks so much!!!!!!! >>>> village idiot >>>> >>>> "PA Bear [MS MVP]" wrote: >>>> >>>>>> I have had one care from the beginning. Ad-aware found the first >>>>>> and only >>>>>> critical thing that was the PWSmapper thing. It removed it. I >>>>>> have >>>>>> cleaned >>>>>> my registry. I have run onecare and ad aware everyday for weeks >>>>>> now. >>>>>> Nothing has worked. >>>>> >>>>> Please give us a link to the forum thread where you've posted your >>>>> HijackThis log. >>>>> >>>>> [Think your Registry needs "cleaning" or "repairing"? Read >>>>> http://aumha.net/viewtopic.php?t=28099 and draw your own >>>>> conclusions.] >>>>> >>>>> No, the hidden Recovery/Restore partition had not been affected. >>>>> >>>>>> Second question is......... is it possible that my desktop >>>>>> transferred >>>>>> this >>>>>> problem to my laptop? Desktop has been just as slow as my laptop >>>>>> is now, >>>>>> for quite a while. I'm pretty sure it was s-l-o-w before I got >>>>>> my >>>>>> laptop. >>>>>> Is it possible that my laptop could have "caught" something from >>>>>> the >>>>>> router >>>>>> that is connected to my desktop? >>>>> >>>>> Yes, no question about it (cf. >>>>> http://aumha.net/viewtopic.php?f=30&t=36886 >>>>> and http://aumha.net/viewtopic.php?f=48&t=37919). >>>>> -- >>>>> ~PA Bear >>>>> >>>>> village idiot wrote: >>>>>> Too late PA! >>>>>> >>>>>> I have gone through all of your articles, downloads, google >>>>>> searches, >>>>>> etc.. >>>>>> I have had one care from the beginning. Ad-aware found the first >>>>>> and only >>>>>> critical thing that was the PWSmapper thing. It removed it. I >>>>>> have >>>>>> cleaned >>>>>> my registry. I have run onecare and ad aware everyday for weeks >>>>>> now. >>>>>> Nothing has worked. My laptop still opens continuous multiple >>>>>> windows at >>>>>> times, about once every few days. It freezes. And, it is slower >>>>>> than my >>>>>> first computer in 1995 that had dial up. I am using comcast >>>>>> cable >>>>>> with a >>>>>> router from my desktop now. >>>>>> >>>>>> So, before I lose my mind, I have decided that I should probably >>>>>> just do a >>>>>> full recovery. >>>>>> >>>>>> My HP laptop is new since Aug 08. I have no important files or >>>>>> downloads.... nothing that I cannot lose..... (other than my >>>>>> mind). >>>>>> >>>>>> I have 2 major questions before I start this. >>>>>> >>>>>> I did not make recovery discs, so I will be doing a recovery >>>>>> using >>>>>> HP >>>>>> recovery manager using the partition thingy. BIG QUESTION >>>>>> is......... is >>>>>> it >>>>>> possible that whatever is causing my problems got into this >>>>>> partition >>>>>> recovery part of my computer?????????????? >>>>>> >>>>>> Second question is......... is it possible that my desktop >>>>>> transferred >>>>>> this >>>>>> problem to my laptop? Desktop has been just as slow as my laptop >>>>>> is now, >>>>>> for quite a while. I'm pretty sure it was s-l-o-w before I got >>>>>> my >>>>>> laptop. >>>>>> Is it possible that my laptop could have "caught" something from >>>>>> the >>>>>> router >>>>>> that is connected to my desktop? >>>>>> >>>>>> Can't wait to hear your reply to this! hehe >>>>>> >>>>>> THE village idiot >>>>>> >>>>>> >>>>>> >>>>>> "PA Bear [MS MVP]" wrote: >>>>>> >>>>>>> Slow down, bucko! <wink> >>>>>>> >>>>>>> 1. You are NOT to install OneCare, just run the Safety scan >>>>>>> here: >>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm (I assume >>>>>>> you >>>>>>> already >>>>>>> have an anti-virus application installed. >>>>>>> >>>>>>> In any event, should you choose to replace your current >>>>>>> anti-virus >>>>>>> application with OneCare, it's safe to ignore the false warning >>>>>>> about >>>>>>> Ad-Aware: Both can reside nicely on your machine. >>>>>>> >>>>>>> 2. You do NOT have to purchase Ad-Aware 2008. Just click on the >>>>>>> green >>>>>>> DOWNLOAD button on the left-hand side of >>>>>>> http://www.lavasoft.com/single/trialpay.php; you'll then be >>>>>>> redirected to >>>>>>> the mirror site >>>>>>> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. >>>>>>> (Yes, >>>>>>> the >>>>>>> first page is a little confusing.) >>>>>>> >>>>>>> 3. After complete Steps #1 and #2 in my first reply, following >>>>>>> the >>>>>>> instructions at http://aumha.net/viewtopic.php?t=4075, then >>>>>>> Register and >>>>>>> begin a new thread in this forum: >>>>>>> http://aumha.net/viewforum.php?f=30 >>>>>>> >>>>>>> Don't try to overthink this, OK? >>>>>>> >>>>>>> PS: Thanks for your kind words. >>>>>>> >>>>>>> village idiot wrote: >>>>>>>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on >>>>>>>> mvps.org, >>>>>>>> and >>>>>>>> one care tells me that I need to remove ad-aware because it is >>>>>>>> interferring >>>>>>>> with one care, and could cause problems. >>>>>>> <paste> >>>>>>> Thanks so much for the input. I am still working my way through >>>>>>> all of >>>>>>> the >>>>>>>> articles and advice you gave. I bought ad-aware 2008, and >>>>>>>> evidently the >>>>>>>> scan did not finish. So per the lavasoft folks, I uninstalled >>>>>>>> and >>>>>>>> reinstalled. The scan found win32.TrojanPWS.mapper >>>>>>>> I clicked remove. >>>>>>>> >>>>>>>> My first big question is this.......... If this is a password >>>>>>>> stealer, >>>>>>>> as >>>>>>>> i >>>>>>>> have read here somewhere....... is it safe to continue using my >>>>>>>> old pws, >>>>>>>> or >>>>>>>> do I need to change all of my pws????!!!!!!!!!!!!!!!! >>>>>>>> >>>>>>>> I still have strange things happening, such as, when I request >>>>>>>> a >>>>>>>> pw and >>>>>>>> it >>>>>>>> is sent to my email, I will find in my spam folder, an email re >>>>>>>> "my >>>>>>>> password >>>>>>>> trouble" at same time I sent the request for pw. I don't open >>>>>>>> the spam >>>>>>>> email, I just see the first sentence, and note that the time is >>>>>>>> the >>>>>>>> same. >>>>>>>> >>>>>>>> After the reinstall, ran a quick scan, and there were only >>>>>>>> cookies. I >>>>>>>> have >>>>>>>> not run a full scan again yet. I wanted to find out >>>>>>>> this....... >>>>>>>> >>>>>>>> Is it normal for full scans to take 2 hours?????? When I run >>>>>>>> one >>>>>>>> care, >>>>>>>> it >>>>>>>> always takes this long.....from the first scan on my NEW >>>>>>>> computer >>>>>>>> after >>>>>>>> I >>>>>>>> had used it for only a couple of weeks. >>>>>>>> >>>>>>>> And, my first ad-aware scan last night, that stopped b4 it was >>>>>>>> finished >>>>>>>> (per >>>>>>>> its log, I stopped the scan.. I did not,, and hence the >>>>>>>> unistall, >>>>>>>> reinstall) >>>>>>>> That scan was set to "full scan" and it had taken about an hour >>>>>>>> before >>>>>>>> it >>>>>>>> shut down. >>>>>>>> >>>>>>>> I don't mind the time........ IF it is supposed to take that >>>>>>>> long. But, >>>>>>>> I >>>>>>>> need to know, because I worry that it takes too long because of >>>>>>>> a >>>>>>>> problem. >>>>>>>> Please let me know!!! >>>>>>>> >>>>>>>> I am fixing to run through the procedures from the mvps site >>>>>>>> you >>>>>>>> listed, >>>>>>>> but >>>>>>>> I wanted to ask those questions first. >>>>>>>> >>>>>>>> Oh......... this is happening on my new laptop. I got a router >>>>>>>> from >>>>>>>> comcast, that is connected to my desktop. Could this problem >>>>>>>> come from >>>>>>>> my >>>>>>>> desktop to my laptop? And, if not, do you think it is safe to >>>>>>>> use my >>>>>>>> desktop at sites where I have to use my passwords????? >>>>>>> </paste> >>>>>>>> >>>>>>>> "PA Bear [MS MVP]" wrote: >>>>>>>> >>>>>>>>> Chances are that you're seeing the affects of a hijackware >>>>>>>>> infection. >>>>>>>>> >>>>>>>>> 1. See if you can download/run the MSRT manually: >>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx >>>>>>>>> >>>>>>>>> 2. Run this online scan (in safe mode w/networking, if need >>>>>>>>> be): >>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm >>>>>>>>> >>>>>>>>> 3. Run additional checks for hijackware, including posting >>>>>>>>> your >>>>>>>>> hijackthis >>>>>>>>> log to an appropriate forum. >>>>>>>>> >>>>>>>>> Checking for/Help with Hijackware >>>>>>>>> http://aumha.org/a/parasite.htm >>>>>>>>> http://aumha.org/a/quickfix.htm >>>>>>>>> http://aumha.net/viewtopic.php?t=5878 >>>>>>>>> http://mvps.org/winhelp2002/unwanted.htm >>>>>>>>> http://inetexplorer.mvps.org/data/prevention.htm >>>>>>>>> http://inetexplorer.mvps.org/tshoot.html >>>>>>>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm >>>>>>>>> http://defendingyourmachine2.blogspot.com/ >>>>>>>>> http://www.elephantboycomputers.com/page2....emoving_Malware >>>>>>>>> >>>>>>>>> When all else fails, HijackThis v2.0.2 >>>>>>>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred >>>>>>>>> tool to >>>>>>>>> use >>>>>>>>> (in conjuction with some other utilities). HijackThis will >>>>>>>>> NOT >>>>>>>>> fix >>>>>>>>> anything on its own, but it will help you to both identify and</span></span> > </span> Quote
Guest village idiot Posted January 28, 2009 Posted January 28, 2009 Thanks for clearing that up PA Bear. I thought maybe my onecare was really messed up. Glad I waited to hear from you. Before I do anything else, I will read the links you gave, and wait on your analysis of my hjt log. Does the log look horrible??? thanks again! "PA Bear [MS MVP]" wrote: <span style="color:blue"> > OneCare (in WinXP and Vista) includes its own firewall and its own version > of Defender. When you install OneCare, it will automatically disable the > Windows Firewall and Defender on its own. > > NB: Do not use or trust any HJT interpretation sites or tools like > hijackthis.de. (It couldn't tell that OneCare was installed but disabled by > the rootkit!) > > village idiot wrote:<span style="color:green"> > > Oh nutz!!!!!!!!!! > > > > I have had windows live one care from the first setup of this laptop. > > When > > I open it, it shows that the firewall is on, the virus thing is on....... > > all systems go..... > > > > But, when I went to control panel security just now, it showed that the > > firewall was off. Windows defender is also off. > > > > When I had XP and windows one care, I remember that I was told to turn off > > windows defender because it conflicted with one care. That is on my > > desktop...XP. > > > > I thought that in vista, and one care, that windows defender was > > integrated. > > So, do I need to turn on the firewall and windows defender through control > > panel security? > > > > I will wait for PA Bear to reply before I post my hjt log to the site that > > you listed. > > > > Thanks! > > village idiot > > > > "~BD~" wrote: > ><span style="color:darkred"> > >> Hi! > >> > >> I copied and pasted your HJT log into www.hijackthis.de > >> > >> A comment I noticed was ....... > >> > >> "It seems that you don't use an anti-virus scanner or your scanner is > >> not active. Only an anti-virus scanner can protect you against new > >> viruses. You can look here for a good anti-virus scanner. " > >> > >> We didn't detect any active process of a firewall on your system. > >> Reasons maybe: > >> (1.) You are using the windows firewall or a hardware firewall. > >> (2.) You are using a firewall of an unknown vendor. > >> (3.) You are using a firewall, but for unknown reasons it is disabled > >> (4.) You don't use any firewall at all. > >> We recommend you to use a firewall. Download and install one or activate > >> windows xp´s own one. In case you got questions or you want us to add > >> the firewall you use to our database, contact us at our forum. > >> > >> > >> > >> Try posting your log there for yourself! > >> > >> -- > >> Dave > >> > >> > >> "village idiot" <villageidiot@discussions.microsoft.com> wrote in > >> message news:393652CB-642F-4BDD-9099-19A9479F4DA4@microsoft.com... > >>> HI PA! > >>> > >>> AAARRRGGGHHHHHHHH and OH NO. So, I will have to do something to my > >>> desktop > >>> too?..... before I take care of my laptop?????? > >>> > >>> Okay........ here is the link to my hijack log. I posted it on the > >>> 15th. I > >>> first posted one on Jan. 2nd, and got no response, so I did a new hjt > >>> on the > >>> 15th, and reposted. Still no replies. > >>> http://www.lavasoftsupport.com/index.php?showtopic=22914 > >>> > >>> Will be waiting for your wonderful help. Uh, the hjt log from the > >>> 15th was > >>> before I cleaned the registry...... if that matters. > >>> > >>> Thanks so much!!!!!!! > >>> village idiot > >>> > >>> "PA Bear [MS MVP]" wrote: > >>> > >>>>> I have had one care from the beginning. Ad-aware found the first > >>>>> and only > >>>>> critical thing that was the PWSmapper thing. It removed it. I > >>>>> have > >>>>> cleaned > >>>>> my registry. I have run onecare and ad aware everyday for weeks > >>>>> now. > >>>>> Nothing has worked. > >>>> > >>>> Please give us a link to the forum thread where you've posted your > >>>> HijackThis log. > >>>> > >>>> [Think your Registry needs "cleaning" or "repairing"? Read > >>>> http://aumha.net/viewtopic.php?t=28099 and draw your own > >>>> conclusions.] > >>>> > >>>> No, the hidden Recovery/Restore partition had not been affected. > >>>> > >>>>> Second question is......... is it possible that my desktop > >>>>> transferred > >>>>> this > >>>>> problem to my laptop? Desktop has been just as slow as my laptop > >>>>> is now, > >>>>> for quite a while. I'm pretty sure it was s-l-o-w before I got my > >>>>> laptop. > >>>>> Is it possible that my laptop could have "caught" something from > >>>>> the > >>>>> router > >>>>> that is connected to my desktop? > >>>> > >>>> Yes, no question about it (cf. > >>>> http://aumha.net/viewtopic.php?f=30&t=36886 > >>>> and http://aumha.net/viewtopic.php?f=48&t=37919). > >>>> -- > >>>> ~PA Bear > >>>> > >>>> village idiot wrote: > >>>>> Too late PA! > >>>>> > >>>>> I have gone through all of your articles, downloads, google > >>>>> searches, > >>>>> etc.. > >>>>> I have had one care from the beginning. Ad-aware found the first > >>>>> and only > >>>>> critical thing that was the PWSmapper thing. It removed it. I > >>>>> have > >>>>> cleaned > >>>>> my registry. I have run onecare and ad aware everyday for weeks > >>>>> now. > >>>>> Nothing has worked. My laptop still opens continuous multiple > >>>>> windows at > >>>>> times, about once every few days. It freezes. And, it is slower > >>>>> than my > >>>>> first computer in 1995 that had dial up. I am using comcast cable > >>>>> with a > >>>>> router from my desktop now. > >>>>> > >>>>> So, before I lose my mind, I have decided that I should probably > >>>>> just do a > >>>>> full recovery. > >>>>> > >>>>> My HP laptop is new since Aug 08. I have no important files or > >>>>> downloads.... nothing that I cannot lose..... (other than my mind). > >>>>> > >>>>> I have 2 major questions before I start this. > >>>>> > >>>>> I did not make recovery discs, so I will be doing a recovery using > >>>>> HP > >>>>> recovery manager using the partition thingy. BIG QUESTION > >>>>> is......... is > >>>>> it > >>>>> possible that whatever is causing my problems got into this > >>>>> partition > >>>>> recovery part of my computer?????????????? > >>>>> > >>>>> Second question is......... is it possible that my desktop > >>>>> transferred > >>>>> this > >>>>> problem to my laptop? Desktop has been just as slow as my laptop > >>>>> is now, > >>>>> for quite a while. I'm pretty sure it was s-l-o-w before I got my > >>>>> laptop. > >>>>> Is it possible that my laptop could have "caught" something from > >>>>> the > >>>>> router > >>>>> that is connected to my desktop? > >>>>> > >>>>> Can't wait to hear your reply to this! hehe > >>>>> > >>>>> THE village idiot > >>>>> > >>>>> > >>>>> > >>>>> "PA Bear [MS MVP]" wrote: > >>>>> > >>>>>> Slow down, bucko! <wink> > >>>>>> > >>>>>> 1. You are NOT to install OneCare, just run the Safety scan here: > >>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm (I assume > >>>>>> you > >>>>>> already > >>>>>> have an anti-virus application installed. > >>>>>> > >>>>>> In any event, should you choose to replace your current > >>>>>> anti-virus > >>>>>> application with OneCare, it's safe to ignore the false warning > >>>>>> about > >>>>>> Ad-Aware: Both can reside nicely on your machine. > >>>>>> > >>>>>> 2. You do NOT have to purchase Ad-Aware 2008. Just click on the > >>>>>> green > >>>>>> DOWNLOAD button on the left-hand side of > >>>>>> http://www.lavasoft.com/single/trialpay.php; you'll then be > >>>>>> redirected to > >>>>>> the mirror site > >>>>>> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. > >>>>>> (Yes, > >>>>>> the > >>>>>> first page is a little confusing.) > >>>>>> > >>>>>> 3. After complete Steps #1 and #2 in my first reply, following the > >>>>>> instructions at http://aumha.net/viewtopic.php?t=4075, then > >>>>>> Register and > >>>>>> begin a new thread in this forum: > >>>>>> http://aumha.net/viewforum.php?f=30 > >>>>>> > >>>>>> Don't try to overthink this, OK? > >>>>>> > >>>>>> PS: Thanks for your kind words. > >>>>>> > >>>>>> village idiot wrote: > >>>>>>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on > >>>>>>> mvps.org, > >>>>>>> and > >>>>>>> one care tells me that I need to remove ad-aware because it is > >>>>>>> interferring > >>>>>>> with one care, and could cause problems. > >>>>>> <paste> > >>>>>> Thanks so much for the input. I am still working my way through > >>>>>> all of > >>>>>> the > >>>>>>> articles and advice you gave. I bought ad-aware 2008, and > >>>>>>> evidently the > >>>>>>> scan did not finish. So per the lavasoft folks, I uninstalled > >>>>>>> and > >>>>>>> reinstalled. The scan found win32.TrojanPWS.mapper > >>>>>>> I clicked remove. > >>>>>>> > >>>>>>> My first big question is this.......... If this is a password > >>>>>>> stealer, > >>>>>>> as > >>>>>>> i > >>>>>>> have read here somewhere....... is it safe to continue using my > >>>>>>> old pws, > >>>>>>> or > >>>>>>> do I need to change all of my pws????!!!!!!!!!!!!!!!! > >>>>>>> > >>>>>>> I still have strange things happening, such as, when I request a > >>>>>>> pw and > >>>>>>> it > >>>>>>> is sent to my email, I will find in my spam folder, an email re > >>>>>>> "my > >>>>>>> password > >>>>>>> trouble" at same time I sent the request for pw. I don't open > >>>>>>> the spam > >>>>>>> email, I just see the first sentence, and note that the time is > >>>>>>> the > >>>>>>> same. > >>>>>>> > >>>>>>> After the reinstall, ran a quick scan, and there were only > >>>>>>> cookies. I > >>>>>>> have > >>>>>>> not run a full scan again yet. I wanted to find out this....... > >>>>>>> > >>>>>>> Is it normal for full scans to take 2 hours?????? When I run > >>>>>>> one > >>>>>>> care, > >>>>>>> it > >>>>>>> always takes this long.....from the first scan on my NEW computer > >>>>>>> after > >>>>>>> I > >>>>>>> had used it for only a couple of weeks. > >>>>>>> > >>>>>>> And, my first ad-aware scan last night, that stopped b4 it was > >>>>>>> finished > >>>>>>> (per > >>>>>>> its log, I stopped the scan.. I did not,, and hence the unistall, > >>>>>>> reinstall) > >>>>>>> That scan was set to "full scan" and it had taken about an hour > >>>>>>> before > >>>>>>> it > >>>>>>> shut down. > >>>>>>> > >>>>>>> I don't mind the time........ IF it is supposed to take that > >>>>>>> long. But, > >>>>>>> I > >>>>>>> need to know, because I worry that it takes too long because of a > >>>>>>> problem. > >>>>>>> Please let me know!!! > >>>>>>> > >>>>>>> I am fixing to run through the procedures from the mvps site you > >>>>>>> listed, > >>>>>>> but > >>>>>>> I wanted to ask those questions first. > >>>>>>> > >>>>>>> Oh......... this is happening on my new laptop. I got a router > >>>>>>> from > >>>>>>> comcast, that is connected to my desktop. Could this problem > >>>>>>> come from > >>>>>>> my > >>>>>>> desktop to my laptop? And, if not, do you think it is safe to > >>>>>>> use my</span></span></span> Quote
Guest ~BD~ Posted January 28, 2009 Posted January 28, 2009 I didn't write the following! See http://technet.microsoft.com/en-gb/library/cc512587.aspx Dave Cleaning a Compromised System So, you didn't patch the system and it got hacked. What to do? Well, let's see: a.. You can't clean a compromised system by patching it. Patching only removes the vulnerability. Upon getting into your system, the attacker probably ensured that there were several other ways to get back in. b.. You can't clean a compromised system by removing the back doors. You can never guarantee that you found all the back doors the attacker put in. The fact that you can't find any more may only mean you don't know where to look, or that the system is so compromised that what you are seeing is not actually what is there. c.. You can't clean a compromised system by using some "vulnerability remover." Let's say you had a system hit by Blaster. A number of vendors (including Microsoft) published vulnerability removers for Blaster. Can you trust a system that had Blaster after the tool is run? I wouldn't. If the system was vulnerable to Blaster, it was also vulnerable to a number of other attacks. Can you guarantee that none of those have been run against it? I didn't think so. d.. You can't clean a compromised system by using a virus scanner. To tell you the truth, a fully compromised system can't be trusted. Even virus scanners must at some level rely on the system to not lie to them. If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it. Note that if you can guarantee that the only thing that compromised the system was a particular virus or worm and you know that this virus has no back doors associated with it, and the vulnerability used by the virus was not available remotely, then a virus scanner can be used to clean the system. For example, the vast majority of e-mail worms rely on a user opening an attachment. In this particular case, it is possible that the only infection on the system is the one that came from the attachment containing the worm. However, if the vulnerability used by the worm was available remotely without user action, then you can't guarantee that the worm was the only thing that used that vulnerability. It is entirely possible that something else used the same vulnerability. In this case, you can't just patch the system. e.. You can't clean a compromised system by reinstalling the operating system over the existing installation. Again, the attacker may very well have tools in place that tell the installer lies. If that happens, the installer may not actually remove the compromised files. In addition, the attacker may also have put back doors in non-operating system components. f.. You can't trust any data copied from a compromised system. Once an attacker gets into a system, all the data on it may be modified. In the best-case scenario, copying data off a compromised system and putting it on a clean system will give you potentially untrustworthy data. In the worst-case scenario, you may actually have copied a back door hidden in the data. g.. You can't trust the event logs on a compromised system. Upon gaining full access to a system, it is simple for an attacker to modify the event logs on that system to cover any tracks. If you rely on the event logs to tell you what has been done to your system, you may just be reading what the attacker wants you to read. h.. You may not be able to trust your latest backup. How can you tell when the original attack took place? The event logs cannot be trusted to tell you. Without that knowledge, your latest backup is useless. It may be a backup that includes all the back doors currently on the system. i.. The only way to clean a compromised system is to flatten and rebuild. That's right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications). Quote
Guest ~BD~ Posted January 28, 2009 Posted January 28, 2009 PA Bear is right, I believe, about OneCare incorporating Defender and it's own firewall. How he knows you have a Rootkit is beyond me (unless he knows how it got there - food for thought!) Perhaps he'll tell you if you ask him! style_emoticons/ I noticed this entry in your HJT log O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing) Copy and paste that whole line into Google and explore the results you get (I get 151 hits!) Did you have Norton/Symantec installed on your computer before OneCare? -- Dave "village idiot" <villageidiot@discussions.microsoft.com> wrote in message news:35B7884A-E287-4E39-A2A9-D96E991A1295@microsoft.com...<span style="color:blue"> > Oh nutz!!!!!!!!!! > > I have had windows live one care from the first setup of this laptop. > When > I open it, it shows that the firewall is on, the virus thing is > on....... all > systems go..... > > But, when I went to control panel security just now, it showed that > the > firewall was off. Windows defender is also off. > > When I had XP and windows one care, I remember that I was told to turn > off > windows defender because it conflicted with one care. That is on my > desktop...XP. > > I thought that in vista, and one care, that windows defender was > integrated. > So, do I need to turn on the firewall and windows defender through > control > panel security? > > I will wait for PA Bear to reply before I post my hjt log to the site > that > you listed. > > Thanks! > village idiot > > "~BD~" wrote: ><span style="color:green"> >> Hi! >> >> I copied and pasted your HJT log into www.hijackthis.de >> >> A comment I noticed was ....... >> >> "It seems that you don't use an anti-virus scanner or your scanner is >> not active. Only an anti-virus scanner can protect you against new >> viruses. You can look here for a good anti-virus scanner. " >> >> We didn't detect any active process of a firewall on your system. >> Reasons maybe: >> (1.) You are using the windows firewall or a hardware firewall. >> (2.) You are using a firewall of an unknown vendor. >> (3.) You are using a firewall, but for unknown reasons it is disabled >> (4.) You don't use any firewall at all. >> We recommend you to use a firewall. Download and install one or >> activate >> windows xp´s own one. In case you got questions or you want us to add >> the firewall you use to our database, contact us at our forum. >> >> >> >> Try posting your log there for yourself! >> >> -- >> Dave >> >> >> "village idiot" <villageidiot@discussions.microsoft.com> wrote in >> message news:393652CB-642F-4BDD-9099-19A9479F4DA4@microsoft.com...<span style="color:darkred"> >> > HI PA! >> > >> > AAARRRGGGHHHHHHHH and OH NO. So, I will have to do something to my >> > desktop >> > too?..... before I take care of my laptop?????? >> > >> > Okay........ here is the link to my hijack log. I posted it on the >> > 15th. I >> > first posted one on Jan. 2nd, and got no response, so I did a new >> > hjt >> > on the >> > 15th, and reposted. Still no replies. >> > http://www.lavasoftsupport.com/index.php?showtopic=22914 >> > >> > Will be waiting for your wonderful help. Uh, the hjt log from the >> > 15th was >> > before I cleaned the registry...... if that matters. >> > >> > Thanks so much!!!!!!! >> > village idiot >> > >> > "PA Bear [MS MVP]" wrote: >> > >> >> > I have had one care from the beginning. Ad-aware found the >> >> > first >> >> > and only >> >> > critical thing that was the PWSmapper thing. It removed it. I >> >> > have >> >> > cleaned >> >> > my registry. I have run onecare and ad aware everyday for weeks >> >> > now. >> >> > Nothing has worked. >> >> >> >> Please give us a link to the forum thread where you've posted your >> >> HijackThis log. >> >> >> >> [Think your Registry needs "cleaning" or "repairing"? Read >> >> http://aumha.net/viewtopic.php?t=28099 and draw your own >> >> conclusions.] >> >> >> >> No, the hidden Recovery/Restore partition had not been affected. >> >> >> >> > Second question is......... is it possible that my desktop >> >> > transferred >> >> > this >> >> > problem to my laptop? Desktop has been just as slow as my >> >> > laptop >> >> > is now, >> >> > for quite a while. I'm pretty sure it was s-l-o-w before I got >> >> > my >> >> > laptop. >> >> > Is it possible that my laptop could have "caught" something from >> >> > the >> >> > router >> >> > that is connected to my desktop? >> >> >> >> Yes, no question about it (cf. >> >> http://aumha.net/viewtopic.php?f=30&t=36886 >> >> and http://aumha.net/viewtopic.php?f=48&t=37919). >> >> -- >> >> ~PA Bear >> >> >> >> village idiot wrote: >> >> > Too late PA! >> >> > >> >> > I have gone through all of your articles, downloads, google >> >> > searches, >> >> > etc.. >> >> > I have had one care from the beginning. Ad-aware found the >> >> > first >> >> > and only >> >> > critical thing that was the PWSmapper thing. It removed it. I >> >> > have >> >> > cleaned >> >> > my registry. I have run onecare and ad aware everyday for weeks >> >> > now. >> >> > Nothing has worked. My laptop still opens continuous multiple >> >> > windows at >> >> > times, about once every few days. It freezes. And, it is >> >> > slower >> >> > than my >> >> > first computer in 1995 that had dial up. I am using comcast >> >> > cable >> >> > with a >> >> > router from my desktop now. >> >> > >> >> > So, before I lose my mind, I have decided that I should probably >> >> > just do a >> >> > full recovery. >> >> > >> >> > My HP laptop is new since Aug 08. I have no important files or >> >> > downloads.... nothing that I cannot lose..... (other than my >> >> > mind). >> >> > >> >> > I have 2 major questions before I start this. >> >> > >> >> > I did not make recovery discs, so I will be doing a recovery >> >> > using >> >> > HP >> >> > recovery manager using the partition thingy. BIG QUESTION >> >> > is......... is >> >> > it >> >> > possible that whatever is causing my problems got into this >> >> > partition >> >> > recovery part of my computer?????????????? >> >> > >> >> > Second question is......... is it possible that my desktop >> >> > transferred >> >> > this >> >> > problem to my laptop? Desktop has been just as slow as my >> >> > laptop >> >> > is now, >> >> > for quite a while. I'm pretty sure it was s-l-o-w before I got >> >> > my >> >> > laptop. >> >> > Is it possible that my laptop could have "caught" something from >> >> > the >> >> > router >> >> > that is connected to my desktop? >> >> > >> >> > Can't wait to hear your reply to this! hehe >> >> > >> >> > THE village idiot >> >> > >> >> > >> >> > >> >> > "PA Bear [MS MVP]" wrote: >> >> > >> >> >> Slow down, bucko! <wink> >> >> >> >> >> >> 1. You are NOT to install OneCare, just run the Safety scan >> >> >> here: >> >> >> http://onecare.live.com/site/en-us/center/howsafe.htm (I assume >> >> >> you >> >> >> already >> >> >> have an anti-virus application installed. >> >> >> >> >> >> In any event, should you choose to replace your current >> >> >> anti-virus >> >> >> application with OneCare, it's safe to ignore the false warning >> >> >> about >> >> >> Ad-Aware: Both can reside nicely on your machine. >> >> >> >> >> >> 2. You do NOT have to purchase Ad-Aware 2008. Just click on >> >> >> the >> >> >> green >> >> >> DOWNLOAD button on the left-hand side of >> >> >> http://www.lavasoft.com/single/trialpay.php; you'll then be >> >> >> redirected to >> >> >> the mirror site >> >> >> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. >> >> >> (Yes, >> >> >> the >> >> >> first page is a little confusing.) >> >> >> >> >> >> 3. After complete Steps #1 and #2 in my first reply, following >> >> >> the >> >> >> instructions at http://aumha.net/viewtopic.php?t=4075, then >> >> >> Register and >> >> >> begin a new thread in this forum: >> >> >> http://aumha.net/viewforum.php?f=30 >> >> >> >> >> >> Don't try to overthink this, OK? >> >> >> >> >> >> PS: Thanks for your kind words. >> >> >> >> >> >> village idiot wrote: >> >> >>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on >> >> >>> mvps.org, >> >> >>> and >> >> >>> one care tells me that I need to remove ad-aware because it is >> >> >>> interferring >> >> >>> with one care, and could cause problems. >> >> >> <paste> >> >> >> Thanks so much for the input. I am still working my way >> >> >> through >> >> >> all of >> >> >> the >> >> >>> articles and advice you gave. I bought ad-aware 2008, and >> >> >>> evidently the >> >> >>> scan did not finish. So per the lavasoft folks, I uninstalled >> >> >>> and >> >> >>> reinstalled. The scan found win32.TrojanPWS.mapper >> >> >>> I clicked remove. >> >> >>> >> >> >>> My first big question is this.......... If this is a password >> >> >>> stealer, >> >> >>> as >> >> >>> i >> >> >>> have read here somewhere....... is it safe to continue using >> >> >>> my >> >> >>> old pws, >> >> >>> or >> >> >>> do I need to change all of my pws????!!!!!!!!!!!!!!!! >> >> >>> >> >> >>> I still have strange things happening, such as, when I request >> >> >>> a >> >> >>> pw and >> >> >>> it >> >> >>> is sent to my email, I will find in my spam folder, an email >> >> >>> re >> >> >>> "my >> >> >>> password >> >> >>> trouble" at same time I sent the request for pw. I don't open >> >> >>> the spam >> >> >>> email, I just see the first sentence, and note that the time >> >> >>> is >> >> >>> the >> >> >>> same. >> >> >>> >> >> >>> After the reinstall, ran a quick scan, and there were only >> >> >>> cookies. I >> >> >>> have >> >> >>> not run a full scan again yet. I wanted to find out >> >> >>> this....... >> >> >>> >> >> >>> Is it normal for full scans to take 2 hours?????? When I >> >> >>> run >> >> >>> one >> >> >>> care, >> >> >>> it >> >> >>> always takes this long.....from the first scan on my NEW >> >> >>> computer >> >> >>> after >> >> >>> I >> >> >>> had used it for only a couple of weeks. >> >> >>> >> >> >>> And, my first ad-aware scan last night, that stopped b4 it was >> >> >>> finished >> >> >>> (per >> >> >>> its log, I stopped the scan.. I did not,, and hence the >> >> >>> unistall, >> >> >>> reinstall) >> >> >>> That scan was set to "full scan" and it had taken about an >> >> >>> hour >> >> >>> before >> >> >>> it >> >> >>> shut down. >> >> >>> >> >> >>> I don't mind the time........ IF it is supposed to take that >> >> >>> long. But, >> >> >>> I >> >> >>> need to know, because I worry that it takes too long because >> >> >>> of a >> >> >>> problem. >> >> >>> Please let me know!!! >> >> >>> >> >> >>> I am fixing to run through the procedures from the mvps site >> >> >>> you >> >> >>> listed, >> >> >>> but >> >> >>> I wanted to ask those questions first. >> >> >>> >> >> >>> Oh......... this is happening on my new laptop. I got a >> >> >>> router >> >> >>> from >> >> >>> comcast, that is connected to my desktop. Could this problem >> >> >>> come from >> >> >>> my >> >> >>> desktop to my laptop? And, if not, do you think it is safe to >> >> >>> use my >> >> >>> desktop at sites where I have to use my passwords????? >> >> >> </paste> >> >> >>> >> >> >>> "PA Bear [MS MVP]" wrote: >> >> >>> >> >> >>>> Chances are that you're seeing the affects of a hijackware >> >> >>>> infection. >> >> >>>> >> >> >>>> 1. See if you can download/run the MSRT manually: >> >> >>>> http://www.microsoft.com/security/malwareremove/default.mspx >> >> >>>> >> >> >>>> 2. Run this online scan (in safe mode w/networking, if need >> >> >>>> be): >> >> >>>> http://onecare.live.com/site/en-us/center/howsafe.htm >> >> >>>> >> >> >>>> 3. Run additional checks for hijackware, including posting >> >> >>>> your >> >> >>>> hijackthis >> >> >>>> log to an appropriate forum. >> >> >>>> >> >> >>>> Checking for/Help with Hijackware >> >> >>>> http://aumha.org/a/parasite.htm >> >> >>>> http://aumha.org/a/quickfix.htm >> >> >>>> http://aumha.net/viewtopic.php?t=5878 >> >> >>>> http://mvps.org/winhelp2002/unwanted.htm >> >> >>>> http://inetexplorer.mvps.org/data/prevention.htm >> >> >>>> http://inetexplorer.mvps.org/tshoot.html >> >> >>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm >> >> >>>> http://defendingyourmachine2.blogspot.com/ >> >> >>>> http://www.elephantboycomputers.com/page2....emoving_Malware >> >> >>>> >> >> >>>> When all else fails, HijackThis v2.0.2 >> >> >>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred >> >> >>>> tool to >> >> >>>> use >> >> >>>> (in conjuction with some other utilities). HijackThis will >> >> >>>> NOT >> >> >>>> fix >> >> >>>> anything on its own, but it will help you to both identify >> >> >>>> and </span></span></span> Quote
Guest Tom [Pepper] Willett Posted January 28, 2009 Posted January 28, 2009 You are a hoople head. Now and always. "~BD~" <BoaterDave@hotmail.co.uk> wrote in message news:On%23V$rNgJHA.5556@TK2MSFTNGP05.phx.gbl... : Pray tell how you , PA Bear, know that a Rootkit is involved. : : Are you clairvoyant now? : -- : Dave : : : "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message : news:u5N3JeNgJHA.5724@TK2MSFTNGP02.phx.gbl... : > OneCare (in WinXP and Vista) includes its own firewall and its own : > version of Defender. When you install OneCare, it will automatically : > disable the Windows Firewall and Defender on its own. : > : > NB: Do not use or trust any HJT interpretation sites or tools like : > hijackthis.de. (It couldn't tell that OneCare was installed but : > disabled by the rootkit!) : > : > village idiot wrote: : >> Oh nutz!!!!!!!!!! : >> : >> I have had windows live one care from the first setup of this laptop. : >> When : >> I open it, it shows that the firewall is on, the virus thing is : >> on....... : >> all systems go..... : >> : >> But, when I went to control panel security just now, it showed that : >> the : >> firewall was off. Windows defender is also off. : >> : >> When I had XP and windows one care, I remember that I was told to : >> turn off : >> windows defender because it conflicted with one care. That is on my : >> desktop...XP. : >> : >> I thought that in vista, and one care, that windows defender was : >> integrated. : >> So, do I need to turn on the firewall and windows defender through : >> control : >> panel security? : >> : >> I will wait for PA Bear to reply before I post my hjt log to the site : >> that : >> you listed. : >> : >> Thanks! : >> village idiot : >> : >> "~BD~" wrote: : >> : >>> Hi! : >>> : >>> I copied and pasted your HJT log into www.hijackthis.de : >>> : >>> A comment I noticed was ....... : >>> : >>> "It seems that you don't use an anti-virus scanner or your scanner : >>> is : >>> not active. Only an anti-virus scanner can protect you against new : >>> viruses. You can look here for a good anti-virus scanner. " : >>> : >>> We didn't detect any active process of a firewall on your system. : >>> Reasons maybe: : >>> (1.) You are using the windows firewall or a hardware firewall. : >>> (2.) You are using a firewall of an unknown vendor. : >>> (3.) You are using a firewall, but for unknown reasons it is : >>> disabled : >>> (4.) You don't use any firewall at all. : >>> We recommend you to use a firewall. Download and install one or : >>> activate : >>> windows xp´s own one. In case you got questions or you want us to : >>> add : >>> the firewall you use to our database, contact us at our forum. : >>> : >>> : >>> : >>> Try posting your log there for yourself! : >>> : >>> -- : >>> Dave : >>> : >>> : >>> "village idiot" <villageidiot@discussions.microsoft.com> wrote in : >>> message news:393652CB-642F-4BDD-9099-19A9479F4DA4@microsoft.com... : >>>> HI PA! : >>>> : >>>> AAARRRGGGHHHHHHHH and OH NO. So, I will have to do something to my : >>>> desktop : >>>> too?..... before I take care of my laptop?????? : >>>> : >>>> Okay........ here is the link to my hijack log. I posted it on the : >>>> 15th. I : >>>> first posted one on Jan. 2nd, and got no response, so I did a new : >>>> hjt : >>>> on the : >>>> 15th, and reposted. Still no replies. : >>>> http://www.lavasoftsupport.com/index.php?showtopic=22914 : >>>> : >>>> Will be waiting for your wonderful help. Uh, the hjt log from the : >>>> 15th was : >>>> before I cleaned the registry...... if that matters. : >>>> : >>>> Thanks so much!!!!!!! : >>>> village idiot : >>>> : >>>> "PA Bear [MS MVP]" wrote: : >>>> : >>>>>> I have had one care from the beginning. Ad-aware found the first : >>>>>> and only : >>>>>> critical thing that was the PWSmapper thing. It removed it. I : >>>>>> have : >>>>>> cleaned : >>>>>> my registry. I have run onecare and ad aware everyday for weeks : >>>>>> now. : >>>>>> Nothing has worked. : >>>>> : >>>>> Please give us a link to the forum thread where you've posted your : >>>>> HijackThis log. : >>>>> : >>>>> [Think your Registry needs "cleaning" or "repairing"? Read : >>>>> http://aumha.net/viewtopic.php?t=28099 and draw your own : >>>>> conclusions.] : >>>>> : >>>>> No, the hidden Recovery/Restore partition had not been affected. : >>>>> : >>>>>> Second question is......... is it possible that my desktop : >>>>>> transferred : >>>>>> this : >>>>>> problem to my laptop? Desktop has been just as slow as my laptop : >>>>>> is now, : >>>>>> for quite a while. I'm pretty sure it was s-l-o-w before I got : >>>>>> my : >>>>>> laptop. : >>>>>> Is it possible that my laptop could have "caught" something from : >>>>>> the : >>>>>> router : >>>>>> that is connected to my desktop? : >>>>> : >>>>> Yes, no question about it (cf. : >>>>> http://aumha.net/viewtopic.php?f=30&t=36886 : >>>>> and http://aumha.net/viewtopic.php?f=48&t=37919). : >>>>> -- : >>>>> ~PA Bear : >>>>> : >>>>> village idiot wrote: : >>>>>> Too late PA! : >>>>>> : >>>>>> I have gone through all of your articles, downloads, google : >>>>>> searches, : >>>>>> etc.. : >>>>>> I have had one care from the beginning. Ad-aware found the first : >>>>>> and only : >>>>>> critical thing that was the PWSmapper thing. It removed it. I : >>>>>> have : >>>>>> cleaned : >>>>>> my registry. I have run onecare and ad aware everyday for weeks : >>>>>> now. : >>>>>> Nothing has worked. My laptop still opens continuous multiple : >>>>>> windows at : >>>>>> times, about once every few days. It freezes. And, it is slower : >>>>>> than my : >>>>>> first computer in 1995 that had dial up. I am using comcast : >>>>>> cable : >>>>>> with a : >>>>>> router from my desktop now. : >>>>>> : >>>>>> So, before I lose my mind, I have decided that I should probably : >>>>>> just do a : >>>>>> full recovery. : >>>>>> : >>>>>> My HP laptop is new since Aug 08. I have no important files or : >>>>>> downloads.... nothing that I cannot lose..... (other than my : >>>>>> mind). : >>>>>> : >>>>>> I have 2 major questions before I start this. : >>>>>> : >>>>>> I did not make recovery discs, so I will be doing a recovery : >>>>>> using : >>>>>> HP : >>>>>> recovery manager using the partition thingy. BIG QUESTION : >>>>>> is......... is : >>>>>> it : >>>>>> possible that whatever is causing my problems got into this : >>>>>> partition : >>>>>> recovery part of my computer?????????????? : >>>>>> : >>>>>> Second question is......... is it possible that my desktop : >>>>>> transferred : >>>>>> this : >>>>>> problem to my laptop? Desktop has been just as slow as my laptop : >>>>>> is now, : >>>>>> for quite a while. I'm pretty sure it was s-l-o-w before I got : >>>>>> my : >>>>>> laptop. : >>>>>> Is it possible that my laptop could have "caught" something from : >>>>>> the : >>>>>> router : >>>>>> that is connected to my desktop? : >>>>>> : >>>>>> Can't wait to hear your reply to this! hehe : >>>>>> : >>>>>> THE village idiot : >>>>>> : >>>>>> : >>>>>> : >>>>>> "PA Bear [MS MVP]" wrote: : >>>>>> : >>>>>>> Slow down, bucko! <wink> : >>>>>>> : >>>>>>> 1. You are NOT to install OneCare, just run the Safety scan : >>>>>>> here: : >>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm (I assume : >>>>>>> you : >>>>>>> already : >>>>>>> have an anti-virus application installed. : >>>>>>> : >>>>>>> In any event, should you choose to replace your current : >>>>>>> anti-virus : >>>>>>> application with OneCare, it's safe to ignore the false warning : >>>>>>> about : >>>>>>> Ad-Aware: Both can reside nicely on your machine. : >>>>>>> : >>>>>>> 2. You do NOT have to purchase Ad-Aware 2008. Just click on the : >>>>>>> green : >>>>>>> DOWNLOAD button on the left-hand side of : >>>>>>> http://www.lavasoft.com/single/trialpay.php; you'll then be : >>>>>>> redirected to : >>>>>>> the mirror site : >>>>>>> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. : >>>>>>> (Yes, : >>>>>>> the : >>>>>>> first page is a little confusing.) : >>>>>>> : >>>>>>> 3. After complete Steps #1 and #2 in my first reply, following : >>>>>>> the : >>>>>>> instructions at http://aumha.net/viewtopic.php?t=4075, then : >>>>>>> Register and : >>>>>>> begin a new thread in this forum: : >>>>>>> http://aumha.net/viewforum.php?f=30 : >>>>>>> : >>>>>>> Don't try to overthink this, OK? : >>>>>>> : >>>>>>> PS: Thanks for your kind words. : >>>>>>> : >>>>>>> village idiot wrote: : >>>>>>>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on : >>>>>>>> mvps.org, : >>>>>>>> and : >>>>>>>> one care tells me that I need to remove ad-aware because it is : >>>>>>>> interferring : >>>>>>>> with one care, and could cause problems. : >>>>>>> <paste> : >>>>>>> Thanks so much for the input. I am still working my way through : >>>>>>> all of : >>>>>>> the : >>>>>>>> articles and advice you gave. I bought ad-aware 2008, and : >>>>>>>> evidently the : >>>>>>>> scan did not finish. So per the lavasoft folks, I uninstalled : >>>>>>>> and : >>>>>>>> reinstalled. The scan found win32.TrojanPWS.mapper : >>>>>>>> I clicked remove. : >>>>>>>> : >>>>>>>> My first big question is this.......... If this is a password : >>>>>>>> stealer, : >>>>>>>> as : >>>>>>>> i : >>>>>>>> have read here somewhere....... is it safe to continue using my : >>>>>>>> old pws, : >>>>>>>> or : >>>>>>>> do I need to change all of my pws????!!!!!!!!!!!!!!!! : >>>>>>>> : >>>>>>>> I still have strange things happening, such as, when I request : >>>>>>>> a : >>>>>>>> pw and : >>>>>>>> it : >>>>>>>> is sent to my email, I will find in my spam folder, an email re : >>>>>>>> "my : >>>>>>>> password : >>>>>>>> trouble" at same time I sent the request for pw. I don't open : >>>>>>>> the spam : >>>>>>>> email, I just see the first sentence, and note that the time is : >>>>>>>> the : >>>>>>>> same. : >>>>>>>> : >>>>>>>> After the reinstall, ran a quick scan, and there were only : >>>>>>>> cookies. I : >>>>>>>> have : >>>>>>>> not run a full scan again yet. I wanted to find out : >>>>>>>> this....... : >>>>>>>> : >>>>>>>> Is it normal for full scans to take 2 hours?????? When I run : >>>>>>>> one : >>>>>>>> care, : >>>>>>>> it : >>>>>>>> always takes this long.....from the first scan on my NEW : >>>>>>>> computer : >>>>>>>> after : >>>>>>>> I : >>>>>>>> had used it for only a couple of weeks. : >>>>>>>> : >>>>>>>> And, my first ad-aware scan last night, that stopped b4 it was : >>>>>>>> finished : >>>>>>>> (per : >>>>>>>> its log, I stopped the scan.. I did not,, and hence the : >>>>>>>> unistall, : >>>>>>>> reinstall) : >>>>>>>> That scan was set to "full scan" and it had taken about an hour : >>>>>>>> before : >>>>>>>> it : >>>>>>>> shut down. : >>>>>>>> : >>>>>>>> I don't mind the time........ IF it is supposed to take that : >>>>>>>> long. But, : >>>>>>>> I : >>>>>>>> need to know, because I worry that it takes too long because of : >>>>>>>> a : >>>>>>>> problem. : >>>>>>>> Please let me know!!! : >>>>>>>> : >>>>>>>> I am fixing to run through the procedures from the mvps site : >>>>>>>> you : >>>>>>>> listed, : >>>>>>>> but : >>>>>>>> I wanted to ask those questions first. : >>>>>>>> : >>>>>>>> Oh......... this is happening on my new laptop. I got a router : >>>>>>>> from : >>>>>>>> comcast, that is connected to my desktop. Could this problem : >>>>>>>> come from : >>>>>>>> my : >>>>>>>> desktop to my laptop? And, if not, do you think it is safe to : >>>>>>>> use my : >>>>>>>> desktop at sites where I have to use my passwords????? : >>>>>>> </paste> : >>>>>>>> : >>>>>>>> "PA Bear [MS MVP]" wrote: : >>>>>>>> : >>>>>>>>> Chances are that you're seeing the affects of a hijackware : >>>>>>>>> infection. : >>>>>>>>> : >>>>>>>>> 1. See if you can download/run the MSRT manually: : >>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx : >>>>>>>>> : >>>>>>>>> 2. Run this online scan (in safe mode w/networking, if need : >>>>>>>>> be): : >>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm : >>>>>>>>> : >>>>>>>>> 3. Run additional checks for hijackware, including posting : >>>>>>>>> your : >>>>>>>>> hijackthis : >>>>>>>>> log to an appropriate forum. : >>>>>>>>> : >>>>>>>>> Checking for/Help with Hijackware : >>>>>>>>> http://aumha.org/a/parasite.htm : >>>>>>>>> http://aumha.org/a/quickfix.htm : >>>>>>>>> http://aumha.net/viewtopic.php?t=5878 : >>>>>>>>> http://mvps.org/winhelp2002/unwanted.htm : >>>>>>>>> http://inetexplorer.mvps.org/data/prevention.htm : >>>>>>>>> http://inetexplorer.mvps.org/tshoot.html : >>>>>>>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm : >>>>>>>>> http://defendingyourmachine2.blogspot.com/ : >>>>>>>>> http://www.elephantboycomputers.com/page2....emoving_Malware : >>>>>>>>> : >>>>>>>>> When all else fails, HijackThis v2.0.2 : >>>>>>>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred : >>>>>>>>> tool to : >>>>>>>>> use : >>>>>>>>> (in conjuction with some other utilities). HijackThis will : >>>>>>>>> NOT : >>>>>>>>> fix : >>>>>>>>> anything on its own, but it will help you to both identify and : > : : Quote
Guest village idiot Posted January 28, 2009 Posted January 28, 2009 Hi Dave! First of all............. I do not know what a rootkit is. Second..... YES, I had norton on the computer. Did not want it, but HP would not send me a laptop w/o it, or another virus program. I did an uninstall, but symantec stuff keeps showing up in odd places. EVERY time my computer first starts, there is a small blank window that shows up, and I have to close it. It is a symantec window. Can't remember how I know that. I believe when I rebooted after I uninstalled norton, the norton window showed for a moment, and then left the small blank window for me. I noticed several "file missing" lines next to symantec entries on the hjt log. Thanks for the info. village idiot "~BD~" wrote: <span style="color:blue"> > PA Bear is right, I believe, about OneCare incorporating Defender and > it's own firewall. > > How he knows you have a Rootkit is beyond me (unless he knows how it > got there - food for thought!) Perhaps he'll tell you if you ask him! > style_emoticons/ > > I noticed this entry in your HJT log > > O23 - Service: Symantec Core LC - Unknown owner - > C:PROGRA~2COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe (file missing) > > Copy and paste that whole line into Google and explore the results you > get (I get 151 hits!) > > Did you have Norton/Symantec installed on your computer before OneCare? > -- > Dave > > > "village idiot" <villageidiot@discussions.microsoft.com> wrote in > message news:35B7884A-E287-4E39-A2A9-D96E991A1295@microsoft.com...<span style="color:green"> > > Oh nutz!!!!!!!!!! > > > > I have had windows live one care from the first setup of this laptop. > > When > > I open it, it shows that the firewall is on, the virus thing is > > on....... all > > systems go..... > > > > But, when I went to control panel security just now, it showed that > > the > > firewall was off. Windows defender is also off. > > > > When I had XP and windows one care, I remember that I was told to turn > > off > > windows defender because it conflicted with one care. That is on my > > desktop...XP. > > > > I thought that in vista, and one care, that windows defender was > > integrated. > > So, do I need to turn on the firewall and windows defender through > > control > > panel security? > > > > I will wait for PA Bear to reply before I post my hjt log to the site > > that > > you listed. > > > > Thanks! > > village idiot > > > > "~BD~" wrote: > ><span style="color:darkred"> > >> Hi! > >> > >> I copied and pasted your HJT log into www.hijackthis.de > >> > >> A comment I noticed was ....... > >> > >> "It seems that you don't use an anti-virus scanner or your scanner is > >> not active. Only an anti-virus scanner can protect you against new > >> viruses. You can look here for a good anti-virus scanner. " > >> > >> We didn't detect any active process of a firewall on your system. > >> Reasons maybe: > >> (1.) You are using the windows firewall or a hardware firewall. > >> (2.) You are using a firewall of an unknown vendor. > >> (3.) You are using a firewall, but for unknown reasons it is disabled > >> (4.) You don't use any firewall at all. > >> We recommend you to use a firewall. Download and install one or > >> activate > >> windows xp´s own one. In case you got questions or you want us to add > >> the firewall you use to our database, contact us at our forum. > >> > >> > >> > >> Try posting your log there for yourself! > >> > >> -- > >> Dave > >> > >> > >> "village idiot" <villageidiot@discussions.microsoft.com> wrote in > >> message news:393652CB-642F-4BDD-9099-19A9479F4DA4@microsoft.com... > >> > HI PA! > >> > > >> > AAARRRGGGHHHHHHHH and OH NO. So, I will have to do something to my > >> > desktop > >> > too?..... before I take care of my laptop?????? > >> > > >> > Okay........ here is the link to my hijack log. I posted it on the > >> > 15th. I > >> > first posted one on Jan. 2nd, and got no response, so I did a new > >> > hjt > >> > on the > >> > 15th, and reposted. Still no replies. > >> > http://www.lavasoftsupport.com/index.php?showtopic=22914 > >> > > >> > Will be waiting for your wonderful help. Uh, the hjt log from the > >> > 15th was > >> > before I cleaned the registry...... if that matters. > >> > > >> > Thanks so much!!!!!!! > >> > village idiot > >> > > >> > "PA Bear [MS MVP]" wrote: > >> > > >> >> > I have had one care from the beginning. Ad-aware found the > >> >> > first > >> >> > and only > >> >> > critical thing that was the PWSmapper thing. It removed it. I > >> >> > have > >> >> > cleaned > >> >> > my registry. I have run onecare and ad aware everyday for weeks > >> >> > now. > >> >> > Nothing has worked. > >> >> > >> >> Please give us a link to the forum thread where you've posted your > >> >> HijackThis log. > >> >> > >> >> [Think your Registry needs "cleaning" or "repairing"? Read > >> >> http://aumha.net/viewtopic.php?t=28099 and draw your own > >> >> conclusions.] > >> >> > >> >> No, the hidden Recovery/Restore partition had not been affected. > >> >> > >> >> > Second question is......... is it possible that my desktop > >> >> > transferred > >> >> > this > >> >> > problem to my laptop? Desktop has been just as slow as my > >> >> > laptop > >> >> > is now, > >> >> > for quite a while. I'm pretty sure it was s-l-o-w before I got > >> >> > my > >> >> > laptop. > >> >> > Is it possible that my laptop could have "caught" something from > >> >> > the > >> >> > router > >> >> > that is connected to my desktop? > >> >> > >> >> Yes, no question about it (cf. > >> >> http://aumha.net/viewtopic.php?f=30&t=36886 > >> >> and http://aumha.net/viewtopic.php?f=48&t=37919). > >> >> -- > >> >> ~PA Bear > >> >> > >> >> village idiot wrote: > >> >> > Too late PA! > >> >> > > >> >> > I have gone through all of your articles, downloads, google > >> >> > searches, > >> >> > etc.. > >> >> > I have had one care from the beginning. Ad-aware found the > >> >> > first > >> >> > and only > >> >> > critical thing that was the PWSmapper thing. It removed it. I > >> >> > have > >> >> > cleaned > >> >> > my registry. I have run onecare and ad aware everyday for weeks > >> >> > now. > >> >> > Nothing has worked. My laptop still opens continuous multiple > >> >> > windows at > >> >> > times, about once every few days. It freezes. And, it is > >> >> > slower > >> >> > than my > >> >> > first computer in 1995 that had dial up. I am using comcast > >> >> > cable > >> >> > with a > >> >> > router from my desktop now. > >> >> > > >> >> > So, before I lose my mind, I have decided that I should probably > >> >> > just do a > >> >> > full recovery. > >> >> > > >> >> > My HP laptop is new since Aug 08. I have no important files or > >> >> > downloads.... nothing that I cannot lose..... (other than my > >> >> > mind). > >> >> > > >> >> > I have 2 major questions before I start this. > >> >> > > >> >> > I did not make recovery discs, so I will be doing a recovery > >> >> > using > >> >> > HP > >> >> > recovery manager using the partition thingy. BIG QUESTION > >> >> > is......... is > >> >> > it > >> >> > possible that whatever is causing my problems got into this > >> >> > partition > >> >> > recovery part of my computer?????????????? > >> >> > > >> >> > Second question is......... is it possible that my desktop > >> >> > transferred > >> >> > this > >> >> > problem to my laptop? Desktop has been just as slow as my > >> >> > laptop > >> >> > is now, > >> >> > for quite a while. I'm pretty sure it was s-l-o-w before I got > >> >> > my > >> >> > laptop. > >> >> > Is it possible that my laptop could have "caught" something from > >> >> > the > >> >> > router > >> >> > that is connected to my desktop? > >> >> > > >> >> > Can't wait to hear your reply to this! hehe > >> >> > > >> >> > THE village idiot > >> >> > > >> >> > > >> >> > > >> >> > "PA Bear [MS MVP]" wrote: > >> >> > > >> >> >> Slow down, bucko! <wink> > >> >> >> > >> >> >> 1. You are NOT to install OneCare, just run the Safety scan > >> >> >> here: > >> >> >> http://onecare.live.com/site/en-us/center/howsafe.htm (I assume > >> >> >> you > >> >> >> already > >> >> >> have an anti-virus application installed. > >> >> >> > >> >> >> In any event, should you choose to replace your current > >> >> >> anti-virus > >> >> >> application with OneCare, it's safe to ignore the false warning > >> >> >> about > >> >> >> Ad-Aware: Both can reside nicely on your machine. > >> >> >> > >> >> >> 2. You do NOT have to purchase Ad-Aware 2008. Just click on > >> >> >> the > >> >> >> green > >> >> >> DOWNLOAD button on the left-hand side of > >> >> >> http://www.lavasoft.com/single/trialpay.php; you'll then be > >> >> >> redirected to > >> >> >> the mirror site > >> >> >> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. > >> >> >> (Yes, > >> >> >> the > >> >> >> first page is a little confusing.) > >> >> >> > >> >> >> 3. After complete Steps #1 and #2 in my first reply, following > >> >> >> the > >> >> >> instructions at http://aumha.net/viewtopic.php?t=4075, then > >> >> >> Register and > >> >> >> begin a new thread in this forum: > >> >> >> http://aumha.net/viewforum.php?f=30 > >> >> >> > >> >> >> Don't try to overthink this, OK? > >> >> >> > >> >> >> PS: Thanks for your kind words. > >> >> >> > >> >> >> village idiot wrote: > >> >> >>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes on > >> >> >>> mvps.org, > >> >> >>> and > >> >> >>> one care tells me that I need to remove ad-aware because it is > >> >> >>> interferring > >> >> >>> with one care, and could cause problems. > >> >> >> <paste> > >> >> >> Thanks so much for the input. I am still working my way > >> >> >> through > >> >> >> all of > >> >> >> the > >> >> >>> articles and advice you gave. I bought ad-aware 2008, and > >> >> >>> evidently the > >> >> >>> scan did not finish. So per the lavasoft folks, I uninstalled > >> >> >>> and > >> >> >>> reinstalled. The scan found win32.TrojanPWS.mapper > >> >> >>> I clicked remove. > >> >> >>> > >> >> >>> My first big question is this.......... If this is a password > >> >> >>> stealer, > >> >> >>> as > >> >> >>> i > >> >> >>> have read here somewhere....... is it safe to continue using > >> >> >>> my > >> >> >>> old pws, > >> >> >>> or > >> >> >>> do I need to change all of my pws????!!!!!!!!!!!!!!!! > >> >> >>> > >> >> >>> I still have strange things happening, such as, when I request > >> >> >>> a > >> >> >>> pw and > >> >> >>> it > >> >> >>> is sent to my email, I will find in my spam folder, an email > >> >> >>> re > >> >> >>> "my > >> >> >>> password > >> >> >>> trouble" at same time I sent the request for pw. I don't open > >> >> >>> the spam > >> >> >>> email, I just see the first sentence, and note that the time > >> >> >>> is > >> >> >>> the > >> >> >>> same. > >> >> >>> > >> >> >>> After the reinstall, ran a quick scan, and there were only > >> >> >>> cookies. I > >> >> >>> have > >> >> >>> not run a full scan again yet. I wanted to find out > >> >> >>> this.......</span></span></span> Quote
Guest PA Bear [MS MVP] Posted January 28, 2009 Posted January 28, 2009 While I am not going to reply to your thread http://www.lavasoftsupport.com/index.php?showtopic=22914, I will tell you a few things: 1. Norton applications (e.g., the free-trial version that came preinstalled on your machine) are notorious for not uninstalling cleanly. After uninstalling, one must download/run a removal tool to rid the machines of the "leftovers" and then reboot, preferably before installing another anti-virus application or security suite (e.g., OneCare). =============== Norton Removal Tool http://service1.symantec.com/SUPPORT/tsgen...005033108162039 [Discussion: http://windowssecrets.com/comp/080207#story1] =============== 2. Chances are the OneCare didn't install or isn't working properly due to (a) the already-present infection and/or (style_emoticons/ the presence of the Norton "leftovers." 3. Keeping in mind that HijackThis logs don't always tell us the whole story, I don't see anything truly untoward in the log other than those Norton "leftovers." So it may be worthwhile to try the following: (a) download the Norton Removal Tool, saving it to your desktop; (style_emoticons/ close all open applications (i.e., anything with an icon on the taskbar); Quote
Guest ~BD~ Posted January 28, 2009 Posted January 28, 2009 Hi VI Take a look here: http://windowssecrets.com/2008/02/07/01-Sy...-finish-the-job If you need help finding the right tool from Symantec, look here http://service1.symantec.com/SUPPORT/tsgen...005033108162039 I hope this helps you. -- Dave "village idiot" <villageidiot@discussions.microsoft.com> wrote in message news:A16F15B6-3504-4D0F-A53B-AED04E188E3C@microsoft.com...<span style="color:blue"> > Hi Dave! > > First of all............. I do not know what a rootkit is. > > Second..... YES, I had norton on the computer. Did not want it, but > HP > would not send me a laptop w/o it, or another virus program. I did an > uninstall, but symantec stuff keeps showing up in odd places. EVERY > time my > computer first starts, there is a small blank window that shows up, > and I > have to close it. It is a symantec window. Can't remember how I know > that. > I believe when I rebooted after I uninstalled norton, the norton > window > showed for a moment, and then left the small blank window for me. I > noticed > several "file missing" lines next to symantec entries on the hjt log. > > Thanks for the info. > village idiot > > "~BD~" wrote: ><span style="color:green"> >> PA Bear is right, I believe, about OneCare incorporating Defender and >> it's own firewall. >> >> How he knows you have a Rootkit is beyond me (unless he knows how >> it >> got there - food for thought!) Perhaps he'll tell you if you ask >> him! >> style_emoticons/ >> >> I noticed this entry in your HJT log >> >> O23 - Service: Symantec Core LC - Unknown owner - >> C:PROGRA~2COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe (file missing) >> >> Copy and paste that whole line into Google and explore the results >> you >> get (I get 151 hits!) >> >> Did you have Norton/Symantec installed on your computer before >> OneCare? >> -- >> Dave >> >> >> "village idiot" <villageidiot@discussions.microsoft.com> wrote in >> message news:35B7884A-E287-4E39-A2A9-D96E991A1295@microsoft.com...<span style="color:darkred"> >> > Oh nutz!!!!!!!!!! >> > >> > I have had windows live one care from the first setup of this >> > laptop. >> > When >> > I open it, it shows that the firewall is on, the virus thing is >> > on....... all >> > systems go..... >> > >> > But, when I went to control panel security just now, it showed that >> > the >> > firewall was off. Windows defender is also off. >> > >> > When I had XP and windows one care, I remember that I was told to >> > turn >> > off >> > windows defender because it conflicted with one care. That is on >> > my >> > desktop...XP. >> > >> > I thought that in vista, and one care, that windows defender was >> > integrated. >> > So, do I need to turn on the firewall and windows defender through >> > control >> > panel security? >> > >> > I will wait for PA Bear to reply before I post my hjt log to the >> > site >> > that >> > you listed. >> > >> > Thanks! >> > village idiot >> > >> > "~BD~" wrote: >> > >> >> Hi! >> >> >> >> I copied and pasted your HJT log into www.hijackthis.de >> >> >> >> A comment I noticed was ....... >> >> >> >> "It seems that you don't use an anti-virus scanner or your scanner >> >> is >> >> not active. Only an anti-virus scanner can protect you against new >> >> viruses. You can look here for a good anti-virus scanner. " >> >> >> >> We didn't detect any active process of a firewall on your system. >> >> Reasons maybe: >> >> (1.) You are using the windows firewall or a hardware firewall. >> >> (2.) You are using a firewall of an unknown vendor. >> >> (3.) You are using a firewall, but for unknown reasons it is >> >> disabled >> >> (4.) You don't use any firewall at all. >> >> We recommend you to use a firewall. Download and install one or >> >> activate >> >> windows xp´s own one. In case you got questions or you want us to >> >> add >> >> the firewall you use to our database, contact us at our forum. >> >> >> >> >> >> >> >> Try posting your log there for yourself! >> >> >> >> -- >> >> Dave >> >> >> >> >> >> "village idiot" <villageidiot@discussions.microsoft.com> wrote in >> >> message news:393652CB-642F-4BDD-9099-19A9479F4DA4@microsoft.com... >> >> > HI PA! >> >> > >> >> > AAARRRGGGHHHHHHHH and OH NO. So, I will have to do something to >> >> > my >> >> > desktop >> >> > too?..... before I take care of my laptop?????? >> >> > >> >> > Okay........ here is the link to my hijack log. I posted it on >> >> > the >> >> > 15th. I >> >> > first posted one on Jan. 2nd, and got no response, so I did a >> >> > new >> >> > hjt >> >> > on the >> >> > 15th, and reposted. Still no replies. >> >> > http://www.lavasoftsupport.com/index.php?showtopic=22914 >> >> > >> >> > Will be waiting for your wonderful help. Uh, the hjt log from >> >> > the >> >> > 15th was >> >> > before I cleaned the registry...... if that matters. >> >> > >> >> > Thanks so much!!!!!!! >> >> > village idiot >> >> > >> >> > "PA Bear [MS MVP]" wrote: >> >> > >> >> >> > I have had one care from the beginning. Ad-aware found the >> >> >> > first >> >> >> > and only >> >> >> > critical thing that was the PWSmapper thing. It removed it. >> >> >> > I >> >> >> > have >> >> >> > cleaned >> >> >> > my registry. I have run onecare and ad aware everyday for >> >> >> > weeks >> >> >> > now. >> >> >> > Nothing has worked. >> >> >> >> >> >> Please give us a link to the forum thread where you've posted >> >> >> your >> >> >> HijackThis log. >> >> >> >> >> >> [Think your Registry needs "cleaning" or "repairing"? Read >> >> >> http://aumha.net/viewtopic.php?t=28099 and draw your own >> >> >> conclusions.] >> >> >> >> >> >> No, the hidden Recovery/Restore partition had not been >> >> >> affected. >> >> >> >> >> >> > Second question is......... is it possible that my desktop >> >> >> > transferred >> >> >> > this >> >> >> > problem to my laptop? Desktop has been just as slow as my >> >> >> > laptop >> >> >> > is now, >> >> >> > for quite a while. I'm pretty sure it was s-l-o-w before I >> >> >> > got >> >> >> > my >> >> >> > laptop. >> >> >> > Is it possible that my laptop could have "caught" something >> >> >> > from >> >> >> > the >> >> >> > router >> >> >> > that is connected to my desktop? >> >> >> >> >> >> Yes, no question about it (cf. >> >> >> http://aumha.net/viewtopic.php?f=30&t=36886 >> >> >> and http://aumha.net/viewtopic.php?f=48&t=37919). >> >> >> -- >> >> >> ~PA Bear >> >> >> >> >> >> village idiot wrote: >> >> >> > Too late PA! >> >> >> > >> >> >> > I have gone through all of your articles, downloads, google >> >> >> > searches, >> >> >> > etc.. >> >> >> > I have had one care from the beginning. Ad-aware found the >> >> >> > first >> >> >> > and only >> >> >> > critical thing that was the PWSmapper thing. It removed it. >> >> >> > I >> >> >> > have >> >> >> > cleaned >> >> >> > my registry. I have run onecare and ad aware everyday for >> >> >> > weeks >> >> >> > now. >> >> >> > Nothing has worked. My laptop still opens continuous >> >> >> > multiple >> >> >> > windows at >> >> >> > times, about once every few days. It freezes. And, it is >> >> >> > slower >> >> >> > than my >> >> >> > first computer in 1995 that had dial up. I am using comcast >> >> >> > cable >> >> >> > with a >> >> >> > router from my desktop now. >> >> >> > >> >> >> > So, before I lose my mind, I have decided that I should >> >> >> > probably >> >> >> > just do a >> >> >> > full recovery. >> >> >> > >> >> >> > My HP laptop is new since Aug 08. I have no important files >> >> >> > or >> >> >> > downloads.... nothing that I cannot lose..... (other than my >> >> >> > mind). >> >> >> > >> >> >> > I have 2 major questions before I start this. >> >> >> > >> >> >> > I did not make recovery discs, so I will be doing a recovery >> >> >> > using >> >> >> > HP >> >> >> > recovery manager using the partition thingy. BIG QUESTION >> >> >> > is......... is >> >> >> > it >> >> >> > possible that whatever is causing my problems got into this >> >> >> > partition >> >> >> > recovery part of my computer?????????????? >> >> >> > >> >> >> > Second question is......... is it possible that my desktop >> >> >> > transferred >> >> >> > this >> >> >> > problem to my laptop? Desktop has been just as slow as my >> >> >> > laptop >> >> >> > is now, >> >> >> > for quite a while. I'm pretty sure it was s-l-o-w before I >> >> >> > got >> >> >> > my >> >> >> > laptop. >> >> >> > Is it possible that my laptop could have "caught" something >> >> >> > from >> >> >> > the >> >> >> > router >> >> >> > that is connected to my desktop? >> >> >> > >> >> >> > Can't wait to hear your reply to this! hehe >> >> >> > >> >> >> > THE village idiot >> >> >> > >> >> >> > >> >> >> > >> >> >> > "PA Bear [MS MVP]" wrote: >> >> >> > >> >> >> >> Slow down, bucko! <wink> >> >> >> >> >> >> >> >> 1. You are NOT to install OneCare, just run the Safety scan >> >> >> >> here: >> >> >> >> http://onecare.live.com/site/en-us/center/howsafe.htm (I >> >> >> >> assume >> >> >> >> you >> >> >> >> already >> >> >> >> have an anti-virus application installed. >> >> >> >> >> >> >> >> In any event, should you choose to replace your current >> >> >> >> anti-virus >> >> >> >> application with OneCare, it's safe to ignore the false >> >> >> >> warning >> >> >> >> about >> >> >> >> Ad-Aware: Both can reside nicely on your machine. >> >> >> >> >> >> >> >> 2. You do NOT have to purchase Ad-Aware 2008. Just click on >> >> >> >> the >> >> >> >> green >> >> >> >> DOWNLOAD button on the left-hand side of >> >> >> >> http://www.lavasoft.com/single/trialpay.php; you'll then be >> >> >> >> redirected to >> >> >> >> the mirror site >> >> >> >> http://www.download.com/Ad-Aware-2008/3000...4-10045910.html. >> >> >> >> (Yes, >> >> >> >> the >> >> >> >> first page is a little confusing.) >> >> >> >> >> >> >> >> 3. After complete Steps #1 and #2 in my first reply, >> >> >> >> following >> >> >> >> the >> >> >> >> instructions at http://aumha.net/viewtopic.php?t=4075, then >> >> >> >> Register and >> >> >> >> begin a new thread in this forum: >> >> >> >> http://aumha.net/viewforum.php?f=30 >> >> >> >> >> >> >> >> Don't try to overthink this, OK? >> >> >> >> >> >> >> >> PS: Thanks for your kind words. >> >> >> >> >> >> >> >> village idiot wrote: >> >> >> >>> OH NO!!!!!!!!!!!!! I rebooted b4 I started the processes >> >> >> >>> on >> >> >> >>> mvps.org, >> >> >> >>> and >> >> >> >>> one care tells me that I need to remove ad-aware because it >> >> >> >>> is >> >> >> >>> interferring >> >> >> >>> with one care, and could cause problems. >> >> >> >> <paste> >> >> >> >> Thanks so much for the input. I am still working my way >> >> >> >> through >> >> >> >> all of >> >> >> >> the >> >> >> >>> articles and advice you gave. I bought ad-aware 2008, and >> >> >> >>> evidently the >> >> >> >>> scan did not finish. So per the lavasoft folks, I >> >> >> >>> uninstalled >> >> >> >>> and >> >> >> >>> reinstalled. The scan found win32.TrojanPWS.mapper >> >> >> >>> I clicked remove. >> >> >> >>> >> >> >> >>> My first big question is this.......... If this is a >> >> >> >>> password >> >> >> >>> stealer, >> >> >> >>> as >> >> >> >>> i >> >> >> >>> have read here somewhere....... is it safe to continue >> >> >> >>> using >> >> >> >>> my >> >> >> >>> old pws, >> >> >> >>> or >> >> >> >>> do I need to change all of my pws????!!!!!!!!!!!!!!!! >> >> >> >>> >> >> >> >>> I still have strange things happening, such as, when I >> >> >> >>> request >> >> >> >>> a >> >> >> >>> pw and >> >> >> >>> it >> >> >> >>> is sent to my email, I will find in my spam folder, an >> >> >> >>> email >> >> >> >>> re >> >> >> >>> "my >> >> >> >>> password >> >> >> >>> trouble" at same time I sent the request for pw. I don't >> >> >> >>> open >> >> >> >>> the spam >> >> >> >>> email, I just see the first sentence, and note that the >> >> >> >>> time >> >> >> >>> is >> >> >> >>> the >> >> >> >>> same. >> >> >> >>> >> >> >> >>> After the reinstall, ran a quick scan, and there were only >> >> >> >>> cookies. I >> >> >> >>> have >> >> >> >>> not run a full scan again yet. I wanted to find out >> >> >> >>> this....... </span></span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.