Spyware 201

Yaz4Ever

MemBer
Lifetime Member
SoSH Member
Jul 10, 2004
11,256
MA-CA-RI-AZ-NC
I can't tell you how many times I've run Ad-Aware on my computer over the past few years, but let's just say it's a lot. Today, I received a notice that a malware object with a TAI of 10 was on my computer. The file was called (and I hope I've copied this correctly) Win32Tr\.\Hilldoor. I tried searching for it using Google, but came up completely empty. The worse I usually get are Tracking Cookies and maybe one or two other benign things.

In case it matters, I recently downloaded Malwarebytes Anti-Malware, based on recommendations from another thread in this forum and had run it (along with Spybot S&D - which also updated to a newer version with today's application - and Registry Mechanic). Earlier today (4am) AVG ran its normal scan. I also have McAfee Security Center running in the background.

As you can see, I try to keep my computer as clean as possible. When the McAfee subscription runs out (2010), I don't plan to renew it as it seems redundant, but I'll check here and elsewhere first before making a final decision.

Anyhow, can anyone tell me what that Malware file was that Ad-Aware found? Also of note, when I restarted the computer as recommended by Ad-Aware (I did a hard boot, not just a restart), I noticed something pop up that said something along the lines of "installing boot program" with a file "mp3splitter.exe" mentioned. I had recently downloaded two CD ripper programs through download.com for a few CDs I wanted to rip. I deleted one of them, because I didn't care for the interface at all, but I kept the MediaMonkey program for now.

I think that's everything that could possibly be pertinent.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
Registry Mechanic
Don't run registry cleaners. They are shit and are more likely to gank something important than provide performance benefits. Refer to the OP for a bit more on why they suck.

Earlier today (4am) AVG ran its normal scan. I also have McAfee Security Center running in the background.
This is not smart at all. Running multiple anti-crap programs is not more effective than running a single one and can have detrimental effects. (Malwarebytes and Ad-Aware both suck, but the difference between them and AVG/the-shitware-not-to-be-named is that running multiple antispyware utilities is harmless. I've never seen a .sig Spybot didn't catch that Ad-Aware did, though.) I'd recommend Avast over either AVG or the-shitware-not-to-be-named, but if you have to keep one of those, keep AVG.

This always bears repeating but nobody ever listens: just because you pay for it doesn't mean it's better than the free stuff.

Anyhow, can anyone tell me what that Malware file was that Ad-Aware found?
http://research.sunbelt-software.com/threa...hreatid=4074021

I had recently downloaded two CD ripper programs through download.com for a few CDs I wanted to rip. I deleted one of them, because I didn't care for the interface at all, but I kept the MediaMonkey program for now.
As a rule, avoid download.com. It's a haven for bad software and crapware. Think of it as a scalper's alley at a baseball game, only these tickets might not only be fake, they might give you syphilis. (CNet says they check all the software for bad shit. They fucking keep Bonzi Buddy on there. They are lying fucks.)

CDex is pretty much the most featured Redbook CD ripper around, and the one I use myself.
 

Yaz4Ever

MemBer
Lifetime Member
SoSH Member
Jul 10, 2004
11,256
MA-CA-RI-AZ-NC
Don't run registry cleaners. They are shit and are more likely to gank something important than provide performance benefits. Refer to the OP for a bit more on why they suck.

This is not smart at all. Running multiple anti-crap programs is not more effective than running a single one and can have detrimental effects. (Malwarebytes and Ad-Aware both suck, but the difference between them and AVG/the-shitware-not-to-be-named is that running multiple antispyware utilities is harmless. I've never seen a .sig Spybot didn't catch that Ad-Aware did, though.) I'd recommend Avast over either AVG or the-shitware-not-to-be-named, but if you have to keep one of those, keep AVG.

This always bears repeating but nobody ever listens: just because you pay for it doesn't mean it's better than the free stuff.

http://research.sunbelt-software.com/threa...hreatid=4074021

As a rule, avoid download.com. It's a haven for bad software and crapware. Think of it as a scalper's alley at a baseball game, only these tickets might not only be fake, they might give you syphilis. (CNet says they check all the software for bad shit. They fucking keep Bonzi Buddy on there. They are lying fucks.)

CDex is pretty much the most featured Redbook CD ripper around, and the one I use myself.
Blacken, I'm downloading Avast right now. Ironically, it downloads (from the official site) through download.com :( I had always heard excellent things about AVG and horrible things about Norton and McAfee, so your dislike of AVG is kind of surprising. I guess I'll delete both of them now, although I've heard that McAfee makes it difficult to delete their program - I may be wrong about this, we'll see soon enough.

Avast will handle everything I need, right? No longer need to run Ad-Aware, Spybot S&D, and (obviously according to your response) Registry Mechanic any longer?

I'll look at that ripper.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
Blacken, I'm downloading Avast right now. Ironically, it downloads (from the official site) through download.com smile.gif
Sorry, I should have been more specific. Using download.com et al as a bandwidth saver like Avast or many other companies do--that's one thing. You're getting a direct file link to their download. It's (relatively) secure to do so. It's the eight billion tons of shitware flying around download.com--the screensavers, the small utility programs that install malware, etc.--that are bad and to be avoided.

I had always heard excellent things about AVG and horrible things about Norton and McAfee, so your dislike of AVG is kind of surprising.
Older versions of AVG were quite good. Newer ones, not so much, and Grisoft (AVG's publisher) has turned into a bunch of shitheads. Bullshit like this is why people don't trust AVG anymore.

I guess I'll delete both of them now, although I've heard that McAfee makes it difficult to delete their program - I may be wrong about this, we'll see soon enough.
Good luck with uninstalling McAfee. I personally just reformat, but that takes a while and securing it back up can be a pain in the ass.

Avast will handle everything I need, right? No longer need to run Ad-Aware, Spybot S&D, and (obviously according to your response) Registry Mechanic any longer?
Can't hurt to run something like Spybot once in a while to see if anything's sneaked in the back door, but it's not that big a deal. Personally I prefer Windows Defender for spyware clearing, but that's personal preference, for reasons other than its performance.
 

mabrowndog

Ask me about total zone...or paint
Lifetime Member
SoSH Member
Dec 23, 2003
39,676
Falmouth, MA
* Regarding CNet/Download.com, I always pay close attention to user feedback before downloading anything. There are usually plenty of advance alarms there if something contains adware or malware, or if the software in question sucks ass. I've had decent results with about 90% of the stuff I've found there.

* Y4E, it took me forever to completely uninstall McAfee, so I feel your pain. Even the add/remove programs function on Windows wouldn't get it done. I wish I could remember the specific steps I ended up following, though I thought I saved the play-by-play on my drive somewhere. I'll post them here if I find them.

* I'd also like to know the drawbacks of malwarebytes. Based on recommendations from Foulkey, Lefty and Shaft, I installed it and ridded myself of a trojan horse infection a couple weeks ago.
 

Yaz4Ever

MemBer
Lifetime Member
SoSH Member
Jul 10, 2004
11,256
MA-CA-RI-AZ-NC
* Regarding CNet/Download.com, I always pay close attention to user feedback before downloading anything. There are usually plenty of advance alarms there if something contains adware or malware, or if the software in question sucks ass. I've had decent results with about 90% of the stuff I've found there.

* Y4E, it took me forever to completely uninstall McAfee, so I feel your pain. Even the add/remove programs function on Windows wouldn't get it done. I wish I could remember the specific steps I ended up following, though I thought I saved the play-by-play on my drive somewhere. I'll post them here if I find them.

* I'd also like to know the drawbacks of malwarebytes. Based on recommendations from Foulkey, Lefty and Shaft, I installed it and ridded myself of a trojan horse infection a couple weeks ago.
* dog's recommendation of malwarebytes is what drew me to it.

* I used the windows add/remove programs and it seems to have worked. It no longer shows up in my systray. It's no longer on my program list. Ctrl-Alt-Del does not show it as running anywhere in the background (task manager). Where else should I check to see if it is still lingering somewhere?

* like 'dog, I ALWAYS check the reviews before downloading anything. The only time I download something with bad reviews is when I've heard very good things about it from people I trust.

* I've deleted all of the aforementioned programs. Should I bring any back?

* I've been using Google Chrome since it came out, but (again based on numerous posts here) today I downloaded Firefox. I had tried it once, years ago, and didn't care for it. Maybe I was just too used to IE and couldn't handle the change, but now that IE and others seem to be following their lead I figured it would be easier to adjust to. So, anything in particular I should add-on to protect me online? I'm going to start a thread now for general Firefox add-ons, but figured this is the spyware/adware/malware forum so I'm asking about those types of add-ons specifically here.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
What's wrong with Malwarebytes? I've had more success with that program than anything else.
I haven't used it in a couple years, so I may be out of date. The recommendations of it seem against my own experience, so I'll drop it on my sandbox and see what I see.

* I used the windows add/remove programs and it seems to have worked. It no longer shows up in my systray. It's no longer on my program list. Ctrl-Alt-Del does not show it as running anywhere in the background (task manager). Where else should I check to see if it is still lingering somewhere?
Control Panel->Administration Tasks->Services, just to be safe. Also the registry, but if you don't know what you're doing it's probably best to ignore any registry cruft. If you notice any problems or perf issues in the next few days, post back and I'll see what I can find for ganking what's left of it.

* I've been using Google Chrome since it came out, but (again based on numerous posts here) today I downloaded Firefox. I had tried it once, years ago, and didn't care for it. Maybe I was just too used to IE and couldn't handle the change, but now that IE and others seem to be following their lead I figured it would be easier to adjust to. So, anything in particular I should add-on to protect me online? I'm going to start a thread now for general Firefox add-ons, but figured this is the spyware/adware/malware forum so I'm asking about those types of add-ons specifically here.
Chrome is nice. There's nothing wrong with it if you like it. I use it because Webkit (its rendering engine) is widely considered to be the closest thing to a canonical browser spec there is--which means little by itself, but is nice to use as a check. If you're going to Firefox...I'll drop a few links in there.
 

cleanfloor

Fredo Corleone
Lifetime Member
SoSH Member
Feb 25, 2007
1,600
South Boston, MA
The file was called (and I hope I've copied this correctly) Win32Tr\.\Hilldoor.
I just looked through my malware database and I could only find 2 samples that virustotal said were "hilldoor". They were both cracks for software - one for nero (cd burner) and one for something that was in chinese. Both of them looked to use standard malware techniques. If this is indeed how you got infected (if you don't know what a "crack" or a "keygen" is, ignore me), and you have the original crack, shoot it over to me and I'll show you how to remove it

Anyways, AV basically sucks in general, but I like avast for a free one. If you had AVG set to auto enforce a couple months ago you'd have woken up with a blue screen and crashed windows. AVG is better than most, but my point is they're all signature based so they all suck.

I did a study with malware that I found attached to web exploits a couple months ago. The blue diamond is a given piece of malware, the date is when it was first submitted to virustotal, and the percent is the percent of 36 AVs that detected it during the given timeframe when i went back and scanned. Pretty piss poor


edit: at that black spot is something that got messed up in the png/jpg conversion... weird. i dont care to reconvert it, just ignore that.
 

Yaz4Ever

MemBer
Lifetime Member
SoSH Member
Jul 10, 2004
11,256
MA-CA-RI-AZ-NC
I haven't used it in a couple years, so I may be out of date. The recommendations of it seem against my own experience, so I'll drop it on my sandbox and see what I see.

Control Panel->Administration Tasks->Services, just to be safe. Also the registry, but if you don't know what you're doing it's probably best to ignore any registry cruft. If you notice any problems or perf issues in the next few days, post back and I'll see what I can find for ganking what's left of it.

Chrome is nice. There's nothing wrong with it if you like it. I use it because Webkit (its rendering engine) is widely considered to be the closest thing to a canonical browser spec there is--which means little by itself, but is nice to use as a check. If you're going to Firefox...I'll drop a few links in there.
It's not showing up using Control Panel->Administration Tasks->Services, so I'll keep my fingers crossed.

Chrome, imho, is far better than IE - at least on my system it seems much faster and less prone to crashing. I'm going to give Firefox a try, however, because it's what the cool kids are using and I like to stay contemporary :rolling:
 

mabrowndog

Ask me about total zone...or paint
Lifetime Member
SoSH Member
Dec 23, 2003
39,676
Falmouth, MA
Cleanfloor, can you explain what you mean when you say all AV software is "signature-based" and why that sucks? Also, that graph is pretty disconcerting. Is the ultimate AV solution to just install and run frequent scans with as many pieces of AV software as you can?

Mike, you're going to pop a woody over Firefox. The ability to customize it with extensions and add-ons is amazing. Firefox gives you flexibility. IE doesn't, and never has.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
Cleanfloor, can you explain what you mean when you say all AV software is "signature-based" and why that sucks?
Signature-based: "the virus we call BobsVirus will have this chunk of code in it; scan a file for this chunk of code, doing some things to de-obfuscate it along the way; if it matches, warn the user." This is why we have false positives. This is also why AV software sucks.

Also, that graph is pretty disconcerting. Is the ultimate AV solution to just install and run frequent scans with as many pieces of AV software as you can?
Pretty much everyone has the same signature files, or very close. Running multiple AV scanners is more likely to cause problems than not. There are stories, some of them pretty entertaining, where anti-virus software, which uses some of the same hooks viruses use to get into the system, is misdiagnosed by other AV software as a virus--sometimes multiple at once. Hilarity, and broken systems, ensues.
 

cleanfloor

Fredo Corleone
Lifetime Member
SoSH Member
Feb 25, 2007
1,600
South Boston, MA
Cleanfloor, can you explain what you mean when you say all AV software is "signature-based" and why that sucks? Also, that graph is pretty disconcerting. Is the ultimate AV solution to just install and run frequent scans with as many pieces of AV software as you can?
It was just me generally bitching about the AV industry. By signature-based, I mean that they have to know what a threat looks in order to detect it. Because of that, there's a significant lagtime from when the malware sample is released into the wild until there is a signature for it, except for the very most popular malware. The problem is, for an end consumer, there are no better options. And no, you can't really run more than one piece of AV at a time due to the way they interact with each other

And yup, the graph shows just how hard they suck (the study got picked up on the front page of the times in dec but not the graph)
 

mr_smith02

Member
SoSH Member
Nov 29, 2003
4,352
Upstate NY
I have the Vundo virus on my laptop. Is there a way for me to remove this? I have Avast, but when I run it nothing is detected. I downloaded StopZilla and its scan located the Vundo, but then the computer froze up.

Thanks for any help!
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
I did a System Restore and it seems to have done the trick. Is that possible?
The correct answer is never to use System Restore, as it is as likely to hose your shit as it is to remove the crud. It also doesn't kill it: you probably still have dormant infections on your system and are a prime candidate for reinfection.
 

Frisbetarian

♫ ♫ ♫ ♫ ♫ ♫
Moderator
SoSH Member
Dec 3, 2003
5,261
Off the beaten track
My son just put Windows 7 on my computer along with Firefox. Any suggestions on a good anti-virus compatible with 7? Is Kapersky the best for this, as well? It looks like I can get it free.
 

Harry Hooper

Well-Known Member
Lifetime Member
SoSH Member
Jan 4, 2002
34,368
Seems like there's a new Vundo bastard out there. Run the removal tool(s), and then check the \windows\system32 folder for a file with a looong gibberish file name that is in the format of aafjiojwpgowgpwjgpweogfjwpeogjw834hnfohq.1.dll

You need to delete this phony dll file after running tool and before the reboot.
 

bsj

Renegade Crazed Genius
SoSH Member
Dec 6, 2003
22,774
Central NJ SoSH Chapter
My son just put Windows 7 on my computer along with Firefox. Any suggestions on a good anti-virus compatible with 7? Is Kapersky the best for this, as well? It looks like I can get it free.
Well...I'm no expert, but as a moderately knowledgeable end user, Ive been very happy with kaspersky, which I have been using for a couple months now. It slows my PC far less than my previous software, a program called Webroot.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
My son just put Windows 7 on my computer along with Firefox. Any suggestions on a good anti-virus compatible with 7? Is Kapersky the best for this, as well? It looks like I can get it free.
Pretty sure Kapersky runs fine on Windows 7. You should have no trouble.
 

Fratboy

Mr. MENsa
Lifetime Member
SoSH Member
Nov 29, 2003
18,152
McCarver Park
I think I've got a trojan horse on my system. I'm seeing Viagra ads everywhere, and it doesn't seem to do anything insidious other than open some pop-under windows and prevent me from getting to safer-networking.org and any other site where I can downloaded updates for malware removal programs.

Is there anything I can do short of formatting my disk and starting over?
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
I think I've got a trojan horse on my system. I'm seeing Viagra ads everywhere, and it doesn't seem to do anything insidious other than open some pop-under windows and prevent me from getting to safer-networking.org and any other site where I can downloaded updates for malware removal programs.

Is there anything I can do short of formatting my disk and starting over?
You can try MalwareBytes (after doing some evals after recommendations in this thread, I've found that it's gotten head-and-shoulders better than it used to be). If you can't get at their site, let me know and I'll upload it somewhere for you.
 

Fratboy

Mr. MENsa
Lifetime Member
SoSH Member
Nov 29, 2003
18,152
McCarver Park
You can try MalwareBytes (after doing some evals after recommendations in this thread, I've found that it's gotten head-and-shoulders better than it used to be). If you can't get at their site, let me know and I'll upload it somewhere for you.
I think I'm good now.

My laptop's been going for about 2.5 years now without a reformat/recovery anyway, so I went out and got a Seagate Free Agent-Go portable hard drive, moved my data to it, wiped my PC, and formatted/recovered. Yeah, I know it's not a real formatting, since I think it just deleted and recreated the C:\ partition without messing with the recovery stuff on D:\, but the trojan horse didn't do anything with the boot sector, and it didn't move to the external HDD.

That thing, btw, is uberslick. I copied about 58GB in 45 minutes. I couldn't believe how fast it was. Anyway, I've got AdBlock Plus, Avast, Windows Firewall, and Windows Defender going, per your recommendations, and also downloaded OpenOffice so I don't have to bug Dad for his copy of MS Office.

I've also got CCleaner going to keep the registry tidy and remove junk leftover from the various installations and removals. I know you're not a fan of CCleaner, but when I'd run it on my old desktop and my laptop previously, I did realize some performance gains, particularly in bootup and shutdown times.

I moved my music and pr0n to the external HDD, and with the shit ton of space I've got on here now combined with the format/recovery, my PC is FLYING.

Just little annoying things left to do at this point, like networking my laptop to my desktop PC (desktop PC is the server, since that's where the printer's connected). Any tips or tricks on how to do that? I'd forgotten how I did it. PM me if you think it's out of scope for the spyware discussion.

Thanks, Blacken! You know your shit.
 

Rod Becks Mullet

Member
SoSH Member
Aug 9, 2001
2,095
NYC
I posted something along these lines a few months ago. My computer is taking FOREVER to run once it boots up. It sounds like something it loading for 5-10 minutes when I see my desktop, but am unable to do anything as its terribly slow and freezes repeatedly during that time. I have Avast which seems to pop up an update occasionally...could that be causing it? My last issue seemed to be competing virus scanners, but I deleted one. I ran hijack this, can one of the computer experts take a look and see if there's something else I should take care of (placed in spoiler tag to save some screen space)?

Thanks.

if(!spoilerid) var spoilerid=1; else spoilerid++; mytagid = spoilerid;document.write("
- Click here to show/hide the message.");Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:15 PM, on 5/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.cbs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173313210734
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pak05.pictures.aol.com/ygp/aol/plug...US.9.1.6.18.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7190 bytes
document.write("
"); document.close();
 

JohnnyK

Member
SoSH Member
May 8, 2007
1,941
Wolfern, Austria
No obvious offenders in the file; although there are a few services you could do without (eg. Bonjour unless you are streaming media in your LAN; if you don't have an iPod, some other Apple services as well).

Have you tried checking the task manager on boot-up to see if any process hogs the CPU?

BootVis would be an option:
http://articles.techrepublic.com.com/5100-...11-5034622.html
It's no longer available from MS, but you can download it from http://www.softpedia.com/get/Tweak/System-...k/BootVis.shtml

Alternatively try a diagnostic startup to see if it's any of the programs/services that are launched on startup - if it boots up fast in diagnostic mode but you cannot find any processes hogging the CPU in normal boot mode you'll probably need to disable services one by one.

EDIT: Just as a note, I've never used BootVis personally, so I don't know how well it works; such an optimization could also always lead to corrupting some boot files, so make sure you have your data backed up beforehand!
 

ctsoxfan5

Member
SoSH Member
Jan 13, 2004
809
For the past 2-3 years, I've been running Avast, SpyBot, and AdAware on my laptop- mostly based on the recommendations in this thread and the prior one. All have worked well (thanks for recommendations).

I hadn't run spybot or adaware in probably 6 months, so I tried to update them both yesterday which led to all sorts of problems and error messages. So I uninstalled both.

Before I re-install them, do you all still recommend SpyBot and AdAware or are the better alternatives? I'm stilll using Avast.

Any help much appreciated - thanks.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
As of late I'm digging the recommended MalwareBytes from earlier in the thread. It seems to run faster and catch more crap.

Ad-Aware was never a good thing, though--they have this nice tendency of missing damn near everything.
 

ctsoxfan5

Member
SoSH Member
Jan 13, 2004
809
QUOTE (Blacken @ Jun 4 2009, 11:20 AM) index.php?act=findpost&pid=2332587
As of late I'm digging the recommended MalwareBytes from earlier in the thread. It seems to run faster and catch more crap.

Ad-Aware was never a good thing, though--they have this nice tendency of missing damn near everything.


Is it okay to use MalwareBytes along with Avast?
 

wibi

Member
SoSH Member
Jul 15, 2005
11,839
Anyone hear of an AV SW package called BullGuard Gamers Edition? Is it any good?
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
If it's called "Gamer's Edition," I am going to reflexively laugh at it.

If they expect you to pay for it, I'm going to laugh really hard. (Kapersky has a decent reason to charge: they demonstrate some excellent ability to actually understand and combat malware. Anyone else is a question mark at best.) This BullGuard stuff doesn't show anything that anybody else doesn't do fine, at least as far as I can see.

Their "Gamer's Edition" features:

* Optimised settings mean your computer dedicates more resources to gaming performance without compromising security.

"Our antivirus is fast." Yawn.

* Prevents security pop-up messages, system scans and auto-updates while you are gaming.

Doesn't do things it shouldn't do anyway when the computer is under heavy load.

* Auto updates with new game profiles as new PC games are released.

I'm sorry, is there a reason to care about this?

* Standard settings work with all games PLUS Tailor made settings for all major games.

See previous. Frankly I don't even see why you'd run an antivirus when playing games. I just use a hardware firewall and turn everything else off.
 

wibi

Member
SoSH Member
Jul 15, 2005
11,839
Got a recommendation for something simple to block a specific programs access to the internet? I've got a piece of software I like using but hate all the nagging popups that I get because its a shareware version ... I need to block the .exe from the internet as that appears to be the way to make it happen easiest but I dont want something that will lock me down completely.
 

BC1994

Well-Known Member
Lifetime Member
SoSH Member
Dec 16, 2001
747
Receiving my new Dell Inspiron laptop today w/Vista Home Premium. Core 2 Duo 6400 and 4 MB RAM. I have read through this thread (and other computer threads) and was wondering if I could have some up-to-date suggestions on "best practices"/programs to start the computer off right (I probably had a bunch of crap on the old one that I didn't need or that wasn't good).

So far I am guessing to use:

Windows Firewall
Avast
Firefox for browsing
Malwarebytes

Any tips on transitioning to Vista, or is it pretty self-explanatory (I am not a computer nitwit, but no expert either). What is the best way to remove all the "bloatware" that comes with a new computer. I would rather not get into reformatting.

I have seen registry cleaners eschewed here, but what about something like CCleaner? How does one clear out old junk?

Thanks for all the insight in these threads!
 

BC1994

Well-Known Member
Lifetime Member
SoSH Member
Dec 16, 2001
747
Having an issue in Vista Home Premium, with Avast running.... Often the Control Panel or Windows Explorer hang up and won't load. Have googled it, and seems to be a driver thing, and something to do with Avast? Any insight?
 

Foulkey Reese

foulkiavelli
SoSH Member
Apr 12, 2006
21,795
Central CT
QUOTE (BC1994 @ Jul 9 2009, 09:31 AM) index.php?act=findpost&pid=2409094
Having an issue in Vista Home Premium, with Avast running.... Often the Control Panel or Windows Explorer hang up and won't load. Have googled it, and seems to be a driver thing, and something to do with Avast? Any insight?

How do you know it's an Avast issue? Does it keep happening if you shut down Avast?

And to answer your last post CC cleaner is definitely worth having and running once a week to get rid of clutter.
 

BC1994

Well-Known Member
Lifetime Member
SoSH Member
Dec 16, 2001
747
Well, it isn't a fully replicable problem, and it isn't a huge deal to begin with. I googled it, and it seemed to be a semi-common thing and one connecting factor was avast. Some said if you shut avast down, then it doesn't happen, but i do like Avast and it isn't a huge deal, like i said. But if I could fix it, it would be nice. One guy had some solution with a driver, but I don't like messing with things too much, but if people on here said to go for it, I would try...

EDIT: Never mind... I figured it out.
 

loshjott

Member
SoSH Member
Dec 30, 2004
14,943
Silver Spring, MD
I've got major trojan horse troubles brought on by "Anti-virus pro" and my attempts to get rid of it.

Before I reformat, I'm going to try blacken's remedies posted about a year ago. Are there any major updates to that advice I should know about?

What if my PC is usable only in safe mode? This seems to be the case. It boots in regular mode but then sometimes freezes or is just too slow to use.

Thanks.
 

Harry Hooper

Well-Known Member
Lifetime Member
SoSH Member
Jan 4, 2002
34,368
QUOTE (loshjott @ Aug 19 2009, 12:36 PM) index.php?act=findpost&pid=2516746
I've got major trojan horse troubles brought on by "Anti-virus pro" and my attempts to get rid of it.

Before I reformat, I'm going to try blacken's remedies posted about a year ago. Are there any major updates to that advice I should know about?

What if my PC is usable only in safe mode? This seems to be the case. It boots in regular mode but then sometimes freezes or is just too slow to use.

Thanks.





Here's a thread on removing it.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
"Anti-Virus Pro" (and "Anti-Virus 2007" and the other variants) are a real bitch to remove. You can, but I would strongly recommend doing it just to make it easier to get your data off, then reformatting.
 

loshjott

Member
SoSH Member
Dec 30, 2004
14,943
Silver Spring, MD
QUOTE (Blacken @ Aug 19 2009, 01:06 PM) index.php?act=findpost&pid=2516783
"Anti-Virus Pro" (and "Anti-Virus 2007" and the other variants) are a real bitch to remove. You can, but I would strongly recommend doing it just to make it easier to get your data off, then reformatting.


Thanks...I'm resigned to that. I'll see how it goes.
 

yecul

appreciates irony very much
Lifetime Member
SoSH Member
Jul 8, 2001
18,470
All my Google search results are getting forwarded to spam sites (travelskoot this iteration). Google Redirect Virus it seems.
 

yecul

appreciates irony very much
Lifetime Member
SoSH Member
Jul 8, 2001
18,470
Does anyone have some tips on getting rid of the redirect virus? My attempts have failed thus far and I am not finding many alternatives.
 

yecul

appreciates irony very much
Lifetime Member
SoSH Member
Jul 8, 2001
18,470
No, I saw a few other approaches at this (and other) site, but this one looks detailed. Thanks, I will give it a shot.

Edit -- Looks like that did the job, btw. Thank you for providing the very helpful link!