|
Is Deep Freeze Recommended For Home User's?
|
|
|
XLR83r
Suspended due to non-functional email address
|
3. July 2008 @ 07:24 |
Link to this message
|
Thanks for the help. I had just removed my zango but now I have a new problem. It's not only zango I found, but a new folder.exe I did everything hjt, nod32, a2 squad. I also tried SMART VIRUS Remover. But none deleted it. It just comes back. And I never saw any suspicious to the hjt log. It is found on my USB.
|
|
Advertisement
|
 |
|
|
|
XLR83r
Suspended due to non-functional email address
|
3. July 2008 @ 07:35 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:00 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\windows\VM30xSnap.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows SteadyState\Bubble.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Smart Virus Remover\Smart Virus Remover.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Bubble] "%ProgramFiles%\Windows SteadyState\Bubble.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3AD197C-0C25-4E9C-9BB4-722A6B9286B1}: NameServer = 203.115.130.40 203.115.130.42
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6803 bytes
I forgot to place this.
|
|
XLR83r
Suspended due to non-functional email address
|
3. July 2008 @ 10:06 |
Link to this message
|
Dont bother to help!!!!!!!!!!!!
Dont even help!!!!!!!
Where are all of you in times of need??????????????????????????????????
Don't post!!!!!!!!!
Already solved my problem!!!!!!!!!!!!!!!!!!!!!!!!!
Iv'e already change my thread title for 3 time 1.) Need Help! new folder (3).exe 2.) Need Help! new folder (3).exe! Very desperate! 3.) Pls! Pls! Need Help! new folder (3).exe! Very Desperate!
And now my new title thread ?????????????????????????????????
This message has been edited since posting. Last time this message was edited on 3. July 2008 @ 10:09
|
|
tripplite
Suspended due to non-functional email address
|
3. July 2008 @ 17:14 |
Link to this message
|
|
your processes tree looks clean!!
except
C:\windows\VM30xSnap.exe
i've never heard of a process from the windows directory with such a name?? can you verify if this is a program your using??
-tripplite
|
Senior Member
|
4. July 2008 @ 06:58 |
Link to this message
|
|
|
|
XLR83r
Suspended due to non-functional email address
|
7. July 2008 @ 09:53 |
Link to this message
|
|
Thanks for the help
I had just cleaned my computer from new folder.exe. THanks
|
|
XLR83r
Suspended due to non-functional email address
|
7. July 2008 @ 09:57 |
Link to this message
|
|
Is Deep freeze recommended for home users?
After all the viruses i had encountered to i have to install deep freeze??????
|
AfterDawn Addict
|
8. July 2008 @ 17:48 |
Link to this message
|
If you?re afraid of bringing home the Nasty Guests when surfing the net, surf in a virtual machine and that way nothing gets into your real computer..
It?s easy and it?s FREE -> Returnil
Check it out..
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Advertisement
|
|
|
Senior Member
|
9. July 2008 @ 22:57 |
Link to this message
|
A network router is a great piece of hardware to add to your system. No need for 3rd party software firewall then.
Try this test on your system.
13. Now we are going to check your firewall security. If you currently run a software firewall other than the windows system firewall then I would suggest uninstalling it and replacing it with a network router which supports NAT (network address translation). If you cannot afford one straight away then leave it installed for the time being. You may already have a router or it maybe built into your Broadband Modem. A router makes your PC merely invisible to the outside world by displaying dummy IP Addresses.
a. Go to this website
https://www.grc.com/x/ne.dll?bh0bkyd2
b. Please have a short read prior to taking first test.
c. Click on ?Proceed?
d. Click on each test option in the table File Sharing, Common Ports, All Service Ports, Message Spam and Browser Headers.
e. Read your results after each test. The tests in Red are the most important.
If your results do not come back as stealth and you are using a software firewall then it?s not really working for you.
If your results do not come back as stealth and you have a network router then it is not configured correctly or the firmware needs updating. (see your hardware manufacturers website for this)
If you have a router and a software firewall other than windows firewall then I would uninstall it and run the tests again.
Software firewalls can be a major drag to your system and are too much work to maintain let alone configure. If you are not sure about an application wanting permission to access the outside world then the wrong decision could easily be made causing a security issue or your operating system functioning incorrectly. Watch the attached video: http://youtube.com/watch?v=1rsUefv-nlk
If your windows firewall is disabled I would suggest tuning it back on.
14. Carry out a ?disk cleanup? on your hard drives at least once per week.
15. Make sure you use ?Defragmenter? at least once a month to keep files at a faster access rate. The more you do this the less amount of time is taken.
16. After all this and your system is still compromised/infected, Start your PC in "Safe Mode"
http://www.computerhope.com/issues/chsafe.htm
a. Do a full system scan with all mentioned software in this article.
b. Please note that some programs don?t support safe mode and will not function.
|
