Suspect Programs in System Info? Help Please Chaslang?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by elevation, Jul 12, 2007.

  1. elevation

    elevation Private E-2

    Hi,

    I posted the following in the Software forum & Goran redirected me to here.

    Quote:
    Originally Posted by Goran.P
    Firstly,BIG WELCOME on MG.

    Go to malware section.Chaslang will help you there.


    We have also established that I do have Hijack This installed so that explains part of my tmcomm.sys query but raises another in as much as what/how do I perform the RCM upgrade to the newer version?

    Thanks fellas. :)


    Original Post 11/07/07

    Hi guys,

    So this is my first post, so I hope Im posting to the right area.

    Recently I had the Virtumondo virus which I managed to clear up.

    Since then Ive been keeping an eye on things & I noticed some start up progs beginning \??\ as per attachment (located in original post).

    I googled & came up with the following, tmcomm.sys belongs to Trend Micro & is used with a suite of AV products. Its recomended to upgrade this version 1.5.0.1052 with an update to the Rootkit Common Module & v 1.600-1052 due to security concerns. More info,

    http://esupport.trendmicro.com/suppo...&id=EN-1034432

    However, I dont & never have as I recall had any Trend Micro products on my PC, so why/how is it I have this - Virus related I wonder????

    I use Webroot Spysweeper & AV 2007 scheduled scans as my protection & I have Spy Doctor & Adaware SE Personal which I use as an adhoc online scanner ocassionally.

    Can tmcomm.sys be removed & if so what is the procedure to do so?

    Regarding Symevent, I removed the Symantec AV bundle I got free with the PC in favour of McAfee & managed to remove all but one component, LiveUpdate. I have stopped & disabled this in Services. Should I be concerned about this further?

    DSproct, pgfilter & PfModNT belong to Dell, Peer Guardian & Creative which are all components of my PC, however should I be concerned about them due to the \??\ prefix in the description?

    Lastly, having installed Spysweeper last week, I notice that in the Shields Tab, Start Up Items Tab, Start Up Items, the first item in the list has a box ticked & reads "(No Title)"
    There is no further info available on this start up item so it could be anything??? Is there anything I can do to investigate this further please?

    Apologies if this is all a bit mundane, but Im a little concerned with what is on my PC following my first Virus experience & Im not entirely 'clued up' in this regard!!

    Any help, assistance, advice etc... will be gratefully recieved.

    (Im using XP Home 2002 SP2)

    Many thanks
     
    Last edited: Jul 12, 2007
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    This file is not related to or required by HijackThis. Yes it could be a TrendMicro file installed by one of there antimalware products. If you never installed their antivirus, are you sure that you never ran one of their online scanning tools or ran another tool that made use of their scanning tools. There are other quick cleaning tools by TrendMicro like SysClean too. In addition they have a Rootkit scanner you may have ran at some point.

    You said you don't use TrendMicro's software so you don't need to upgrade anything. I also don't necessarily recommend using the TrendMicro version of HijackThis at this time. If you have the 1.99.1 version recommended in our READ & RUN ME, it is more than adequate and less confusing in some regards then Trend's version.

    Are you really sure you got ALL of it? It would be highly unlikely that you remove everything unless you had a malware expert walk you thru cleaning all possible files that get installed by a Vundo infection.

    There were no problems in showing in the log you attached.


    I'm not sure exactly what else you need help with, but after reading your posts I will state a couple things:

    1. only have one antivirus program installed and never install another until the 1st is uninstalled.
    2. only use one realtime antispyware blocking tool. You stated that you have Spy Sweeper and Spyware Doctor installed. Uninstall Spyware Doctor now. It is okay to have other on demand scan only tools like Ad-Aware and Spybot without Teatimer installed.
    Are you having malware problems? Or do you with to make sure that your are truly clean especially from the Vundo infection you had?

    If you said yes to either of the above, then the below are your next steps.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy - only for Windows XP, 2K, & NT users
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    Last edited: Jul 13, 2007
  3. elevation

    elevation Private E-2

    Thanks Chas, happy to follow the guide below, just before I do I need a couple of pointers please,

    Im tidying up & uninstalling progs I no longer really use/need, following your advice, Spywaredoctor has been removed.

    Ive tried uninstalling the V2.Beta TM Hijack This version but there are no programmes listed in add/remove or any uninstall progs in any of the directories to do so.

    I cant find anything on google or the TM site telling me how to remove, any posts I did find suggest removal via add/remove process which as I said I dont have?

    Should I simply delete the .exe file to get rid of it before installing 1.99 which Ive downloaded & have ready to go as soon as V2.0 is gone?

    Regarding, tmcomm.sys Ive done some digging & some time ago I ran a scan using .housecall6.6 which I see is a Trend Micro product, perhaps this explains it. .housecall6.6 was uninstalled way back, shall I now remove tmcomm.sys?

    And your probably right about total virus removal, PC is starting to act strangley again!

    Let me know your recomended course of action & ill sort it so that I can get on with addressing the malware issue.

    Many thanks
     
  4. elevation

    elevation Private E-2

    Ok..........Ive done some more digging, it looks like I can overcome the uninstall progs by using CCleaner, so ill opt for that route to resolve HJT v2.0 :cool
     
  5. elevation

    elevation Private E-2

    Nope, that didnt work, no uninstall file found? Can you advise please, should I try a reinstall in case the uninstall files were missed out first time round, or should I simply delete the exe set up file?
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You uninstall it from inside of the program. Run it but select the Misc Tools button. On the next screen slide the scroll bar down and you will see the button to uninstall it. Afterward you can simple delete the folder where you installed it. The default from TrendMicro is C:\Program Files\Trend Micro

    Yes that is where it came from and you can safely delete the file.

    You should complete the steps I gave you and attach all 6 requested logs.
     
  7. elevation

    elevation Private E-2

    ........ok, finally managed to sort the Trend Micro HJT V2.0 Beta uninstall at long last!!!

    To save anyone else having to go through the same time consuming exercise trying to find out Trend Micros Uninstall best kept secret, rolleyes

    The only way to do it is to open the program, go to tools/config, and use the scroll bar to go all the way to the bottom of the page.

    There are further options located below the window you can see & at first glance & it really isnt obvious they are there, there easily missed!

    A clever way to disguise the uninstall option I'd say, but 'hey ho'

    'Exit & uninstall' option is buried at the very bottom, you will then need to delete the .exe file in your program folder, reboot & your done!

    Hope this helps someone :)

    Chas, gonna install 1.99 version & go through the malware link you gave me, cheers

    P.S Just saw your response after this post, should have checked first, thanks anyway
     
  8. elevation

    elevation Private E-2

    Hi Chaslang,

    Im following the steps laid down in your guide & following instructions for 'Using Get Run Keys' I am indeed getting the message ' An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application', so I click on the MS guide you have provided to fix the error, however it is somewhat ambiguous, it reads,

    1. Start Registry Editor (Regedt32.exe).
    2. Locate and click the following value:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers\VDD
    3. On the Edit menu, click Delete.
    4. On the Edit menu, click Add Value.
    5. Type VDD in the Value Name box, click REG_MULTI_SZ for the Data Type, and then click OK.
    6. The Multi-String editor appears. Leave this entry blank and click OK.
    7. Quit Registry Editor.

    When I get to step 2, I can locate the 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers' entry in the menu tree on the left hand side of the window pane however there is no key available in there with the \VDD entry tagged on the end, ie,

    'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers\VDD'

    There is however a VDD entry in the right hand side of the window pane named VDD

    So am I correct in my assumption that I need to click on 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers' in the menu tree (l/h/s of window) then click on the 'VDD' entry on the r/h/s window & follow the instructions from Microsoft as per point 3 above to complete the edit, or should there be a complete key with the VDD extension, ie,

    'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers\VDD' to edit? confused

    Sorry if it seems Im being overcauctios here but due to the fact that I am editing the registry which I normally steer well clear of I felt the need to clarify your instructions.

    Many thanks
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes the above assumption is correct. You are just misreading what was stated by Microsoft. They to tell you under the section title Cause that it is a registry value not a key. They say
    This is the registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers

    And VDD is the value under the registry key.
     
  10. elevation

    elevation Private E-2

    Ok, ill complete the remaining & confirm once done.

    Many thanks for your assistance & above all patience!!!!
     
    Last edited: Jul 16, 2007
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! Be sure to attach all logs when you finish and also make sure you follow the directions for installing and renaming HijackThis as requested to avoid further delays in getting help.
     
  12. elevation

    elevation Private E-2

    Hi chaslang,

    these are the logs Ive saved, however I had problems with 2 of the scans I needed to run!

    Safe mode - Cleaned out unwanted progs, poss malware?

    Ran CCleaner

    Ran Spybot S&D - It didnt come up with anything to fix.

    I ran Counterspy & it congratulated me as it didnt find anything. Unfortunatly there was no option/button to choose to save the log?

    I have Sun JRE Update 2 already installed

    Ran Bitdefender online, wouldnt work in safe mode

    Pandascan - I installed the active x files & got as far as 'local discs' which at that point it just locks up, I noticed there was also an 'Error on page' notification?

    Let me know if there is a workaround you can suggest, thanks.

    Im running HJT next.
     

    Attached Files:

  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not seeing any problems in anything you posted yet!

    I recommend that you uninstall the CounterSpy trial now to avoid conflicts with SpySweeper.

    I also recommend that you do the below.

    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main ATF Cleaner menu to close the program.
     
  14. elevation

    elevation Private E-2

    HJT log attached.

    Thanks C
     

    Attached Files:

  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You HJT log is clean too. Did you see message # 13?
     
  16. elevation

    elevation Private E-2

    Cool, done! ATF cleaner instructions completed, do you need a fresh HJT log?

    Your message, no 13, yes thanks Ive uninstalled counterspy also.

    Clean, thats great news, so are we at a point where we can give it a clean bill of health or are there any other final checks need doing?

    I did have the Virtumundo & Cool Web Search problems, but perhaps Spysweeper has completely cleared it out afterall?
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
    5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    7. If we had you run Avenger, you can delete all files related to Avenger now.
    8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    9. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    10. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    11. After doing the above, you should work thru the below link:
     
    Last edited: Jul 20, 2007
  18. elevation

    elevation Private E-2

    Im working through the steps entitled, 'How to Protect yourself from malware!' & Ive installed a-squared & ran a smart scan which has highlighted pretty quickly the items as per attached.

    Ive attached these for now but will run a full scan also.

    So now Im confused as none of the other scans etc... we ran came up with anything?

    So where do we go from here Chaslang?

    Thanks fella
     
  19. elevation

    elevation Private E-2

    Hopefully my log will attach this time! :D
     

    Attached Files:

  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Nowhere! ;) They are all false positives except maybe the below which you should know the answer to:
    C:\Program Files\Propellerhead\Doru Malia Refill & Wavs\Erotic Dreams-1.rar/DoruMalaia-EroticDreams-1 (10).wav detected: Heuristic.ArchiveBomb
     
  21. elevation

    elevation Private E-2

    Hi Chas,

    That was good news, just in case I have deleted the Doru Malia Refill.

    Ive been following your advice & addressing the points one by one listed in 'How To Protect Yourself from Malware' & have monitored the PC since my last post. Theres a couple of things that have been occurring that I am unsure of & as to whether they are connected to a malware issue or a different problem, perhaps you can advise?

    1) My optical mouse behaves extremely eratic approx 70% of the time, skipping around & jumping off the page etc... It didnt used to before the Virtumondo virus infection I had? Is this a possible virus concern or more likely a different issue that needs addressing?

    2) Ive purchased Webroot Spysweeper with AVirus & it is the only AV running

    3) Ive changed the firewall to Comodo FW Pro (Uninstalled PC Guard FW & Windows FW is switched off)

    So heres the problem, when I switch on the comp and log on for a period of approx 4 - 10 secs (differs every time) theres a windows warning message that tells me that Spysweeper is not active before it finally kicks into life & recovers, is this normal, am I left unprotected during that time?

    Also, every now & again after logging on I check my sec status via control panel & it tells me that 'At least one of the firewalls on this computer is switched on' before it reverts to the message "Comodo Firewall is on etc...."
    How can that be, the only other FW on the pc is Windows & that is off!
    Should I be concerned that there is a possible conflict at log on albeit briefly, again is my security compromised?

    Is any of this behaviour malware or virus related or signs of a different issue possibly?

    I know you checked my logs & you said there were no signs of anything suspicious & I appreciate the help you have given me.

    As you can tell, Im uncertain as to whether I really did get rid of the virus I had or whether somthing is lurking hidden deep in the pc as its just not providing the same user experience it had prior to the infection?

    How To Protect Yourself from Malware Check list - This is my current setup
    1 MS updates - Got them on auto
    2 1 x Antivirus installed - Spysweeper Antivirus & Spyware (asquared also installed as an add on)
    3 FW - Got Comodo Installed (windows FW set to off)
    4 Have CCleaner
    5 Spysweeper Antivirus & Spyware installed
    6 Have SpyBot-Search & Destroy
    7 Have SpyWare Blaster
    8 Active X security settings - checked
    9 Tried Firefox, didnt like, uninstalled , back with IE7
    10 Uninstalled Microsoft Java, reinstalled latest Sun JRE

    So there you have it, if any of that helps???

    Hope so, thanks again C. :)
     
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    More than likely not malware. It is possible that you need to reload your drivers or perhaps it is a mechanical issue you need to check out. How old is the mouse?

    Is it Spy Sweeper's antispyware program or is it their AV that is not active. You may need to ask Webroot about this. It sounds like it is not getting itself installed/active early enough in the boot process. Who is the warning message from? Is it Windows message or is it from Webroot?

    It did say that at least one firewall is active! Perhaps you are just checking too soon before Windows and your firewall software is fully loaded and has the chance to recognize which firewall. How soon are you checking this after logging into Windows?


    I doubt it; however do note this. You were clean on 7/17/2007 which is 14 days ago. In 14 days malware can totally take over a PC. This is less likely when properly protected, but as stated in the How to protect thread, security starts with you. The PC user can be the weakest link in the chain and can cause total break down in the wall of security programs that have been installed.


    All I can tell you is that based on the 4 logs (out of 6 requested) that you posted, you were clean on 7/17/2007
     
  23. elevation

    elevation Private E-2

    Thanks for your response

    Q1 - The mouse is approx 18 months old along with the PC. I ran the Dell system diagnostics test which identified the mouse as running correctly & when I rebooted the problem had gone away. However 1 week on its back to its old tricks?

    Q3 - So I just rebooted the PC, took forever to shut down, (hanging) then Widows alerts me & tells me that my PC may be at risk Spysweeper AV is switched off. A quick check in the Windows Security Centre confirmed this.

    Is this as a result of it hanging whilst shutting down the PC, I understand Spysweeper needs to shut as a result but am I at risk of attack/infection during the time Spysweeper shuts down (hanging period between 1 -2 mins) & the PC switches off.

    Additional Info: The PC hanging issue is intermittent, sometimes it will shut down straight away other times it hangs.

    Another intermitent problem I have is that when shutting down windows warns me that it can not shut Spysweeper down & I get the ususal 'End program or cancel, return to Windows option' I never end the program. It will take 2 or 3 attempts before I can shut down. Other times its fine.

    I havnt contacted Webroot yet but will do, just wanted to hear your thoughts.

    I reinstalled spysweeper in safe mode whilst disconnected from the internet & the boot up issue disappeared, its active much quicker now.

    Firewall - I reinstalled Comodo the same way as Spysweeper above & this now fires up much more quickly, although there is still a windows warning message (red shield) that always shows up in system tray for approx 5 sec's saying its inactive. The conflict between the 2 firewalls is resolved much more quickly now. So does Windows firewall, even though switched off still start up until it recognises Comodo & then hands over to it?

    The warnings are an annoyance as Im unsure as to whether they are spurious or represent a threat. I didnt used to get these warnings so Im struggling to understand why I do now?

    Ive gone & purchased Spysweeper & changed to Comodo both of which I believe are great products, but Im just not getting the peace of mind experience I was expecting with them.

    I ran spybot search & destroy last night for the first time since running the checks that we did & it came up with the following,

    Microsoft Windows Security InternetExplorer

    HKEY_LOCAL MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

    I pressed the fix issue option, based on the fact that if Spybot has highlighted it, its probably best not to ignore, however I have no idea what its all about?

    Thanks again Chas
     
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Use another mouse or try the Hardware Forum. The problem is not malware.

    As long as your firewall is active during shutdown you are probably OK.

    So you say you are using Spy Sweeper's Antivirus???? Then you never followed the directions in step 3 of the READ ME. You also have Authentium's Command AV installed and this is a big no no that can screw up all of your security. I recommend you disconnect from the internet and uninstall everything, reboot, and then install what you plan to use. However I would recommend trying not to use Spy Sweeper's AV just as a test to see if it is giving you grief. Try using AVG.


    If problems continue you need to talk to them but the dual antivirus programs is an issue.

    No! If it is disable it stays disabled.

    Probably not a problem. It may be due to settings you have configured while using Spy Sweeper and or Comdo. Read the below for some incite:

    http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8394
     
    Last edited: Aug 10, 2007
  25. elevation

    elevation Private E-2

    Ok, did another check & you'll be assured to know that I did follow your instruction in step 3. I dont have Authentium Command AV installed.

    To be sure I ran a search of all files & folders & the only thing that came up was a left over was a TX2 file called english.tx2, Unknown application in Prog Files/Common Files.

    Also checked Add/Remove progs, CCleaner, Belarc Advisor, Auturuns and theres nothing showing up so I think we're clear of that one.

    I think Authentium Command AV was installed as part of the Virgin Media PC Guard security suite or possibly the one I was using beforehand McAfee Sec Suite both of which were uninstalled prior to Spysweeper being installed. Its certainly not somthing Ive downloaded as a stand alone program.

    While looking for AC AV in common files I noticed another folder, PestPatrol, containing an exe, dat, dll & 2 txt logs, theres no uninstaller & it hasnt been used for some time. Can you recommend a program that can remove left over files from program installs, I d like to get rid of them if I can?

    Following the MG post, How To Protect Yourself from Malware Check list -

    This is my current setup

    1 MS updates - Got them on auto
    2 1 x Antivirus installed - Spysweeper Antivirus & Spyware (asquared also installed as an add on)
    3 FW - Got Comodo Installed (windows FW set to off)
    4 Have CCleaner
    5 Spysweeper Antivirus & Spyware installed
    6 Have SpyBot-Search & Destroy
    7 Have SpyWare Blaster
    8 Active X security settings - checked
    9 Tried Firefox, didnt like, uninstalled , back with IE7
    10 Uninstalled Microsoft Java, reinstalled latest Sun JRE

    I'll contact Webroot as you suggested to see what they have to say.

    Thanks for the link Chas, ill get that sorted too! :)
     
  26. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you just uninstall it now?

    Yes it normally is installed with stuff ISPs provide. And Pest Patrol is the antispyware application they often use.
     
  27. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Note if you installed Combo Firewall and did not uninstall the stuff from your ISP you now have two firewalls and two antivirus programs installed.

    The below illustrated this.

    From you HJT log:
    From the newfiles.txt logs uninstall list:
     
    Last edited: Aug 10, 2007
  28. elevation

    elevation Private E-2

    It was uninstalled with pc guard, Im guessing 4 - 6 weeks ago.

    PC Guard was uninstalled prior to Comodo.

    Is there a program I can use to remove the left over files do you know (pref free) :D
     
  29. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No it was not see my last message proving it.
     
  30. elevation

    elevation Private E-2

    Just checked Program Files & my Security Task Manager program & there are no traces of the file other than the one I mentioned below in common files.

    To ensure that Im not missing anything here shall I run another HJT log & post it?
     
  31. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Attach new logs from ShowNew and HJT.
     
  32. elevation

    elevation Private E-2

    Here go's Chas.
     

    Attached Files:

  33. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay now those lines are no longer in your log which means they were just uninstalled from your system now. It also means you should probably uninstall all of your other security software, reboot (don't skip), delete their folders, and then reinstall. This will insure proper installation since you previously had multiple firewalls and antivirus programs installed at the same time.

    Also uninstall CounterSpy before reinstalling anything!!!

    Folders to delete before reinstall:
    You can also have HJT fix the below left over from McAfee SiteAdvisor:

    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
     
  34. elevation

    elevation Private E-2

    Yes I'll follow the steps youve given me exactly.

    Too clear up what appear to be some odd misunderstandings between us, I havnt uninstalled any programs PC Guard or otherwise prior to us beginning our communications today. I only mention this not to be argumentative but just in case its a sign of any other issues with my PC. You seem so sure that this is the case & at this end, I know differently it has me puzzled?

    Regarding Counterspy, dude, I uninstalled this when instructed by you, my response is in post #16 to your post, #13, so now Im really confused. What info are you seeing, & I dont doubt that you are that says I still have it installed?

    You can see my dilema, how do I uninstall a program that I know I have already uninstalled & is not showing in either Add/Remove progs, CCleaner or anywhere else I can see? Somthing really strange is going on here & it has me beat! Could I have an issue with my prog uninstaller........dunno Im clutching at straws here to try & get to grips with this. :confused

    Regarding the other stuff, cool ill do as advised, but having done this are we going to get the same issues as above re Counterspy etc...
     
  35. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm just going by the logs you posted. The first logs showed all the stuff I quoted. And the last logs do not. So perhaps the problem was due to the 4 weeks time in between the to sets of logs.


    While looking at the two sets of logs I may have still be looking at the first set where it was installed. I just wanted to make sure it was no longer installed.

    Again I repeat what I was looking at was the two sets of logs which you can look at for yourself. The programs were in the first set and not in the next. You tell me why. [edit] Well it was the 4 weeks time frame! [/edit]
     
  36. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have to remember something! I look at many many threads per day and I cannot keep track of the fact that it took you almost a month to complete the steps. This is where all the confusion is coming from.
     
  37. elevation

    elevation Private E-2

    .....Yeah I just checked the dates between the two different sets of posted logs too, I agree that explains the confusion arising from our conversations.

    Dont get me wrong here Chas you have been superb throughout & I am very grateful for your assistance. ;)

    Im going to reinstall Spysweeper & Comodo as per your suggestions.
     
  38. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes I still would like to see the results after the reinstalls just to make sure that there was no overlap of applications being installed at the same time which may have caused an incorrect setup.


    If you still run into issues with Spy Sweeper you will have to speak to them.
     
  39. elevation

    elevation Private E-2

    Hi Chas,

    Ive disconnected from the internet, uninstalled as follows, Spysweeper (reboot), Comodo (reboot).

    fixed McAfee file through HJT & deleted recomended files (reboot),

    then reinstalled in the following order, Spysweeper (reboot), Comodo (reboot), reconnected.

    Security Task Manager requests whether I wish to allow both programs to start with windows, replied Yes.

    Updated both programs, rebooted.

    The result is that when I now boot up windows red shield pops up for approx 5 secs telling me Antivirus is not detected on this comp, then it disapears & Spysweeper is active.

    Comodo - The conflict between the 2 firewalls is back & when checking Sec Centre ie, 'At least one of the firewalls on this computer is switched on' before it reverts to the message "Comodo Firewall is on"

    This takes between 30 secs - 1min before it reverts to Comodo FW is active.

    Windows FW is not active in Sec Centre, Ive just checked 'Services' & Windows Firewall/Internet Connection Sharing (ICS) is set to Automatic & Started, is this correct?

    Do you need to see the 2 new logs as per yesterday?

    I took a look at the link you gave me to resolve the Microsoft Windows Security InternetExplorer issue I have, the instructions seem straight forward, however point 5 says,

    5. Switch (CD) to the folder where you stored FLML.BAT.

    What does it mean, Switch (CD)? There are no references to CD anywhere else in the instructions so Im unsure how to proceed & therefore complete the process?

    Lastly, I still have the PestPatrol folder in Common Files containing an exe, dat, dll & 2 txt logs. Can I delete this folder & reboot to get rid of it.

    Thanks Chas, have a great weekend fella. :)
     
  40. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You may want to uninstall this to see if it is interfering with or slowing down you software startups.

    If uninstalling STM does not change this then talk to Webroot. However you should have tried what I had suggest before using Spy Sweeper again. I would have tried AVG to see if the samething happen. If not, then Spy Sweeper is taking too long to hook in. If it behaved the same, then it is just the order in which things are loading on your system during startup. I would still uninstall STM before testing anything else.

    You may want to consider disabling Windows Security Center and do your own monitoring. I don't think this is a conflict I think it is just taking awhile to recognize which Firewall is running.

    Yes that is normal.

    Yes.

    So then I assume you understood step 4? CD means change directory. They were telling you to switch to the folder where you stored the file. Switch folders is done using the CD ( or cd ) command from the command prompt.

    Yes.
     
    Last edited: Aug 13, 2007
  41. elevation

    elevation Private E-2

    Here are the logs Chas, thankyou.
     

    Attached Files:

  42. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Why is the below running while you are getting logs and why is it running 9 times? Please remember to shutdown unnecessary software like this before running any scans.
    C:\Program Files\Replay Converter\ffmpeg.exe
    C:\Program Files\Replay Converter\ffmpeg.exe
    C:\Program Files\Replay Converter\ffmpeg.exe
    C:\Program Files\Replay Converter\ffmpeg.exe
    C:\Program Files\Replay Converter\ffmpeg.exe
    C:\Program Files\Replay Converter\ffmpeg.exe
    C:\Program Files\Replay Converter\ffmpeg.exe
    C:\Program Files\Replay Converter\ffmpeg.exe
    C:\Program Files\Replay Converter\ffmpeg.exe


    Your logs are clean.
     
  43. elevation

    elevation Private E-2

    Hi Chas,

    Thanks for the clean bill of health.

    Regarding the entries below, Im not really sure what was going on there! I had been using file converter to batch convert some wma files to wave earlier but had closed down the application, there were none showing as open in the taskbar when I ran the logs, but clearly they were as your note below clearly shows.

    To avoid this type of situation from reoccurring what additional steps should/can I take to ensure everything is actually shut down before I need to run a log in the future? Please excuse my lack of knowledge in this area.

    Im also going to uninstall & then reinstall all of my AV & scanning tools in the following order to hopefully resolve that annoying sec centre warning, It is only on for a brief moment but if I can get rid of it at this attempt I would be happier, if it remains then ill just have to live with it!

    1 - Comodo FW
    2 - Spysweeper Antivirus & Spyware
    3 - Peerguardian
    4 - asquared (installed as an add on)
    5 - SpyWare Blaster
    6 - SpyBot-Search & Destroy
    7 - Security Task Manager with Spyprotector
    8 - Adaware SE Personal (Free - used as an ad hoc scanning tool as & when the need arises)

    Is this the correct order to reinstall these programs once I have first uninstalled everything?

    Also, is there any value to reinstalling all of the above in safe mode whilst disconnected from the internet or should I proceed in normal mode whilst connected?

    I see that Comodo are offering free Anti Malware protection

    http://www.comodo.com/boclean/boclean.html

    I was wondering whether this is worth installing in addition to the above or would I need to remove one of the above before first doing so? Or should I just stick with what I have already in your opinion?

    Finally, I would like to thank you personally for your assistance & patience in helping me throughout this minefield, I couldnt have done any of this with out you guys! :confused

    Major Geeks rocks! Ive already told numerous associates about your site & they will be paying you guys a visit.

    I will also be making a contribution to you guys to express my appreciation just as soon as Ive completed the final steps in getting my security programs all working together so that Im happy to enter my personal details onto my PC again. ;)

    Im just looking forward to getting back to creating my music with relative peace of mind thanks to you boys.

    Thanks again MG & Chaslang

    Best regards to you & the MG Team

    Steve
     
  44. elevation

    elevation Private E-2

    Reading again, through Comodos free Anti Malware protection I see now that this would replace Spysweeper Antivirus & Spyware if I decided to install it, & that I am to run one or the other not both.
     
  45. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Close everything running except what you are using to acquire the logs.
     
  46. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    In my opinion, this is too much protection. You only need one antivirus, one firewall and one antispy program.

    I use AVG AntiVirus, SpySweeper and ZoneAlarm Firewall and have never had a problem.

    I would recommend SpySweeper, Comodo FW and your choice of an AV. All of the other IMO are unnecessary however it's up to you whether you install them.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds