• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 859
  • Last Modified:

Viruses

Ok i did a scan with pandasoftware and it turns out i had 22 viruses on my comp and it said it dissinfected some and the ones left well they're messing up my comp heres the log to see what i still got left http://www.thatsgreat2345.iconrate.net/Activescan.txt 

When i start up my computer sometimes windows doesnt load and it takes acouple times of restarting my comp before windows loads

When it does load a well i forget what its called but the black window that you can type commands into at the top it has like nulware.exe and one time it had ntvdm.exe i dont know what they are for so i just click them off and an error pops up but it stopped popping up and a set up wizard also pops up for something but i dont know what for though
(If needed i took some screenshots of my msconfig startup tab http://www.thatsgreat2345.iconrate.net/Untitled-2.jpg )

what i did was i went to msconfig and turned off the nulware.exe on startup so now the black command box doesnt pop up anymore but the setup wizard does and i dont know how to get rid of it i think its from when i download zoomplayer off of limewire but it turned out the file size was only 300kb and so when i extracted it i clicked install and yeah i think its that setup wizard

i then downloaded hijack this and heres my log http://www.thatsgreat2345.iconrate.net/hijackthis.log

One more thing my liveupdate for norton 2005 isnt updating anymore im stuck with virus definitions from dec 2004 i uninstalled and reinstalled and nothing has realy seemed to work so how can i fix that and i have blackice Pc protection so nothing can run without me clicking terminate or continue but that shouldnt be causiing problems

So
1. How can i get rid of those viruses
2. How can i get it so windows loads when i start up the computer
3. How can i get the setup wizard to go away
4. How can i get my liveupdate to work

Thanks my aim is Thatsgreat2345
and my email is Thatsgreat2345@gmail.com if you need me to send you anything i will apreciate this alot

0
thatsgreat2345
Asked:
thatsgreat2345
  • 25
  • 12
  • 8
  • +3
2 Solutions
 
r-kCommented:
I posted your hijackthis log at http://www.highjackthis.de/ and the analyzed results are at: http://www.hijackthis.de/logfiles/982832b2b0daf3f732a93d9bddae51e8.html
This will make it easier to examine them.

You have several bad things running. The worst one seems to be TVmedia. I found some steps you can try for that first:

 http://support.microsoft.com/kb/886590

Next, I would get rid of p2pnetwork and msconfigs. See the steps outlined at:

 http://www.pcguide.com/vb/showthread.php?t=37182&goto=nextnewest

Finally run Highjackthis again and see what is left. Either try removing with Highjackthis or post your log at http://www.highjackthis.de/ and post the analyzed link here.

I think you problems with Norton update go away once you fix all this.


 
0
 
FalconHawkCommented:
1) it arent virusses. Its qualified AD and SPYware, and regular virus scanners cant delete them. What you should do is downloading spybot, microsoft anti spyware and AD-Aware to get rid of them.
http://www.lavasoftusa.com/software/adaware/
http://www.safer-networking.org/en/index.html
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

2) This can be a somewhat rare one. Please give me some more info. Does the PC hang at the bootup screen? Or while it is loading windows? And can you boot without a problem in safe mode?

3) I personally think that, with the removal of the virusses, this one should be auto solved. But its about 30% chance that it isnt resolved automaticly.

4) Since Norton is the most favorite AV scanner, its also the most favorite one to disable for virusses. Since its quite hard to tell wht is causing it (iv seen things from replacing the hostfile, blocking the internet connection to simply disabling norton liveupdate) i better just post a link from the norton site.
http://service1.symantec.com/SUPPORT/sharedtech.nsf/d3c44a1678bd8f45852566aa005902cb/5b5a18c52797afa488256dad005f3c57?OpenDocument&src=bar_sch_nam

I know this post is somewhat short on all answers, and i know that will seem a little like: Answered all, good chance its the accepted answer. I want you to know it ISNT that way. Before you try to reset any side effects of the virusses, you must have a virus free system first. Otherwise the virusses can simply reset things you are busy solving with. First get each and every virus away, and then see what problems remain. Some will be auto repaired, which saves a lot of worries. Some will need manual repairs. Please run the tools i mentioned, and get those ad and spywares away. Then, post what still remains a trouble, and then i can help you with these. This may not be the fastest methode, but it sure is the most thourough
0
 
kneHCommented:
>Liveupdaet does not work

go to c:\windows\system32\drivers\etc\
There's a file called hosts

Open it in notepad.
Only this (and the comments above it should be in it)
127.0.0.1    localhost


If you want a proper virusscanner get kasparsky.
It'll rid you of more than panda will!


As for the checked HJT log.
Fix the nasty's
Examine the unknows closely and fix if you think necesairy.

Report back if your problem isn't fixed.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
robertsjjrCommented:
Personally my advice to you is to do the following;

If you can go to a public computer or a friends computer then access Symantecs (Nortons) virus defanitions page, this is free to download (the definitions) and these should be able to be transported on floppy disks back to your home computer and you will be able to manually update your virus definitions. This should correct point 1) because it will remove the viruses. Most likely point 2) because when the viruses go windows should load up as normal unless there are any further problems and moreover it should correct point 4) because again once the viruses have been remove from your system, the part that is interupting the normal liveupdate from working should stop and it should work normally.

I recommend that you do this and then you post here anty other comments and other information that you can provide, which will help me solve your problem. Happy to help, robertsjjr...

Thanks...
0
 
FalconHawkCommented:
Adware:Adware/WUpd            No disinfected                C:\WINDOWS\system32\shell32.exe                                                                                                                                                                                                                                
Spyware:Spyware/TVMedia       No disinfected                C:\WINDOWS\system32\TVM_B534.EXE  
Spyware:Spyware/ISTbar        No disinfected                C:\Documents and Settings\G\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-20354161.zip[InstallerApplet.class]
Adware:Adware/SaveNow         No disinfected                Windows Registry                                                                                                                                                                                                                                                
Spyware:Spyware/TVMedia       No disinfected                C:\WINDOWS\system32\tvm_b5*.exe                                                                                                                                                                                                                                
Adware:Adware/WildTangent     No disinfected                C:\WINDOWS\wt    

Other experts:
Maybe you didnt notice these, but this is Adware and spyware and it wont and it CANT be removed with a normal virus scanner. Those can only remove viruses. Getting newer definations also wont remove them.
0
 
computerfixinsCommented:
Hello,

   The best ways to get rid of nasty malware andor virrii is to not have explorer running.  By explorer i mean the desktop enviroment thats infected.

a couple of options that i have used

1. goto  http://www.nu2.nu/pebuilder/ and build a bootable cd-rom image of windows, boot from cd and manaully delete or use adaware, hijackthis etc...just follow the instructions on website.(the best way, takes about an hour and some reading)

2.  Print out a list of files you want to remove.  Try shutting down ever proccess using alt-ctrl-del taskmanager except the system svchost crss, winlogon, services  and all the other ones windows wont let you anyways.  Now end task on explorer process and the desktop should dissapear.  Now hit file/new task in task manager window.  Type in cmd then <enter>.  Now basically move around and delete offending files in command prompt.  (quickest but most likely to fail, need to know the basic commands of DOS ie: del, cd, dir, etc)  

3.  The long and painfull method.  Install another copy of windows in a windows2 directory or whatever you fancy...MAKE SURE you do not format drive or reinstall over existing windows!!!  Now boot to your second copy of windows and remove offending files using program of your choice.  Reboot and and enjoy the malware free system.(extremly long winded but easiest to pull off, be wary any mistakes during setup will end your spyware program BUT with the added quark of a clean install. :)

Great thing about 1&3 is you now have them for future "oops's"
0
 
FalconHawkCommented:
computerfixins wrote:
(everything in point 2, and point 3)

..... what shall i post about this?.... Ending all processes except the system critical ones... then killing explorer..... and then using a command promt?
and then point 3.... a clean install of windows to FIX things?

Maybe you dont know this, but a LOT of spyware simply stealths itsself from the task manager by hiding itsself, Running as a service, or by being in the system32 directory. If it would be so easy to taskmanager kill things, then there would never be a need for an antivurus program. As a matter of fact, just going to terminate things is only going to make it WORSE most times. And then point 3: a clean instal? REALLY.... to do that you need at least a new partition, the OS disc (which not everyone has, since some manufacturers pre install).

I personally dont really know what i have to think about those methodes. Or rather why you posted them. Methode 3 is just a clean install, and if someone ask here, its to AVOID a clean install. And actually... why would he need a bootup disk? From what he stated, he can still acces his windows XP. so why a boot disk.

I have quite some difficulties writing the text i just wrote down. This is because im contantly thinking im misreading your post because it sounds like some of the worse solutions i ever heard to solve problems with virusses and spyware. Which also leads me to another difficulty: Writing without flaming.
0
 
thatsgreat2345Author Commented:
to any that IM me and help me get rid of all the stuff i dont need will recieve an extra 845 extra points so basicaly this is a 1345 point question and i got rid of the nasty aim search bar file thansk r-k for submitting that for me
0
 
thatsgreat2345Author Commented:
hey kneh i did what you told me and this is what i got when i open hosts in notepad this is what i got
http://www.thatsgreat2345.iconrate.net/hosts.txt
0
 
thatsgreat2345Author Commented:
to falconhawk yeah i ran 3 different malware/adware/spyware scanners
1. spy sweeper that my bro purchased
2. Ad-aware Se pro
3. a-squared startcenter

the first one deleted soem the second deleted some and the 3rd deleted 1 and yeah
0
 
thatsgreat2345Author Commented:
when i say windows doesnt load i mean when it starts up all i see is my desktop background photo and thats all so i just press ctrl alt dlt and
restart the comp
0
 
FalconHawkCommented:
"to any that IM me and help me get rid of all the stuff i dont need will recieve an extra 845 extra points so basicaly this is a 1345 point question and i got rid of the nasty aim search bar file thansk r-k for submitting that for me"

At first, keep in mind that there is a 500 point limit for a question, even if it has multiple questions inside it.

Now for the question. The first thing that still needs to be completed is making sure the system is clean, before any other "side" effects are cleaned, because of the risk the programs just reset them.
1) At first, download this tool:
http://www.snapfiles.com/get/starter.html
This tool will show you what starts with windows. Have a look what programs start, and trow out any suspicious ones. Most probally there will be no suspicious ones left, because the hijackthislog doesnt show them. But, better check anyway, since you never know
2) open Start=>settings=>prestations and maintenance=>system management=>services
This will open the services dialog box. Services are like programs, but they dont show up in the standart startup parts of the registery. Have a look at the ones that are running. If you see some strange ones, exspeccially ones WITHOUT description, they are most probally virus related. Just set them to stop starting with windows. But remind: NOT delete trigger happy if you dont know what it is.
3) Have a look in the c:\windows\system and the c:\windows\system32 directory. (assuming C:\ is yout boot drive, and Windows is your windows directory). The files in these directorys automaticly "start" when windows launches, and they are not in the startup parts of the registery. Because of that, quite a lot of as and spyware places itsself there, because they can be quite sure not to be deleted, if the user only checks the startup.
Now, how to identify a bad file here. First, all the legal (core) windows files are dated around the purchase of your computer. Files that are dated later, are not part of the windows core (except for a few ones that store some settings). if there are any strange files there, post them here.

For as far as i know, doing these steps will makesure your system is clean of virusses and other bad programs(in about 99% of the cases it is) . If you did this, please post what problems are still on your system. then i can begin posting the fixes for them, knowing that some program wont just reset them :)

0
 
thatsgreat2345Author Commented:
Ok about when it starts up like the tray doesnt load and the start bar what ever its called doesnt load and all the shortvuts on the desktop
dont load so basicaly explorer.exe doesnt start up sooo yeah and right now im performing another panda software scan so i can get another
log scan i did some stuff with hijackthis and i got rid of all the nasty unknown and uncesisary stuff i think so ill submit a new log and yeah falcon hawk since ur helping alot im just going to make a new question for 500 and then another for 345 if u want the other 845 points
0
 
thatsgreat2345Author Commented:
http://www.hijackthis.de/logfiles/c8d36c1b2a2e9d9b0ce84b2fbd09768b.html hijackthis analysis i tryed to delete          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) but it wont go away and its pissing me off
0
 
thatsgreat2345Author Commented:
o yeah and i got the setup wizard to go away and so basicaly its just now 1 and 2 and i can download virus definitons myself so 4 it doenst relay matter
0
 
thatsgreat2345Author Commented:
looks like all i got left is some adware and spyware http://www.thatsgreat2345.iconrate.net/Activescan.txt
0
 
r-kCommented:
That TVmedia is a nasty adware. Suggest you get rid of it asap. I suggested the link in my very first post above. It is:

 http://support.microsoft.com/kb/886590

0
 
FalconHawkCommented:
http://www.hijackthis.de/logfiles/c8d36c1b2a2e9d9b0ce84b2fbd09768b.html hijackthis analysis i tryed to delete         O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) but it wont go away and its pissing me off

If that one doesnt go away, try step 2 i posted in my previous post. It seems its a service that tryes to run, but beceause the file is missing it cant.

For problem 1: try this AV software: http://www.grisoft.com/doc/1
AVG is a very good free virus scanner. It caught about 95% of the virusses i ever had on my system (and when i changed it to Pro, the rate is cloe to 100%) A little note is that i get a real lot of virusses. in fact,i deliberatly go to virus carrying sites to test new AV software on its preformance.
Further, have another scan with microsoft antispyware. MAKE SURE the definations are up to date. If the junk files would still live after such a harsh treatment, just delete them manually. they arent system critical, so just deleting them will work just fine.

For problem 2) This one is the worse. The main problem is that i cant look into your PC, so i dont know what might be causing this. My best bet is to get the virusses of first, and (as i said before) then looking at this problem. I will come back on this one, as soon as the last few virusses are gone.

Good luck,
FHawk

And a little note: 500 points is the absolute maximum for a question. i appreciate the thought you want to give more, but its simply illegal. and just in case: if you award a grade A, the points will be quadrupled, a B will make it X3, and a C X2. so dont think your giving not enough :)
0
 
thatsgreat2345Author Commented:
o wow quadupled lol ok ill award u the points after this is all done and give you an A :)
0
 
thatsgreat2345Author Commented:
hey and r0k says that tv media thing i downloaded what he told me but it says when i try to install the patch or what ever it is that tv media isnt installed on my computer so im like what ever
0
 
thatsgreat2345Author Commented:
oops i mean r-k but i figured out why windows wasnt loading it was because of about 2 gigs worth of rar files that magicaly appeared in my shared folder some god freaking d@mn adware that agv found sound i deleted that all and my computer starts up pretty freaking fast now
0
 
computerfixinsCommented:
First off you shouldnt be flaming anyones post... Maybe you should take a gander at the TOS

Secondly most adware/spyware load into explorer and once in awhile you can remove them with explorer gone(bispy.tojan dropper comes to mind)  It comes back when you reboot u know??  Usng good ol command.com has spared me from coutless hours of trying to remove pasky spyware.  EVEN if it is a service it still runs from a file you know?  Also command.com doesnt pay attention to pesky permissions like Wexplorer does...  

Thirdly the last soltion is not a clean install but a side by side install.  You CAN HAVE two microsquish windows running on the same partion.  And as you said they usaully load up as a service now, if you boot up on another OS on the same DRIVE....one might think you scan for the spyware without hindrance....Not really sure how you got clean install out of it....

Also the first solution, the one you fail to mention in your flame, is a sure way to remove any pesky software that won't let you....(access violations errors, file in use problems)

From a software developer's point of view, I wont run any program that automically fix's things, i much prefer knowing what i am doing...Only program I'd even cosider reccomending is hijackthis, all others can and will eventaully cause a headache of some sort.

The worse part is your post stomps on the idea of this website, which is a gathering of experts who have different ways fo doing things.   For now on I will keep my methods to myself, for apparently they are petty and useless, more or less what you are tryng to say?  

Please make sure you know what you are talking about before berating someone else...




0
 
FalconHawkCommented:
"First off you shouldnt be flaming anyones post... Maybe you should take a gander at the TOS"

First, i know the TOS well enough to know what things i can and cant do. And if you take my post as flaming, so be it. When i was writing it, i tried to keep it as "correcting" as possible. Or rather, my own point of view. I actually rewrote the text serveral times, because the other versions seemed to much like flaming. I agree with you, that still, the text looks a bit like a flame. But actually, the ideas you posted gave me the idea: re-install windows and your fine.
If you realy think i was flaming, post in the community support section, and have them decide werther i crossed the line or not. At least 1 thing: If my post offended you in any way, my excuses. But it was never written to flame, nor do i have interest in starting one.

"It comes back when you reboot u know"
I know that. If you have checked my profile, you would have seen that security is my specialisation. But you are forgetting 1 thing: a lot of spyware simply has more files then 1. most times its one in the WIN32 directory that re-loads the spyware. Explorer or no explorer, at the next reboot it reloads.

"Thirdly the last soltion is not a clean install but a side by side install"
Yes, i noticed that. BUT its not needed. Simply booting up in safe mode will prevent them from loading then anyway. i dont say that what your saying isnt correct, but its the long way around.  

"Also the first solution, the one you fail to mention in your flame, is a sure way to remove any pesky software that won't let you....(access violations errors, file in use problems)"
Sigh... boot in safe mode and you dont have those problems..... i do clean computers a very long time now, and i NEVER met a locked file in safe mode.  And why i fail to mention 1, is because i didnt think i needed to comment on it.

"From a software developer's point of view, I wont run any program that automically fix's things, i much prefer knowing what i am doing..."
I never had any problems with AVG or MSASW. Besides, those programs can overcome a human limit. if we had to scan manually, we wouldnt even notice 5% of the virusses. And in the case of removing: programs most times know way better what the virus his behavior is. So the removal will be more complete. And keep in mind that You, and well as Me can perhaps identify a virus by its looks, but 90% of the people using a computer dont even know of viruses starting as a service. I even met people who didnt know about virusses at all. Catch my drift? Not everyone is skilled enough to see a virus as a danger himself. And to be honest: why would a lot of people need to? ;)

"For now on I will keep my methods to myself, for apparently they are petty and useless, more or less what you are tryng to say"
To make sure: im NOT in ANY way trying to say they are useless. im just saying they are the last resort methodes. Now i agree with you, that, in the way i wrote the post, it seemed like i said they wont work. I know they work, but (almost) all times booting in safe mode will simply solve the problem, and eliminate the need to do a new install. Again, if it seemed like a flame on my side, my excuses, since it was never the purpose to flame.

"Please make sure you know what you are talking about before berating someone else..."
I advice you to look at the yearly top 15 chart in the security section to get an aswer on this one. I will not take this as a flame eigther.
0
 
thatsgreat2345Author Commented:
falcon hawk i think he was talking to me since i typed god freakin d@mn adware i dont see how that is flaming to but what ever you say computerfixins and it turns out the 2 gigs of adware was the problem i just got lucky when i restarted it twice
0
 
thatsgreat2345Author Commented:
hey i just read all the posts and dont realy see where anyones flaming :/
0
 
thatsgreat2345Author Commented:
basicaly the adware im trying to get rid of now is in my windows registry and its called adware/startnow and yeah
0
 
r-kCommented:
thatsgreat2345:

I am a bit confused by now about what's gone and what's still left of your spyware. It might be a good idea to submit another hijackthis log at http://www.hijackthis.de/ and post a link to the analyzed file.

Thanks.
0
 
FalconHawkCommented:
"falcon hawk i think he was talking to me"
No, hewas talking to me. about this comment to be precise:

Comment from FalconHawk Date:
05/13/2005 08:07PM CEST

And yes, its a good idea, to do another scxan and see whats left, since im also beginning to loose the track of whats still left. :)

0
 
thatsgreat2345Author Commented:
0
 
thatsgreat2345Author Commented:
alright theres the scan
0
 
computerfixinsCommented:
Thanks for the non-flame reply falcon, i was just to support that my methods do work, and they are nice in case you do get malware/virri instead of just malware.  If the files have infected windows system files and/or have a trojan dropper attached, booting in safe mode will do nothing.  

Not to mention that all the usaul methods were posted....  Thus the reason i gave him another option...

Hey, i 'd try to  remove the following if your still having problems...

--------------------------------------------------------------------------------------
winpcap and ethereal network scanner   : its expermiental becuase its buggy :)  Have had many computers reboot/not boot at all, with no warning while running pcap.     But on the other hand its great for packet sniffing...and you cant beat the price.  I usaully make the service run in a window instead of being on all the time...

Adwarespy  :  is usaully a BOGUS ad remover...ad remover with spyware built in :)

IEHelper      :  A spyware downloader...or dropper

msmsgs        : completly useless, just another way to send in popups....

alg.exe         :  If your not using internet connection sharing or dont plan on, might as well remove it...  Lots o exploits for this little guy.


C:\Program Files\AdwareSpy\AdwareSpy.exe
Safe. running process. (AdwareSpy.exe)
"Bogus" adware remover, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites Not dangerous, but unnecessary.

C:\WINDOWS\System32\alg.exe
Safe. running process. (alg.exe)
Systemproess - Application Layer Gateway Server This service is unnecessary if you do not use ICS.

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Also go here if iehelper.dll give your trouble http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074922
0
 
computerfixinsCommented:
Er forgot to add that he has a bunch of ported linux tools runing in his hijack log, thought he would appreciate the long and hard way:)    
0
 
thatsgreat2345Author Commented:
scared the crap outa my self i installed panda platinum thing and my computer would lag and would freeze and after turning off the comp by the button about 20 times im like why not start it in safe mode ;) i was smart  and
C:\Program Files\AdwareSpy\AdwareSpy.exe  deleted that prog

C:\WINDOWS\System32\alg.exe  cant find it on the list

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)   TRYED BUT CANT DELETE AND CANT FIND IT IN MY SYSTEM

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe DELETED
0
 
computerfixinsCommented:
any luck with iehelper?  This nasty little program will keep reinfecting your system every time you connect to the internet, if its not removed correctly...

try this little freeware prog to get rid of the winpcap entry...

http://www.ccleaner.com/ccdownload.asp

I wouldnt worry about alg.exe not really important....

0
 
computerfixinsCommented:
also while using ccleaner you can use it as a genereal windows washer.....but if you click on the issues tab and hit scan it will check registry....  Also be sure to run the scan mutiple times....usaully 3 will pick up all the junk in reg.  Also make sure you make a backup of the registry when it asks you to, just in case :)
0
 
thatsgreat2345Author Commented:
by IE helper do u mean the alg.exe thing
0
 
FalconHawkCommented:
"i was just to support that my methods do work, and they are nice in case you do get malware/virri instead of just malware.  If the files have infected windows system files and/or have a trojan dropper attached. "

Yup, your right on that one. If the windows files get altered, you got a problem most time. but i guess you forget 1 little thing (no flame ;) ) When you shut down your computer, the windows file protection(WFP) looks for windows files that are altered, and replaces the altered ones with the correct ones. But i also must admit i frgot the possibility, since i set my WFP to run at bootup, and because my pc is kinda like a fortress that wont get altered windows files. (wont is a big word, but i never had any intrusions of that kind the last 3 years)

C:\WINDOWS\System32\alg.exe
Safe. running process. (alg.exe)
Systemproess - Application Layer Gateway Server This service is unnecessary if you do not use ICS.

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

So, those 2 are left.
on Alg.exe: Personally, i would simply let it run. Its not dangerous, and the load time is so small, it wont create system overhead. Just leave it on, to make sure you wont need to remember you turned it off when you ever need it.

On the service: just open the services panel: settings=>maintenance=>systemmanagemt=>services
Fint the servide in the list, stop it, and set it to disabled. That way it wont start again with windows. For the files: just search them with the serach function build in into explorer if u cant locate them. dont mind the rpcapd.ini file, since its not on your system.


0
 
computerfixinsCommented:

This was the listing I met by iehelper(in your hijackthis log), maybe one of your ad-aware proggys already removed it...

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
0
 
computerfixinsCommented:
Heh, well im on the other end falcon, i turn off everything that even comes close to security :)....

No firewall, antivirus, application protection, popup blocker, etc.  Fixed ip with no router.  Basically a straw house with doors wide open.  Just have an array of loggers, task monitors and packet sniffers o.O

Needless to say; i find it neccsary to do a differential backup of my computer daily though ..
0
 
FalconHawkCommented:
"Heh, well im on the other end falcon, i turn off everything that even comes close to security :)...."

My methode has the advantage i almost never need to re-install windows and that everything is safe (as far safe as safe excists). But on thw other side:  
Keeping this level of resident protection literally guzzles RAM.  (30 MB, with the minimal security running). Of course a lot of security is nice to have, but it can slow a system down to turtle speed
0
 
thatsgreat2345Author Commented:
well the last thing on my comp is adware:savenow and so yeah  its in my windows registry havent been able to get rid of it but lol in the next week my brothers going to put linux on my comp lol ill only have to deal with 1000 or so viruses
0
 
thatsgreat2345Author Commented:
falcon i cant find the services panel
0
 
FalconHawkCommented:
go to the system settings. Just select "search" and then type settings. searching them will only take a second. Why im not trying to explain better? Simply because i got a Non English version of windows. The majority of the settings are simply translated, but that wont help if im translating it to the wrong words.

Be sure to ONLY search search in the settings screen, since otherwise you`ll be waiting an out for nothing.
0
 
thatsgreat2345Author Commented:
i havent found settings but im fine now everythings pretty much gone thanks ill be accepting answers hmm computerfixin or falcon hawk tough choice
0
 
FalconHawkCommented:
Just to make sure: You can accept an Accepted and an assistant answer. The points will then be split between the 2 persons. (in case you didnt know this) The person who has ACCEPTED andswer will get 1200 points, the assistant 800 (or at least pretty close to these numbers)
0
 
thatsgreat2345Author Commented:
how do i do the assisted answer
0
 
thatsgreat2345Author Commented:
even thought i accepted the answer how can i get my thing to live update like theres abunch of hosts so how do i open it and delete all the hosts but the localhost
0
 
thatsgreat2345Author Commented:
lol nvm i fixed the the stuff my self lol wow thats alot of adware i had
0
 
FalconHawkCommented:
I gotta say: this is the LONGEST question i ever had ^^. But i cant say i didnt enjoy figuring out what might be the problem. Well, thanks for the points, and hope to help you again in the future :)
0
 
thatsgreat2345Author Commented:
lol yeah so u can take more of my points yep yep yep
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 25
  • 12
  • 8
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now