mycomputerisrubbish
asked on
how to delete files from system32 (caused by Spy Falcon)
Hi,
I managed to somehow acquire Spy Falcon on my computer, and stupidly used it's uninstall facility which seemingly hasn't fully removed it. My internet homepage keeps getting reset to some spyware site, and i have a persistent message by my clock saying "Virus Alert!".
I have run adaware and spybot search&destroy, and they have both deleted a fair few files related to this, but the problem hasn't gone away. I have run hijackthis, and assesed the log file on a website I saw on another thread.
http://www.hijackthis.de/logfiles/860fea685de0fa3ef78e5292babdf0d2.html
It tells me that I have two nasties in C:\WINDOWS\system32.
They are atmclk.exe and dcomcfg.exe.
However, if I try and delete either, the computer says they're in use.
Can anyone tell me how to delete them please, and also, will this get rid of the Virus alert and stop resetting my homepage, or do I have other problems as well??
Thanks in advance, and sorry if this is hard but I'm computer illiterate and only have 180 points as I spent them all when I messed up my home comp a few weeks ago!
P.S. an online virus scan also gives atmclk as adware too, and says that taskdir.exe is a hacktool
I managed to somehow acquire Spy Falcon on my computer, and stupidly used it's uninstall facility which seemingly hasn't fully removed it. My internet homepage keeps getting reset to some spyware site, and i have a persistent message by my clock saying "Virus Alert!".
I have run adaware and spybot search&destroy, and they have both deleted a fair few files related to this, but the problem hasn't gone away. I have run hijackthis, and assesed the log file on a website I saw on another thread.
http://www.hijackthis.de/logfiles/860fea685de0fa3ef78e5292babdf0d2.html
It tells me that I have two nasties in C:\WINDOWS\system32.
They are atmclk.exe and dcomcfg.exe.
However, if I try and delete either, the computer says they're in use.
Can anyone tell me how to delete them please, and also, will this get rid of the Virus alert and stop resetting my homepage, or do I have other problems as well??
Thanks in advance, and sorry if this is hard but I'm computer illiterate and only have 180 points as I spent them all when I messed up my home comp a few weeks ago!
P.S. an online virus scan also gives atmclk as adware too, and says that taskdir.exe is a hacktool
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
also after they have been removed do a full scan here
housecall.trendmicro.com
housecall.trendmicro.com
http://www.bleepingcomputer.com/forums/topic43659.html
The be all and end all removal process.
safety.live.com will search out and squash anything spy falcon.
Also try turning off system restore quickly: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
REMEMBER: turn it back on after and create a restore point!
The be all and end all removal process.
safety.live.com will search out and squash anything spy falcon.
Also try turning off system restore quickly: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
REMEMBER: turn it back on after and create a restore point!
ASKER
jasfout, I used moveonboot to delete the files, and it seems to have made a slight difference. Before, if I reset my homepage to google in internet options, then it would immediately set itself to about:blank, and go to http://www.securityuptodate.com/ whenever I clicked home. Now, internet options still gives my homepage as google, but whenever I click home, it still goes to the security update website.
Also, the virus alert! has gone, but every now and then I get a little thing in the bottom right of the screen telling me "Your computer is infected".
Hence, it's still not cured, but I can't find any problems any more.
and Nudalus, I saw that page on another thread about SpyFalcon. However, none of the files it says to delete seem to exist on my computer, and it ended up doing nothing for me.
I'd quite like to just do a system restore, but unfortunately it tells me it can't restore to any of the about 30 points I have set, as "my computer hasn't changed" or something
Also, the virus alert! has gone, but every now and then I get a little thing in the bottom right of the screen telling me "Your computer is infected".
Hence, it's still not cured, but I can't find any problems any more.
and Nudalus, I saw that page on another thread about SpyFalcon. However, none of the files it says to delete seem to exist on my computer, and it ended up doing nothing for me.
I'd quite like to just do a system restore, but unfortunately it tells me it can't restore to any of the about 30 points I have set, as "my computer hasn't changed" or something
mycomputerisrubbish - sorry I did not earlier look at the hjt log
as previously stated...make sure to clear all 'Temp' directories and 'Temporary Internet Files'
Use Add/Remove Programs to remove anything having to do with 'SearchBar' or 'microgaming' or anything you may have installed from 'microgaming.com'
also check >>Start>>Programs>>StartUp and remove any programs that you do not recognize
Download/Update & start SpyBot S&D >>Mode>>Advanced>>Tools>>S ystem Startup (Spybot will recommend(RED)bad entries - TOGGLE them off, along with anything having to do with 'dlhelper'
run hjt and 'fix' these entries(if still exist):
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5 e9dc70248d 0} - C:\WINDOWS\system32\hpC67D .tmp
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-F D60B590A87 D} - C:\PROGRA~1\COMMON~1\Real\ Toolbar\re albar.dll (file missing)
O4 - Startup: DLHelperEXE.exe
O16 - DPF: {AED98630-0251-4E83-917D-4 3A23D66D50 7} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
locate and delete these files if they still exist:
C:\WINDOWS\system32\dcomcf g.exe
C:\WINDOWS\system32\hpC67D .tmp
C:\PROGRA~1\COMMON~1\Real\ Toolbar\re albar.dll
DLHelperEXE.exe
reboot the machine and post new hjt log
as previously stated...make sure to clear all 'Temp' directories and 'Temporary Internet Files'
Use Add/Remove Programs to remove anything having to do with 'SearchBar' or 'microgaming' or anything you may have installed from 'microgaming.com'
also check >>Start>>Programs>>StartUp
Download/Update & start SpyBot S&D >>Mode>>Advanced>>Tools>>S
run hjt and 'fix' these entries(if still exist):
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-F
O4 - Startup: DLHelperEXE.exe
O16 - DPF: {AED98630-0251-4E83-917D-4
locate and delete these files if they still exist:
C:\WINDOWS\system32\dcomcf
C:\WINDOWS\system32\hpC67D
C:\PROGRA~1\COMMON~1\Real\
DLHelperEXE.exe
reboot the machine and post new hjt log
ASKER
http://housecall.trendmicro.com/ doesn't seem to be working for me. I'm just trying doing the rest of your last post. So far, the homepage problem seems fixed, but the virus alert! has returned!!
Also, I did a panda online scan and that gave two files in my system registry that are infected. I'll redo it and post the results in a bit...
Also, I did a panda online scan and that gave two files in my system registry that are infected. I'll redo it and post the results in a bit...
ASKER
Logfile of HijackThis v1.99.1
Scan saved at 19:19:13, on 11/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\WINDOWS\system32\CTsvcC DA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2. exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\TOSHIBA\TME3\Tmesbs3 2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.e xe
C:\WINDOWS\System32\00THot key.exe
C:\Program Files\TOSHIBA\TME3\TMESBS3 2.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5. exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Synaptics\SynTP\SynT PLpr.exe
C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
C:\Program Files\TOSHIBA\TouchED\Touc hED.Exe
C:\Program Files\Toshiba\ConfigFree\N DSTray.exe
C:\WINDOWS\System32\ezSP_P x.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\S MARTB~1\Mo tiveSB.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper. exe
C:\Program Files\Java\jre1.5.0\bin\ju sched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource \Detector\ CTDetect.e xe
C:\Program Files\iPod\bin\iPodService .exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\system32\msiexe c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\unzipped\hijackthis[1]\ HijackThis .exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.e xe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot key.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3 2.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT PLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\Touc hED.Exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N DSTray.exe "
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P x.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\E_S 10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\S MARTB~1\Mo tiveSB.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper. exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource \Detector\ CTDetect.e xe /R
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar 2.dll/cmse arch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar 2.dll/cmwo rdtrans.ht ml
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar 2.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar 2.dll/cmca che.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar 2.dll/cmsi milar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar 2.dll/cmtr ans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \npjpi150_ 06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \npjpi150_ 06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O16 - DPF: {00B71CFB-6864-4346-A978-C 0A14556272 C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-9 7215F77A6B C} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134820915244
O16 - DPF: {8E0D4DE5-3180-4024-A327-4 DFAD1796A8 D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5 009F29E09E 1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5 95F0A5519F F} (MsnMessengerSetupDownload Control Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2 2031317559 2} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F 4CA977D564 3} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F 385591623A F} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8 E305202313 F} - "C:\PROGRA~1\MSNMES~1\msgr app.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog on.dll
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC DA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2. exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3 2.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm 12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs3 2.exe" /Service (file missing)
Scan saved at 19:19:13, on 11/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\WINDOWS\system32\CTsvcC
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.
C:\WINDOWS\System32\nvsvc3
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\WINDOWS\System32\svchos
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\TOSHIBA\TME3\Tmesbs3
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
C:\WINDOWS\System32\00THot
C:\Program Files\TOSHIBA\TME3\TMESBS3
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Synaptics\SynTP\SynT
C:\Program Files\Synaptics\SynTP\SynT
C:\Program Files\TOSHIBA\TouchED\Touc
C:\Program Files\Toshiba\ConfigFree\N
C:\WINDOWS\System32\ezSP_P
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\S
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Java\jre1.5.0\bin\ju
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource
C:\Program Files\iPod\bin\iPodService
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\system32\msiexe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\unzipped\hijackthis[1]\
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\Touc
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\S
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {00B71CFB-6864-4346-A978-C
O16 - DPF: {14B87622-7E19-4EA8-93B3-9
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
O16 - DPF: {E6187999-9FEC-46A1-A20F-F
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs3
fix these entries:
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot key.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8 E305202313 F} - "C:\PROGRA~1\MSNMES~1\msgr app.dll" (file missing)
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs3 2.exe" /Service (file missing)
kill this process then remove it(use moveonboot if necessary)
C:\WINDOWS\System32\00THot key.exe
reboot then hit it with SpyBot again
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs3
kill this process then remove it(use moveonboot if necessary)
C:\WINDOWS\System32\00THot
reboot then hit it with SpyBot again
ASKER
Sorry, but what do you mean by kill the process? I don't know how to get to some of the things shown in the hijackthis log file :-(
I have a pandascan nearly finished, with 7 spyware and 1 hacking tool so far. I'll post it when done.
and sorry to be such a hassle, but I really am clueless!
I have a pandascan nearly finished, with 7 spyware and 1 hacking tool so far. I'll post it when done.
and sorry to be such a hassle, but I really am clueless!
ok ignore my last entry and wait for panda
please note the results of pandascan
please note the results of pandascan
after further looking 00THotkey.exe seems to be ok
ASKER
Incident Status Location
Adware:adware/emediacodec Not disinfected c:\windows\system32\stdole 3.tlb
Adware:adware/wupd Not disinfected c:\program files\MediaGateway
Spyware:spyware/searchcent rix Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dave\Desktop\smit Rem\Proces s.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Cookies\dave @atdmt[2]. txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dave\Cookies\dave @adtech[2] .txt
Spyware:Cookie/Doubleclick Not disinfec
I can find and delete all the ones except the one that it says is in the windows registry. How do I get rid of that?
Adware:adware/emediacodec Not disinfected c:\windows\system32\stdole
Adware:adware/wupd Not disinfected c:\program files\MediaGateway
Spyware:spyware/searchcent
Potentially unwanted tool:Application/Processor
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Cookies\dave
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dave\Cookies\dave
Spyware:Cookie/Doubleclick
I can find and delete all the ones except the one that it says is in the windows registry. How do I get rid of that?
go ahead and remove the files
as far as the Registry entry is there a 'more' button or something that will show you the location in registry?
I am still looking at searchcentrix
as far as the Registry entry is there a 'more' button or something that will show you the location in registry?
I am still looking at searchcentrix
do you have any strange toolbars in internet explorer?
do you have any strange toolbars listed in the Add/Remove Programs list?
do you have any strange toolbars listed in the Add/Remove Programs list?
ok
Remove any these if present in the Add/Remove Programs list:
expand search
search-o-matic toolbar
search-o-webalize search utility
webalize
windirect
and have you worked in the registry before?
Remove any these if present in the Add/Remove Programs list:
expand search
search-o-matic toolbar
search-o-webalize search utility
webalize
windirect
and have you worked in the registry before?
ASKER
no, I can't find anywhere at all that gives a hint as to whereabouts in the registry it is.
The only toolbar I have in internet explorer is google as far as I know. That's the only one listed in add/remove programmes as well that I can see
The only toolbar I have in internet explorer is google as far as I know. That's the only one listed in add/remove programmes as well that I can see
ASKER
none of them are present. And I've restored my registry on my home computer before. I could try that I guess if you think it'd work?
ASKER
Hmm, the file
Spyware:Cookie/Atlas DMT C:\Documents and Settings\Dave\Cookies\dave @atdmt[2]. txt
doesn't seem to exist, so I can't delete that one. unless it's hidden...
Spyware:Cookie/Atlas DMT C:\Documents and Settings\Dave\Cookies\dave
doesn't seem to exist, so I can't delete that one. unless it's hidden...
>>Start>>RUN>regedit>>File >>Export>> Export Range=All>>Filename=old>>S ave
See if you find any of these keys and remove them:
*HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
Searchcentrix = %ProgramFiles%\ Searchcentrix\ Searchcentrix.exe
* HKEY_LOCAL_MACHINE\ Software\ Searchcentrix
* HKEY_LOCAL_MACHINE\ software\ mygeekinstalled
* HKEY_CLASSES_ROOT\ SomaticCAB.Setup
* HKEY_CURRENT_USER\ software\ Dynamic Toolbar
* HKEY_USERS\ .default\ software\ dynamic tollbar
* HKEY_CLASSES_ROOT\ gssomatic.gssomatic
* HKEY_LOCAL_MACHINE\ software\ classes\ gssomatic.gssomatic
* HKEY_LOCAL_MACHINE\ software\ classes\ somatic.somatic
* HKEY_LOCAL_MACHINE\ software\ classes\ barbho.class1
* HKEY_LOCAL_MACHINE\ software\ classes\ gssomatic.gssomatic
* HKEY_LOCAL_MACHINE\ software\ classes\ mygeek.com
* HKEY_LOCAL_MACHINE\ software\ classes\ pqhelper.pqhelper
* HKEY_LOCAL_MACHINE\ software\ classes\ s4helper.s4helper
* HKEY_LOCAL_MACHINE\ software\ classes\ seantb.seantb
* HKEY_LOCAL_MACHINE\ software\ classes\ somatic.somatic
* HKEY_LOCAL_MACHINE\ software\ classes\ spoolsvv.class1
* HKEY_LOCAL_MACHINE\ software\ classes\ webalize.webalize
* HKEY_LOCAL_MACHINE\ software\ classes\ wzhelper.wzhelper
See if you find any of these keys and remove them:
*HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
Searchcentrix = %ProgramFiles%\ Searchcentrix\ Searchcentrix.exe
* HKEY_LOCAL_MACHINE\ Software\ Searchcentrix
* HKEY_LOCAL_MACHINE\ software\ mygeekinstalled
* HKEY_CLASSES_ROOT\ SomaticCAB.Setup
* HKEY_CURRENT_USER\ software\ Dynamic Toolbar
* HKEY_USERS\ .default\ software\ dynamic tollbar
* HKEY_CLASSES_ROOT\ gssomatic.gssomatic
* HKEY_LOCAL_MACHINE\ software\ classes\ gssomatic.gssomatic
* HKEY_LOCAL_MACHINE\ software\ classes\ somatic.somatic
* HKEY_LOCAL_MACHINE\ software\ classes\ barbho.class1
* HKEY_LOCAL_MACHINE\ software\ classes\ gssomatic.gssomatic
* HKEY_LOCAL_MACHINE\ software\ classes\ mygeek.com
* HKEY_LOCAL_MACHINE\ software\ classes\ pqhelper.pqhelper
* HKEY_LOCAL_MACHINE\ software\ classes\ s4helper.s4helper
* HKEY_LOCAL_MACHINE\ software\ classes\ seantb.seantb
* HKEY_LOCAL_MACHINE\ software\ classes\ somatic.somatic
* HKEY_LOCAL_MACHINE\ software\ classes\ spoolsvv.class1
* HKEY_LOCAL_MACHINE\ software\ classes\ webalize.webalize
* HKEY_LOCAL_MACHINE\ software\ classes\ wzhelper.wzhelper
This tool should do the trick however I have not yet used it
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
refer to this link to see how others have used the tool
http://www.windowsbbs.com/showthread.php?t=54038
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
refer to this link to see how others have used the tool
http://www.windowsbbs.com/showthread.php?t=54038
basic instructions appear to be :
You may like to print out these instructions as you will be unable to connect to the Internet to read them while in Safe Mode.
Boot into Safe Mode and log onto your usual account.
In Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process.
After SmitfraudFix finishes - reboot back into Safe Mode if a reboot is required - and run an HJT scan.
Reboot into Normal Mode and post the contents of the SmitfraudFix log located at C:\rapport.txt into this thread, and the contents of the HJT log which you will find in the same folder that you placed hijackthis.exe
You may like to print out these instructions as you will be unable to connect to the Internet to read them while in Safe Mode.
Boot into Safe Mode and log onto your usual account.
In Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process.
After SmitfraudFix finishes - reboot back into Safe Mode if a reboot is required - and run an HJT scan.
Reboot into Normal Mode and post the contents of the SmitfraudFix log located at C:\rapport.txt into this thread, and the contents of the HJT log which you will find in the same folder that you placed hijackthis.exe
ASKER
I found one and deleted it. hopefully this will help.
I'm going out for a bit anyway, so will see later
cheers for your help
I'm going out for a bit anyway, so will see later
cheers for your help
ASKER
I'm back. Got an error message on bootup saying that Thotkey file I deleted can't be recovered. Is that bad?!
Also, the virus alert! thingy has returned. This is annoying me now!!
Also, the virus alert! thingy has returned. This is annoying me now!!
ASKER
I did the smitfraud fix...that also seems to have not worked.
And I got the same message when I rebooted again about the Thotkey file. I guess I'll have to try and restore it somehow, but I can't work out how to use the hijackthis backup files
And I got the same message when I rebooted again about the Thotkey file. I guess I'll have to try and restore it somehow, but I can't work out how to use the hijackthis backup files
ASKER
Right, another update!
I think (touch wood!) I may have finally beaten the malware. The following link seems to have helped, and I hope the ewido scan may have finally have got rid of the nasties
http://forums.whirlpool.net.au/forum-replies-archive.cfm/485496.html
The other two bits were exactly what you had suggested earlier though, so you were definitely along the right lines!
Could you possibly just tell me which file I didn't want to delete though which has caused me to get the error message when I log on?
" Retrieval of "THotkey" failed.
Error code - 0x00031402, 0x00000002"
I restored the hijackthis one I deleted and that doesn't seem to have helped.
I'll leave it a while before closing just to check I am free of the stuff, but thanks very much for all your help!!
I think (touch wood!) I may have finally beaten the malware. The following link seems to have helped, and I hope the ewido scan may have finally have got rid of the nasties
http://forums.whirlpool.net.au/forum-replies-archive.cfm/485496.html
The other two bits were exactly what you had suggested earlier though, so you were definitely along the right lines!
Could you possibly just tell me which file I didn't want to delete though which has caused me to get the error message when I log on?
" Retrieval of "THotkey" failed.
Error code - 0x00031402, 0x00000002"
I restored the hijackthis one I deleted and that doesn't seem to have helped.
I'll leave it a while before closing just to check I am free of the stuff, but thanks very much for all your help!!
>Thotkey file I deleted can't be recovered. Is that bad?
no not bad, just needs to be removed from the startup list
start SpyBot S&D >>Mode>>Advanced>>Tools>>S ystem Startup (Spybot will recommend(RED)bad entries - TOGGLE them off, along with anything having to do with 'dlhelper'
If you give me the model# from the bottom of the notebook, I will find you a link
no not bad, just needs to be removed from the startup list
start SpyBot S&D >>Mode>>Advanced>>Tools>>S
If you give me the model# from the bottom of the notebook, I will find you a link
oops...
start SpyBot S&D >>Mode>>Advanced>>Tools>>S ystem Startup (Spybot will recommend(RED)bad entries - TOGGLE them off, along with anything having to do with 'dlhelper'
should have read:
start SpyBot S&D >>Mode>>Advanced>>Tools>>S ystem Startup
TOGGLE offthe one that calls 00THotKey
start SpyBot S&D >>Mode>>Advanced>>Tools>>S
should have read:
start SpyBot S&D >>Mode>>Advanced>>Tools>>S
TOGGLE offthe one that calls 00THotKey
ASKER
I think I did that, but it's made no difference (what model number is it you wanted?). The
" Retrieval of "THotkey" failed.
Error code - 0x00031402, 0x00000002"
box says touchED error at the top if that means anything to you!
and another error I've noticed (sorry if this is lots of questions, tell me to get stuffed if this is something else!!) is that I now can't play videos online, I get the white box with a red cross you usually get when a pic won't load. Is this something I've deleted, or is the a seperate matter related to the fact my java seemed to do something to itself yesterday?!! It's not that important anyway, only a junk video on the FHM email!
" Retrieval of "THotkey" failed.
Error code - 0x00031402, 0x00000002"
box says touchED error at the top if that means anything to you!
and another error I've noticed (sorry if this is lots of questions, tell me to get stuffed if this is something else!!) is that I now can't play videos online, I get the white box with a red cross you usually get when a pic won't load. Is this something I've deleted, or is the a seperate matter related to the fact my java seemed to do something to itself yesterday?!! It's not that important anyway, only a junk video on the FHM email!
the missing file 00THotKey.exe is for the << > >> [] || buttons on the front of the notebook to control the media player.
It can either be disabled from auto starting if you dont use them
or if you give me the model of the notebook I will send you a link from which you can reinstall the missing files.
As far as the Java issue...yes I beleive it is related and all references to Java should be removed from Add/Remove Programs then Install the latest version from here:
http://www.java.com/en/download/windows_xpi.jsp
It can either be disabled from auto starting if you dont use them
or if you give me the model of the notebook I will send you a link from which you can reinstall the missing files.
As far as the Java issue...yes I beleive it is related and all references to Java should be removed from Add/Remove Programs then Install the latest version from here:
http://www.java.com/en/download/windows_xpi.jsp
ASKER
sorry, but I'm still not with you on the notebook. Is this related to windows media player? I think that could be what's broken, not java, as it won't play videos in that either
What is the model # of the computer? it is a notebook/laptop isnt it?
ASKER
ahh, laptop. Ok sorry, I didn't understand what you meant...I'm a bit dim ;-)
Is Toshiba Satellite 2450-201 what you're looking for? Or is that just the model...?!
Is Toshiba Satellite 2450-201 what you're looking for? Or is that just the model...?!
What is the model # of the computer? it is a notebook/laptop isnt it?
yes thats it
http://uk.computers.toshiba-europe.com/cgi-bin/ToshibaCSG/download_driver_details.jsp?service=UK&selCategory=2&selFamily=2&selSeries=116&selProduct=493&language=13&selOS=10&selType=194&yearupload=&monthupload=&dayupload=&useDate=null&mode=allMachines&search=&action=search&macId=&country=40&selectedLanguage=13&type=194&page=1&ID=22091&OSID=10&driverLanguage=13
download and install before trying anthing else
http://uk.computers.toshiba-europe.com/cgi-bin/ToshibaCSG/download_driver_details.jsp?service=UK&selCategory=2&selFamily=2&selSeries=116&selProduct=493&language=13&selOS=10&selType=194&yearupload=&monthupload=&dayupload=&useDate=null&mode=allMachines&search=&action=search&macId=&country=40&selectedLanguage=13&type=194&page=1&ID=22091&OSID=10&driverLanguage=13
download and install before trying anthing else
ASKER
I downloaded it and unzipped it, but double clicking on the windowsXP file's contents doesn't seem to do anything, and I still get the error on startup. I take it it is the TFnF5 file I'm supposed to be opening?
as for the java, I've uninstalled and reinstalled it but it's mad no difference. Could it be the codec I vaguely remember deleting. Either way, it's a seperate problem and i've caused you enough trouble for these 185 points (you deserve 1000 with the patience you've shown but I'm afraid I don't have them!). I'll just reinstall media player or something drastic :-D
as for the java, I've uninstalled and reinstalled it but it's mad no difference. Could it be the codec I vaguely remember deleting. Either way, it's a seperate problem and i've caused you enough trouble for these 185 points (you deserve 1000 with the patience you've shown but I'm afraid I don't have them!). I'll just reinstall media player or something drastic :-D
ASKER
Just read the readme...
Installation
Provide general installation instruction first.
The SD host controller driver should be installed first. After installing the SD host controller driver,we can install the SD memory card driver. Each driver can be installed as follows operations.
1.Open the Windows Explorer
2.Browse to the right language folder under Toshiba Hotkey for Display Devices
3.Mark the Tfnf5Wxp.inf File
4.Click the right mouse button than select "Install"
What's the SD host controller driver? Right clcking doesn't give an install option, and choosing open does nothing
Installation
Provide general installation instruction first.
The SD host controller driver should be installed first. After installing the SD host controller driver,we can install the SD memory card driver. Each driver can be installed as follows operations.
1.Open the Windows Explorer
2.Browse to the right language folder under Toshiba Hotkey for Display Devices
3.Mark the Tfnf5Wxp.inf File
4.Click the right mouse button than select "Install"
What's the SD host controller driver? Right clcking doesn't give an install option, and choosing open does nothing
you must extract the files to another directory before attempting to install
but I am not postive that is the one you need ( either way it wont hurt anything to install it)
try this one to:
http://uk.computers.toshiba-europe.com/cgi-bin/ToshibaCSG/download_driver_details.jsp?service=UK&selCategory=2&selFamily=2&selSeries=116&selProduct=493&language=13&selOS=10&selType=all&yearupload=&monthupload=&dayupload=&useDate=null&mode=allMachines&search=&action=search&macId=&country=40&selectedLanguage=13&type=all&page=1&ID=22081&OSID=10&driverLanguage=13
(dont forget to extract it)
but I am not postive that is the one you need ( either way it wont hurt anything to install it)
try this one to:
http://uk.computers.toshiba-europe.com/cgi-bin/ToshibaCSG/download_driver_details.jsp?service=UK&selCategory=2&selFamily=2&selSeries=116&selProduct=493&language=13&selOS=10&selType=all&yearupload=&monthupload=&dayupload=&useDate=null&mode=allMachines&search=&action=search&macId=&country=40&selectedLanguage=13&type=all&page=1&ID=22081&OSID=10&driverLanguage=13
(dont forget to extract it)
ASKER
What does extract mean? The whole dowloaded products have their own files in C:\unzipped\ so is that Ok, or do I literally just take the one flie I'm using and put it in a separate file?
Also, with the second one, the thing that calls it self setup starts installshield which then asks me if I want to completely remove the selected application and all it's components? Do I want to do that or not?!!
Also, with the second one, the thing that calls it self setup starts installshield which then asks me if I want to completely remove the selected application and all it's components? Do I want to do that or not?!!
no as long as they are unzipping to a directory that is fine.
yes it is recognizing that you already have it installed. Go ahead and uninstall then reinstall
yes it is recognizing that you already have it installed. Go ahead and uninstall then reinstall
ASKER
Well the second one hasn't changed anything, and the first one still isn't giving me an install option, only open and run as, neither of which seem to do anything.
ASKER
my apologies, I'm an idiot. I wasn't right-clicking the right file, I chose the one with the prettier icon. I'll see if this has helped then...
This is a list of all available software for your model:
http://uk.computers.toshiba-europe.com/cgi-bin/ToshibaCSG/download_drivers_bios.jsp?service=UK
perhaps you can find one that sounds familiar
I feel obligated to help you on this because I told you to remove the wrong file. :(
http://uk.computers.toshiba-europe.com/cgi-bin/ToshibaCSG/download_drivers_bios.jsp?service=UK
perhaps you can find one that sounds familiar
I feel obligated to help you on this because I told you to remove the wrong file. :(
ASKER
Don't worry about it, it's not necessarily your doing anyway as I've displayed my capabilities to screw up with the media player thing!
It's only an annoying pop-up really anyway, as I don't use the keys as I never bothered to learn how to!
It's only an annoying pop-up really anyway, as I don't use the keys as I never bothered to learn how to!
ASKER
http://www.techspot.com/vb/all/windows/t-11246-TouchEd-Error.html
Is the answer by SBriggs right? Can I just try that?
Is the answer by SBriggs right? Can I just try that?
ASKER
http://forums.pcworld.co.nz/archive/index.php/t-45373.html
a better answer perhaps. Apparently it's common module I want from your list :-)
a better answer perhaps. Apparently it's common module I want from your list :-)
ok then for now just remove it from the startup list...that will get rid of the popup
did you already run Spybot again to check the startup programs?
is 00THotkey.exe still listed? if so uncheck it
start SpyBot S&D >>Mode>>Advanced>>Tools>>S ystem Startup
TOGGLE offthe one that calls 00THotKey.exe
did you already run Spybot again to check the startup programs?
is 00THotkey.exe still listed? if so uncheck it
start SpyBot S&D >>Mode>>Advanced>>Tools>>S
TOGGLE offthe one that calls 00THotKey.exe
...should have refreshed first...
cool
Common Module is in the list
go get it
cool
Common Module is in the list
go get it
ASKER
hmm, that didn't work! Can i recover the two programmes I just deleted easily?
I'll quit then while I'm ahead and close this!
I'll quit then while I'm ahead and close this!
perhaps you could try uninstall completely then reinstall Common Module
is it in the Add/Remove Progs list?
is it in the Add/Remove Progs list?
ASKER
No it's not. It was a bit strange when supposedly installing itself as I got a warning that Microsoft didn't recommend installing it as it didn't have some necessary thing to be safe.
Anyway, I reinstalled the two files, and will live with the pop up!
Thanks again for all of your time and help getting rid of spyfalcon and the other rubbish it installed on me, it's much appreciated!
Anyway, I reinstalled the two files, and will live with the pop up!
Thanks again for all of your time and help getting rid of spyfalcon and the other rubbish it installed on me, it's much appreciated!
that popup error would drive me nuts in a hurry
I would climb into spybot and play with your toggle settings for startup items until it is right
you might even try re-enabling the 00THotKey.exe one aqain
I would climb into spybot and play with your toggle settings for startup items until it is right
you might even try re-enabling the 00THotKey.exe one aqain
ASKER
Well it only comes on startup, so I just won't reboot too often!!
possibly, but it is likely that there is more
make sure to clear all 'Temp' directories and 'Temporary Internet Files'