TechSpot

Kerespup's problems thread

By kerespup
Feb 24, 2007
Topic Status:
Not open for further replies.
  1. Hello, it's me again... to stop me from posting several topics for my problems, I'll just stick to this one new topic for all my problems from now and on the future.

    February 24 2007:

    I seem to have acquired a virus or malware or whatever again. My Trend Micro PC-Cillin keeps on showing something about MS04-011, and that it has been blocked and what-so-ever.

    Image:http://i12.photobucket.com/albums/a210/kerespup/ss.jpg

    =========================================
    Also, aside from that, I cannot seem to open my Windows Firewall anymore, and no, I don't have any other firewall so it must be the virus...

    Screenshot:http://i12.photobucket.com/albums/a210/kerespup/ss1.jpg
    =========================================

    Another problem is that whenever I copy, paste, rename or do something likewise, Roxio appears and does something weird:

    Screenshot:http://i12.photobucket.com/albums/a210/kerespup/ss2.jpg

    =========================================

    Here I will now post my HJT and AVG logs just as anyone would request me to do.
  2. raybay

    raybay TS Evangelist Posts: 10,716   +6

    MS04-011 is a Microsoft security bulletin. If you go to www.microsoft.com you will perhaps get the info you need from their knowledge base.
  3. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    Somehow I'm having a small problem. My browser won't seem to open any sites except specific ones...
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is clean.

    The reason you can`t get Windows firewall to work, is because you already have Trend`s firewall running, which is a hell of a lot better than the Windows firewall, so don`t worry about that.

    As far as your copy and paste issue with Roxio goes, uninstall and reinstall Roxio and see if that helps.

    Run Windows updates and install any security updates.

    Regards Howard :)

    This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    Somehow I have doubts in my Trend... it never defended my computer from anything before...

    How about the sasser problem?

    And the sudden "can't open" some sites like microsoft. So far this is the only site I can open.
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    This is taken from your HJT log. It quite clearly shows you are running the Trend firewall. This will have automatically disabled the Windows firewall, as it`s designed to do. It`s not recommended to run more than one firewall at the same time, so forget about the the crap Windows firewall and continue to run the Trend firewall.

    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

    The clue is in the filename TmPfw.exe=Trend micro personal firewall.

    As regards your lsass problem, not to be confused with the sasser virus. Do like I said and run Windows updates and install all security patches.

    Regards Howard :)
  7. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    Something new:

    I have this thing in O17 and it never disappears no matter how much I fix it. How do I fix it for good Mr. Hopkins?
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    This is the info on that 017 entry, do you recognise it?

    210.14.16.2
    address: Philippine Long Distance Telephone Company
    address: 14/F Ramon Cojuangco Building
    address: Makati Avenue, Makati City 1200, Philippines
    address: PLDT Co.
    address: 3/F MGO Bldg., Legaspi cor. Dela Rosa Sts., Makati City 1229
    address: PLDT Co., 3/F MGO Bldg., Legaspi cor Dela Rosa Sts., Makati City
    address: PLDT Co., 3/F MGO Bldg., Legaspi cor. Dela Rosa Sts., Makati City
    address: PLDT Co., 3/F MGO Bldg., Legaspi cor Dela Rosa Sts, Makati City 1229
    address: PLDT Co., 3/F MGO Bldg., Legaspi cor Dela Rosa Sts., Makati City

    If you don`t recognise the above, do the following.

    Download AproposFix from the following link -> http://swandog46.geekstogo.com/aproposfix.exe
    Save it to your desktop, but do NOT run it yet.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.


    Doubleclick the aproposfix.exe and unzip it to the desktop.

    Open the AproposFix folder on your desktop and doubleclick the file RunThis.bat.Follow the instuctions.

    When it is ready, restart your computer normally.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    Oh... so it's from the Phone Company...

    Now I have an even bigger problem...

    EVER SINCE I UNINSTALLED THAT DAMN ROXIO PROGRAM, MY WINDOWS WON'T START ANYMORE!!!! DAAAAMMIT!!!! AND I HAVE TO FINISH SOMETHING IMPORTANT ON MY COMPUTER RIGHT NOW OR IT'S MY JOB!!!! >.<

    THE WHOLE THING GOES TO THAT PART WHERE IT LET'S ME CHOOSE BETWEEN SAFEMODE OR NORMAL, THEN WHATEVER I CHOOSE IT WON'T LOAD AT ALL.

    IF I CHOOSE THE SAFEMODE, THOSE FILES APPEAR AND THEN AFTER A WHILE, CLINK! NOTHING!

    IF I CHOOSE NORMAL MODE, MY LOADING SCREEN APPEARS AND THEN AFTER THAT, CLINK! NOTHING!!!

    I'M SERIOUSLY GONNA GO MAD AROUND THE HOUSE IF I CAN'T FIX THIS BY TODAY! X_X
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    That`s not good.

    Try doing a Windows repair as per this thread HERE.

    Regards Howard :)
  11. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    One question, if I do the windows repair, do I lose all my files?

    And... hmm... get the windows CD huh?... 3 day boat ride from here...

    ..........

    Time to sacrifice family to the Computer God by burning them on the stake.

    Anyways, back to my first question...

    If I do windows repair... does that delete everything?
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    All you`ll lose by doing a Windows repair, is any Windows updates you`ve done since installing Windows. In other words, you`ll need to run windows updates again after you`ve finished. Obviously, as with any major undertaking, backing up your important data is a sensible precaution to take. However, since you can`t get into Windows, I realise this may be difficult or impossible.

    Regards Howard :)
  13. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    Oh thank you for the advice Mr. Hopkins.

    tweaks_sav from in another topic I posted helped me out :3 It actually was coz of my CD Rom since it still had Roxio in its mind... x.x

    :3 Thanks too for all the help you've done for me so far :3

    XD *has a list of 1000 things to fix*
  14. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    Waaaaaa!!!

    My problem just got EXTREMELY bigger!

    Because of my neighbors' welding hobbies, they ended up flactuating the electricity and made my computer's power supply break ;__; what's more is that my uncle says it affected the hard drive a bit...

    Does this mean that all my files disappear??!?

    NOOOOOOOOOOOOOO!!!!
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I sincerely hope you haven`t lost your data. :(

    You need to open a new thread for this problem in the appropriate forum.

    Good luck.

    Regards Howard :)
  16. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    Okay, well, our files didn't go missing, but now I'm experiencing low speed and the like. Here's my HJT log.
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is clean.

    Go and read this thread HERE and see if it helps.

    If it doesn`t, please open a new thread in our Windows OS forum.

    Regards Howard :)

    This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  18. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    :/ I don't know if this is a problem or not... but....

    I'm starting to have this problem wherein I can't seem to go to other sites but this one...

    Can't seem to access certain sites like Google and such.
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You best post a fresh HJT log as per these instructions.

    Regards Howard :)

    This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  20. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    Ummm, the previous thing was a problem with the ISP

    but ummm... just to ask, where do I ask for some files to be scanned?

    I received this file from my "friend" who claims to have made this AntiSpyWare program.

    I just want someone to scan it for me, to be on the safe side.

    KeanFlow.AntiSpy_Dragon_pack_trial by DragonCombat

    *swt* The name already has me confused.
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your link doesn`t work.

    Personally, I wouldn`t touch it with a barge pole. Stick to the tried and tested antispyware programmes. I`m not saying there`s anything wrong with it, but a cautious approach is the best way to proceed.

    If you`ve already downloaded the programme, you can scan it with all your antivirus/antispyware programmes. If you`ve installed it, I suggest you uninstall it and post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  22. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    Well, I opened it up it contains the Anti-keylogger v7.4 by Raytown Corporation LLC. But it comes with these 3 Text files:

    license.txt
    Code:
    Anti-keylogger for Windows 2000/XP
    
       Producted by Dragon
    
    
    	This software 100% to protect key logger and spyware that will be causted ip address crashed...

    ORDER.txt
    Code:
    Anti-keylogger Dragon pACK : how to order
    =========================================
    
    Register ? plz contact mE At dgenerationx808@yahoo.com
    README.txt
    Code:
    Anti-keylogger v7.4
    ===================
    
    General product description:
    ----------------------------
    
    Anti-keylogger for Microsoft Windows 2000/XP provides every computer 
    with strong protection against all types of keylogging programs 
    (software keyloggers), both known and unknown, currently in use or 
    being developed at the present moment.
    
    Anti-keylogger is capable to buck various types of keylogging programs
    possibly included in any commercial, shareware, freeware products, as
    well as in Trojan horses, viruses of very different operation
    principles. Due to the Anti-keylogger's protection spy software will
    not be able to record and steal your sensitive information, passwords,
    logins, PIN (Personal Identification Number) etc.
    
    Since Anti-keylogger does not use any signature bases, it can protect
    against even unknown software keyloggers!
    
    Anti-keylogger works transparently for the user and silently, asking
    the user no questions thus excluding the probability of an error when
    making a decision.
    
    Anti-keylogger has the following unique features that favorably
    distinguish it from other anti-spy products:
    
     - No signature base
     - Full UNICODE support
     - Multiprocessor & hypherthreading architectures support
     - Windows 2000/XP support
     - Transparent "on-the-fly" protection
     - Instant and constant protection
     - Protection against keystroke capturing
     - Protection against windows text capturing
     - Protection against clipboard capturing
     - Fast and easy installation and configuration
     - Free upgrades and lifetime support
     - Multilanguage interface
     - 30 Day money back guarantee
    
    The anti-keylogging protection starts instantly at the moment of the
    operating system loading and before the user logs in the system; it
    automatically deactivates all the running keylogging programs.
    
    Fix by Dragon
    If you'll ask who Dragon is, he's this one 'friend' I have. DragonCombat is the main alias of him.
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I`ve already given you my opinion. I wouldn`t touch it with a barge pole.

    It would probably be prudent to run all scans in these instructions and post the requested logfiles.

    Regards Howard :)

    This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  24. kerespup

    kerespup TS Rookie Topic Starter Posts: 52

    Brontok again???

    I'm using some other computer this time, and it seems it has the symptom of the Folder Options disappearing, the run function not working and all that. Thanks in advanced.

    Here's the hjt log and AVG log:
  25. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Download LSPFix from http://cexx.org/lspfix.htm
    1. Disconnect from the Internet, go to the LSPfix file and extract/unzip LSP-Fix into its own folder [C:\lspfix].
    2. Open the lspfix folder and double-click on LSPFix.exe to start the program.
    3. Check the "I know what I am doing" checkbox.
    4. Select (highlight) all instances of 'nwprovau.dll' in the left column under "Keep".
    5. Click the arrow >> so it goes over to the right column under "Remove".
    6. Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.
    7. Restart your computer

    Have HijackThis fix the following:
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    Please post fresh HijackThis and ComboFix logs as attachments to this thread in your next post.


    Regards,
    Your friendly Momok =)

    This thread is for the use of kerespup only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.