Kerespup's problems thread

[kerespup]

Hello, it's me again... to stop me from posting several topics for my problems, I'll just stick to this one new topic for all my problems from now and on the future.

February 24 2007:

I seem to have acquired a virus or malware or whatever again. My Trend Micro PC-Cillin keeps on showing something about MS04-011, and that it has been blocked and what-so-ever.

Image:http://i12.photobucket.com/albums/a210/kerespup/ss.jpg

=========================================
Also, aside from that, I cannot seem to open my Windows Firewall anymore, and no, I don't have any other firewall so it must be the virus...

Screenshot:http://i12.photobucket.com/albums/a210/kerespup/ss1.jpg
=========================================

Another problem is that whenever I copy, paste, rename or do something likewise, Roxio appears and does something weird:

Screenshot:http://i12.photobucket.com/albums/a210/kerespup/ss2.jpg

=========================================

Here I will now post my HJT and AVG logs just as anyone would request me to do.

 

[raybay]

MS04-011 is a Microsoft security bulletin. If you go to www.microsoft.com you will perhaps get the info you need from their knowledge base.

 

[kerespup]

Somehow I'm having a small problem. My browser won't seem to open any sites except specific ones...

 

[howard_hopkinso]

Your HJT log is clean.

The reason you can`t get Windows firewall to work, is because you already have Trend`s firewall running, which is a hell of a lot better than the Windows firewall, so don`t worry about that.

As far as your copy and paste issue with Roxio goes, uninstall and reinstall Roxio and see if that helps.

Run Windows updates and install any security updates.

Regards Howard

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kerespup]

Somehow I have doubts in my Trend... it never defended my computer from anything before...

How about the sasser problem?

And the sudden "can't open" some sites like microsoft. So far this is the only site I can open.

 

[howard_hopkinso]

This is taken from your HJT log. It quite clearly shows you are running the Trend firewall. This will have automatically disabled the Windows firewall, as it`s designed to do. It`s not recommended to run more than one firewall at the same time, so forget about the the crap Windows firewall and continue to run the Trend firewall.

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

The clue is in the filename TmPfw.exe=Trend micro personal firewall.

As regards your lsass problem, not to be confused with the sasser virus. Do like I said and run Windows updates and install all security patches.

Regards Howard

 

[kerespup]

Something new:

I have this thing in O17 and it never disappears no matter how much I fix it. How do I fix it for good Mr. Hopkins?

 

[howard_hopkinso]

This is the info on that 017 entry, do you recognise it?

210.14.16.2
address: Philippine Long Distance Telephone Company
address: 14/F Ramon Cojuangco Building
address: Makati Avenue, Makati City 1200, Philippines
address: PLDT Co.
address: 3/F MGO Bldg., Legaspi cor. Dela Rosa Sts., Makati City 1229
address: PLDT Co., 3/F MGO Bldg., Legaspi cor Dela Rosa Sts., Makati City
address: PLDT Co., 3/F MGO Bldg., Legaspi cor. Dela Rosa Sts., Makati City
address: PLDT Co., 3/F MGO Bldg., Legaspi cor Dela Rosa Sts, Makati City 1229
address: PLDT Co., 3/F MGO Bldg., Legaspi cor Dela Rosa Sts., Makati City

If you don`t recognise the above, do the following.

Download AproposFix from the following link -> http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop, but do NOT run it yet.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.


Doubleclick the aproposfix.exe and unzip it to the desktop.

Open the AproposFix folder on your desktop and doubleclick the file RunThis.bat.Follow the instuctions.

When it is ready, restart your computer normally.

Post a fresh HJT log.

Regards Howard

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kerespup]

Oh... so it's from the Phone Company...

Now I have an even bigger problem...

EVER SINCE I UNINSTALLED THAT DAMN ROXIO PROGRAM, MY WINDOWS WON'T START ANYMORE!!!! DAAAAMMIT!!!! AND I HAVE TO FINISH SOMETHING IMPORTANT ON MY COMPUTER RIGHT NOW OR IT'S MY JOB!!!! >.<

THE WHOLE THING GOES TO THAT PART WHERE IT LET'S ME CHOOSE BETWEEN SAFEMODE OR NORMAL, THEN WHATEVER I CHOOSE IT WON'T LOAD AT ALL.

IF I CHOOSE THE SAFEMODE, THOSE FILES APPEAR AND THEN AFTER A WHILE, CLINK! NOTHING!

IF I CHOOSE NORMAL MODE, MY LOADING SCREEN APPEARS AND THEN AFTER THAT, CLINK! NOTHING!!!

I'M SERIOUSLY GONNA GO MAD AROUND THE HOUSE IF I CAN'T FIX THIS BY TODAY! X_X

 

[howard_hopkinso]

That`s not good.

Try doing a Windows repair as per this thread HERE.

Regards Howard

 

[kerespup]

One question, if I do the windows repair, do I lose all my files?

And... hmm... get the windows CD huh?... 3 day boat ride from here...

..........

Time to sacrifice family to the Computer God by burning them on the stake.

Anyways, back to my first question...

If I do windows repair... does that delete everything?

 

[howard_hopkinso]

All you`ll lose by doing a Windows repair, is any Windows updates you`ve done since installing Windows. In other words, you`ll need to run windows updates again after you`ve finished. Obviously, as with any major undertaking, backing up your important data is a sensible precaution to take. However, since you can`t get into Windows, I realise this may be difficult or impossible.

Regards Howard

 

[kerespup]

Oh thank you for the advice Mr. Hopkins.

tweaks_sav from in another topic I posted helped me out :3 It actually was coz of my CD Rom since it still had Roxio in its mind... x.x

:3 Thanks too for all the help you've done for me so far :3

XD *has a list of 1000 things to fix*

 

[kerespup]

Waaaaaa!!!

My problem just got EXTREMELY bigger!

Because of my neighbors' welding hobbies, they ended up flactuating the electricity and made my computer's power supply break ;__; what's more is that my uncle says it affected the hard drive a bit...

Does this mean that all my files disappear??!?

NOOOOOOOOOOOOOO!!!!

 

[howard_hopkinso]

I sincerely hope you haven`t lost your data.

You need to open a new thread for this problem in the appropriate forum.

Good luck.

Regards Howard

 

[kerespup]

Okay, well, our files didn't go missing, but now I'm experiencing low speed and the like. Here's my HJT log.

 

[howard_hopkinso]

Your HJT log is clean.

Go and read this thread HERE and see if it helps.

If it doesn`t, please open a new thread in our Windows OS forum.

Regards Howard

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kerespup]

:/ I don't know if this is a problem or not... but....

I'm starting to have this problem wherein I can't seem to go to other sites but this one...

Can't seem to access certain sites like Google and such.

 

[howard_hopkinso]

You best post a fresh HJT log as per these instructions.

Regards Howard

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kerespup]

Ummm, the previous thing was a problem with the ISP

but ummm... just to ask, where do I ask for some files to be scanned?

I received this file from my "friend" who claims to have made this AntiSpyWare program.

I just want someone to scan it for me, to be on the safe side.

KeanFlow.AntiSpy_Dragon_pack_trial by DragonCombat

*swt* The name already has me confused.

 

[howard_hopkinso]

Your link doesn`t work.

Personally, I wouldn`t touch it with a barge pole. Stick to the tried and tested antispyware programmes. I`m not saying there`s anything wrong with it, but a cautious approach is the best way to proceed.

If you`ve already downloaded the programme, you can scan it with all your antivirus/antispyware programmes. If you`ve installed it, I suggest you uninstall it and post a fresh HJT log.

Regards Howard

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kerespup]

Well, I opened it up it contains the Anti-keylogger v7.4 by Raytown Corporation LLC. But it comes with these 3 Text files:

license.txt

Anti-keylogger for Windows 2000/XP

   Producted by Dragon


	This software 100% to protect key logger and spyware that will be causted ip address crashed...

ORDER.txt

Anti-keylogger Dragon pACK : how to order
=========================================

Register ? plz contact mE At dgenerationx808@yahoo.com

README.txt

Anti-keylogger v7.4
===================

General product description:
----------------------------

Anti-keylogger for Microsoft Windows 2000/XP provides every computer 
with strong protection against all types of keylogging programs 
(software keyloggers), both known and unknown, currently in use or 
being developed at the present moment.

Anti-keylogger is capable to buck various types of keylogging programs
possibly included in any commercial, shareware, freeware products, as
well as in Trojan horses, viruses of very different operation
principles. Due to the Anti-keylogger's protection spy software will
not be able to record and steal your sensitive information, passwords,
logins, PIN (Personal Identification Number) etc.

Since Anti-keylogger does not use any signature bases, it can protect
against even unknown software keyloggers!

Anti-keylogger works transparently for the user and silently, asking
the user no questions thus excluding the probability of an error when
making a decision.

Anti-keylogger has the following unique features that favorably
distinguish it from other anti-spy products:

 - No signature base
 - Full UNICODE support
 - Multiprocessor & hypherthreading architectures support
 - Windows 2000/XP support
 - Transparent "on-the-fly" protection
 - Instant and constant protection
 - Protection against keystroke capturing
 - Protection against windows text capturing
 - Protection against clipboard capturing
 - Fast and easy installation and configuration
 - Free upgrades and lifetime support
 - Multilanguage interface
 - 30 Day money back guarantee

The anti-keylogging protection starts instantly at the moment of the
operating system loading and before the user logs in the system; it
automatically deactivates all the running keylogging programs.

Fix by Dragon

If you'll ask who Dragon is, he's this one 'friend' I have. DragonCombat is the main alias of him.

 

[howard_hopkinso]

I`ve already given you my opinion. I wouldn`t touch it with a barge pole.

It would probably be prudent to run all scans in these instructions and post the requested logfiles.

Regards Howard

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kerespup]

Brontok again???

I'm using some other computer this time, and it seems it has the symptom of the Folder Options disappearing, the run function not working and all that. Thanks in advanced.

Here's the hjt log and AVG log:

 

[momok]

Hi,

Download LSPFix from http://cexx.org/lspfix.htm
1. Disconnect from the Internet, go to the LSPfix file and extract/unzip LSP-Fix into its own folder [C:\lspfix].
2. Open the lspfix folder and double-click on LSPFix.exe to start the program.
3. Check the "I know what I am doing" checkbox.
4. Select (highlight) all instances of 'nwprovau.dll' in the left column under "Keep".
5. Click the arrow >> so it goes over to the right column under "Remove".
6. Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.
7. Restart your computer

Have HijackThis fix the following:
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

Please post fresh HijackThis and ComboFix logs as attachments to this thread in your next post.


Regards,
Your friendly Momok =)

This thread is for the use of kerespup only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.