mbyuser
-
Posts
270 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mbyuser
-
-
You should leave both Windows Update/Microsoft Update entries, the BHO you asked about is for Adobe Reader so you can view PDF files in your browser. As far as the other entries, I don't see anything that you should get rid of, save perhaps CTFMON. I know how to disable it, but it's a bit trickier than most and I'm not sure that it would be advisable unless you really know what you're doing. It requires replacing the file ctfmon.exe with a dummy file so that when the computer boots and tries to run, nothing gets executed. That being said, ctfmon uses very little resources and generally doesn't hurt system performance so it's probably not worth the trouble disabling it. I see you're using SpySweeper, it's a pretty big resource hog in it's own right, but since that's you're security software, you don't want to disable it unless you found something lighter on resources to replace it with. The same thing goes for ZoneAlarm.
thanks for clearning that up.
i could replace ctfmon with a dummy useing killbox but as you say its not useing much resources,so imo i dont think i should,i know spysweeper is a hog but it does seem to be worth it as for za i would like to use something other than za but i cant seem to get my head around setting up the rules on most others firewalls and use za because off that reason,that being said i am having issiues with za and i wish i could learn how to use somthing else,still thank you for your free time,i do appricate it.
-
i have a few questions about things on my comp i dont think i need.
could anyone tell me if i do or dont?
heres a list off start up programs,i dont think i need them all;
Located: HK_LM:Run, SoundMan
command: "SOUNDMAN.EXE"
file: C:\WINDOWS\SOUNDMAN.EXE
size: 577536
Located: HK_LM:Run, SpySweeper
command: C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray
file: C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
size: 6345840
Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1614895754-884357618-839522115-1004...
command: "C:\WINDOWS\system32\ctfmon.exe"
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size:0
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size:0
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size:0
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size:0
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size:0
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size:0
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size:0
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size:0
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size:0
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size:0
i know i dont need ctfom but dont know how to stop it reapering on reboot.
___________________________
also i have some winstock questions,i dont know if its safe to post the list i have or if thats not a good idea?
_________________
again another thing i am not sure i need is this bho
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
___________________
lastly i updated my update program but now am left with two do i need both?
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://www.update.microsoft.com/windowsupd...b?1235536745111]http://www.update.microsoft.com/windowsupd...b?1235536745111
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 16/10/2008 15:12:24
Date (last access): 12/04/2009 23:47:44
Date (last write): 16/10/2008 15:12:24
Filesize: 202776
Attributes: archive
MD5: 0006DE8037F5A562F96B461B3C557C3C
CRC32: 9B107DED
Version: 7.2.6001.788
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdat...b?1236469625250
description:
classification: Legitimate
known filename: muweb.dll
______________
i know this list a long list however if anyone could help me i would be gratefull for there free time they give to this subject.
-
reinstalled still only taking 20 mins to complete and only 4 mins on a quick scan.
is there a unistallier for malwarebytes? (to remove reg entries)
with malwarebytes being so quick to complte a full scan should i be posting in the malware forum?
-
this is something thats being a concern for myself.
i thought somthing wasnt right but nothings being found as with search & destroy/webroots antivirus/antispyware.
so i thought somehow it was down to faster/newer versions,however now i read the normal time i am very suspect.
a full scan went from 2hrs to round about 20mins.
the only thing i can think off is i did have a update issiue so instaled one update manually,but thats was a while back.
it didnt occur to me till now that might be why.
i guess i should look at reistalling and getting back if its still so quick.
in the mean time,any other suggestions as to why this is so quick?
-
i just figured out why.
could off been one of two;i.e didnt have internet acess as i use firefox and work offline was ticked.
sorry if i wasted space or tme alought mabye this might help others or nabye not.
again sorry for any wasted time.
-
i no longer need a reply to this.
thank you for your time.
-
i cant update malwarebytes,i did notice my home page went back to defaults.
i am not sure why this happened i dont think its down to malware,it mabye a mistake on my end however i am really not sure,ive been working hard to disifect my daughters laptop and got a bit exhaused doing so and may off made a mistake,still dont think i did.
i did notice somthing about m/bytes useing i.e and changeing the settings hence mentiong the home page point,i am not sure if any changes where made to i.e.
also read about ceratin process blocking m/bytes but i cant find any.
(will inc log off process just in case)
i unistalled m/bytes and reinstalled to no avail
i was thinking about unistalling then removing the folder or useing revosetup to remove all traces off m/bytes but this is a last resort as this program is pretty powerfull and may not be a good idea,if i can sort this out without re-installing (just formatted) revosetup
i would obviosly prefer
log off runnng process;
Process PID CPU Description Company Name
System Idle Process 0 98.46
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 368 Windows NT Session Manager Microsoft Corporation
csrss.exe 436 Client Server Runtime Process Microsoft Corporation
winlogon.exe 460 Windows NT Logon Application Microsoft Corporation
services.exe 504 Services and Controller app Microsoft Corporation
WRConsumerService.exe 664 WRConsumerService Webroot Software, Inc.
svchost.exe 680 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 752 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 788 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 844 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 936 Generic Host Process for Win32 Services Microsoft Corporation
vsmon.exe 956 TrueVector Service Check Point Software Technologies LTD
spoolsv.exe 1400 Spooler SubSystem App Microsoft Corporation
svchost.exe 1632 Generic Host Process for Win32 Services Microsoft Corporation
SpySweeper.exe 1708 Spy Sweeper Engine Webroot Software, Inc. (www.webroot.com)
SSU.exe 1100 Spy Sweeper SSU Webroot Software, Inc. (www.webroot.com)
alg.exe 1196 Application Layer Gateway Service Microsoft Corporation
lsass.exe 516 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1360 Windows Explorer Microsoft Corporation
soundman.exe 1816 Realtek Sound Manager Realtek Semiconductor Corp.
zlclient.exe 1824 ZoneAlarm Client Check Point Software Technologies LTD
SpySweeperUI.exe 1832 Spy Sweeper Client Executable Webroot Software, Inc.
ctfmon.exe 1840 CTF Loader Microsoft Corporation
firefox.exe 672 Firefox Mozilla Corporation
procexp.exe 3100 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
any help would obviously be appricated.
-
my daughter brought her laptop around,she had been on the net without a firewall.
i removed a hack tool named kill/app and two viruses maskerading as sound max and the about blank trojan and about 130 tracking cookies.
i am not sure i got it all and her mums giving me a headache as she doesnt undertand the need for firewalls,antivirus & malware apps,nor even updateing cirital updates and keeps asking why its taking me so long,and wants me to get it back asap.
(no mall intent ment towards her mum,shes her mum and i am not critisng her one iota,just trying to explian why i need help asap)
i know its your free time and lots off pps need help,so i do feel a bit guilty about asking.
i updated the laptop and installed a anti virus program/spware remover and malwarebytes.
still i dont think i got everthing,can you please help me.i piad
-
thanks for your freely given time.
and agin thank you for clearing that up.
imo i think its a exelent idea that m/bytes put it back in place,mabye old but to me its a new way off going about things and i would rather it put it back than rip out somthing if you kwim.
as you say i do have the option to put it into the ignore list.
rather than a string of questions if its not out off order i might as well ask in this reply
(i will have some questions as my daugher has brought her laptop around~what a mess)
the module that m/bytes offers with the paid product would it clash with webroots spysweeper & anti virus?
agiain thanks for your FREELY given time.
-
if i choose to hide the help and support option on the start menu i get told its been hijacked.
it hasnt i choose to hide it as i dont want it on the menu.
m/bytes puts it back on the start menu.
all good nothing serious but just thought i would post this info.
i dont think you need the developers log (i am not being rude one iota)
just put simply i explianed how this error happens alought i am no expert,so if it is wanted please ask and i will provide.
log off incdent;
Malwarebytes' Anti-Malware 1.34
Database version: 1841
Windows 5.1.2600 Service Pack 3
12/03/2009 23:01:32
mbam-log-2009-03-12 (23-01-32).txt
Scan type: Full Scan (C:\|)
Objects scanned: 85796
Time elapsed: 25 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
btw greart product and thats for the free time given to all subjects.
best wishes.
mbyuser.
errors
in General Windows PC Help
Posted
i dont know where to post this as i think its due to errors and not malware.
my firewall logs says that scvhost is constaly trying to connect (incomming) a few times ok but its not a few its a extreme ammount lot,and they seem to be comming form two ips addays with only one digit difference.
also exploer keeps trying to connect (outgoing) & (data).
i also have a heck off a lot off routed attacks and i am not on a router.
za keeps tring to look for updates even thoug i have set it to manual.
i also have this poping up on each boot;
(warning in webroots logs) Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ZoneAlarm Client. Failure: SRegSetDataFailed -1- i have asked za about this but got no responce and i did wait two to three weeks.
i know spysweeper says my version off za is currpted but each and every time i try i cant get anything other than a currpted version not matter witch browser i use.and i dont know how to set up the rules on the other firewalls i have tried in the past correctly,i have tried and made a mess off my system.
i know i have low level spyware on my comp (my way my search bar that pc pitstops extremte scaner is picking up)
and i also get told that i have 4 pups but i cant see the logs to see what its reffering to alought i am not asking to be rid off this here i only post this info so all the info i post is comphemisible (sp)
malware bytes,search and destroys,my owed copy off webroots spysweeper and panda free scan isnt showing anything but i would expect that as its low level.
i would like to rid myself off this search bar and find out what is on my comp thats demmed pups but as said i am not asking for help on this in this forum.
pc pit stop is alerting me to this;It appears that the Windows Management Instrumentation (WMI) configuration on this system is damaged or being blocked by another program.pcs pitstop would not reg scan either;The registry information for Exterminate2 appears to be missing.
"This can occur if the Exterminate2 is copied to another system without using the installer,
or if program installation fails because of registry permission issues."
reinstalling didnt help but that mabye due to the wmi issiue.
i did run the wmi utitly but the log contains information i dont know is safe to post.
sorry if i have posted incorrectly.
(please excue my spelling)