Computer Support Forum

Bunch Of Different Virus's Hjt File Inside

Question: Bunch Of Different Virus's Hjt File Inside

So I downloaded some program off of Limewire and now everything is messed up. When you try to open internet explorer its very slow. It goes to the homepage and then a bunch of pop ups come. I also get error messages such as microsoft C++ buffer underrun error. The popups are like this...http://www.interracialsingles.net/in...D1909&opt=6943 or CID Popups and others. also my desktop background is just the white error that says restore to active desktop I click it and get another error message. How do i fix all this. Am i gonna use Hijackthis and Combofix?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:52, on 2008-02-04Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\Fonts\svchost.exeC:\Program Files\AIM\aim.exeC:\Program Files\Orb Networks\Orb\bin\OrbTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\Fonts\svchost.exeC:\Program Files\Drmupgds\Drmupgds.exeC:\Program Files\ASUS WiFi-AP Solo\RtWLan.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Orb Networks\Orb\bin\Orb.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\limewire\limewire.exeC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\rundll32.exeC:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\U74CKH7L\HiJackThis[1].exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: {d92a6334-bebc-a6cb-f294-431d0fb388e0} - {0e883bf0-d134-492f-bc6a-cbeb4336a29d} - C:\WINDOWS\system32\pojhkyuy.dllO2 - BHO: (no name) - {24C61C09-62C0-42ED-B640-53F7FEC9098A} - C:\WINDOWS\system32\iifeefd.dllO2 - BHO: (no name) - {27EB87B7-2C51-4337-9BBA-794CFC4CB694} - C:\Program Files\Common Files\home83122.dllO2 - BHO: (no name) - {2e3b89ea-e180-4628-8ca8-5a8c94dfe69d} - C:\WINDOWS\system32\jlithob.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO2 - BHO: (no name) - {76A6E582-0173-4617-84A0-6437AABAE342} - C:\Program Files\Common Files\home4444.dllO2 - BHO: (no name) - {7A6217A0-041B-4AA7-816D-0602FE93F012} - C:\WINDOWS\system32\mllji.dllO2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iqdblysv.dllO2 - BHO: 0 - {B16C1992-E89C-4FF9-48B2-248F4FDE3543} - C:\Program Files\Internet Explorer\laxuki190.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKLM\..\Run: [watelkj] C:\WINDOWS\system32\watelkj.exeO4 - HKLM\..\Run: [o] C:\WINDOWS\system32\o.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\long upload.exeO4 - HKLM\..\Run: [MODE FREE BIRD SURF] C:\Documents and Settings\All Users\Application Data\beep axis mode free\Grim third.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exeO4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257O4 - HKLM\..\Run: [ec731d21] rundll32.exe "C:\WINDOWS\system32\ecxfvnhg.dll",bO4 - HKLM\..\RunServices: [watelkj] C:\WINDOWS\system32\watelkj.exeO4 - HKLM\..\RunServices: [o] C:\WINDOWS\system32\o.exeO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [logo link] C:\DOCUME~1\VALUED~1\APPLIC~1\FINDOK~1\Hold Log.exeO4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exeO4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cabO16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6CE3FB5E-A75E-430E-8347-262B2620F726}: NameServer = 192.9.9.3O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO20 - Winlogon Notify: iifeefd - C:\WINDOWS\SYSTEM32\iifeefd.dllO20 - Winlogon Notify: iqdblysv - C:\WINDOWS\SYSTEM32\iqdblysv.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\prohdyxe.htmlO24 - Desktop Component 1: (no name) - C:\Program Files\ComPlus Applications\prohdyxe.html--End of file - 10346 bytes

Relevance 100%
Preferred Solution: Bunch Of Different Virus's Hjt File Inside

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Bunch Of Different Virus's Hjt File Inside

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

19 more replies
Relevance 60.68%

Hi,

I am setting up a backup system for my pc, backsup to a remote machine via ftp. The files to backup will be compressed into a zip file and then backed up to the remote machine. My question is, if my pc gets infected with a virus and those files backed up to the remote machine, will the virus infect the remote machine as well ? (if the files are not unzipped on the remote machine & both machines running on windows Xp pro). Appreciate any help or suggestions in this.

Regards
Sudhi

Answer:Virus inside a rar or zip file

No, malware inside a ZIP or RAR file can't infect a machine, unless you extract the malware (and execute it).

So in your case, the simple fact of storing a ZIP backup on a remote machine will not infect that remote machine.

That's why malware researchers share malware samples in password-protected ZIP files.

2 more replies
Relevance 59.86%

Everytime I start my computer my background is changed and it says I have spayware and that I need to remove it. Also my screen saver is roaches eating the screen and I can never change it. Please help
 

Answer:Idk what the virus is but my hijack file is inside.

Hi tony82x,
Welcome to Major Geeks!

I'm making a bug collection, so if you'd like to contribute, please attach a screen shot of the bugs with your next post. Then please continue as follows:

Go to the READ & RUN ME FIRST and work through all the instructions. If there is something you can't do, just make a note of what happens to tell us later and then continue on. When you're finished, use the Manage Attachments button down below the reply window to attach your logs. If you get all four logs, you'll need to post twice, because you can only attach three logs with each post.

Thanks.
abri
 

26 more replies
Relevance 59.04%

the folders when you right click and click properties it is 0 size, or the folder is empty but the file is inside. but i can not open the files, when i right click it just has open with, folder synchronization, send to no other features as usual.And it spread to other files and folders. and when i burn it with Nero, it failed it said the file is too

PLEASE HELP, HOW TO REMOVE THE VIRUS!

Thx.

Answer:New Virus: The Folder is Empty but the file is inside

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 59.04%

hey guys, i got attacked by some virus or trojan or whatever it was, got some services removed and i need some reg keys to restore them....

If you are on Windows 7 x64 sp1, just go here in regedit;

HKEY_LOCAL_MACHINE\SYSTEM\CurrenControlSet\

and export the services subfolder and paste it up in a reply!

All the headache from trying to fix this with solutions now, i think im missing some vital part and only the right registry files can fix.

make sure you are on 7 x64 sp1...

thanks.

Answer:Got a virus, need a reg file, Windows 7 x64 sp1, directions inside.

Hello dek

Here you go hope it helps
Services.zip

Danny

3 more replies
Relevance 59.04%

currently, I'm using CA Security suite, I'm wondering if I can use the anti-virus to scan the inside of a RAR file, which composed of dozens of files, and confirm if there is a virus inside the packed rar file or not
 

Answer:Can anti-virus scan the inside of a RAR or zip file?

NOD32 does... perhaps the CA cra--- uhmmm... product has an option to scan inside archives that needs to be enabled (seems like it should be on by default; it is with NOD32).
 

6 more replies
Relevance 58.63%

I got a powerpoint in an email attachment, virustotal reports a zip file inside...
 
1.) Is there always a .zip file inside powerpoints?
2.) What malicious benefit could a zip file provide?
3.) How can I alalize the ZIP compressed archive (2.5%)
 
ssdeep
1536:d98NvL6Ra3cQewv87TClJ2HsrwRKbbEBbfnCY9Gbt09bfmh4jVuJTVxZbbFH5T14:dfJR4EBfnCK+JTVxZbb59q5/nfcQtb
 
TrID
PowerPoint Microsoft Office Open XML Format document (97.4%)ZIP compressed archive (2.5%)
 
F-Prot packer identifier
appended
 
ExifTool
SharedDoc................: No
Title....................: MEMORY
HyperlinksChanged........: No
TitlesOfParts............: Office Theme, MEMORY, What is Memory, Memory involved three fundamental processes, The stage model of Memory, Sensory Memory, Sensory Memory, Sensory Memory, Short-Term Memory, Short-Term Memory, Short-Term Memory, Short-Term Memory Working Memory, Long-term Memory, Long-Term Memory, Long-Term Memory Transforming or encoding memory, Long-Term Memory Types of Information, Long-Term Memory Subsystems, Maintenance Rehearsal , Elaborate Rehearsal , Retrieval , PowerPoint Presentation, PowerPoint Presentation, Encoding Specificity Principle , Forgetting , Forgetting
LinksUpToDate............: No
LastModifiedBy...........: RLLocal
Application..............: Microsoft Office PowerPointZipFileName..............: [Content_Types].xml
CreateDate...............: 2013:03:19 17:24:18ZZipRequiredVersion.......: 20
PresentationFormat.......: On-screen Show ... Read more

More replies
Relevance 57.81%

Alright, here's my Hijack This log...

Logfile of HijackThis v1.99.1
Scan saved at 11:14:43 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

Answer:Solved: Trojan.Vundo Virus, File: geedc.dll, log inside.

9 more replies
Relevance 56.99%

Hello, We have gone to the website
http://www.salonrenovationmaisonneuve.com/en/exposants
and download the file to open Inside of IE. Once the file is open, none of the links either e-mail or web site works. However, if we open the same file Inside of Google Chrome, the links work. So, we want to know if we are missing something in IE or a plugin.
The PDF file opens with no problem but the links are not enabled. The file works in an Apple Machine and Google Chrome. However, if we download the file physically inside of the computer and then open the file with Adobe Reader, the links all work! Any ideas
how to solve this issue? Thanks Miguel Moreno

Miguel A. Moreno Alfa Logos inc. Tel. 514-253-2548

Answer:UNABLE TO OPEN AN HYPERLINK INSIDE OF A WEB PDF FILE OPENED INSIDE OF IE 11

Internet Options>Security tab, click "Reset all zones to default" (there's a setting for scripting of ActiveX controls)
Start>Adobe Reader>Edit Preferences>there are setting for how embedded links are handled.
Chromium uses its own pdf reader plugin.Rob^_^

3 more replies
Relevance 52.89%

Allright, so when I woke up this morning and turned my computer on/logged into my user account, I got an error I'd never seen before. I didn't think much of it at the time, so I didn't note exactly what it said, but it was something about a problem with "aawservice.exe", which is an Ad-Aware file (as far as I know). So I closed that and tried to sign into MSN, at which point I received another error, this time saying, "Windows Live Messenger has encountered a problem and needs to close. We are sorry for the inconvenience." I tried a few more times and continued to get the same error. Firefox seemed to be working fine, aside from the security notice I was getting every time I had to login to a site (Facebook, etc.). A few minutes after I had logged in, I got another random "...has encountered a problem and needs to close..." error, this time for "jusched.exe". I tried restarting my computer a couple of times and got the exact same results, so I tried a boot-time scan with Avast and it found nothing. After that, I logged back into my user account and tried MSN one more time, only to find that I had accidentally deleted the main .exe file for it....so I went to the Windows Live Messenger site and downloaded the installation file. During the installation, I got yet another "...has encountered a problem and needs to close..." error, this time for the installation itself. I re-tried it and got the same error again, at... Read more

Answer:Suddenly getting a bunch of different errors from a bunch of different applications?

10 more replies
Relevance 52.48%

I just finish off using my CA security suite to custom scan 1 file, but the mesg. didn't say whether it was scanning the file itself, or the files within the RAR file.

So how do you know the anti virus software is doing its job?
 

Answer:when an anti-virus scan a RAR file, should it automatically scan the inside?

Check the options or settings within CA to see if it is set to scan inside compressed files, and if it isn't, turn it on. An AV that doesn't scan inside compressed files is about as worthless as a screen door on a submarine.
 

3 more replies
Relevance 51.66%

i got 2 rundll32 running simultaniously under the only user name home.i got 3.0 ghz 512ram and xp pro with sp2 with norton antivirus,adaware se,spybot , microsoft antispyware and spyware doctor. all updated along with windows update. but all results came negative. my sytem takes really long to shut down i also have multiple svhot.exe (6). i find decrease in speed btw my frineds and my pc. recently my sysytem has started to hang. and when i use programs like nero i can use them only once per boot casuse after 1 use they start hagging. i have to reboot inorder to use them again. i found at these time explorer.exe is utilizing the max amount of memory. i hope u can help tku. i have used hjt and the analyzer nad am posting the resutlt file.

p.s: i also tried reistalling nero and other programs. i got a 256mb nvidia fx 5700ve card.ALSO INCLUDED RESULT FILE AS ATTACHMENT.

RESULT FILE

Logfile of HijackThis v1.99.1
Scan saved at 2:40:29 AM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\HHVcdV6Sys\VC6SecS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Sear... Read more

Answer:multiple rundll 32 + a bunch of bugs includes hjt log file

Please download Trend Micro? Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).Save it to your desktop.
Double-click the new icon on your desktop (tmas-web-scan.exe)
It will say "Loading TrendMicro definitions".
Once the definitions are loaded, the program will appear to close then re-open.
Click "Start Scan"
After it's done scanning, click "Scan Results"
Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here with a fresh HJT log.

1 more replies
Relevance 51.66%

I took the liberty of browsing through other peoples problems and posted a hijack report, and a combofix report. The problem was that internet explorer would not load 80% of webpages, I would get "page cannot be found error". Seems to be working now, after combofix, just want an expert to make sure everything is clean Thank you.
Logfile of HijackThis v1.99.1
Scan saved at 5:45:43 PM, on 2/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bi... Read more

More replies
Relevance 50.84%

So i got my laptop about a week ago and i'm already having virus issues
My laptop has been playing random bits of audio and commercials and music and just a bunch of random stuff
it happens even when i have the wireless turned off and when my laptops pretty much idle
i think i may have contracted it from an infected data disk i got from someone but i'm not sure cuz i have Limewire too (which is now uninstalled)

I've also been getting an "Improper plug-in. Adobe Reader will now quit" message at random times
I have no idea what thats about

The last thing is, even when i dont have IE pages open i get asked at random times about being redirected to another page and if i want to stay on this website

Also my Norton isn't picking it up any of this either, i've run that about 10 times on full scan to catch it but ended up with nothing
i have a DDS log and HJT log as well
Any kind of help would be greatly appreciated as i'd rather not have to do a system restore already...
DDS (Ver_09-05-14.01) - NTFSx86
Run by Tony at 14:18:53.08 on Sat 06/13/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3002.1582 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windo... Read more

Answer:Its that random audio virus also getting a bunch of odd popups

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

11 more replies
Relevance 50.84%

My father has been infected since the beginning of April first with XP 2011 - which I thought, several times, I had removed but popped back up bigger and stronger. Now he has "Malware Protection" virus.

MBAM doesn't run. I cannot even start the task manager to end a process. I am currently running MBAM in Safe Mode. Of course I can't update it since it will not run in regular mode.

Please do not tell me to go to the old thread from 2008 called Malware Protection 2008. This is not that. This is new. And as I stated already, I cannot run MBAM unless in Safe Mode.

Any helpful suggestions? Especially since he seems to have had the XP 2011 virus for months. No matter what I do it comes back.

Answer:Malware Protection virus and a bunch of other stuff

Mod bump

1 more replies
Relevance 50.84%

Hi I just joined this forum. It looks cool. I hope somebody can help me here. A couple of weeks ago i committed an amateur mistake and my comp was flooded with trojans, malware and all kind of harmful stuff. I managed to kill most of them by following your malware removal guide here, however i'm still suspicious that something's not OK.When my computer starts up the command prompt window pops up, it's full of ERROR - Access Denied messages. I don't know why. Otherwise my computer works fine, but i'm a bit worried. I have all the logs you guys need posted here. The Anti-Malware log is in Hungarian, but it hasn't found anything harmful anyways.Could you please help me find out the problem.Thank you very much in advance.pgHere are the logs:[recovering disk space -- attachment deleted by admin]

Answer:a bunch or errors in the command prompt...virus?

welcome to CH.Run the Kaspersky Online ScannerIn Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.Click on SCAN NOWClick Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer.The scan will take a while, so be patient and let it finish.When the scan is done, in the Scan is complete window, any infection is displayed.There is no option to clean/disinfect, however, we need to analyze the information on the report.To obtain the report:Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the File name area use KScan, or something similar. In Save as type: click the drop arrow and select: Text file [*.txt] Then, click: SaveCopy and paste the Kaspersky Online Scanner Report in your next reply.Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

6 more replies
Relevance 50.84%

My Embarq and Blacklight both detect it running, and will supposedly rename it, but I'm not sure if I should do it. From what I've read here it's seems to be a fairly nasty virus and I wouldn't want to make it worse. Any suggestions?

Also,what does this virus actually do to your computer?

Thanks for any help

F O

Answer:I Have The System32:lzx32.sys Virus (and Probably A Bunch Of Other Stuff Too)

This file, lzx32.sys, alias Backdoor.Rustock.B, is a rootkit and may be hiding other files, processes, and registry entries on your computer. It is strongly advised if you find this file on your computer that you post a HijackThis log. Post a Hijack This Log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Any malware with with "backdoor" in its description can completely compromise your computer. It is suggested that you change ALL passwords using another computer. Monitor all banking, credit cards, pay pal, etc.

1 more replies
Relevance 50.84%

Here's my log

Logfile of HijackThis v1.99.1
Scan saved at 9:48:12 AM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Utilities\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelp... Read more

Answer:Virus.Wind32.gpcode.ak popups. Plus a bunch of others.

I'm getting all kinds of pop ups. Each one saying a different infection. Below is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:37 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\P... Read more

2 more replies
Relevance 50.43%
Answer:Whats Thay One Site With A Bunch Of Virus Scans.

Assuming that the title of this topic: "Whats They One Site With A Bunch Of Virus Scans., the one where you select a file and it has like 9 different antivirus" ...is your question, I think maybe you mean Jotti. http://virusscan.jotti.org/

3 more replies
Relevance 50.43%

I am a student in college and I left my vista disk in my storage. So I'm on summer break without it (big mistake). and so i was attacked by a virus and now i cannot update and all these pop-ups keep coming. i finally defeated the viruses but it took stuff with it. "system restore" didnt help because something is missing, cant update something is missing, etc.

please help how can i reload my system without a disk... is that even possible? please please help me!!!!

My System:
Vista Home Premium 32bit
AVG Anti-Virus Free

Answer:Missing A Bunch of System32 Files (Virus Attack)

Try running System Files - SFC Command, and maybe try running a full scan with one or some of these to see if there still maybe some infection left.

Malwarebytes.org
The home of Spybot-S&D!
SUPERAntiSpyware.com - Downloads
microsoft.com/downloads

3 more replies
Relevance 50.02%

Apologies if my thread title is a bit alarmist. I understand that others have problems that need attention, however I also understand that some problems are simply more severe than others. This virus is infecting a bunch of my programs as well as opening connections to random .RU TLDs. I ran OmniPeek yesterday to check my network activity and noticed some very suspicious connections coming from my computer to randomly-named Russian servers. I just ran it again while I type and see no such connections at this time. I downloaded Microsoft Security Essentials and it detected right away many infected applications. I also run WinPatrol and am being notified every time a program has become infected. Running WinPatrol and MSE seems to have sped the virus up somehow and it is literally out of control. MSE is cleaning/quarantining crucial system applications (explorer, svchost, etc.) and I am scared of what it's doing. MSE and WinPatrol go nuts every time I click OK on a dialog box so I've not touched anything since.

Answer:"Expiro.gen/f" virus infecting a bunch of programs at an alarming rate.

Hello - Step 1 - Download Security Check by Screen317 from HERE* Save it to your Desktop.* Double-click SecurityCheck.exe* Follow the onscreen instructions inside of the black box.* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.  Step 2 - Please download AdwCleaner by Xplode onto your desktop.*Close all open programs and internet browsers.*Double click on adwcleaner.exe to run the tool.*Click on Delete.*Confirm each time with Ok.* NOTE :Your computer will be rebooted automatically. A text file will open after the restart.*Please post the contents of that logfile with your next reply.*You can find the logfile at C:\AdwCleaner[S1].txt as well.  Step 3 - Please download Rkill (courtesy of BleepingComputer.com) to your desktop.There are 2 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them.NOTE : You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/Double-click on the Rkill desktop icon to run the tool.If using Vista or Windows 7 right-click on it and choose Run As Administrator.A black DOS box will briefly flash and then d... Read more

7 more replies
Relevance 47.56%

was viewing web pages and all of a sudden got a virus its this anti virus program that must really b a virus it wont let me go on any webpages or run any programs.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:49, on 2010-01-10Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\internet explorer\iexplore.exeC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HiJackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microso... Read more

Answer:Virus...no web pages work and anti virus thing shows up everytime. HTJ link inside Help!

So I ran combo fix and it got rid of the virus but now on one account the IE doesnt work but all other programs have interner. WHen I switch accounts the IE works but gets alot of error messages. What else could I do?

4 more replies
Relevance 47.15%

Ugg. Outlook keeps saying something is trying to access my e-mail or address book. This has never happened before.

Logfile of HijackThis v1.97.7
Scan saved at 12:27:46 PM, on 3/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\DOCUME~1\Josh\LOCALS~1\Temp\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.o... Read more

Answer:Pretty sure I have a virus.. 2 virus scans find nothing. Highjack this log inside.

6 more replies
Relevance 46.33%

I have a jar file that contains a Java class and a txt file. My program can read from the txt file (using URL) but does anyone know how I can write to the txt file? I need it to overwrite what is already in there each time. Thanks
 

More replies
Relevance 46.33%

My question is a security question.
If someone has a file on his/her computer that contains personal/secure information, for example a text file that contains passwords and account numbers, or an audio recording of a conversation where account numbers and passwords were spoken out loud...  Is it possible for fragments of the secure file to end up getting stuck inside of another file or group of files on the same pc...making it possible for someone to reconstruct the secure file from the fragmented pieces and/or view its original contents?  Or could it be possible even for the entire secure file to somehow end up inside of another larger file on the same computer...making it easy for someone to view the secure information....(by the way I only used a text file or an audio file as an example...it could be any file containing secure data)...My simplified concern is this...If you have a file that contains information that you want to keep secure...is there anyway that pieces of this file, if not the whole file it self, could end up inside of another file or a group of files on the same computer that the file containing the secure information was created on?...thus making it a security risk to even share mp3s on a computer that ever had any secure information on it...since maybe there'd be a change ur credit card numbers and passwords might somehow end up in one of those mp3s that ur sharing in a peer to peer file sharing program online.....or do things not work like tha... Read more

Answer:Can a File somehow end up inside of another file/files

It all depends on the program you are using to access the files. For example, Windows (starting from XP) creates a hidden file thumbs.db that contains thumbnails of all the images inside a folder. If you delete the original pictures through some other program or command line, and do not open the folder in Windows Explorer, this file still stays there. If you share the folder, this file gets shared too. Your information gets leaked.
 
If you use a computer for banking online or shopping online (any kind of financial transaction), then do not ever use that computer for P2P file sharing.

1 more replies
Relevance 45.92%

my computer was working slowly all week and today suddenly one of my hard drives disappreared from 'my computer'. i've shut down my computer and reconnected it, i restarted my computer and the hard drive appeared again.
after a minute i opened the explorer and there was a new toolbar named 'security toolbar'.
two icons also appeared on my desktop called 'live safety center' and 'online security guide'.
both of these icons are shortcuts to this website
http://htepo.com/cehpmoin/?cmp=h5&lid=1_1&..... (uncomplete)
my kaspersky anti virus told my he wanted to quarentine the explorer or to deny the explorer actions, i denied it and everything closed, all the programs were shut down and it felt like my computer is about to shut down.
after 5 seconds i shut it down my self, disconnected the internet and restarted my computer.

now (without internet) there is no toolbar showing, it appears in the toolbar menu but when i click to start it it doesnt load.

O23 - Service: DomainService - - C:\WINDOWS\system32\fnkkuyuf.exe
the proccess above i do not recognize and i thing this is the problom
there is also a 'logmein' program that i deleted a year ago
here is a hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 15:28:41, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\sy... Read more

Answer:fnkkuyuf.exe virus + bestsellerantivirus virus, log inside!

uP!
i cant open my computeR!!!!
 

1 more replies
Relevance 45.92%

i dont know if anything is wrong with my PC but some weird stuff is happening like cable modem starting to run very slow when watching video. also, could someone tell me if i have 2 antivirus programs running at the same time. thanks all

Logfile of HijackThis v1.99.1
Scan saved at 5:35:16 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Viewpoi... Read more

More replies
Relevance 45.92%

I have received an mail that has a RAR attachment. The contents of the email are such that it can only have been written by someone who knows me, i.e. its not been generated automatically and the suggested contents could be useful to me. Unfortunately my reply to him bounced as his email company saw me as spam. Is there any way I can view the contents of a RAR file without actually opening it and possibly exposing my PC to some sort of nasty surprise?

Answer:Looking inside a RAR file

I wouldn't risk it.
"Unfortunately my reply to him bounced as his email company saw me as spam"
So is this someone you normally have no problem emailing? Seems funny if suddenly your emails are seen as spam. Have you tried sending a plain text email with no attachements to him?
This info might be help you decide about opening it click here

6 more replies
Relevance 45.92%

Just a quick question, is there an application to sort through the contents of an .exe file? And will it just display coded gibberish? What sort of language are .exe files written in? Is is possible to edit .exe files? Sorry, questions, questions....Thanks ;)

Answer:How can I look 'inside' an .exe file??

I would think open with notepad or editor.

5 more replies
Relevance 45.51%

Major things happening the last few days. 1) insufferable amount of pop-ups (IE powered by Comcast) 2)over 100 shortcut messages (EXAMPLE: MORZE5.lnk refers to a location that is unavailable) at boot-up that have to be clicked through. I do see these on the HJT log and know you will know how to help. 3) Computer crashes, blue screen, white screen, you name it, several times a day.
What I did BEFORE I ran this log. I updated Adavare 6 and ran then deleted all it said, then ran spybot and that was all clear.
Here is the HJT log:Logfile of HijackThis v1.97.7
Scan saved at 10:49:36 AM, on 4/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
C:\WINDOWS\WBLCG0L5.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\... Read more

Answer:PROBLEMS HJT log file inside

16 more replies
Relevance 45.51%

I was referred to start posting on this forum with my logs. I'm not quite sure what's wrong, but I'll assume one of you wonderful people will.if you need any background information it's all included here: http://www.bleepingcomputer.com/forums/t/263302/not-able-to-run-hjt-or-any-anti-virus/and I'm not able to get DDS or HiJackThis to run at the moment, I can't download from this computer (it disappears.) and my fiance' isn't here to download from his.here are the logs from the other forum.From a comand prompt:Volume in drive C is COMPAQVolume Serial Number is 70BB-FF3BDirectory of C:\Windows\ERDNT\cache04/11/2009 02:28 AM 177,152 scecli.dllDirectory of C:\Windows\ERDNT\cache04/11/2009 02:28 AM 592,896 netlogon.dll2 File(s) 770,048 bytesDirectory of C:\Windows\System3204/11/2009 02:28 AM 177,152 scecli.dllDirectory of C:\Windows\System3204/11/2009 02:28 AM 592,896 netlogon.dll2 File(s) 770,048 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e11/02/2006 05:46 AM 176,640 scecli.dll1 File(s) 176,640 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f1201/19/2008 03:36 AM 177,152 scecli.dll1 File(s) 177,152 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e04/11/2009 02:28 AM 177,152 scecli.dll1 File(s) 177,152 bytesDirectory of C:\Win... Read more

Answer:Peek.bat file inside

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

3 more replies
Relevance 45.51%

Hi i am using windows vista ultimate 32 bit and yesterday my computer went incredibly slow for seemingly no reason so i opened task manager and saw that my CPU usage was at 100%,after looking through the list of processes to see what was being such a resource wh0re, i couldn't see any processes that were using alot of cpu power so i downloaded "Process Explorer" and found that my problem was something called "Hardware Interrupts" which was (and still is) using 88-100% of my cpu how can i fix this problem? PLEASE help as i am completely stumped by this one.oh,and by the way,the 100% cpu usage is constant from the minute my PC is turned on,even with no apps running it stays at a constant 100%.

Thanks,
Tom

Here is my log file:
Deckard's System Scanner v20070328.36
Run by Tom on 2007-04-07 at 21:57:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
12: 2007-04-06 20:49:00 UTC - RP59 - Installed DriverMagic
11: 2007-04-06 14:00:46 UTC - RP58 - Installed Driver Detective
10: 2007-04-06 10:00:24 UTC - RP56 - Restore Operation
9: 2007-04-06 08:51:57 UTC - RP55 - Windows Update
8: 2007-04-05 23:19:12 UTC - RP54 - Restore Operation


-- First Restore Point --
1: 2007-04-04 09:51:03 UTC - RP47 - Removed Autodesk DWF Viewer 7


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Tom.exe) ------------------------------------... Read more

More replies
Relevance 45.51%

We are supporting business offices systems running Windows 7 SP1 in 64 bit. System RAM is 16GB and HD is 200GB.
In one of the partition (Drive F), a folder appeared (Aug 19, 2015), the folder name is 973d3e99d0b18144c2ffb4c55570d78a (we can change it to junk or some such). Inside it has a cabinet file called SFX.CAB created same date and file size is 0.
Can you please tell me what this is? and should we remove it?
Thank you

More replies
Relevance 45.51%

Logfile of HijackThis v1.99.1
Scan saved at 12:01:59 PM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\WINDOWS\CDProxyServ.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\ItBill\itbill.exe
F:\New Programs\ITunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
F:\New Programs\iPod\bin\iPodService.exe
F:\New Programs\ITunes\iTunes.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\owner\Desktop\Misc\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/killola/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Softwa... Read more

Answer:MOVIELAND!!! Please help... log file inside

8 more replies
Relevance 45.1%

i dont know y but from last few days i m getting this thing whenever i open my MY COMPUTER icon ..........even on some other folders i do get the same thing but after custominzing the folder it works fine below is the screen capture



can any one tell me how to remove this thing

Answer:How do i remove this (Hijack This Log file inside)

We'll require a HijackThis log from you.

But before you post your log at the HijackThis Log Help forum, please read through the sticky first.

16 more replies
Relevance 45.1%

Guys im in serious need of help no idea whats wrong with my computer any help would be helpful can anyone check my htj file? tell me what they think i got a 3meg connection and it takes me 10 minutes to open up a site i used showtraffic program and its sending loads of spam mail out i cant stop it.

Logfile of HijackThis v1.99.1
Scan saved at 10:39:00 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\home\LOCALS~1\Temp\Rar$EX00.360\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&... Read more

Answer:computer using all my bandwidth htj file inside

will someone please help?
 

1 more replies
Relevance 45.1%

Hello .
I cant access my system volume information file on my hard drive. Spyware doctor has located a trojan there and blocked it on several occasions but I cant access the file to delete it. It says that access is denied. What do I do.
thanks

Answer:Help, cant access file with trojan inside

If you can boot into Safe Mode try deleting the file there. Safe Mode has a limited amount of applications running which makes it ideal for purposes like this.

I've asked that a Moderator move this topic to the Am I Infected forum where there are those that are more knowledgeable about these problems.

5 more replies
Relevance 45.1%

I have a fairly large Fortran 77/90 & C program, compiled using Compaq Visual Fortran 6 & Microsoft Visual C++ 6 under Win XP.  On a particular test case it generally executes ok when invoked outside a batch file, but always fails when invoked from a particular batch file.  It stops on a Fortran 90 Allocate statement, but does not return the STAT result coded into that statement.  Seems to relate more to how much storage has been allocated rather than to the particular array being allocated, because I can reorder the allocation of different arrays and the stop does not occur on the same array.Although this is a large body of code, the test case is small and should not be requiring a large amount of allocated storage.I have tryed cutting the batch file down to just the statements that occur before invoking the EXE file (which are SET /P, ECHO, COPY, DEL, IF EXIST), then running the truncated batch file, then executing the EXE outside the batch file.  The EXE also fails in that usage.Any ideas on what I should be looking for to fix this?

More replies
Relevance 45.1%

https://drive.google.com/open?id=1BJhjrNSaa6rIpQW1d4R_7aFvTuC0Czqx

google file of the .dmp, just started happening 2 days ago after an update so i'm assuming it's software related, doesn't happen constantly, sometimes i can go hours without blue screening, get a DPC watchdog violation when i let it error report

The bugcheck was: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000). 

More replies
Relevance 45.1%

I picked up some spyware. The communicator toolbar and also I have a lot of text double underlined and hyperlinked while browsing the internet.

Thanks,
TimS

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symante... Read more

Answer:Communicator Toolbar and More - hjt log file inside

Hi TimS -

If you had followed through on your last thread here we may have avoided another round of cleaning. Please see this through to the end, where you will be given valuable protection information once your system is clean.

I'm going to have you run some scanning tools first, then we'll go after whatever is left.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool ... Read more

1 more replies
Relevance 45.1%

Without using any Nero or file burning software, can Windows XP itself supports simple file copying to disc. Not that I know of, but i have a user who can do these.

1. select a file, right click and press SEND TO the burner
2. simply copy and paste the file to the burner
3. reopen a file on a disc, edit it, and then can save it back onto the disc.

Strange, anyone welcome to comment. Thanks.
 

Answer:File burning inside Windows XP only

10 more replies
Relevance 45.1%

Large downloaded file often come in parts I understand the method ..extracting these parts are where I get confused I often see many parts or one zip file..or so..its the different ways of extraction where I get confused..when I select say a large compressed one it extracts to show a rar or series of rar file which then have to be extracted to show the compressed data..it seems a simple task and hard to explain. I am sure I am not re-inventing the wheel here..but I need help..anyone..

Answer:How to extract rar file that have zip files inside

You will see the files named R00, R02, R03 etc.. all you need to do is start the extraction of R00 and the rest should be extracted automatically...

4 more replies
Relevance 45.1%

are keyloggers part of a program or can they be tiny like viruses. also can i keylogger or a threat be in a .dll file

Answer:Can a keylogger be inside of a file smaller then 3mb?

Well - designed keylogger can fit in few hundreds of bytes. And of course dll can host it.

2 more replies
Relevance 45.1%

hello everyone im having numerous pop ups and its slowing down my machine big time for virus scanners and random pop ads. Here is the Hijackthis log file. What do you think?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:21 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\... Read more

More replies
Relevance 45.1%

I got caught this morning. Hungover, tired, and just plain dumb.

"A friend" sent me a file. Supposedly some great an amazing pics of her new baby. On offer was a .zip file which I downloaded. Within there was a "picture" only it was xxx.jpg.xxx.com, so in fact it was really a .com file.

I ran this file (yes, I am dumb), and now my MSN sends out endless requests to other people to download these files from me which will infect them.

Perhaps my saving grace is that I use WinPatrol. When I ran this it detected changes to my registry startup areas which I told it to remove. Once I had rebooted I am no longer sending out nasty messages (so far, its hard to say exactly how often the messages are sent). However, the virus files are still on my machine in an unknown location.

I do still have the original infected file that I was sent which can be made available for analysis.

I am running XP Pro SP2, and use Eset NOD32 V3 with most recent updates. The bug went straight through this like a knife through butter. I have updated and recanned my machine both locally, and with Eset's online scanner. Nothing found. Eset misses the install files for the virus, and also the running virus (my friend's machine is still actively spamming the virus files out).

Hijack log as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:39, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode:... Read more

Answer:MSN Hijacked by .com file wrapped up inside .zip

8 more replies
Relevance 45.1%

ok i have windows vista home premium. i am having link redirect problems. not just from google. basically any link i click redirects me. i ran gooredfix.exe deleted what came up still have problems. ran malwarebytes and still having trouble. so i am posting a log file from hijackthis. i would love it for someone to please check it out and give me some advice thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:18:28 PM, on 7/15/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:Windowssystem32sdra64.exeC:Windowssystem32Dwm.exeC:WindowsExplorer.EXEC:Windowssystem32taskeng.exeC:Windowstemp1154251.tmpC:Windowssystem32taskeng.exeC:WindowsSystem32igfxtray.exeC:WindowsSystem32hkcmd.exeC:WindowsSystem32igfxpers.exeC:WindowsRtHDVCpl.exeC:Program FilesSynapticsSynTPSynTPEnh.exeC:WindowsSystem32rundll32.exeC:Program FilesDropboxDropbox.exeC:Windowssystem32igfxsrvc.exeC:Program FilesSynapticsSynTPSynTPHelper.exeC:Program FilesMozilla Firefoxfirefox.exeC:Program FilesTrend MicroHijackThisHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.comcast.net/R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.toshibadirect.com/dpdstartR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=5... Read more

Answer:HiJackThis Log file please help info inside

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 45.1%

Logfile of HijackThis v1.98.2
Scan saved at 6:29:52 AM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\nacqzagb.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\... Read more

Answer:Serious help needed!! (log file inside-very long)

bump

thanks

2 more replies
Relevance 45.1%

Hi. I'm posting this in regards to a friend who has a trojan on his computer. He ran Webroot system analyzer and it detected a trojan, but no other software is picking it up. Here is his log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:45 PM, on 7/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Digsby\Digsby.exe
C:\Users\Pete\Desktop\SystemAnalyzer\SystemAnalyzer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com... Read more

More replies
Relevance 44.69%
Question: Virus inside

Scans are finding viruses, trojans, etc. I removed them with numerous programs.Computer is also slow, freezing, and programs will not load fully and properly.DDS wouldnt download on my computer, I have the other two logs though as followed.HiJack Log:Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:48:43 PM, on 5/4/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explore... Read more

Answer:Virus inside

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

16 more replies
Relevance 44.69%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:06 PM, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PnkBstr... Read more

More replies
Relevance 44.69%

Note When trying to run a panda scan I get this error:

I got this error last night while trying to install a new printer:
.
After closing it I got this message:
.
And then after that I got an error message (Which I couldn't get a screen cap of) that shut my computer down. Aside from that I've noticed that though I haven't been adding a lot of files, the amount of disk space in my C drive has shrunken. Last night it said I had 3.2 gigs left and today it says 2.7 which is strange. Just a lot of strange things are happening and the computer is a little slower.

Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 3:22:38 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOW... Read more

Answer:Have a virus, need help! HJT log inside

I think it's been three days so BUMP

10 more replies
Relevance 44.69%

Hi all

I got a pop up window that says:

Virus
Trojan horse Downloader.Asune.B

is found in file
C:\System Volume Information\_restore{7FEF968C-3073-40B4-8310-DCBA07C21F8C}\RP207\A0025242.exe

To remove this virus, please run AVG for Windows

- so i did, and it finds nothing - neither do adaware or spybot
so i did a scan at http://housecall.trendmicro.com and that came up clean too... bringing me to a complete brick wall, what should i do?

Hijack this log as follows:
Logfile of HijackThis v1.97.7
Scan saved at 18:35:59, on 01/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Jennifer\My Documents\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
... Read more

Answer:Virus I can't get rid of.. please help :( (HJT log inside..)

just do this

right click on my computer icon

and go to properties

go to system restore tab

disable it

and then apply

and click ok

then right click my computer icon again go to properties and re-enable it and it should be gone
 

3 more replies
Relevance 44.69%

I have a virus on my computer. It is called the 'my dear mother' virus. Please help me fix what's been screwed up. Thanks

Logfile of HijackThis v1.97.7
Scan saved at 10:03:04 AM, on 6/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\PROGRA~1\scansoft\PAPERP~1\fbdirect.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared... Read more

Answer:I got a virus that nobody else has... HJT log inside

Please download and run the following programs:

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right-hand corner and click on Check for updates now and download the latest reference files.

Make sure the following settings are made and on -------ON=GREEN

From main window: Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right click the window and choose select all from the drop down menu and click Next)

Restart your computer

SPYBOT SEARCH & DESTROY

http://majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems'', Put a check in every entry Spybot Search... Read more

1 more replies
Relevance 44.28%

Recently got the poka poka virus...i ran several scans, and bleieve i got it and several other spyware thingys out of my registry...i still see some possible files that arent good, plz lend me some ideas since my PC seems to run a bit glitchy espeically with games/programs that prior ran better. I'm not sure if it matters but this file was not taken while in safe mode...rather in normal windows mode....

Logfile of HijackThis v1.99.1
Scan saved at 9:50:00 PM, on 10/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dual-Band Wireless A+G PCI Adapter\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dual-Band Wireless A+G PCI Adapter\WMP55AGV2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\DOCUME~1\RAPHAE~1\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe
C:\Documents and Settings\Raphael Kosmicki\Desktop\HijackThis.exe
C:\Documents and Settings\Raphael Kosmicki\Desktop\h\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = ... Read more

Answer:Computer Possibly Infected (Log File inside)

Welcome to TSG

Please download LQfix.exe and save it to your desktop.

Double-Click LQfix.exe and click Next > Next > Install.
Leave the default settings, if you change them, the fix will Fail!
Now make sure the "Launch LQfix" box is checked.
Click the Finish button, after clicking the Finish button the fix will start.
Follow the on-screen prompts.
Your system will now reboot afterwards.
Please be patient after the reboot, there is a script running in the background that needs to complete.

Post a new Hijack This log.
 

1 more replies
Relevance 44.28%

I am getting into batch file programming and wanted to know if I can get help with with extracting files with command prompt.
I can mostly navigate and manage my pc through cmd with out the gui so this would be awesome if I could extract files as well. I wanted to know this just so I can incorporate extracting files into a batch file if needed. I'm on xp. I have winrar, universal extractor, and extract now. I'm unsure if they have a command line feature or not or how to use it. maybe some basic examples would help if no one minds.
 

Answer:Solved: extraction inside batch file help

Maybe this will help you.

[WINRAR] First link
https://www.google.com/search?q=winrar+commandline

[UNI. EXTRACTOR] Didn't find a cmdline
https://www.google.com/search?q=universal+extractor+commandline

[EXTRACT NOW] First link > Documentation
https://www.google.com/search?q=EXTRACT+NOW+commandline

[7ZIP] This is my fav cmdline extractor; First link
https://www.google.com/search?q=7zip+commandline
 

1 more replies
Relevance 44.28%

For those of you who have been complaining about the perceived slowness of Vista file copy operations (And <insert deity name here> knows ther have been many), I now present to you a copy of Mark Russinovich's blog dated 4 February 2008.

In his blog, he provides in-depth details of how the copy engine works, and what improvments have been made to this engine in Vista SP1.

Happy reading!

----------------------
The original text for this post can be read in Mark Russinovich's blog at http://blogs.technet.com/markrussinovich/
----------------------

Windows Vista SP1 includes a number of enhancements over the original Vista release in the areas of application compatibility, device support, power management, security and reliability. You can see a detailed list of the changes in the Notable Changes in Windows Vista Service Pack 1 whitepaper that you can download here. One of the improvements highlighted in the document is the increased performance of file copying for multiple scenarios, including local copies on the same disk, copying files from remote non-Windows Vista systems, and copying files between SP1 systems. How were these gains achieved? The answer is a complex one and lies in the changes to the file copy engine between Windows XP and Vista and further changes in SP1. Everyone copies files, so I thought it would be worth taking a break from the ?Case of?? posts and dive deep into the evolution of the copy engine to show how SP1 improves its performance.

... Read more

Answer:Inside Vista SP1 File Copy Improvements

I downloaded the article by microsoft about all the inprovements. Too many Kxxx articles to go into. Needless to say there is alot. Waiting for the final release before upgrading.

2 more replies
Relevance 44.28%

Hello folks. I'm trying to fix my mother's computer and needless to say it's in bad shape. The memory is being hogged like crazy and the only form of virus scanner i have at my disposal atm is housecall. What's weird is the terms don't load for me to continue, but hijack this works. Here's the log from safe mode. I'm going to restart and run it normally and see if there are differences. ty in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:23 PM, on 8/2/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Mahnaz\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,... Read more

Answer:Mess of a system (Hijackthis file inside)

not on safe mode:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:28 PM, on 8/2/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mahnaz\Downloads\HijackThis(2).exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:... Read more

2 more replies
Relevance 44.28%

I'm having problems with my iframe when viewing in IE (version 6)

The problem has to do with the URL/src of the iframe:
http://www.resonline.com.au/affredir/v2/affredir.asp?CommodityTypeID=1&StateID=401&DestinationID=454&AffiliateTheme ID=203&r=5&view=3&AffiliateID=203&refcode=OZACCOMM
(the page contains jscript)

I can view this URL in IE with no probs but when I try to view it within an iframe it won't stop reloading.. about every 2 seconds. It works fine in Firefox.

To see the problem in action you can check this link:
http://members.optusnet.com.au/~reen...comm/test.html

------------
Is there some jscript or something that I can use to force it to stop reloading.

Please HELP!
 

More replies
Relevance 44.28%

Is it possible to request elevation inside a CMD/batch file? I have a Command Script( .cmd) and one of the command require admin right to run. I am NOT looking for right-click "Run as administrator", I would like the script itself to call the UAC prompt.Thank you,

Ray

Answer:Request Elevation inside CMD/batch file

Hi,To elevate the permission, please refer to the following article:Windows7 elevated command prompt priviledges throug a scriptThanks,Novak

11 more replies
Relevance 44.28%

Hi guys,

i come to you after formating my computer and without success to solve my blue screens problem.

when i watch a movie and specially while playing i get a blue screen
i attached the dump file.

thanks a lot!

Answer:Windows crashed + dump file inside

  
Quote: Originally Posted by shiker


Hi guys,

i come to you after formating my computer and without success to solve my blue screens problem.

when i watch a movie and specially while playing i get a blue screen
i attached the dump file.

thanks a lot!


SPDT.SYS used by daemon tools/alcohol and KeyMagic. Both.

Your computer was up for 2 plus days so it isnt happening frequently, and removing those two items may fix it.
Ken J

Please remove any CD virtualization programs such as Daemon Tools and Alcohol 120%. They use a driver, found in your dmp, sptd.sys, that is notorious for causing BSODs. Use this SPTD uninstaller when you're done: DuplexSecure - Downloads
[/quote]
You can use MagicDisc as an alternative.

Freeware MagicISO Virtual CD/DVD-ROM(MagicDisc) Overview


Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\dump_110310-26083-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82a19000 PsLoadedModuleList = 0x82b61810
De... Read more

3 more replies
Relevance 44.28%

Hello,
I have a couple of computers set up in the network. They're all inside the same workgroup.
Every folder I share is visible by everyone.
Now I want to define permissions on only one folder which containes files only to be editable (modified) by, let say, one computer.
So I need to define special peermissions for this particular folder.
However I came accros to a problem. In network neighbourhood I can see all computers and their share folder and they see my shared files. But when I want to define special permissions on only one folder (one user can write and read, the rest is read only access), I cannot see other computers in the "Select user or groups" window just as shown in the attached picture.

One friend of mine told me that this is only possible when computers are on domain. It is really hard for me to understand that permissions cannot be defined for each folder and for each network user separately.

Can you give me any advice?

Thanks
 

Answer:File and folder permissions inside workgroup

Permissions are configured for local users on the machine, not network users or machines.
 

1 more replies
Relevance 44.28%

How do I encrypt a .txt file inside an Image so that when I change the extension of the Image into .rar and I open the rar file, there's a .txt file in it? This does work, you can try it yourself.
http://www.icon-hack.cc.cc/img/product/2009/200905/20090502/188360_1_Fsdfdf.jpg
Change the file extension to .rar and open it.
 

Answer:Solved: Encrypting a .txt file inside an Image

6 more replies
Relevance 44.28%

I recently downloaded starry night which is a program that you can use to look at space features and stuff, but I had to uninstall it becuase it was taking up to much space on my computer, well now I can't delete the sucker and I'm constantly barraged by "this program is being used by another person or program", so I unistalled those programs and yet it still wants to stay, what do I do?
 

Answer:Certain file inside a program can't be deleted.. no matter what I do..

Before you delete anything else that you might actually want, try a system restore to before you had starry night installed.

If this does not help then post details of your system, the files you want to eliminate and the exact error messages.
 

4 more replies
Relevance 44.28%

I'm recently noticed that some zip files that I store images on contain some empty image files "0 KB".
I'm just wondering if anybody knows of a quick way to scan a bunch of folders each with several zip each and then show which zip files contain empty files.

Thank you.

Answer:Check inside zip files for empty file

Use wither 7-zip or Winzip. Basic computing 101.

6 more replies
Relevance 44.28%

Hi I am trying to remove MWMBs and even after using the MWMBs Removal Tool and rebooting twice" its still in "Program Files" It keeps saying: "Error Deleting File or Folder: Cannot Delete the Directory is Not Empty" When I open the MWMBs folder it has one little file with no description in it if I try and drag it to the Recycle Bin it says: "cannot read from the source file or disk" anyone have any ideas please Dazza

Answer:Cannot uninstall MWMByts Folder and 1 File inside

Hello Dazza -2 ideas. First, run chkdsk /r as the problem may be your system -Next, If the problem persists, please contact Malwarebytes Support desk << with this form for personal help -They have just told me that they will look after you as soon as a helper is available -Thank You -

4 more replies
Relevance 44.28%

PING 192.168.0.3 (192.168.0.3): 56 data bytes
64 bytes from 192.168.0.3: icmp_seq=1 ttl=128 time=0.5 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=128 time=0.2 ms
64 bytes from 192.168.0.3: icmp_seq=4 ttl=128 time=0.3 ms
64 bytes from 192.168.0.3: icmp_seq=7 ttl=128 time=0.3 ms
64 bytes from 192.168.0.3: icmp_seq=13 ttl=128 time=0.5 ms
64 bytes from 192.168.0.3: icmp_seq=14 ttl=128 time=0.5 ms
64 bytes from 192.168.0.3: icmp_seq=15 ttl=128 time=0.2 ms
64 bytes from 192.168.0.3: icmp_seq=17 ttl=128 time=0.4 ms
64 bytes from 192.168.0.3: icmp_seq=18 ttl=128 time=0.5 ms
64 bytes from 192.168.0.3: icmp_seq=19 ttl=128 time=0.2 ms
64 bytes from 192.168.0.3: icmp_seq=20 ttl=128 time=0.2 ms
64 bytes from 192.168.0.3: icmp_seq=25 ttl=128 time=0.5 ms
64 bytes from 192.168.0.3: icmp_seq=27 ttl=128 time=0.2 ms
64 bytes from 192.168.0.3: icmp_seq=28 ttl=128 time=0.3 ms
64 bytes from 192.168.0.3: icmp_seq=29 ttl=128 time=0.4 ms
64 bytes from 192.168.0.3: icmp_seq=30 ttl=128 time=0.1 ms
64 bytes from 192.168.0.3: icmp_seq=46 ttl=128 time=0.4 ms
64 bytes from 192.168.0.3: icmp_seq=49 ttl=128 time=0.5 ms

--- 192.168.0.3 ping statistics ---
50 packets transmitted, 18 packets received, 64% packet loss
round-trip min/avg/max = 0.1/0.3/0.5 ms

I am getting this after doing a fresh install of Debian 3.0r2 on a computer with the following hardware:

Pentium 3 500MHz
2x 256MB PC133 RAM
Asus P2B
ATI RADEON 6500 VIVO
Creative SoundBlaster Live!
3Com 3C905-TX

I've never had problems like this bef... Read more

Answer:Getting 64% Packet Loss - What's causing this? (log file inside)

Seems reltek more reliable in this case, but I bet this is some driver problem...
 

8 more replies
Relevance 44.28%

my problem is : when im online i keep getting this window opening and then closing right away in the task bar, i play multiplayer games and this little window opening is affecting the online play and i also noticed that sometimes the color brightness is changed (in the game not the computer itself)without me doing it .i did virus scan (clean),trendmicro.com scan from there (clean) and pandasoftware (clean)ohh almost forgot ad-aware scan .i just dont know .and if anyone can help me get rid of AOL everything from my computer would be great also i cant get rid of it all.i will be looking forward to seeing an e-mail from you, thanks.Logfile of HijackThis v1.99.1Scan saved at 12:06:07 AM, on 11/17/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXEC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\PROGRA~1\... Read more

Answer:Virus... Not Really Sure *details Inside*

Hi and Welcome to bleeping computer!! My name is David Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! Please download ewido security suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck.Install background guardInstall scan via context menuLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan wil... Read more

1 more replies
Relevance 44.28%

Hello all!

I used to remove virus from my Pc with Combofix.
I have antivir antivirus on my machine (probably the best with kaspersky, i've tested all except GDATA ;)
The thing is, Combofix.exe is, since yesterday's update (I use combofix on plenty of users's machine) seen as a TROJAN.
Is this normal? Can the creator of combofix contact avira antivir to change this if no pb?
Is the new combofix.exe file infected???

Mrmagic

Answer:pb with combofiix! Virus inside?

I found the exact same thing - my avast! antivirus identified it at win32:Oliga (trojan horse). I left it runnning and it ended up completing the scan showing no infected files, but avast! crashed... dodgy.

4 more replies
Relevance 44.28%

Can someone tell me what these two things are

C:\WINDOWS\system32\savedump.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Logfile of HijackThis v1.99.1
Scan saved at 7:36:19 PM, on 10/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AMER... Read more

Answer:I think i have a virus (hijack log inside)

13 more replies
Relevance 44.28%

I'm on Windows XP SP3, dell dimension c521. Dont know whats happening but I think a popup came up earlier in the day, something downloaded by itself and restarted the computer by itself. Now I can only have the computer running for about 10 min and then it locks up and I have to restart it the hard way for it to clear up but happens again. If I just leave the computer running, when I go to do something it wont let me double click to start up anything and then after right clicking or trying to get something going it locks up and I have to turn off and turn back on. No matter what I do, either try to watch a movie, install or deinstall, open up internet explorer or firefox and browse for a little, the computer just freezes and hangs up. Thanks in advance for any help. here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:08 PM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows ... Read more

More replies
Relevance 44.28%

Hi all,

A friend handed me a software (legit) under the ISO format.

What I usually do is mount these with Daemon Tools. This works great most of the time.

Except for this one. What happens is that, I start the setup.exe, shortly after, the system shuts down and reboots.

After that, the Windows installation is totally corrupt. I think it messes up the 100mb active partition, also corrupts ci.dll.

The system cannot be repaired at all.

If I restore an image (done with Windows' own image utility), no luck as the image does not have (it seems) the content of this crucial 100mb partition.

So you have to reinstall Windows, which recreates this 100mb part. and THEN restore the image.

Anyways, I tought this was Daemon Tools' SPTD fault as I heard bad things about it. So I uninstalled DT, extracted the ISO instead of mounting it, ran the setup.exe once again, then Action Center said "Windows has detected potentially harmful software" and BOOM reboot and same thing as mentionned above.

So it seems it's a virus, but I'd like to know if someone ever had this one and what is its name ? Malware Bytes did not detect anything and it's usually pretty good...

Thanks!

Answer:What is this virus ? - description inside

Nobody can help you unless you tell us what exactly that software is.

BTW, such "legit" software from friends are usually cracked copies of commercial software. Even then, you must have ran the setup.exe despite windows' warning otherwise if you had cancelled you would have been fine.

Please stick to legit software that is either freeware or you have purchased yourself.

4 more replies
Relevance 44.28%

My computer freezes everytime I try to change the volume slider on my computer. The whole taskbar would just stop working, and my mouse would not be able to click anything. This still happens after reinstalling the sound drivers. I think its a virus, since I tried opening as fishy .exe file, and when I double clicked it, it seemed non-responsive. It'd be great if anyone could check my log. Thx.

Logfile of HijackThis v1.99.1
Scan saved at 11:03:41 AM, on 5/28/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kelvin Chan\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061123
R0 - HKCU\Software\Microsoft\... Read more

Answer:HJT Log inside, possible virus in computer.

PLEASE IGNORE THIS TOPIC. i fixed it by doing a simple system restore
 

1 more replies
Relevance 44.28%

HJT LOG

--------
Logfile of HijackThis v1.99.1
Scan saved at 3:26:04 AM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entert... Read more

Answer:Outerinfo virus --HJT log inside (HELP)

11 more replies
Relevance 44.28%

I have a VBS.Redlof.A virus on my labtop and need help removing it. Here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 11:00:15 AM, on 11/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program ... Read more

Answer:VBS.Redlof.A virus (log inside)

Bumping.

2 more replies
Relevance 44.28%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:11: VIRUS ALERT!, <---(this is appearing everywhere!!) on 7/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\lphc5aqj0ec11.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM\aim.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\AIM\AIM Pro\aimpro.exeC:\WINDOWS\system32\wuauclt.exec:\program files\avant browser\avant.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2R1 - HKLM\Software\Microso... Read more

Answer:Virus (hijack Inside)

Hello, and welcome to the forum.My name is Simon V., and I'll be glad to help you with your computer problems.Please download and install CCleaner.Open CCleaner. On the Windows tab, leave the default options alone.On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.Click on the Run Cleaner button at the bottom right hand corner.When the cleaner has completed, click Tools in the Left Pane.Verify that Uninstall is highlighted in color, or click on it. In the lower right, click Save to Text File. Pull down the arrow at the top of the Save dialog and choose Desktop as the location. You can leave the filename as install.txt. Click Save, then exit Ccleaner._________________Please visit this webpage for download links, and instructions for running ComboFix -http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says -The Recovery Console was successfully installed.Please continue as follows -Close/Disable all anti-virus and anti-malware programs so they do not int... Read more

3 more replies
Relevance 44.28%

My computer has been pretty slow lately, and when I reboot I find that automatic updates has been switched off everytime. Also when i'm on msn i'll send random messages to people when I havent typed them. Any help is appreciated.

I run windows XP and don't have access to the boot disk. I use AVG virus scanner but so far it's not solved my problem, I followed the advice in the sticky of what logs to post;

DDS (Ver_09-10-26.01) - NTFSx86
Run by Donkey at 12:28:29.62 on 28/10/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1457 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tydytyb.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k im... Read more

Answer:Help with Virus (logs inside)

Hello again. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You ca... Read more

19 more replies
Relevance 44.28%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:55 PM, on 10/3/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Danielle\AppData\Local\Temp\Cdw.exe
C:\Users\Danielle\AppData\Local\Temp\Cdy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:... Read more

More replies
Relevance 44.28%

Hi I have had trouble recently with viruses. I had a PAK_GENERIC.001 virus today, which was picked up buy trend micro, I think it removed it but my computer is still being wierd. I turned it off and it turned itself back on and I have been ALOT of pop ups. I tried spybot S&D but it didn't find anything.

Can Someone see if there is anything happening?

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Matthew\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Te... Read more

More replies
Relevance 44.28%

Hey, im new here.

But I've been having problems with my computer lately, I've been getting popups randomly to casino sites and other random sites. My internet has been alot slower, as well as my computer, whenever I play a game it just alt + tab's me all the time which makes me angry cause I usually end up dying . I downloaded AVG and Spyware Doctor and ran two scans, I had a ton of trojans and a BUNCH of spyware/malware, also had Windows AntiVirus Pro which I managed to get rid of with MBAM, so I thought I got rid of all of it but apparently not because my computer is still slow, so if someone could please help it would be much appreciated.

These are also the names of the trojans AVG has caught:

Trojan horse SHeur2.AUAX
Trojan horse Generic14.OQK
Trojan horse Crypt.GDA
Trojan horse Generic14.OYS
Trojan horse Crypt.GDD
Trojan horse Crypt.GDH
Trojan horse Generic14.OYS
Trojan horse Clicker.AAPC
Virus identified Win32/Cryptor
Trojan horse Downloader.Generic8.BDUT
Trojan horse Generic14.LOM
"PUP";"Adware Generic2.ABZP
Virus identified Win32/PEPatch.AR
Trojan horse SHeur2.ATYH
Trojan horse Generic11.CXI
Trojan horse Downloader.Wimad.F
Trojan horse PSW.OnlineGames.BNJI

Thanks

DDS


DDS (Ver_09-07-30.01) - NTFSx86
Run by Compaq_Owner at 16:03:30.06 on 04/08/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.367 [GMT -6:00]

AV: Doctor Web Anti-Virus *On-access scanning enable... Read more

Answer:Virus help, logs inside, please help.

Hi,

Please do the following:

Download Combofix from either of the links below. You must rename it before saving it.
Save it to your desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tab
Set to "Always ask me where to Save the files".



Link 1
Link 2



During the download, rename Combofix to Combo-Fix as follows:





--------------------------------------------------------------------It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.


-----------------------------------------------------------Double click on Combo-Fix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results&q... Read more

7 more replies
Relevance 44.28%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:08 PM, on 7/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Mike\AppData\Roaming\Microsoft\systemkernal.exe
C:\Program Files\Google\Google Desk... Read more

More replies
Relevance 44.28%

My name is Ryan. This is actually my roomates account that he's letting me use. He had a serious virus infection about a year ago and someone from this forum, I think it was RichieUK helped him out when nothing else would work, and now his computer is as good as new. Anyhow, I seem to have contracted a virus; it may be that conflicker virus, although I contracted it befoer April 1st. I've tried all the programs and nothing seems to work, these include webroot antivirus--antispyware (purchased version), and AVG antivirus (free online version).My system is Windows XP, this is my problem. I get random pop-ups of fake mircrosoft spyware removal programs. (the most common is websheild and spyware remover 2009). Also there is an X in a red circle at the bottom rit hand corner next to my time. It constantly says Warning! you have a security promblem...I think this is caused from the virus. I have manually updated microsoft windows and all my antivirus programs, still nothing works. I am even less web-savy than my freind, so if you guys could talk me thrugh everything step by step like you did him I think I'll be fine. Than You.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:46:17 PM, on 4/7/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\... Read more

Answer:I Have a virus (it may be Coonflicker) Please Help! (Log inside)

My bad the websheild is my own security device.

15 more replies
Relevance 44.28%

Hello ,please can someone check if i have any problums?

I have been downloading stuff from rapidshare and megaupload and many other sites.
When i download i get speeds of around 100 KBs.

But in the last 2 days im not even getting 10KBs.Is there something wrong here.

I have Windows Vista and broadband (jetstream)

Thanks a lot to who ever may help.

Logfile of HijackThis v1.99.1
Scan saved at 11:50:31 a.m., on 15/11/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Users\Chris Kahui\Videos\Magic\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkI... Read more

More replies
Relevance 44.28%

My computer has been pretty slow lately, and when I reboot I find that automatic updates has been switched off everytime. Also when i'm on msn i'll send random messages to people when I havent typed them. Any help is appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:59, on 27/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tydytyb.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files... Read more

Answer:I think I have a virus =[ (Hijackthis log inside)

Hello and Welcome to TSF.

The machine would appear to be, or have been, infected, however...

We no longer use HijackThis as our initial analysis tool. It is not detailed enough for today's infections.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 43.87%

How do I make Windows 7 search inside of file contents on a removable device?

I have a flash drive with a few hundred spreadsheets on it, in .xls format. I need to search for words that are located inside of the spreadsheets. How do I do that?

Note: I have set my indexing options to search the contents of .xls files - this flash drive is probably not indexed, as it is only occasionally plugged into this machine. I am looking for a way to make Win7 search inside of files without having to index the thing.

Answer:How to search inside file contents on removable device?

Hello Dizzious, and welcome to Seven Forums.

Sorry, but you will not be able to add removable locations to be included in the index anyway.

An alternative, is to select the flash drive in Computer or Windows Explorer, and search it from there instead.

Hope this helps,
Shawn

3 more replies
Relevance 43.87%

Here is the dumpfiles

http://sdrv.ms/17NJyVN

Basically ive been having the problem for a few months now, it wasnt as frequent BSOD to start but now the last 2 weeks its been every 2-3 hours, ive tried removing programs from the last few months and downloading driver after driver but i cant seem to find the source of the problem, if you need anymore info feel free to ask.

Answer:BSOD from Ndis.sys,ntoskrnl.exe & ataport.sys. DMP FILE INSIDE!

Are you using a USB PC Port adapter from 2Wire?

The driver, 2WirePCP.sys seems to have caused the Blue screen that generated the dump file.

I would get an updated driver.

5 more replies
Relevance 43.87%

Hi everyone,Here's something I was wondering. I have a VB application how's calling another application. This second application is a commandline software that use a password as parameter.my code looks like that:Public const MYPASSWORD ="ThisIsMyPassword12345"

dim result as integer

result =  Shell("C:\Application2.exe " & MYPASSWORD , vbHide)I was asking myself if it was secure to store a password as a constant inside an application.Once the code is compile and transform to binary format, is it possible that a hacker retreive this password with some kind of password recovery tool.Thanks. Fred

Answer:Is it safe to store passwords inside binary file?

Yes if you have the password stored in a file, then it would be possible to reverse engineer that file and gain the password.

6 more replies
Relevance 43.87%

I have try all the ideas everyone has had about drivers, deleting the file that causes the problem and nothing is working.. not sure if one of the video cards is going bad, but here is the dump file if anyone can help greatly appreciated.. win 7 ultimate 64
I7 2600

Answer:BSOD Bccode 116 atikmpag.sys dump file inside

STOP 0x116: VIDEO_TDR_ERROR troubleshooting

Either your RAM or one of the video is defective, try using one card at a time.
RAM - Test with Memtest86+

2 more replies
Relevance 43.87%

Just upgraded to Windows 8 and I'm having an issue I never had in Windows 7. Whenever somebody sends me an archive (.zip, .rar, etc.) that contains file names that are in Japanese, they always appear garbled (文字化け).

1. I am using Outlook 2010
2. This happens through both WinRAR and Windows' native unarchiving program.
3. The file name of the archive itself (also in Japanese) is not garbled, just the file names inside.
4. I have the Japanese language pack (Windows IME) installed on top of this U.S. version of Windows 8, but setting Japanese language priority higher than English (through Control Panel/language) does not fix the problem.

Does anyone have any ideas how I might fix this issue, as right now I have to boot back into Windows 7 to unzip any Japanese archive.

Answer:Japanese file names inside archives getting garbled

Anyone have any ideas?

1 more replies
Relevance 43.46%

I have run spybot and ad aware. I also tried smitfraud. There were some strange logos in the bottom right hand tray of my screen that are now gone, but the computer is still running slow. I could not get Panda to run, the active x window on top never showed itself. Please help.Logfile of HijackThis v1.99.1Scan saved at 10:02:19 PM, on 4/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\Nhksrv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exeC:\WINDOWS\system32\ezSP_Px.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Fi... Read more

Answer:Spylocked Virus - Hijack This Log Inside

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

9 more replies
Relevance 43.46%

I recently got a msn virus on my laptop, it keeps sending rar files to all the people on my list after ive been signed in a bit.

Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:13 PM, on 21/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Prog... Read more

Answer:Solved: Msn Virus - HijackThis log inside

10 more replies
Relevance 43.46%

Here is the problem. I had noticed some viruses that decided to attach themselves to my system32 and all that thanks to my anti-virus. This virus only becomes active when I start up my computer. I am only now able to us my pc because the program crashed during one of my restarts. When I log onto my computer it starts to load windows normally but then a window pops up or "security tools" but I know its not that. Then "Security tools" proceeds to tell me a worm is trying to send my credit card info to someone. If I were to go along with the virus it pulls up a "scanner" that in return trys to pull up a web page to get me to buy the "security tools" product. Usually my computer crashes from the overload right at startup so it never gets too far into whatever it wants to do. If I try and close out of the "program" to go on about my business because I know its BS it keeps popping up and eventually my computer crashes. Other things you might want to know. I can locate this file I can do without on my computer but it wont let me delete it because I "Don't have permission". I use the admin profile on my computer so I am peeved about that. Last I can not remember my password to log into safemode to debug myself because I have become lazy and just use my fingerprint reader. If you need more info please let me know and please help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:52 AM, on 5/4/2010
Platform: W... Read more

More replies