Computer Support Forum

Help, cant access file with trojan inside

Question: Help, cant access file with trojan inside

Hello .
I cant access my system volume information file on my hard drive. Spyware doctor has located a trojan there and blocked it on several occasions but I cant access the file to delete it. It says that access is denied. What do I do.
thanks

Relevance 100%
Preferred Solution: Help, cant access file with trojan inside

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Help, cant access file with trojan inside

If you can boot into Safe Mode try deleting the file there. Safe Mode has a limited amount of applications running which makes it ideal for purposes like this.

I've asked that a Moderator move this topic to the Am I Infected forum where there are those that are more knowledgeable about these problems.

5 more replies
Relevance 62.32%

Hi. I'm posting this in regards to a friend who has a trojan on his computer. He ran Webroot system analyzer and it detected a trojan, but no other software is picking it up. Here is his log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:45 PM, on 7/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Digsby\Digsby.exe
C:\Users\Pete\Desktop\SystemAnalyzer\SystemAnalyzer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com... Read more

More replies
Relevance 60.68%

Alright, here's my Hijack This log...

Logfile of HijackThis v1.99.1
Scan saved at 11:14:43 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

Answer:Solved: Trojan.Vundo Virus, File: geedc.dll, log inside.

9 more replies
Relevance 56.99%

Hello, We have gone to the website
http://www.salonrenovationmaisonneuve.com/en/exposants
and download the file to open Inside of IE. Once the file is open, none of the links either e-mail or web site works. However, if we open the same file Inside of Google Chrome, the links work. So, we want to know if we are missing something in IE or a plugin.
The PDF file opens with no problem but the links are not enabled. The file works in an Apple Machine and Google Chrome. However, if we download the file physically inside of the computer and then open the file with Adobe Reader, the links all work! Any ideas
how to solve this issue? Thanks Miguel Moreno

Miguel A. Moreno Alfa Logos inc. Tel. 514-253-2548

Answer:UNABLE TO OPEN AN HYPERLINK INSIDE OF A WEB PDF FILE OPENED INSIDE OF IE 11

Internet Options>Security tab, click "Reset all zones to default" (there's a setting for scripting of ActiveX controls)
Start>Adobe Reader>Edit Preferences>there are setting for how embedded links are handled.
Chromium uses its own pdf reader plugin.Rob^_^

3 more replies
Relevance 51.25%

I've read postings from OBP, Cristobal and others about the down sides of OLE, how it bloats a database and so forth. With that under my belt, I nevertheless have a need to inlcude Word docs in the Reports created by my Access 2003 database.

The spec is as follows:

The application is to provide a sales quotation tool. Users will add a quote by choosing the customer, adding parts to the quote and choosing pricing mechanics, Thats all easy to do and in fact is nearly complete. The user can then, by selecting one or more tick boxes, choose from a range of pre-formatted product literature which will be included in the output quote that is created as a report (then spooled to PDF). The pre-formatted product literature content is not needed to be visible in the form.

The product lit files are Word docs.There are about 30 or so of these different Word docs and they are stored on a central server (same path for each doc), so I see no problem in having a table containing the filenames as text file names with full paths.

So, when the report is run, the quote is produced, with full pricing and ALSO with the chosen word documents in all of their glory.

What is the best way to do this? Can it even be done at all?

Suggestions on a post card!

Chris
 

Answer:Access 2003 : Word Docs inside an Access Report

9 more replies
Relevance 50.84%

I'm using Norton Internet Security 2006; when doing a routine scan, a VIRUS ALERT window popped up - unable to repair file; access to the file was denied.

I called Norton and they want $100 to remotely remove the virus.

I am on Windows XP

Before the scan I loaded iTunes and Microsoft Media software.

Please help and I WILL make a donation.

Thanks,
J

Answer:Trojan Horse: file access denied

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 50.84%

I tried the recommendations for fixing this below:









 


Follow these steps to grant full permissions to the folder where the files are stored: 1. Right click on the folder on the external drive and click on
properties. 2. On the property window, click Security tab.
3. Now click on Edit and then click Add.
4. Now type everyone in the box and
click OK.

5. Then check Full control check box.

6. Click on Apply and then click OK.
You may also try the below mentioned steps:
1. Click on Start. 2. Go to Control Panel. 3. Select "SOUND". 4. Double click on speakers. 5. Click on advanced tab and then uncheck enable audio enhancements.






But then I received the error message that I don't have rights to edit and add.  Why would this be?  I am the administrator?

Thanks!

Answer:Windows Media Player cannot access the file. The file might be in use, you might not have access to the computer where the file is stored, or your proxy settings might not be correct.

Hi,
Please first take ownership of the folder or files, then give yourself full control permission.
Learn How to Take or Assign Ownership of Files and Folders
http://technet.microsoft.com/en-us/magazine/ff404240.aspx
Yolanda Zhu
TechNet Community Support

3 more replies
Relevance 50.02%

Hi, 10 days ago, downloaded a firefox addition that appears to be a Trojan.maljava or Trojan.gen virus. Ran Malwarebytes - no prob. On Symantec endpoint protection- keeps coming up that trojan.gen found - have attached file. When reboot in safemode w networking, unable to run Symantec. When ran Hijack this, first error that hosts file blocked, then when did command notepad C:\WINDOWS\System32\drivers\etc\hosts from run screen, following appears:127.0.0.1 localhost::1 localhostTHis is my hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:39:30 AM, on 3/20/2012Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec Protection Network\PlatformAgent\PlatformAgentUI.exeC:\Program Files\Chaos Software\Chaos 6\chaos.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Trend Micro\HijackThis\Hijac... Read more

Answer:Trojan.gen virus blocks host file access

Hi folks!!
Finally redid hosts file and removed problem.

Reran hijack and this is the log. Please let me know if succeeded in removal. THANKS SO VERY MUCH!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:15 PM, on 3/20/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Expl... Read more

8 more replies
Relevance 47.15%

Hey there guys. Recently I have noticed a slow down and popups when browsing the web. Previously I ran no virus scanners or spyware programs. Trying to bail myself out I downloaded AVG and Ad-Aware. To no avail, they're not doing anything. I can pretty much see the .dll's that I don't want (I think.. they keep sticking themselves in msconfig's startup) I tried taking out registry strings/deleting the dll's... but they won't let me/respawn themselves almost instantly.. I also downloaded VundoFix and tried that.. which did delete one .dll, then it came back with a different name >< ... I give up, and I'm messing with things I shouldn't be cause I'm clueless!

Last thing I can add is that there are like, 3-5 .dlls popping up in windows/system32 folder.

Anyway, I'm praying you're the ones to help me.

Read thru the post steps and whatnot...
I couldn't get the Panda online scan to work. links were dead, or something.
I'm posing the DSS log main and extra here, any help would be great!!!



Deckard's System Scanner v20071014.68
Run by Mike on 2008-03-11 02:54:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2008-03-11 06:47:07 UTC - RP858 - Windows Update
3: 2008-03-11 03:24:16 UTC - RP856 - Installed Ad-Aware 2007
2: 2008-03-11 01:40:34 UTC - RP854 - Installed AVG 7.5
1: 2008-03-11 01:22:56 UTC - RP852 - Last known good configuration


Backed up registr... Read more

Answer:Trojan Lop.4.F help, log inside!

I'm terrible at math but it has to be near 72 hours!! .....

This is frustrating... posting new updated logs since it's been a few days...

19 more replies
Relevance 47.15%

Hi,
I first found out I had it this morning from an AVG alert. I ran AVG and it got it I also updated and ran ad-aware se. But now it's in the C:\System volume information\_restore folder. What should I do?

Edit - The name of the trojan is Downloader.small.12.AA

Here's my updated log

Logfile of HijackThis v1.98.2
Scan saved at 12:17:01 PM, on 10/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PREVX\Prevx Home\SAGUI.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS... Read more

Answer:I have a trojan (hjt log inside)

Turn off system restore by following instructions here
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.
 

2 more replies
Relevance 46.74%

I just got a NetGear WNR2000 router and am having trouble with what I think some people call 'router loopback'. Outside of the lan I can access my web server using my IP, but while inside the lan it redirects me to my router settings page when trying to navigate to my IP. This is bad because I like to develop web apps on my machine and they often reference my server IP, and I can't test the web app if it's going to redirect to the router page.

I can get to my web server internally by using localhost, so I tried modifying my hosts file to redirect to localhost when navigating to my IP, but nothing changed. It's almost like there's another hosts file somewhere bound to my router that overrides everything else.

Any suggestions?
 

Answer:can't access WebServer inside LAN

try touse a proxy to get outside your home network
 

10 more replies
Relevance 46.74%

Hi Guys. Good day. Need your help badly.

I have this server that I control remotely via RealVNC and Radmin. This server is on a different geographical location from me and I have no physical access to it.

McAfee VirusScan detects Qhost.apd and several other viruses:

W32/Sdbot.worm!ftp
W32/Nachi!tftpd
W32/Nachi.worm.a

among many others.

Everytime Qhost.apd is detected, it is deleted by McAfee. However, it is back again after reboot/power reset.

Here is the HJT's logfile. Anybody with a kind heart who wants to help me save my job (LOL), please take a look and tell me which can be removed.

Logfile of HijackThis v1.99.1
Scan saved at 8:56:50 AM, on 5/6/2008
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINNT\System32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\WINNT\system... Read more

Answer:Qhost.apd trojan - HJT log inside.

Hi, Welcome to TSG!!

Why in the world don't you have any service packs on this machine???
Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the s... Read more

1 more replies
Relevance 46.74%

Hello all!I used to remove virus from my Pc with Combofix.I have antivir antivirus on my machine (probably the best with kaspersky, i've tested all except GDATA ;)The thing is, Combofix.exe is, since yesterday's update (I use combofix on plenty of users's machine) seen as a TROJAN.Is this normal? Can the creator of combofix contact avira antivir to change this if no pb?Is the new combofix.exe file infected???Mrmagic[Moderator edit: post moved to more appropriate forum. jgw]

Answer:Pb with combofix.exe! is a trojan inside?

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted program", or even "malware (virus/trojan)" when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Po... Read more

3 more replies
Relevance 46.74%

Please someone tell me how to get rid of this thing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:56 AM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\winavxx.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32... Read more

Answer:Trojan.Vundo HJT Log Inside

16 more replies
Relevance 46.74%

Logfile of HijackThis v1.99.1
Scan saved at 7:55:27 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\win... Read more

Answer:Help With Trojan Spm/lx!!!! Hijack This Log Inside

Hi and welcome to TSG,

Please download SmitfraudFix (by S!Ri)

Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

1 more replies
Relevance 46.74%

i think i have a MDMS trojan from what quick searching i did. Someone please help! Here the Hi-Jack log file:

Logfile of HijackThis v1.99.1
Scan saved at 11:20:57 PM, on 12/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\MDMS.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://searchcentral.cc/index.php?v=4&aff=4710
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - D... Read more

Answer:Need Help, I have A Trojan! Hi-Jack Log inside

16 more replies
Relevance 46.74%

OK, I did a scan on a number of programs (Windows Defender, AVG Anti-Virus, AVG Anti-Spyware, Panda Active Scan, etc). I ran a scan in HijackThis and this is the report. I hope I'm doing it right.

---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:48:15 AM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOW... Read more

Answer:Trojan Found. HJT log inside.

16 more replies
Relevance 46.74%

Hello,

I thought i had lost this account so I made a new one "odeanduo". However even though I found this it would probably simpler to use both simultaneously as I have 2 infected laptops

The Story is: Downloaded a Trojan, which AVG picked up on but did not delete as it was too big, so I just put it in the recycle bin and emptied it. After running several more scans and spending a few hours online with no AV (forgot to turn back on after kaspersky scan!), everything looks to be clean.

However as I simply deleted it like a file as opposed to disinfect, could it still pose a problem.

The Combofix log is below:

ComboFix 08-09-10.04 - 2008-09-11 15:32:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2017 [GMT 1:00]
Running from: C:\Documents and Settings\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))
.
2008-09-10 06:47 . 2008-09-10 06:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-10 06:47 . 2008-09-10 07:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-09 19:31 . 2008-09-09 19:31 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-09-09 19:31 . 2008-08-27 18:44 250,544 --a------ C:\WINDOWS\system32\KeyHelp.ocx
2008-09-0... Read more

Answer:Trojan! (Combo Fix and HJT log inside)

The Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:37, on 11/09/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Z... Read more

2 more replies
Relevance 46.74%

Hi, I have a few trojans on my computer. downloader.Generic4.zqi, Generic5, Dialer.hye, and some others. Here's the hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 1:21:06 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,... Read more

Answer:Trojan help please. Hijackthis log inside.

13 more replies
Relevance 46.74%

Logfile of HijackThis v1.99.1
Scan saved at 4:47:51 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE
C:\Program Files\Common Files\AOL\1143059140\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\smanager.7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\smgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\DOCUME~1\JONATH~1\APP... Read more

Answer:I have a trojan, it gives me desktop pop-up ads...(HJT inside)

Bump <_<
 

2 more replies
Relevance 46.33%

Hello all,
 
My original post about this issue is here:
 
http://www.bleepingcomputer.com/forums/t/529210/cannot-access-certain-websites-possible-infection/
 
Since then, I have been able to browse some of those websites. But this is certainly not normal.
 
ComboFix log:
 
ComboFix 14-03-24.01 - Nietzsche Jung 03/28/2014  23:36:07.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8143.6317 [GMT -4:00]
Running from: c:\users\Nietzsche Jung\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-28 to 2014-03-29  )))))))))))))))))))))))))))))))
.
.
2014-03-29 03:39 . 2014-03-29 03:39    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-03-29 03:39 . 2014-03-29 03:39    --------    d-----w-    c:\users\Nietzsche\AppData\Local\temp
2014-03-29 03:39 . 2014-03-29 03:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-29 01:33 . 2014-03-29 03:33    94656    ----a-w-    c:\windows\system32\WPRO_41_2001woem.tmp
2014-03-29 01:23 . 2014-03-17 14:16&... Read more

Answer:Cannot access certain websites. Logs inside.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download MiniToolBox to Desktop and run it.Check mark the following boxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList last 10 Event Viewer logList content of HostsList IP ConfigurationList Winsock EntriesClick Go and copy/paste the log (Result.txt) into your next post.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.Let me know what problem persists.

7 more replies
Relevance 46.33%

My computer is an HP Pavilion dv5 2074 laptop with Windows 7, which I bought in 2010. Although its old, it has worked fine until the last few months. Now, when I start it in the morning its just like the day I bought it, but over the day it gets slower and slower. When I type in the browser, it takes 15 or more seconds for the letters I typed to appear. It then takes nearly a minute to fully download a website, I get the spinning circle spinning very slowly and starting and stopping multiple times before it completes each spin. Once a website is downloaded, the scrolling is excruciatingly slow. This happens on both Chrome and Firefox. I do have script issues. I found Javascript virus which I removed and I disabled Java. Ive used multiple antivirus, antimalware and antispyware and have found some PUPs, which I also removed. The computer now appears to be free of viruses, malware and spyware.

The area where the vents are located (on the left side of the keyboard, about an inch away from the monitor) and extending from there on the bottom almost to the middle, gets quite warm and the table underneath it also gets warm. The fan never turns on when this happens. The inside of the computer has not been cleaned out since I bought it. Im concerned that dust and dog hair may be preventing the fan from working. I obviously need to clean out the inside of the computer.

I tried to remove the keyboard yesterday, which is required to gain access to the inside of the computer. The... Read more

Answer:Can't get access to inside of computer to clean it out

I do have script issues. I found Javascript virus which I removed and I disabled Java. I&#8217;ve used multiple antivirus, antimalware and antispyware and have found some PUPs, which I also removed. The computer now appears to be free of viruses, malware and spyware.Click to expand...

i suspect the virus/malware is still an issue

I have moved to the virus/malware forum - read here http://forums.techguy.org/54-virus-other-malware-removal/

If the PC was getting too hot - it should shut down - i would not expect it to slow down

these may help with the dis-assembly

http://www.insidemylaptop.com/take-apart-hp-pavilion-dv5-laptop/

https://www.youtube.com/watch?v=FHKn6JnGLpM
https://www.youtube.com/watch?v=Wr1Ra1qxC74
 

1 more replies
Relevance 46.33%

lost the inside line to gateway.
408 273 0808

If I get the new laptop, I want the reinstall discs.

any1 have a # ?

Answer:no more access to inside line to gateway

Hello Carmine,

No need. The link below from Gateway can help show you how to create your own set of Gateway system recovery discs from the new computer.

Gateway Support - Create System Recovery Discs for the Applications and Drivers External Media in the Gateway Recovery Center

Hope this helps,
Shawn

3 more replies
Relevance 46.33%

Hi!

So we built a website with squarespace. We updated our DNS record with Network Solutions to forward to Squarespace's servers. So far, so good.

After propagation, everyone seemed to be able to access the new site except for people who work here.

Here's what's weird. Sometimes we can access the new site, sometimes we can't access it. When we can't access it, ktechonlinedotcom doesn't open but www.ktechonlinedotcom goes to our old page that our DNS is no longer pointing to.

Weird as well: I can ping and tracert the IP address of squarespace's servers just fine, as well as their text domain www.squarespace6.com from inside, even when the browser can't connect.

So, we thought, let's clear our server's cache and we should be good, right? That wouldn't explain the spotty connection to the new site, but it would explain the connection to the old site.

Cleared the cache and re-started the servers... same problem. Cleared the cache on the local computers, same problem.

So, why can't I access our new website hosted externally from inside our local domain but everyone else can. And why can I access the new website SOMETIMES for an hour or two and then it goes away for 4 hours?

Thanks for any help you can offer!
JF
 

Answer:I can't access our website from inside, we don't host it though

Ok, just an update for those reading. We set our outgoing DNS locally from one of our computers from Auto Discovery to google's servers (8.8.8.8 and 8.8.4.4) and we were able to reach the site just fine.

I think that tells us that there is a specific DNS redirect in our router for our website that is set to a static IP address. Once we open up the router and check, I'll let you know what I find.

JF
 

1 more replies
Relevance 46.33%

Hello,

I'm hosting a website (www.mm-theory.com) out of my home. I am able to get to my website from outside my home network but not inside. I'm wondering if someone can help me troubleshoot this.

I'm told that possibly the problem is that my router doesn't have "reflection" enabled, but I'm not 100% sure what that is or how to enable it.
 

Answer:can't access website from inside network

That's correct. Your router needs to support the ability to loopback. From your description, your router probably doesn't support this as this feature is typically not something you can turn on.
 

1 more replies
Relevance 46.33%

Hi Files calles winXX.tmp.exe keep popping up in my Windows/Temp folder. I've done various scans and some have found the problem and attempted to fix it, but it seems to keep coming back. any help is greatly appreciated.Also, this is a Dell Inspiron E1505 with integrated graphics. Which makes me wonder if I can get rid of these....C:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeLogfile of HijackThis v1.99.1Scan saved at 9:23:03 PM, on 01/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC... Read more

Answer:Winxx.tmp.exe Trojan (hijackthis Log Inside)

Hello,

Can you rename Hijackthis.exe to Analyse.exe
Then scan with Analyse.exe and post the log in your next reply (which will be a hijackthislog ofcourse)

2 more replies
Relevance 46.33%

I'm back again. Here's my current HJ log:

Logfile of HijackThis v1.98.0
Scan saved at 6:12:30 PM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Documents and Se... Read more

Answer:This Trojan Downloader won't delete...HJ log inside

I saw a link in someone's signature for something called Registry Cleaner. Would that help me out? Does it do it all for me? As someone who has no idea what is good and what is bad, would this tool be useful?
 

1 more replies
Relevance 46.33%

Hello everyone!

I came here with the hope that you may be able to help me. First, let me quickly sum up what happened:

Last night, I was on Myspace (MSN) and without doing anything, a security warning from Norton detected a trojan named "trojan.dropper.dll" it couldn't clean it, so it quarantined it. I then tried to get rid of it by restarting my pc in safe mode, I've de-activated the system restore feature and ran a full scan with norton, and deleted the file it detected. I've also deleted the quarantined infected files. I then proceeded to restart my pc, and re-activated system restore, but I get a bizarre window every time I start my computer from now on, saying I've typed (something in symbols) and the only option is to click on ok...So, I've run hijack this to find out what's going on and this is what the log says:

Logfile of HijackThis v1.99.1
Scan saved at 21:17:36, on 03/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.e... Read more

Answer:trojan.dropper.dll (hijack this log inside)

OK Tonight, I've got other problems. I've run the eTrust antivirus and it has detected Win32\swizzor in C Program files Adverts - file name: uninst.exe
but I can't go any further than that, because at some point my AOL connection stalls and crashes.

I also took shots of the 2 warning messages I get as I'm starting Windows (starting my pc) but I don't know how to post them here so I'll write what it says:
First error window: "Windows cannot find (something in symbols) Make sure you typed the name correctly and then try again. To search for file, click the start button and click search"
the only option is to press ok, so at this point I press ok, and a second window comes up saying:
"could not load or run (something in symbols) specified in the registry. Make sure the file exists on your computer or remove the reference in your registry."

19 more replies
Relevance 46.33%

Im having this problem with my XP Pro (sp2), but it seems none give me a heads up on this.
I know my machine has Trojans, but I cant seem to remove them .
(Explorer wont run on startup, but I work theough internet explorer offline.)

Other post here :
http://forums.techguy.org/windows-nt-2000-xp/592094-windows-no-disk-error-c0000013.html

Adaware found the problems below, and currently running SuperAntiSpyware in safemode.
(It has found so far Mezzia Trojan, Hiltquitlt, Winfixer, Downloader-Win/GH and Unknown Origin)
(EDIT: Maybe SAS will fix my problem, just started using it now..)

Anyway HijackTHis log below also.

Please help, I desperate.

scan 1

DWARE.YAZZLE

obj[22]=File : C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
obj[24]=File : C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

PURITYSCAN

obj[23]=File : C:\RECYCLER\S-1-5-21-1177238915-602609370-725345543-1003\Dc252.exe

OTHER

obj[25]=File : C:\WINDOWS\prefetch\YAZZLE1162OINADMIN.EXE-04B49B8B.pf
obj[26]=File : C:\WINDOWS\prefetch\YAZZLE1162OINUNINSTALLER.EXE-1CF2C10F.pf

scan 2

ADWARE.YAZZLE

obj[1]=File : C:\System Volume Information\_restore{29FAEDFF-1E98-4036-B206-A43A7AC0C6FB}\RP314\A0... Read more

Answer:Solved: Help : Trojan (s) trouble – HJT ++ log inside

14 more replies
Relevance 46.33%

Won't let me into my start menu and all sorts of annoying crap.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:22: VIRUS ALERT!, on 9/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Prime95\prime95.exeC:\WINDOWS\system32\PSIService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\... Read more

Answer:Trojan Horse Generic_c.mfd -- Hjt Log Inside

Hello rwhbyuWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

1 more replies
Relevance 46.33%

Norton found the Awax.Trojan (http://securityresponse.symantec.com/avcenter/venc/data/trojan.awax.html) on my computer. It was unable to delete it or quarantine it though. The computer is running hella slow (on a different one now). I tried following Norton's removal instructions.. but they are not working, and I do not have a system recovery CD.

I was able to get a hijack this log of my PC though. I would appreciate any help/advice SO much.
P.S. Just made a donation

Logfile of HijackThis v1.99.1
Scan saved at 9:32:43 PM, on 6/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVir... Read more

Answer:I have the Awax.Trojan. Can someone help? Hijack log inside..

Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
==============

Sorry - HiJackThis is runing from a temp directory and must be moved to run correctly

Click here to download HJTsetup.exe:
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents ... Read more

1 more replies
Relevance 46.33%

Alright, first some background info on what's wrong. I got infected with a trojan 2 days ago and I have been running AVG, Vungo, HJT, Norton, SAS, Avast, Spybot, etc.

I seemed to have gotten rid of the popups that were occuring and whatever was having my windows be constantly de-selected, but I still am having network problems. Whatever the trojan is, it is blocking access to the "F" drive my other computer.

Yes, I triple checked to make sure the drive is shared. Also it is blocking World of Warcraft access to the "realmlist.wtf" file which allows me to log online.

So unless I'm mistaken the Trojan has to be blocking access to my network because it was working fine before this whole incident started. I'll post my HJT log and if you want I'll re-run SAS and Vungo and post those if you wish.

Oh, also Avast keeps telling me this trojan keeps trying to start, and probably is already. This is why I came to the conclusion of a Trojan Downloader. It's called "Trojan-Downloader.Win32.Tiny.ii "

For now here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:28 PM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOW... Read more

More replies
Relevance 46.33%

hello. i read the rules and hope that i am able to ask this question. i have used this site before to uninstall malware, but i believe i now have a trojan.
this is the message that came up on my virus scan.


here is the hijackthis log

please help me to clean up my computer.

thank you!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:25:56 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
... Read more

Answer:trojan today! hijack this log inside.

i just went into my msconfig and checked all the items i had unchecked so it would give a more accurate reading for you all.

any help is appreciated.
thank you.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:03:24 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program F... Read more

2 more replies
Relevance 46.33%

Here's my hijack log...

Logfile of HijackThis v1.99.1
Scan saved at 10:31:16 PM, on 10/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real... Read more

Answer:Trojan.Vundo Virus, log inside...

Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and double click on KillVundo.bat
You will first be presented with a warning.
It should look like this
VundoFix V2.xx by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue.... Click to expand...
At this point press enter one time.
Next you will see:
Type in the file path as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.Click to expand...
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\mljjh.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
Please type in the second file path as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.Click to expand...
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\hjjlm.*

Press Enter, then press the F6 key, then press En... Read more

1 more replies
Relevance 46.33%

Avast Anti-virus found the trojan, so did pest patrol which managed to delete alot of files I think might have been associated with it.....anyway, I tried deleting it and repair which temporarily worked but it always came back. How can I get this off my parent's computer?

BTW, for some time now, I can't seem to get any virus scanner or spyware remover to run at startup? Even if they offer it and ask me to do so, it never does. A while ago I think a trojan or virus got in and wrecked my Win2k PC, I installed winxp and to my susprise it didn't reformat everything and instead just installed right next to it, but the problem didn't exist anymore....perhaps the start up problem is related? Welll that was another concern but the main one is this virus.

Anyway, Here is the hijack this log. Thx for the help!

EDITED: Updated my hijack this copy and this is the updated log as requested below, the post below is the same log as this and you can skip the second post I made in this thread:

Logfile of HijackThis v1.98.2
Scan saved at 8:09:22 PM, on 10/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Softw... Read more

Answer:I have win32:Trojan-Gen{UPX!} and need help getting rid of it, Hijack this log inside

10 more replies
Relevance 46.33%

Hello Group, thanks for reading.

I would GREATLY appreciate it if someone can help me on this. I run Norton 2005 / Zone Alarm pro / Windows Washer 5.0 and daily use MS Giant antivrus,Ad Aware and Spybot S&D - all updated. Squeky clean - always. However, those two listed above will not for the life of me go away, they just keep re-appearing every 10 minutes, MS Giant catches them even after quarentine / removal.

Also - Windows Security Center keeps popping up detecting 'suspicious network activity'

Screenshot ---> http://img244.echo.cx/img244/6900/trojan8zq.jpg

Hijackthis:
-----------

Logfile of HijackThis v1.99.1
Scan saved at 9:27:27 AM, on 5/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Pro... Read more

Answer:Spyware.65 / Trojan.Z - log and screenshot inside

... please, anyone?

2 more replies
Relevance 46.33%

I too have fallen prey to this $&^%#& thing.

Below is my log for HijackThis.

Any help is appreciated!!!

Logfile of HijackThis v1.97.7
Scan saved at 10:43:27 PM, on 10/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet E... Read more

Answer:Help! Trojan.vundo (Log posted inside)

11 more replies
Relevance 46.33%

Hello, and thank you kindly for looking over my log. I've been receiving notifications from my anti-virus of several trojans found but I'm a little confused at which one it is exactly. By what I've read on other users' thread it looks like that Vundo virus. With the pop up ads and whatnot. I've done all the steps on the preparation guide that led me here, and I'd like some help from one of you talented lifesavers. HiJack This Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:16:33 AM, on 10/28/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\New Boundar... Read more

Answer:Trojan and/or Vundo Infection, HJT log inside

Bump, please help!

2 more replies
Relevance 46.33%

Norton successfully quarantined the infected files.

Logfile of HijackThis v1.99.1
Scan saved at 4:15:44 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Krista\Desktop\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f456.mail.yahoo.com/ym/login?.rand=0hkcri031v9tj
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?L... Read more

Answer:Solved: Trojan.zonebac - HJT log inside

7 more replies
Relevance 46.33%

I ran MBAM and the internet pop ups stopped coming as i started by computer. but they still come while i'm on a browser, and my browsers are constantly crashing at random moments. my games also crash after 15 minutes or so. help!Logfile of random's system information tool 1.05 (written by random/random)Run by Mark Brictson at 2008-12-22 00:24:58Microsoft Windows XP Home Edition Service Pack 3System drive C: has 68 GB (29%) free of 238 GBTotal RAM: 1791 MB (61% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:27:27 AM, on 12/22/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:�... Read more

Answer:Please help me! (vundo trojan and others maybe)! Log information inside!

Ok well before anyone does any hard work, I just ran another MBAM quickscan and found more vundo trojans. I hit 'Remove Selected' and it did so without having to restart (which it had to last time). I went to www.mail.yahoo.com to see if it worked (my browser would always crash on that address), and no problems!

ima runs some games and see how things go. thanks for all the help, great site!

EDIT: No wait, things still may be bad

2 more replies
Relevance 46.33%

Logfile of HijackThis v1.99.1
Scan saved at 10:33:45, on 29/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ACTIV Software\ACTIVdriver\ActivDRVservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ahead\Nero\Misc\NeroSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\b... Read more

Answer:Win32:Trojan- gen found HJT log inside Please help!!

hi, welcome to TSG.

you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!

Comodo firewall. Sign up it's free!

http://www.personalfirewall.trustix.com/
Threads on comodo!

http://www.wilderssecurity.com/forumdisplay.php?f=31

go to start/run/type msconfig/tick the radial dial selective startup/click
the startup tab/check all the boxes that are unchecked, click ok and then exit and reboot your computer
!
Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php

Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Close AVG Anti-Spy... Read more

3 more replies
Relevance 46.33%

My question is a security question.
If someone has a file on his/her computer that contains personal/secure information, for example a text file that contains passwords and account numbers, or an audio recording of a conversation where account numbers and passwords were spoken out loud...  Is it possible for fragments of the secure file to end up getting stuck inside of another file or group of files on the same pc...making it possible for someone to reconstruct the secure file from the fragmented pieces and/or view its original contents?  Or could it be possible even for the entire secure file to somehow end up inside of another larger file on the same computer...making it easy for someone to view the secure information....(by the way I only used a text file or an audio file as an example...it could be any file containing secure data)...My simplified concern is this...If you have a file that contains information that you want to keep secure...is there anyway that pieces of this file, if not the whole file it self, could end up inside of another file or a group of files on the same computer that the file containing the secure information was created on?...thus making it a security risk to even share mp3s on a computer that ever had any secure information on it...since maybe there'd be a change ur credit card numbers and passwords might somehow end up in one of those mp3s that ur sharing in a peer to peer file sharing program online.....or do things not work like tha... Read more

Answer:Can a File somehow end up inside of another file/files

It all depends on the program you are using to access the files. For example, Windows (starting from XP) creates a hidden file thumbs.db that contains thumbnails of all the images inside a folder. If you delete the original pictures through some other program or command line, and do not open the folder in Windows Explorer, this file still stays there. If you share the folder, this file gets shared too. Your information gets leaked.
 
If you use a computer for banking online or shopping online (any kind of financial transaction), then do not ever use that computer for P2P file sharing.

1 more replies
Relevance 46.33%

I have a jar file that contains a Java class and a txt file. My program can read from the txt file (using URL) but does anyone know how I can write to the txt file? I need it to overwrite what is already in there each time. Thanks
 

More replies
Relevance 45.92%

I have received an mail that has a RAR attachment. The contents of the email are such that it can only have been written by someone who knows me, i.e. its not been generated automatically and the suggested contents could be useful to me. Unfortunately my reply to him bounced as his email company saw me as spam. Is there any way I can view the contents of a RAR file without actually opening it and possibly exposing my PC to some sort of nasty surprise?

Answer:Looking inside a RAR file

I wouldn't risk it.
"Unfortunately my reply to him bounced as his email company saw me as spam"
So is this someone you normally have no problem emailing? Seems funny if suddenly your emails are seen as spam. Have you tried sending a plain text email with no attachements to him?
This info might be help you decide about opening it click here

6 more replies
Relevance 45.92%

i dont know if anything is wrong with my PC but some weird stuff is happening like cable modem starting to run very slow when watching video. also, could someone tell me if i have 2 antivirus programs running at the same time. thanks all

Logfile of HijackThis v1.99.1
Scan saved at 5:35:16 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Viewpoi... Read more

More replies
Relevance 45.92%

Just a quick question, is there an application to sort through the contents of an .exe file? And will it just display coded gibberish? What sort of language are .exe files written in? Is is possible to edit .exe files? Sorry, questions, questions....Thanks ;)

Answer:How can I look 'inside' an .exe file??

I would think open with notepad or editor.

5 more replies
Relevance 45.92%

Good day! It's my first time to post in here. I just "googled" my problem and they brought me here.

As what the title says, I cannot access any Microsoft sites. Here's the copy of the Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:41 PM, on 5/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Vimicro\Vimicro USB PC Camera (VC0332)\x86\VMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\SilentSoftech.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKC... Read more

Answer:Cannot Access Microsoft Website [HijackThisLog inside]

*BUMP*
 

1 more replies
Relevance 45.92%

Windows defender popped up and said I had this trojan, it "supposedly" removed it but my computer is still acting SLOW.

Here's the hijack this log. Thanks in advance for your help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:10:15 AM, on 1/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wirel... Read more

Answer:Trojan: Win32/Alureon.FK - hijack this log inside

16 more replies
Relevance 45.92%

Hey All,

I posted this in the wrong forum because I was going too fast and am a tool -If anyone knows how to move the thread please feel free:

http://forums.techguy.org/t338803.html

and here it is if that link doesn't work..
--------------------------------------------------------------------------
SO.. I am using the free version of EZ antivirus from CA. It says it deletes the thing - scans and shows no virus(s) then when I open up IE it crashes and says that it has deleted C:\WINDOWS\system32\drivers\lzwnoejj.sys and Virus Name: Win32.Golid and File Infection c:\\WINDOWS\system32\drivers\lzwnoejj.sys is Win32.Golid trojan Deleted. I can scan..Virus Info.. or close.. and neither option gets me anywhere.

I have run seach and destroy more times than I can count. It always found blazefind something - I deleted what it found..I ran microsoft spyware - It finally ran clean - I have an unregistered NoAdware that said 75 registry things were poop - but I can't clean them because It's not registered..I delete everything the programs say to but this sucker won't go away.. Any suggestions?

Here's my log.. I don't know much about this but I think the BHO's are bad and deleted one but it came back..

Logfile of HijackThis v1.99.0
Scan saved at 9:34:08 PM, on 3/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WI... Read more

More replies
Relevance 45.92%

I've recently installed Auslogics Visual Styler to configure the desktop icons on my laptop. During installing, there was an option if I wanted to make a desktop shortcut to go to Ebay for updates so I ticked it on for no purpose except surety that I acquire all services. After installation, the system has been lagging off considerably and drags windows. Taskman shows erratic performance. So I ran a full system scan using Malware Bytes and it found one infected item: trojan.agent in Ebay desktop shortcut.It was removed and cleaned.But it puzzles me. How in the world did it get there in the first place? I've had this same incident twice, when I was downloading a bunch of anti virus & malware from download.com. My laptop doesn't have internet connections, so I get the downloads from the public internet cafe with a USB, and it has AVG as the AV tool. I also scan that usb upon plugging it to the laptop.Can a malware/virus/worm really hide inside an installer application so it goes undetected until it's installed?

Answer:trojan agent found inside application

Absolutely. you've witnessed it.
If your AV software is set to perform real time file monitoring, it "should" detect it during the install routine before it actually gets installed. The downside of that is that it too can slow your system down and can screw up an otherwise perfectly legitimate install through mis-identification. I'm not familiar with that program but if the e-bay thing is for auction monitoring or something, I could easily see why it could be identified as a trojan even though that might not be it's purpose.
In any case. you're not the first person to run across this with apps from download.com. Happens alot and I avoid it like the plague. The same things can always be gotten elsewhere.

4 more replies
Relevance 45.92%

i tried deleting all the "res://" but for some reason it keep son popping up

help

Logfile of HijackThis v1.97.7
Scan saved at 14:21:49, on 27/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\cwcdata\smonitor.exe
C:\Program Files\Winad Client\Winad.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winad Client\WinClt.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\program files\steam\steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aaron\Application Data\tona.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\abz.exe
C:\Program Files\Hewlett-Packard\AiO\hp o... Read more

Answer:PC running slow due to trojan/spyware, Log inside

15 more replies
Relevance 45.92%

Hi TSG forums,

This happened recently, I'm not sure if it was from visiting a site or installing a stupid phony windows update exe (was trying to find fixes for my iPod not being recognized by Windows), and I've done a few things so far. I've scanned and removed a ton of files (Trojan, Hijacker types in c:\windows, \system32, etc) with both AVG Anti-Spyware (Ewido) and Symantec Anti-Virus in both safe-mode without networking and normal bootup mode.

I've turned off System Restore (not sure if it matters, but both AVG and Symantec kept finding files in C:\SystemVolInfo with some hint of having something to do with systemrestore. At the moment, Symantec is not picking anything up anymore, so I've uninstalled it, and AVG is only picking up 'Tracking.Cookies', no malware or trojans. But I'm sure that there's something still here; Windows starting-up and loading takes noticeably longer, from time to time random IE pages will start up, etc. Also, in all my history of dealing with viruses and whatnot, I've NEVER encountered something that happened to me yesterday, a random audio file started playing out of no where, no processes present in task manager, or anything visibly open. However, thankfully that's stopped for the time being.

Also, something odd called "Command" popped up on my add/remove programs yesterday, guessing it was some sort of malware since when I tried to remove it, it brought me to some website. ... Read more

Answer:Trojan and Hijackers Present (Hijack log inside)

Also, here is my combofix log:
ComboFix 07-10-11.8 - Anthony 2007-10-11 1:19:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.662 [GMT -4:00]
Running from: C:\Documents and Settings\Anthony\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\dlpxmdpm.ini
C:\WINDOWS\system32\m7
C:\WINDOWS\system32\m7\disrven2.exe
C:\WINDOWS\system32\mpdmxpld.dll
C:\WINDOWS\system32\q21
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\qtvwa.tmp
C:\WINDOWS\system32\qtvwa.tmp
C:\WINDOWS\system32\w1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))
.

2007-10-11 13:05 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-11 12:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-11 12:54 <DIR> d-------- C:\Documents and Settings\Anthony\Application Data\SUPERAntiSpyware.com
2007-10-11 12:52 106 --a------ C:\d... Read more

2 more replies
Relevance 45.92%

so heres the deal, basically i was on the net and norton started going crazy saying i had a trojanhorse virus, than when i looked on my desktop there were two new icons. i tried to delete them but they would just come back, there is also a new connection in my network connetions folder, which is constantly trying to connect even when modem is off. if im connected my comp just starts sending shitloads of symantec mail. how can i get rid of this???? heres my highjackthis logfileLogfile of HijackThis v1.99.1
Scan saved at 9:15:07 PM, on 6/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\christopher\Application Data\Microsoft\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\christopher\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.... Read more

Answer:please help, i think i have a trojan horse (hijackthis logfile inside)

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

2 more replies
Relevance 45.92%

Hi,

I have already read the tutorial, downloaded all the programs and gone through all the steps and I am posting the hijack this log as a last resort. Ad-Aware SE detects Downloader.Agent.Al, removes it but it always comes back. I'm also getting the about:blank homepage problem. Also I cannot open My computer, or any folder from the desktop, instead I have to use internet exploer and type in c:\ for example to open c:. Please help I don't knwo what to do, in this log the malicious files causing the problems are:

C:\WINDOWS\system32\netxh32.exe
C:\WINDOWS\wincq.exe

, however after I delete these and get rid of them, 2 new files will come up taking up the same amount of ram and doing the same things.
Also, every time I start windows, my browswer opens up (this is how i can always tell I'm still infected. I also was, but not anymore getting a AVG warning about a qzpxp.dll file when I opened internet explorer and it told me it was some sort of trojan. Please help I don't knwo how to get this damn thing off my computer!!!!!

Here is the log:

Edit by chaslang: Unrequested inline log deleted.
 

Answer:Trojan help! Probably Downloader.agent.al HIJACK log inside

First:

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

Now run HJT from there. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

Second:

Please close ALL browsers when using HJT!


Third:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doin... Read more

47 more replies
Relevance 45.92%

I had just removed a bunch of trojans using malwarebytes and avg antivirus. I didnt have a desktop and toolbar or a while but found the registry that I had to fix. Reran malwarebytes in safemode and didnt find anything. Also ran avg in safemode with autofix on. I am just checking to see if I missed anything, I most likely still have some malware on the comp or at least I feel like its not all gone. But to keep me sane and my paranoia on the bay, I'm hoping you guys can help me out! Thanks a lot in advance!! Here are my logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:54 PM, on 6/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe ... Read more

Answer:Just removed Trojan, HiJackthis and malwarebytes log inside.

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 45.92%

Hi, i've recently aquired a virus which i cannot get rid of. i randomly see my mouse start to move, click the start menu icon and run programs such as paint, notepad and calculator. Could you look through this hijackthis.log and tell me what to do to get rid of it. Thank you.

<><><><><><><><><><><><><><><><><><><><><><><><><><><>

HIJACKTHIS.LOG

Logfile of HijackThis v1.99.1
Scan saved at 6:24:52 PM, on 13/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Daemon\daemon.exe
C:\Program Files\CyberLink DVD Sol... Read more

Answer:i'm 99.9% sure i have a trojan horse virus, please help. hijackthis log inside

7 more replies
Relevance 45.92%

Nothing is noticeably messed up, I just keep getting loads of trojan and "Unwanted program" warnings from AntiVir and Windows Defender... But yeah, this is my HijackThis! Log. Anyy help would be much appreciated :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:30 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui .exe
C:\Program Files\D-Link\AirPlus G\AirGCFG .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Winamp Rem... Read more

Answer:Trojan infestation, driving me crazyy... Log inside

I don't mean to bump but things are getting worse and I'm getting loads more pop ups and warnings :/

2 more replies
Relevance 45.51%

Hi,

I am setting up a backup system for my pc, backsup to a remote machine via ftp. The files to backup will be compressed into a zip file and then backed up to the remote machine. My question is, if my pc gets infected with a virus and those files backed up to the remote machine, will the virus infect the remote machine as well ? (if the files are not unzipped on the remote machine & both machines running on windows Xp pro). Appreciate any help or suggestions in this.

Regards
Sudhi

Answer:Virus inside a rar or zip file

No, malware inside a ZIP or RAR file can't infect a machine, unless you extract the malware (and execute it).

So in your case, the simple fact of storing a ZIP backup on a remote machine will not infect that remote machine.

That's why malware researchers share malware samples in password-protected ZIP files.

2 more replies
Relevance 45.51%

I was referred to start posting on this forum with my logs. I'm not quite sure what's wrong, but I'll assume one of you wonderful people will.if you need any background information it's all included here: http://www.bleepingcomputer.com/forums/t/263302/not-able-to-run-hjt-or-any-anti-virus/and I'm not able to get DDS or HiJackThis to run at the moment, I can't download from this computer (it disappears.) and my fiance' isn't here to download from his.here are the logs from the other forum.From a comand prompt:Volume in drive C is COMPAQVolume Serial Number is 70BB-FF3BDirectory of C:\Windows\ERDNT\cache04/11/2009 02:28 AM 177,152 scecli.dllDirectory of C:\Windows\ERDNT\cache04/11/2009 02:28 AM 592,896 netlogon.dll2 File(s) 770,048 bytesDirectory of C:\Windows\System3204/11/2009 02:28 AM 177,152 scecli.dllDirectory of C:\Windows\System3204/11/2009 02:28 AM 592,896 netlogon.dll2 File(s) 770,048 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e11/02/2006 05:46 AM 176,640 scecli.dll1 File(s) 176,640 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f1201/19/2008 03:36 AM 177,152 scecli.dll1 File(s) 177,152 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e04/11/2009 02:28 AM 177,152 scecli.dll1 File(s) 177,152 bytesDirectory of C:\Win... Read more

Answer:Peek.bat file inside

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

3 more replies
Relevance 45.51%

Logfile of HijackThis v1.99.1
Scan saved at 12:01:59 PM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\WINDOWS\CDProxyServ.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\ItBill\itbill.exe
F:\New Programs\ITunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
F:\New Programs\iPod\bin\iPodService.exe
F:\New Programs\ITunes\iTunes.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\owner\Desktop\Misc\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/killola/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Softwa... Read more

Answer:MOVIELAND!!! Please help... log file inside

8 more replies
Relevance 45.51%

Major things happening the last few days. 1) insufferable amount of pop-ups (IE powered by Comcast) 2)over 100 shortcut messages (EXAMPLE: MORZE5.lnk refers to a location that is unavailable) at boot-up that have to be clicked through. I do see these on the HJT log and know you will know how to help. 3) Computer crashes, blue screen, white screen, you name it, several times a day.
What I did BEFORE I ran this log. I updated Adavare 6 and ran then deleted all it said, then ran spybot and that was all clear.
Here is the HJT log:Logfile of HijackThis v1.97.7
Scan saved at 10:49:36 AM, on 4/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
C:\WINDOWS\WBLCG0L5.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\... Read more

Answer:PROBLEMS HJT log file inside

16 more replies
Relevance 45.51%

We are supporting business offices systems running Windows 7 SP1 in 64 bit. System RAM is 16GB and HD is 200GB.
In one of the partition (Drive F), a folder appeared (Aug 19, 2015), the folder name is 973d3e99d0b18144c2ffb4c55570d78a (we can change it to junk or some such). Inside it has a cabinet file called SFX.CAB created same date and file size is 0.
Can you please tell me what this is? and should we remove it?
Thank you

More replies
Relevance 45.51%

Hi i am using windows vista ultimate 32 bit and yesterday my computer went incredibly slow for seemingly no reason so i opened task manager and saw that my CPU usage was at 100%,after looking through the list of processes to see what was being such a resource wh0re, i couldn't see any processes that were using alot of cpu power so i downloaded "Process Explorer" and found that my problem was something called "Hardware Interrupts" which was (and still is) using 88-100% of my cpu how can i fix this problem? PLEASE help as i am completely stumped by this one.oh,and by the way,the 100% cpu usage is constant from the minute my PC is turned on,even with no apps running it stays at a constant 100%.

Thanks,
Tom

Here is my log file:
Deckard's System Scanner v20070328.36
Run by Tom on 2007-04-07 at 21:57:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
12: 2007-04-06 20:49:00 UTC - RP59 - Installed DriverMagic
11: 2007-04-06 14:00:46 UTC - RP58 - Installed Driver Detective
10: 2007-04-06 10:00:24 UTC - RP56 - Restore Operation
9: 2007-04-06 08:51:57 UTC - RP55 - Windows Update
8: 2007-04-05 23:19:12 UTC - RP54 - Restore Operation


-- First Restore Point --
1: 2007-04-04 09:51:03 UTC - RP47 - Removed Autodesk DWF Viewer 7


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Tom.exe) ------------------------------------... Read more

More replies
Relevance 45.51%

multiple cd's stuck inside computer and cannot access 

More replies
Relevance 45.51%

Hi there ! , season's greetings !! Scenario -- I am in a "safe" web page site and wish to delve deeper , by clicking on a "link" in that web page.I get a "ker Gloomp" sound ( that's the best I can do !! ) , once only , and I am unable to advance to that link. My ISP suggests it could be my Anti - virus programme --- Avast , have fiddled in there, but drawing blanks . It seems to have a mind of it's own when it comes to what will be allowed !!ie inconsistentCheers , Redlegs (Adelaide , Sth Aust)

Answer:Unable to access web page links inside "safe" web

Does a thin yellow band appear just below the toolbar? If so, click it - SP2 is blocking pop-ups.

2 more replies
Relevance 45.51%

I am posting to help a friend who cannot access email or any secure sites for that matter. He has run Norton, adaware, S&D, and (ewidio which cleaned out everything except for hijacker.agent.ac)

Any help you can provide is deeply appreciated:

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:59:14 PM, on 8/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Norton In... Read more

Answer:Can't access secure sites (hijacker.agent.ac) HJT log inside

11 more replies
Relevance 45.51%

Bought a Lenovo T61 laptop with Win 7 Pro from craiglist.
Windows Updates, Internet etc. works fine.
Didn't get any 'Copy may not be genuine, victim of counterfeting' popup.
But the Activation section under System Properties is missing.
When I tried running slui.exe, it says Access Denied, even though the file is there in system32.
I tried switching to Hidden admin account, no use.

MGA:

Code:
Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-MV8MH-98QJM-24367
Windows Product Key Hash: wgci5Gdejx4esg7++zTOe3LWF+4=
Windows Product ID: 00371-OEM-8992671-00437
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {9295C61D-A62C-4558-A7C4-06402A0D38AA}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.130505-1534
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Resul... Read more

Answer:Win 7 activation N/A. slui.exe Access Denied. Genuine? MGA inside

I think you have a definite cracked copy, I think from what I have seen it has had Remove WAT used on it (remove windows activation tech). Would not recommend bying from places like that. Sorry for your probs.

9 more replies
Relevance 45.51%

I am posting to help a friend who cannot access email or any secure sites for that matter. He has run Norton, adaware, S&D, and (ewidio which cleaned out everything except for hijacker.agent.ac)

Any help you can provide is deeply appreciated:

Here is the HJT log:

Edit by chaslang: Inline log removed
 

Answer:Can access secure sites! cam(hijacker.agent.ac) HJT log inside

Welcome to Majorgeeks!

Please do not post any logs inline! And before posting a HijackThis log, standard cleaning procedures must be followed.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
HijackThis

NO... Read more

1 more replies
Relevance 45.51%

I downloaded an app that lets me capture images and record video files. But the app itself only allows transfer of those files that are below 50mb (videos are huge). Is there a way to access those files ? The developer only allows transfer through dropbox,onedrive and ftp (only onedrive works) and all of those options require file size of 50mb or less.
Is there a way through developer account or anything?

More replies
Relevance 45.51%

Hi everyone,

I had a folder on my desktop with some zipped files in it and I wanted to unzip them inside of the sandbox of the program sandboxie. I moved the folder to C:\Temp\Sandbox\HP_Administrator\DefaultBox\user\current

After I moved the folder and tried to open it, access was denied. I used the program "unlocker" to move the folder back to my desktop but access is still denied. The folder properties says the folder is empty, but when go to my C drive and click on the properties, the hard drive free space is showing a size that suggests the data is still on the drive, but I cannot find or access it.

I used the "everything search engine" http://www.voidtools.com/ and when I search for the file names, they show up in the search results inside of the correct directory / folder, but they show a size of zero and I cannot access them or even click on them to obtain their properties.

I tried to restart the computer (probably should have done this) and it did not help.

Can anyone tell me what may have happened or how I might get this data back ? If I cannot get the data back, my hard drive free space has been reduced by the size of the data in the folder, can I at least get the hard drive free space back ?

Thanks
John
 

Answer:Moved folder and now I cannot access it or find data inside

I was able to recover the data using "minitool power data recovery free".

However, the "missing data" is still on the hard drive somewhere and it has reduced the amount of free space on my drive by double what the original file sizes were (the size of the recovered data and the non accessible data).

I can try to delete the non accessible folder on my desktop with "unlocker" but the folder shows a size of zero. I'm not sure it would get the free space back on the drive.

Does anyone have any suggestions for how I can delete the missing data and regain the free space on the C: drive ? If I cannot ever access the missing data to delete it, will this likely hurt anything ?

Thanks
John
 

1 more replies
Relevance 45.51%

it says ur computer's efficiency slowed down by 47% and internet download tooo.....says infected by PSW.x-Vir trojan...trojan entered through back door.... plzzzz help.....
 

Answer:help removing PSW.x-Vir trojan....its a yellow triange with an exclaimatio inside it.

16 more replies
Relevance 45.51%

Hello!
 
Every month, I scan my computer just in case i had a virus, using "deep scan". I have the clasic "pack 3" (Avast free, Free Comodo firewall and Malwarebytes Premium),  so i scanned with those.. well, only with avast and malwarebytes. They didn't find nothing bad.
I found another Scanner ( Kaspersky Security Scan ) to scan a last time, "just in case" again, but it found 1 trojan:
 
Kaspersky Security Scan
HEUR:Trojan.Script.Agent.gen
- C:\ProgramData\InstallShield\Update\isuspm.ini
 
Is that a real virus/trojan? or a false positive?
 
The computer doesn't have any typical problem ( slow, pop ups, or weird behaviors)
 
After that, i scanned again with tdsskiller in safe mode but it didn't show nothing bad.
 
 
What should i do?
I had Windows 10, Avast free, Free Comodo firewall, Malwarebytes Premium
Thanks!

Answer:HEUR:Trojan.Script.Agent.gen inside isuspm.ini ?

Heur...heuristic....meaning something about that file caused Kaspersky to point to it as possibly malware.
 
I doubt that it is malware as the INSTALL SHIELD UPDATE is a legit program. If you are not experiencing well
known malware or adware issues I would suggest considering it a false positive.

3 more replies
Relevance 45.51%

Hi everyone,I dont want to just delete system files and end processes on my own. I don't want to mess anything up. Norton antivirus finds it but cant fix it and housetrend antivirus doesnt detect it. I have used adware but cant install spybot. I dont understand why norton didnt pick it up because of autoprotect though. I hope to install a different antivirus after this gets fixed (after removing norton) and a firewall.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:08:40 PM, on 1/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\StartupMonitor.exeC:\Program Files\PowerMenu\PowerMenu.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\CyberLink\Shared files\Ric... Read more

Answer:Trojan Smss.exe Inside Of Windows\system32\exec2.exe

Hello viperguts and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware inthe log. It is clean. smss.exe is a valid Windows file. The one showing int he log is the correct one.Let's try a different scanner and see if that shows anything. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - Software Policy Settings
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.Cheers.... Read more

19 more replies
Relevance 45.1%

Logfile of HijackThis v1.98.2
Scan saved at 6:29:52 AM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\nacqzagb.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\... Read more

Answer:Serious help needed!! (log file inside-very long)

bump

thanks

2 more replies
Relevance 45.1%

Without using any Nero or file burning software, can Windows XP itself supports simple file copying to disc. Not that I know of, but i have a user who can do these.

1. select a file, right click and press SEND TO the burner
2. simply copy and paste the file to the burner
3. reopen a file on a disc, edit it, and then can save it back onto the disc.

Strange, anyone welcome to comment. Thanks.
 

Answer:File burning inside Windows XP only

10 more replies
Relevance 45.1%

are keyloggers part of a program or can they be tiny like viruses. also can i keylogger or a threat be in a .dll file

Answer:Can a keylogger be inside of a file smaller then 3mb?

Well - designed keylogger can fit in few hundreds of bytes. And of course dll can host it.

2 more replies
Relevance 45.1%

I picked up some spyware. The communicator toolbar and also I have a lot of text double underlined and hyperlinked while browsing the internet.

Thanks,
TimS

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symante... Read more

Answer:Communicator Toolbar and More - hjt log file inside

Hi TimS -

If you had followed through on your last thread here we may have avoided another round of cleaning. Please see this through to the end, where you will be given valuable protection information once your system is clean.

I'm going to have you run some scanning tools first, then we'll go after whatever is left.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool ... Read more

1 more replies
Relevance 45.1%

So I downloaded some program off of Limewire and now everything is messed up. When you try to open internet explorer its very slow. It goes to the homepage and then a bunch of pop ups come. I also get error messages such as microsoft C++ buffer underrun error. The popups are like this...http://www.interracialsingles.net/in...D1909&opt=6943 or CID Popups and others. also my desktop background is just the white error that says restore to active desktop I click it and get another error message. How do i fix all this. Am i gonna use Hijackthis and Combofix?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:52, on 2008-02-04Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService... Read more

Answer:Bunch Of Different Virus's Hjt File Inside

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

19 more replies
Relevance 45.1%

https://drive.google.com/open?id=1BJhjrNSaa6rIpQW1d4R_7aFvTuC0Czqx

google file of the .dmp, just started happening 2 days ago after an update so i'm assuming it's software related, doesn't happen constantly, sometimes i can go hours without blue screening, get a DPC watchdog violation when i let it error report

The bugcheck was: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000). 

More replies
Relevance 45.1%

I have a fairly large Fortran 77/90 & C program, compiled using Compaq Visual Fortran 6 & Microsoft Visual C++ 6 under Win XP.  On a particular test case it generally executes ok when invoked outside a batch file, but always fails when invoked from a particular batch file.  It stops on a Fortran 90 Allocate statement, but does not return the STAT result coded into that statement.  Seems to relate more to how much storage has been allocated rather than to the particular array being allocated, because I can reorder the allocation of different arrays and the stop does not occur on the same array.Although this is a large body of code, the test case is small and should not be requiring a large amount of allocated storage.I have tryed cutting the batch file down to just the statements that occur before invoking the EXE file (which are SET /P, ECHO, COPY, DEL, IF EXIST), then running the truncated batch file, then executing the EXE outside the batch file.  The EXE also fails in that usage.Any ideas on what I should be looking for to fix this?

More replies
Relevance 45.1%

Guys im in serious need of help no idea whats wrong with my computer any help would be helpful can anyone check my htj file? tell me what they think i got a 3meg connection and it takes me 10 minutes to open up a site i used showtraffic program and its sending loads of spam mail out i cant stop it.

Logfile of HijackThis v1.99.1
Scan saved at 10:39:00 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\home\LOCALS~1\Temp\Rar$EX00.360\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&... Read more

Answer:computer using all my bandwidth htj file inside

will someone please help?
 

1 more replies
Relevance 45.1%

Large downloaded file often come in parts I understand the method ..extracting these parts are where I get confused I often see many parts or one zip file..or so..its the different ways of extraction where I get confused..when I select say a large compressed one it extracts to show a rar or series of rar file which then have to be extracted to show the compressed data..it seems a simple task and hard to explain. I am sure I am not re-inventing the wheel here..but I need help..anyone..

Answer:How to extract rar file that have zip files inside

You will see the files named R00, R02, R03 etc.. all you need to do is start the extraction of R00 and the rest should be extracted automatically...

4 more replies
Relevance 45.1%

ok i have windows vista home premium. i am having link redirect problems. not just from google. basically any link i click redirects me. i ran gooredfix.exe deleted what came up still have problems. ran malwarebytes and still having trouble. so i am posting a log file from hijackthis. i would love it for someone to please check it out and give me some advice thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:18:28 PM, on 7/15/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:Windowssystem32sdra64.exeC:Windowssystem32Dwm.exeC:WindowsExplorer.EXEC:Windowssystem32taskeng.exeC:Windowstemp1154251.tmpC:Windowssystem32taskeng.exeC:WindowsSystem32igfxtray.exeC:WindowsSystem32hkcmd.exeC:WindowsSystem32igfxpers.exeC:WindowsRtHDVCpl.exeC:Program FilesSynapticsSynTPSynTPEnh.exeC:WindowsSystem32rundll32.exeC:Program FilesDropboxDropbox.exeC:Windowssystem32igfxsrvc.exeC:Program FilesSynapticsSynTPSynTPHelper.exeC:Program FilesMozilla Firefoxfirefox.exeC:Program FilesTrend MicroHijackThisHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.comcast.net/R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.toshibadirect.com/dpdstartR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=5... Read more

Answer:HiJackThis Log file please help info inside

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 45.1%

Everytime I start my computer my background is changed and it says I have spayware and that I need to remove it. Also my screen saver is roaches eating the screen and I can never change it. Please help
 

Answer:Idk what the virus is but my hijack file is inside.

Hi tony82x,
Welcome to Major Geeks!

I'm making a bug collection, so if you'd like to contribute, please attach a screen shot of the bugs with your next post. Then please continue as follows:

Go to the READ & RUN ME FIRST and work through all the instructions. If there is something you can't do, just make a note of what happens to tell us later and then continue on. When you're finished, use the Manage Attachments button down below the reply window to attach your logs. If you get all four logs, you'll need to post twice, because you can only attach three logs with each post.

Thanks.
abri
 

26 more replies
Relevance 45.1%

I got caught this morning. Hungover, tired, and just plain dumb.

"A friend" sent me a file. Supposedly some great an amazing pics of her new baby. On offer was a .zip file which I downloaded. Within there was a "picture" only it was xxx.jpg.xxx.com, so in fact it was really a .com file.

I ran this file (yes, I am dumb), and now my MSN sends out endless requests to other people to download these files from me which will infect them.

Perhaps my saving grace is that I use WinPatrol. When I ran this it detected changes to my registry startup areas which I told it to remove. Once I had rebooted I am no longer sending out nasty messages (so far, its hard to say exactly how often the messages are sent). However, the virus files are still on my machine in an unknown location.

I do still have the original infected file that I was sent which can be made available for analysis.

I am running XP Pro SP2, and use Eset NOD32 V3 with most recent updates. The bug went straight through this like a knife through butter. I have updated and recanned my machine both locally, and with Eset's online scanner. Nothing found. Eset misses the install files for the virus, and also the running virus (my friend's machine is still actively spamming the virus files out).

Hijack log as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:39, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode:... Read more

Answer:MSN Hijacked by .com file wrapped up inside .zip

8 more replies
Relevance 45.1%

i dont know y but from last few days i m getting this thing whenever i open my MY COMPUTER icon ..........even on some other folders i do get the same thing but after custominzing the folder it works fine below is the screen capture



can any one tell me how to remove this thing

Answer:How do i remove this (Hijack This Log file inside)

We'll require a HijackThis log from you.

But before you post your log at the HijackThis Log Help forum, please read through the sticky first.

16 more replies
Relevance 45.1%

hello everyone im having numerous pop ups and its slowing down my machine big time for virus scanners and random pop ads. Here is the Hijackthis log file. What do you think?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:21 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\... Read more

More replies
Relevance 44.69%

I have a access database with about 17000 contacts.

I email reports to customers through access which then goes through outlook.

Recently this has stopped working and i am receiving the error
-2147418107 (80010005) It is illegal to call out while inside message filter. The database is about 400MB is size so i tried using the compact and repair database option but had no luck.

Sometimes i will receive this error and other times it will just hang

The error happens on other computers at the workplace as well so its not isolated to a single computer

Answer:Access 2007 automation error - it is illegal to call out while inside

Not sure if anything here might help:
PRB: VB5.0 OLE Automation Error --2147418107 (80010005)

2 more replies
Relevance 44.69%

Hi All

I formatted my PC to another installation of Windows 7 Ultimate(also the one I had before the format).

Now before I formatted windows on drive C:, I encrypted a folder with Bitlocker. Now this folder was on another harddrive D: on my PC. After the format on C: drive, I cannot access any files in the encrypted folder anymore. The folder is color green(so are all the files inside) and when clicking on any file inside, it tells me "you don't have access to open this file".

Any suggestions?

Thank you

Answer:Bitlocker Encrypted folder - Cannot access files inside anymore

again install bitlocker and try to unlock using it

4 more replies
Relevance 44.69%

I need to access the files inside Minecraft: Pocket Edition so I can copy a folder from the app to my computer. Any way to do this?
I'm using a Nokia Lumia 521 running Windows Phone 8.1

Answer:How can I access the files inside of an app on Windows Phone 8.1? (Nokia Lumia 521)

Originally Posted by Windows Central Question I need to access the files inside Minecraft: Pocket Edition so I can copy a folder from the app to my computer. Any way to do this?
I'm using a Nokia Lumia 521 running Windows Phone 8.1 from within the app there's no option for export?
If you need additional help or have more questions or details to share, please join the site so you can reply in this thread. See this link for instructions on how to join Windows Central.

more replies
Relevance 44.69%

I have a report that the page footer is text box
I want the report footer to say

Loan items listed were returned to FSSCS on Monday October 15, 2012 or whatever date the report is generated for.

="Loan items Listed were returned To FSSCS on " & [DATERETURN_FLD]

This was working before the compact and repair failure and I can't seem to get it back to working.

I keep getting a #name error

Any help appreciated.
 

Answer:Access 2010 Page Footer TextBox with a Field inside

7 more replies