Computer Support Forum

Trojan on Computer: Log file inside.

Question: Trojan on Computer: Log file inside.

Hi. I'm posting this in regards to a friend who has a trojan on his computer. He ran Webroot system analyzer and it detected a trojan, but no other software is picking it up. Here is his log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:45 PM, on 7/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Digsby\Digsby.exe
C:\Users\Pete\Desktop\SystemAnalyzer\SystemAnalyzer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/Install/win32/TSWeb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: VMC NetFlix Download Manager (NetFlixDownloadManager) - Unknown owner - C:\Program Files\Luttmann\vmcNetFlix\NetFlixDownloadManager.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 8819 bytes

More replies
Relevance 100%
Preferred Solution: Trojan on Computer: Log file inside.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 62.32%

Hello .
I cant access my system volume information file on my hard drive. Spyware doctor has located a trojan there and blocked it on several occasions but I cant access the file to delete it. It says that access is denied. What do I do.
thanks

Answer:Help, cant access file with trojan inside

If you can boot into Safe Mode try deleting the file there. Safe Mode has a limited amount of applications running which makes it ideal for purposes like this.

I've asked that a Moderator move this topic to the Am I Infected forum where there are those that are more knowledgeable about these problems.

5 more replies
Relevance 60.68%

Alright, here's my Hijack This log...

Logfile of HijackThis v1.99.1
Scan saved at 11:14:43 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

Answer:Solved: Trojan.Vundo Virus, File: geedc.dll, log inside.

9 more replies
Relevance 58.22%

Guys im in serious need of help no idea whats wrong with my computer any help would be helpful can anyone check my htj file? tell me what they think i got a 3meg connection and it takes me 10 minutes to open up a site i used showtraffic program and its sending loads of spam mail out i cant stop it.

Logfile of HijackThis v1.99.1
Scan saved at 10:39:00 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\home\LOCALS~1\Temp\Rar$EX00.360\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&... Read more

Answer:computer using all my bandwidth htj file inside

will someone please help?
 

1 more replies
Relevance 57.4%

Recently got the poka poka virus...i ran several scans, and bleieve i got it and several other spyware thingys out of my registry...i still see some possible files that arent good, plz lend me some ideas since my PC seems to run a bit glitchy espeically with games/programs that prior ran better. I'm not sure if it matters but this file was not taken while in safe mode...rather in normal windows mode....

Logfile of HijackThis v1.99.1
Scan saved at 9:50:00 PM, on 10/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dual-Band Wireless A+G PCI Adapter\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dual-Band Wireless A+G PCI Adapter\WMP55AGV2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\DOCUME~1\RAPHAE~1\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe
C:\Documents and Settings\Raphael Kosmicki\Desktop\HijackThis.exe
C:\Documents and Settings\Raphael Kosmicki\Desktop\h\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = ... Read more

Answer:Computer Possibly Infected (Log File inside)

Welcome to TSG

Please download LQfix.exe and save it to your desktop.

Double-Click LQfix.exe and click Next > Next > Install.
Leave the default settings, if you change them, the fix will Fail!
Now make sure the "Launch LQfix" box is checked.
Click the Finish button, after clicking the Finish button the fix will start.
Follow the on-screen prompts.
Your system will now reboot afterwards.
Please be patient after the reboot, there is a script running in the background that needs to complete.

Post a new Hijack This log.
 

1 more replies
Relevance 56.99%

Hello, We have gone to the website
http://www.salonrenovationmaisonneuve.com/en/exposants
and download the file to open Inside of IE. Once the file is open, none of the links either e-mail or web site works. However, if we open the same file Inside of Google Chrome, the links work. So, we want to know if we are missing something in IE or a plugin.
The PDF file opens with no problem but the links are not enabled. The file works in an Apple Machine and Google Chrome. However, if we download the file physically inside of the computer and then open the file with Adobe Reader, the links all work! Any ideas
how to solve this issue? Thanks Miguel Moreno

Miguel A. Moreno Alfa Logos inc. Tel. 514-253-2548

Answer:UNABLE TO OPEN AN HYPERLINK INSIDE OF A WEB PDF FILE OPENED INSIDE OF IE 11

Internet Options>Security tab, click "Reset all zones to default" (there's a setting for scripting of ActiveX controls)
Start>Adobe Reader>Edit Preferences>there are setting for how embedded links are handled.
Chromium uses its own pdf reader plugin.Rob^_^

3 more replies
Relevance 55.76%

I have a problem with my laptop Satellite L505-144 is when i move or copy any file inside the computer its freezes until end of the transfer or copying .
What is the solution of this problem and thanks?

Answer:Satellite L505-144 freezes in move or copy any file inside the computer

I don't understand this. It freezes but copy or file movement will be done correctly anyway?

8 more replies
Relevance 47.15%

Hi,
I first found out I had it this morning from an AVG alert. I ran AVG and it got it I also updated and ran ad-aware se. But now it's in the C:\System volume information\_restore folder. What should I do?

Edit - The name of the trojan is Downloader.small.12.AA

Here's my updated log

Logfile of HijackThis v1.98.2
Scan saved at 12:17:01 PM, on 10/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PREVX\Prevx Home\SAGUI.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS... Read more

Answer:I have a trojan (hjt log inside)

Turn off system restore by following instructions here
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.
 

2 more replies
Relevance 47.15%

Hey there guys. Recently I have noticed a slow down and popups when browsing the web. Previously I ran no virus scanners or spyware programs. Trying to bail myself out I downloaded AVG and Ad-Aware. To no avail, they're not doing anything. I can pretty much see the .dll's that I don't want (I think.. they keep sticking themselves in msconfig's startup) I tried taking out registry strings/deleting the dll's... but they won't let me/respawn themselves almost instantly.. I also downloaded VundoFix and tried that.. which did delete one .dll, then it came back with a different name >< ... I give up, and I'm messing with things I shouldn't be cause I'm clueless!

Last thing I can add is that there are like, 3-5 .dlls popping up in windows/system32 folder.

Anyway, I'm praying you're the ones to help me.

Read thru the post steps and whatnot...
I couldn't get the Panda online scan to work. links were dead, or something.
I'm posing the DSS log main and extra here, any help would be great!!!



Deckard's System Scanner v20071014.68
Run by Mike on 2008-03-11 02:54:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2008-03-11 06:47:07 UTC - RP858 - Windows Update
3: 2008-03-11 03:24:16 UTC - RP856 - Installed Ad-Aware 2007
2: 2008-03-11 01:40:34 UTC - RP854 - Installed AVG 7.5
1: 2008-03-11 01:22:56 UTC - RP852 - Last known good configuration


Backed up registr... Read more

Answer:Trojan Lop.4.F help, log inside!

I'm terrible at math but it has to be near 72 hours!! .....

This is frustrating... posting new updated logs since it's been a few days...

19 more replies
Relevance 46.74%

Logfile of HijackThis v1.99.1
Scan saved at 4:47:51 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE
C:\Program Files\Common Files\AOL\1143059140\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\smanager.7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\smgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\DOCUME~1\JONATH~1\APP... Read more

Answer:I have a trojan, it gives me desktop pop-up ads...(HJT inside)

Bump <_<
 

2 more replies
Relevance 46.74%

Please someone tell me how to get rid of this thing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:56 AM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\winavxx.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32... Read more

Answer:Trojan.Vundo HJT Log Inside

16 more replies
Relevance 46.74%

OK, I did a scan on a number of programs (Windows Defender, AVG Anti-Virus, AVG Anti-Spyware, Panda Active Scan, etc). I ran a scan in HijackThis and this is the report. I hope I'm doing it right.

---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:48:15 AM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOW... Read more

Answer:Trojan Found. HJT log inside.

16 more replies
Relevance 46.74%

Hi, I have a few trojans on my computer. downloader.Generic4.zqi, Generic5, Dialer.hye, and some others. Here's the hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 1:21:06 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,... Read more

Answer:Trojan help please. Hijackthis log inside.

13 more replies
Relevance 46.74%

Hello,

I thought i had lost this account so I made a new one "odeanduo". However even though I found this it would probably simpler to use both simultaneously as I have 2 infected laptops

The Story is: Downloaded a Trojan, which AVG picked up on but did not delete as it was too big, so I just put it in the recycle bin and emptied it. After running several more scans and spending a few hours online with no AV (forgot to turn back on after kaspersky scan!), everything looks to be clean.

However as I simply deleted it like a file as opposed to disinfect, could it still pose a problem.

The Combofix log is below:

ComboFix 08-09-10.04 - 2008-09-11 15:32:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2017 [GMT 1:00]
Running from: C:\Documents and Settings\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))
.
2008-09-10 06:47 . 2008-09-10 06:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-10 06:47 . 2008-09-10 07:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-09 19:31 . 2008-09-09 19:31 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-09-09 19:31 . 2008-08-27 18:44 250,544 --a------ C:\WINDOWS\system32\KeyHelp.ocx
2008-09-0... Read more

Answer:Trojan! (Combo Fix and HJT log inside)

The Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:37, on 11/09/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Z... Read more

2 more replies
Relevance 46.74%

Hello all!I used to remove virus from my Pc with Combofix.I have antivir antivirus on my machine (probably the best with kaspersky, i've tested all except GDATA ;)The thing is, Combofix.exe is, since yesterday's update (I use combofix on plenty of users's machine) seen as a TROJAN.Is this normal? Can the creator of combofix contact avira antivir to change this if no pb?Is the new combofix.exe file infected???Mrmagic[Moderator edit: post moved to more appropriate forum. jgw]

Answer:Pb with combofix.exe! is a trojan inside?

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted program", or even "malware (virus/trojan)" when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Po... Read more

3 more replies
Relevance 46.74%

i think i have a MDMS trojan from what quick searching i did. Someone please help! Here the Hi-Jack log file:

Logfile of HijackThis v1.99.1
Scan saved at 11:20:57 PM, on 12/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\MDMS.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://searchcentral.cc/index.php?v=4&aff=4710
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - D... Read more

Answer:Need Help, I have A Trojan! Hi-Jack Log inside

16 more replies
Relevance 46.74%

Logfile of HijackThis v1.99.1
Scan saved at 7:55:27 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\win... Read more

Answer:Help With Trojan Spm/lx!!!! Hijack This Log Inside

Hi and welcome to TSG,

Please download SmitfraudFix (by S!Ri)

Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

1 more replies
Relevance 46.74%

Hi Guys. Good day. Need your help badly.

I have this server that I control remotely via RealVNC and Radmin. This server is on a different geographical location from me and I have no physical access to it.

McAfee VirusScan detects Qhost.apd and several other viruses:

W32/Sdbot.worm!ftp
W32/Nachi!tftpd
W32/Nachi.worm.a

among many others.

Everytime Qhost.apd is detected, it is deleted by McAfee. However, it is back again after reboot/power reset.

Here is the HJT's logfile. Anybody with a kind heart who wants to help me save my job (LOL), please take a look and tell me which can be removed.

Logfile of HijackThis v1.99.1
Scan saved at 8:56:50 AM, on 5/6/2008
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINNT\System32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\WINNT\system... Read more

Answer:Qhost.apd trojan - HJT log inside.

Hi, Welcome to TSG!!

Why in the world don't you have any service packs on this machine???
Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the s... Read more

1 more replies
Relevance 46.33%

hello. i read the rules and hope that i am able to ask this question. i have used this site before to uninstall malware, but i believe i now have a trojan.
this is the message that came up on my virus scan.


here is the hijackthis log

please help me to clean up my computer.

thank you!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:25:56 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
... Read more

Answer:trojan today! hijack this log inside.

i just went into my msconfig and checked all the items i had unchecked so it would give a more accurate reading for you all.

any help is appreciated.
thank you.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:03:24 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program F... Read more

2 more replies
Relevance 46.33%

Hello Group, thanks for reading.

I would GREATLY appreciate it if someone can help me on this. I run Norton 2005 / Zone Alarm pro / Windows Washer 5.0 and daily use MS Giant antivrus,Ad Aware and Spybot S&D - all updated. Squeky clean - always. However, those two listed above will not for the life of me go away, they just keep re-appearing every 10 minutes, MS Giant catches them even after quarentine / removal.

Also - Windows Security Center keeps popping up detecting 'suspicious network activity'

Screenshot ---> http://img244.echo.cx/img244/6900/trojan8zq.jpg

Hijackthis:
-----------

Logfile of HijackThis v1.99.1
Scan saved at 9:27:27 AM, on 5/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Pro... Read more

Answer:Spyware.65 / Trojan.Z - log and screenshot inside

... please, anyone?

2 more replies
Relevance 46.33%

Avast Anti-virus found the trojan, so did pest patrol which managed to delete alot of files I think might have been associated with it.....anyway, I tried deleting it and repair which temporarily worked but it always came back. How can I get this off my parent's computer?

BTW, for some time now, I can't seem to get any virus scanner or spyware remover to run at startup? Even if they offer it and ask me to do so, it never does. A while ago I think a trojan or virus got in and wrecked my Win2k PC, I installed winxp and to my susprise it didn't reformat everything and instead just installed right next to it, but the problem didn't exist anymore....perhaps the start up problem is related? Welll that was another concern but the main one is this virus.

Anyway, Here is the hijack this log. Thx for the help!

EDITED: Updated my hijack this copy and this is the updated log as requested below, the post below is the same log as this and you can skip the second post I made in this thread:

Logfile of HijackThis v1.98.2
Scan saved at 8:09:22 PM, on 10/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Softw... Read more

Answer:I have win32:Trojan-Gen{UPX!} and need help getting rid of it, Hijack this log inside

10 more replies
Relevance 46.33%

Norton found the Awax.Trojan (http://securityresponse.symantec.com/avcenter/venc/data/trojan.awax.html) on my computer. It was unable to delete it or quarantine it though. The computer is running hella slow (on a different one now). I tried following Norton's removal instructions.. but they are not working, and I do not have a system recovery CD.

I was able to get a hijack this log of my PC though. I would appreciate any help/advice SO much.
P.S. Just made a donation

Logfile of HijackThis v1.99.1
Scan saved at 9:32:43 PM, on 6/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVir... Read more

Answer:I have the Awax.Trojan. Can someone help? Hijack log inside..

Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
· Double-click VundoFix.exe to run it.
· Click the Scan for Vundo button.
· Once it's done scanning, click the Remove Vundo button.
· You will receive a prompt asking if you want to remove the files, click YES
· Once you click yes, your desktop will go blank as it starts removing Vundo.
· When completed, it will prompt that it will shutdown your computer, click OK.
· Turn your computer back on.
· Please post the contents of C:\vundofix.txt and a new HiJackThis log.
==============

Sorry - HiJackThis is runing from a temp directory and must be moved to run correctly

Click here to download HJTsetup.exe:
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents ... Read more

1 more replies
Relevance 46.33%

I too have fallen prey to this $&^%#& thing.

Below is my log for HijackThis.

Any help is appreciated!!!

Logfile of HijackThis v1.97.7
Scan saved at 10:43:27 PM, on 10/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet E... Read more

Answer:Help! Trojan.vundo (Log posted inside)

11 more replies
Relevance 46.33%

Won't let me into my start menu and all sorts of annoying crap.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:22: VIRUS ALERT!, on 9/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Prime95\prime95.exeC:\WINDOWS\system32\PSIService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\... Read more

Answer:Trojan Horse Generic_c.mfd -- Hjt Log Inside

Hello rwhbyuWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

1 more replies
Relevance 46.33%

I’m having this problem with my XP Pro (sp2), but it seems none give me a heads up on this.
I know my machine has Trojans, but I can’t seem to remove them .
(Explorer wont run on startup, but I work theough internet explorer offline.)

Other post here :
http://forums.techguy.org/windows-nt-2000-xp/592094-windows-no-disk-error-c0000013.html

Adaware found the problems below, and currently running SuperAntiSpyware in safemode.
(It has found so far Mezzia Trojan, Hiltquitlt, Winfixer, Downloader-Win/GH and Unknown Origin)
(EDIT: Maybe SAS will fix my problem, just started using it now..)

Anyway HijackTHis log below also.

Please help, I’ desperate.

scan 1

DWARE.YAZZLE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[22]=File : C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
obj[24]=File : C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

PURITYSCAN
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[23]=File : C:\RECYCLER\S-1-5-21-1177238915-602609370-725345543-1003\Dc252.exe

OTHER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[25]=File : C:\WINDOWS\prefetch\YAZZLE1162OINADMIN.EXE-04B49B8B.pf
obj[26]=File : C:\WINDOWS\prefetch\YAZZLE1162OINUNINSTALLER.EXE-1CF2C10F.pf

scan 2

ADWARE.YAZZLE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[1]=File : C:\System Volume Information\_restore{29FAEDFF-1E98-4036-B206-A43A7AC0C6FB}\RP314\A0... Read more

Answer:Solved: Help : Trojan (s) trouble – HJT ++ log inside

14 more replies
Relevance 46.33%

Logfile of HijackThis v1.99.1
Scan saved at 10:33:45, on 29/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ACTIV Software\ACTIVdriver\ActivDRVservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ahead\Nero\Misc\NeroSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\b... Read more

Answer:Win32:Trojan- gen found HJT log inside Please help!!

hi, welcome to TSG.

you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!

Comodo firewall. Sign up it's free!

http://www.personalfirewall.trustix.com/
Threads on comodo!

http://www.wilderssecurity.com/forumdisplay.php?f=31

go to start/run/type msconfig/tick the radial dial selective startup/click
the startup tab/check all the boxes that are unchecked, click ok and then exit and reboot your computer
!
Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php

Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Close AVG Anti-Spy... Read more

3 more replies
Relevance 46.33%

Hello everyone!

I came here with the hope that you may be able to help me. First, let me quickly sum up what happened:

Last night, I was on Myspace (MSN) and without doing anything, a security warning from Norton detected a trojan named "trojan.dropper.dll" it couldn't clean it, so it quarantined it. I then tried to get rid of it by restarting my pc in safe mode, I've de-activated the system restore feature and ran a full scan with norton, and deleted the file it detected. I've also deleted the quarantined infected files. I then proceeded to restart my pc, and re-activated system restore, but I get a bizarre window every time I start my computer from now on, saying I've typed (something in symbols) and the only option is to click on ok...So, I've run hijack this to find out what's going on and this is what the log says:

Logfile of HijackThis v1.99.1
Scan saved at 21:17:36, on 03/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.e... Read more

Answer:trojan.dropper.dll (hijack this log inside)

OK Tonight, I've got other problems. I've run the eTrust antivirus and it has detected Win32\swizzor in C Program files Adverts - file name: uninst.exe
but I can't go any further than that, because at some point my AOL connection stalls and crashes.

I also took shots of the 2 warning messages I get as I'm starting Windows (starting my pc) but I don't know how to post them here so I'll write what it says:
First error window: "Windows cannot find (something in symbols) Make sure you typed the name correctly and then try again. To search for file, click the start button and click search"
the only option is to press ok, so at this point I press ok, and a second window comes up saying:
"could not load or run (something in symbols) specified in the registry. Make sure the file exists on your computer or remove the reference in your registry."

19 more replies
Relevance 46.33%

Here's my hijack log...

Logfile of HijackThis v1.99.1
Scan saved at 10:31:16 PM, on 10/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real... Read more

Answer:Trojan.Vundo Virus, log inside...

Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and double click on KillVundo.bat
You will first be presented with a warning.
It should look like this
VundoFix V2.xx by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue.... Click to expand...
At this point press enter one time.
Next you will see:
Type in the file path as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.Click to expand...
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\mljjh.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
Please type in the second file path as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.Click to expand...
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\hjjlm.*

Press Enter, then press the F6 key, then press En... Read more

1 more replies
Relevance 46.33%

I ran MBAM and the internet pop ups stopped coming as i started by computer. but they still come while i'm on a browser, and my browsers are constantly crashing at random moments. my games also crash after 15 minutes or so. help!Logfile of random's system information tool 1.05 (written by random/random)Run by Mark Brictson at 2008-12-22 00:24:58Microsoft Windows XP Home Edition Service Pack 3System drive C: has 68 GB (29%) free of 238 GBTotal RAM: 1791 MB (61% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:27:27 AM, on 12/22/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:�... Read more

Answer:Please help me! (vundo trojan and others maybe)! Log information inside!

Ok well before anyone does any hard work, I just ran another MBAM quickscan and found more vundo trojans. I hit 'Remove Selected' and it did so without having to restart (which it had to last time). I went to www.mail.yahoo.com to see if it worked (my browser would always crash on that address), and no problems!

ima runs some games and see how things go. thanks for all the help, great site!

EDIT: No wait, things still may be bad

2 more replies
Relevance 46.33%

I'm back again. Here's my current HJ log:

Logfile of HijackThis v1.98.0
Scan saved at 6:12:30 PM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Documents and Se... Read more

Answer:This Trojan Downloader won't delete...HJ log inside

I saw a link in someone's signature for something called Registry Cleaner. Would that help me out? Does it do it all for me? As someone who has no idea what is good and what is bad, would this tool be useful?
 

1 more replies
Relevance 46.33%

Norton successfully quarantined the infected files.

Logfile of HijackThis v1.99.1
Scan saved at 4:15:44 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Krista\Desktop\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f456.mail.yahoo.com/ym/login?.rand=0hkcri031v9tj
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?L... Read more

Answer:Solved: Trojan.zonebac - HJT log inside

7 more replies
Relevance 46.33%

Hi Files calles winXX.tmp.exe keep popping up in my Windows/Temp folder. I've done various scans and some have found the problem and attempted to fix it, but it seems to keep coming back. any help is greatly appreciated.Also, this is a Dell Inspiron E1505 with integrated graphics. Which makes me wonder if I can get rid of these....C:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeLogfile of HijackThis v1.99.1Scan saved at 9:23:03 PM, on 01/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC... Read more

Answer:Winxx.tmp.exe Trojan (hijackthis Log Inside)

Hello,

Can you rename Hijackthis.exe to Analyse.exe
Then scan with Analyse.exe and post the log in your next reply (which will be a hijackthislog ofcourse)

2 more replies
Relevance 46.33%

Hello, and thank you kindly for looking over my log. I've been receiving notifications from my anti-virus of several trojans found but I'm a little confused at which one it is exactly. By what I've read on other users' thread it looks like that Vundo virus. With the pop up ads and whatnot. I've done all the steps on the preparation guide that led me here, and I'd like some help from one of you talented lifesavers. HiJack This Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:16:33 AM, on 10/28/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\New Boundar... Read more

Answer:Trojan and/or Vundo Infection, HJT log inside

Bump, please help!

2 more replies
Relevance 46.33%

Alright, first some background info on what's wrong. I got infected with a trojan 2 days ago and I have been running AVG, Vungo, HJT, Norton, SAS, Avast, Spybot, etc.

I seemed to have gotten rid of the popups that were occuring and whatever was having my windows be constantly de-selected, but I still am having network problems. Whatever the trojan is, it is blocking access to the "F" drive my other computer.

Yes, I triple checked to make sure the drive is shared. Also it is blocking World of Warcraft access to the "realmlist.wtf" file which allows me to log online.

So unless I'm mistaken the Trojan has to be blocking access to my network because it was working fine before this whole incident started. I'll post my HJT log and if you want I'll re-run SAS and Vungo and post those if you wish.

Oh, also Avast keeps telling me this trojan keeps trying to start, and probably is already. This is why I came to the conclusion of a Trojan Downloader. It's called "Trojan-Downloader.Win32.Tiny.ii "

For now here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:28 PM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOW... Read more

More replies
Relevance 46.33%

My question is a security question.
If someone has a file on his/her computer that contains personal/secure information, for example a text file that contains passwords and account numbers, or an audio recording of a conversation where account numbers and passwords were spoken out loud...  Is it possible for fragments of the secure file to end up getting stuck inside of another file or group of files on the same pc...making it possible for someone to reconstruct the secure file from the fragmented pieces and/or view its original contents?  Or could it be possible even for the entire secure file to somehow end up inside of another larger file on the same computer...making it easy for someone to view the secure information....(by the way I only used a text file or an audio file as an example...it could be any file containing secure data)...My simplified concern is this...If you have a file that contains information that you want to keep secure...is there anyway that pieces of this file, if not the whole file it self, could end up inside of another file or a group of files on the same computer that the file containing the secure information was created on?...thus making it a security risk to even share mp3s on a computer that ever had any secure information on it...since maybe there'd be a change ur credit card numbers and passwords might somehow end up in one of those mp3s that ur sharing in a peer to peer file sharing program online.....or do things not work like tha... Read more

Answer:Can a File somehow end up inside of another file/files

It all depends on the program you are using to access the files. For example, Windows (starting from XP) creates a hidden file thumbs.db that contains thumbnails of all the images inside a folder. If you delete the original pictures through some other program or command line, and do not open the folder in Windows Explorer, this file still stays there. If you share the folder, this file gets shared too. Your information gets leaked.
 
If you use a computer for banking online or shopping online (any kind of financial transaction), then do not ever use that computer for P2P file sharing.

1 more replies
Relevance 46.33%

I have a jar file that contains a Java class and a txt file. My program can read from the txt file (using URL) but does anyone know how I can write to the txt file? I need it to overwrite what is already in there each time. Thanks
 

More replies
Relevance 45.92%

i dont know if anything is wrong with my PC but some weird stuff is happening like cable modem starting to run very slow when watching video. also, could someone tell me if i have 2 antivirus programs running at the same time. thanks all

Logfile of HijackThis v1.99.1
Scan saved at 5:35:16 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Viewpoi... Read more

More replies
Relevance 45.92%

I have received an mail that has a RAR attachment. The contents of the email are such that it can only have been written by someone who knows me, i.e. its not been generated automatically and the suggested contents could be useful to me. Unfortunately my reply to him bounced as his email company saw me as spam. Is there any way I can view the contents of a RAR file without actually opening it and possibly exposing my PC to some sort of nasty surprise?

Answer:Looking inside a RAR file

I wouldn't risk it.
"Unfortunately my reply to him bounced as his email company saw me as spam"
So is this someone you normally have no problem emailing? Seems funny if suddenly your emails are seen as spam. Have you tried sending a plain text email with no attachements to him?
This info might be help you decide about opening it click here

6 more replies
Relevance 45.92%

Just a quick question, is there an application to sort through the contents of an .exe file? And will it just display coded gibberish? What sort of language are .exe files written in? Is is possible to edit .exe files? Sorry, questions, questions....Thanks ;)

Answer:How can I look 'inside' an .exe file??

I would think open with notepad or editor.

5 more replies
Relevance 45.92%

I've recently installed Auslogics Visual Styler to configure the desktop icons on my laptop. During installing, there was an option if I wanted to make a desktop shortcut to go to Ebay for updates so I ticked it on for no purpose except surety that I acquire all services. After installation, the system has been lagging off considerably and drags windows. Taskman shows erratic performance. So I ran a full system scan using Malware Bytes and it found one infected item: trojan.agent in Ebay desktop shortcut.It was removed and cleaned.But it puzzles me. How in the world did it get there in the first place? I've had this same incident twice, when I was downloading a bunch of anti virus & malware from download.com. My laptop doesn't have internet connections, so I get the downloads from the public internet cafe with a USB, and it has AVG as the AV tool. I also scan that usb upon plugging it to the laptop.Can a malware/virus/worm really hide inside an installer application so it goes undetected until it's installed?

Answer:trojan agent found inside application

Absolutely. you've witnessed it.
If your AV software is set to perform real time file monitoring, it "should" detect it during the install routine before it actually gets installed. The downside of that is that it too can slow your system down and can screw up an otherwise perfectly legitimate install through mis-identification. I'm not familiar with that program but if the e-bay thing is for auction monitoring or something, I could easily see why it could be identified as a trojan even though that might not be it's purpose.
In any case. you're not the first person to run across this with apps from download.com. Happens alot and I avoid it like the plague. The same things can always be gotten elsewhere.

4 more replies
Relevance 45.92%

Nothing is noticeably messed up, I just keep getting loads of trojan and "Unwanted program" warnings from AntiVir and Windows Defender... But yeah, this is my HijackThis! Log. Anyy help would be much appreciated :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:30 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui .exe
C:\Program Files\D-Link\AirPlus G\AirGCFG .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Winamp Rem... Read more

Answer:Trojan infestation, driving me crazyy... Log inside

I don't mean to bump but things are getting worse and I'm getting loads more pop ups and warnings :/

2 more replies
Relevance 45.92%

Hi TSG forums,

This happened recently, I'm not sure if it was from visiting a site or installing a stupid phony windows update exe (was trying to find fixes for my iPod not being recognized by Windows), and I've done a few things so far. I've scanned and removed a ton of files (Trojan, Hijacker types in c:\windows, \system32, etc) with both AVG Anti-Spyware (Ewido) and Symantec Anti-Virus in both safe-mode without networking and normal bootup mode.

I've turned off System Restore (not sure if it matters, but both AVG and Symantec kept finding files in C:\SystemVolInfo with some hint of having something to do with systemrestore. At the moment, Symantec is not picking anything up anymore, so I've uninstalled it, and AVG is only picking up 'Tracking.Cookies', no malware or trojans. But I'm sure that there's something still here; Windows starting-up and loading takes noticeably longer, from time to time random IE pages will start up, etc. Also, in all my history of dealing with viruses and whatnot, I've NEVER encountered something that happened to me yesterday, a random audio file started playing out of no where, no processes present in task manager, or anything visibly open. However, thankfully that's stopped for the time being.

Also, something odd called "Command" popped up on my add/remove programs yesterday, guessing it was some sort of malware since when I tried to remove it, it brought me to some website. ... Read more

Answer:Trojan and Hijackers Present (Hijack log inside)

Also, here is my combofix log:
ComboFix 07-10-11.8 - Anthony 2007-10-11 1:19:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.662 [GMT -4:00]
Running from: C:\Documents and Settings\Anthony\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\dlpxmdpm.ini
C:\WINDOWS\system32\m7
C:\WINDOWS\system32\m7\disrven2.exe
C:\WINDOWS\system32\mpdmxpld.dll
C:\WINDOWS\system32\q21
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\qtvwa.tmp
C:\WINDOWS\system32\qtvwa.tmp
C:\WINDOWS\system32\w1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))
.

2007-10-11 13:05 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-11 12:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-11 12:54 <DIR> d-------- C:\Documents and Settings\Anthony\Application Data\SUPERAntiSpyware.com
2007-10-11 12:52 106 --a------ C:\d... Read more

2 more replies
Relevance 45.92%

so heres the deal, basically i was on the net and norton started going crazy saying i had a trojanhorse virus, than when i looked on my desktop there were two new icons. i tried to delete them but they would just come back, there is also a new connection in my network connetions folder, which is constantly trying to connect even when modem is off. if im connected my comp just starts sending shitloads of symantec mail. how can i get rid of this???? heres my highjackthis logfileLogfile of HijackThis v1.99.1
Scan saved at 9:15:07 PM, on 6/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\christopher\Application Data\Microsoft\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\christopher\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.... Read more

Answer:please help, i think i have a trojan horse (hijackthis logfile inside)

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

2 more replies
Relevance 45.92%

Hi, i've recently aquired a virus which i cannot get rid of. i randomly see my mouse start to move, click the start menu icon and run programs such as paint, notepad and calculator. Could you look through this hijackthis.log and tell me what to do to get rid of it. Thank you.

<><><><><><><><><><><><><><><><><><><><><><><><><><><>

HIJACKTHIS.LOG

Logfile of HijackThis v1.99.1
Scan saved at 6:24:52 PM, on 13/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Daemon\daemon.exe
C:\Program Files\CyberLink DVD Sol... Read more

Answer:i'm 99.9% sure i have a trojan horse virus, please help. hijackthis log inside

7 more replies
Relevance 45.92%

i tried deleting all the "res://" but for some reason it keep son popping up

help

Logfile of HijackThis v1.97.7
Scan saved at 14:21:49, on 27/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\cwcdata\smonitor.exe
C:\Program Files\Winad Client\Winad.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winad Client\WinClt.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\program files\steam\steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aaron\Application Data\tona.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\abz.exe
C:\Program Files\Hewlett-Packard\AiO\hp o... Read more

Answer:PC running slow due to trojan/spyware, Log inside

15 more replies
Relevance 45.92%

Hi,

I have already read the tutorial, downloaded all the programs and gone through all the steps and I am posting the hijack this log as a last resort. Ad-Aware SE detects Downloader.Agent.Al, removes it but it always comes back. I'm also getting the about:blank homepage problem. Also I cannot open My computer, or any folder from the desktop, instead I have to use internet exploer and type in c:\ for example to open c:. Please help I don't knwo what to do, in this log the malicious files causing the problems are:

C:\WINDOWS\system32\netxh32.exe
C:\WINDOWS\wincq.exe

, however after I delete these and get rid of them, 2 new files will come up taking up the same amount of ram and doing the same things.
Also, every time I start windows, my browswer opens up (this is how i can always tell I'm still infected. I also was, but not anymore getting a AVG warning about a qzpxp.dll file when I opened internet explorer and it told me it was some sort of trojan. Please help I don't knwo how to get this damn thing off my computer!!!!!

Here is the log:

Edit by chaslang: Unrequested inline log deleted.
 

Answer:Trojan help! Probably Downloader.agent.al HIJACK log inside

First:

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

Now run HJT from there. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

Second:

Please close ALL browsers when using HJT!


Third:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doin... Read more

47 more replies
Relevance 45.92%

Windows defender popped up and said I had this trojan, it "supposedly" removed it but my computer is still acting SLOW.

Here's the hijack this log. Thanks in advance for your help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:10:15 AM, on 1/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wirel... Read more

Answer:Trojan: Win32/Alureon.FK - hijack this log inside

16 more replies
Relevance 45.92%

Hey All,

I posted this in the wrong forum because I was going too fast and am a tool -If anyone knows how to move the thread please feel free:

http://forums.techguy.org/t338803.html

and here it is if that link doesn't work..
--------------------------------------------------------------------------
SO.. I am using the free version of EZ antivirus from CA. It says it deletes the thing - scans and shows no virus(s) then when I open up IE it crashes and says that it has deleted C:\WINDOWS\system32\drivers\lzwnoejj.sys and Virus Name: Win32.Golid and File Infection c:\\WINDOWS\system32\drivers\lzwnoejj.sys is Win32.Golid trojan Deleted. I can scan..Virus Info.. or close.. and neither option gets me anywhere.

I have run seach and destroy more times than I can count. It always found blazefind something - I deleted what it found..I ran microsoft spyware - It finally ran clean - I have an unregistered NoAdware that said 75 registry things were poop - but I can't clean them because It's not registered..I delete everything the programs say to but this sucker won't go away.. Any suggestions?

Here's my log.. I don't know much about this but I think the BHO's are bad and deleted one but it came back..

Logfile of HijackThis v1.99.0
Scan saved at 9:34:08 PM, on 3/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WI... Read more

More replies
Relevance 45.92%

I had just removed a bunch of trojans using malwarebytes and avg antivirus. I didnt have a desktop and toolbar or a while but found the registry that I had to fix. Reran malwarebytes in safemode and didnt find anything. Also ran avg in safemode with autofix on. I am just checking to see if I missed anything, I most likely still have some malware on the comp or at least I feel like its not all gone. But to keep me sane and my paranoia on the bay, I'm hoping you guys can help me out! Thanks a lot in advance!! Here are my logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:54 PM, on 6/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe ... Read more

Answer:Just removed Trojan, HiJackthis and malwarebytes log inside.

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 45.51%

We are supporting business offices systems running Windows 7 SP1 in 64 bit. System RAM is 16GB and HD is 200GB.
In one of the partition (Drive F), a folder appeared (Aug 19, 2015), the folder name is 973d3e99d0b18144c2ffb4c55570d78a (we can change it to junk or some such). Inside it has a cabinet file called SFX.CAB created same date and file size is 0.
Can you please tell me what this is? and should we remove it?
Thank you

More replies
Relevance 45.51%

I was referred to start posting on this forum with my logs. I'm not quite sure what's wrong, but I'll assume one of you wonderful people will.if you need any background information it's all included here: http://www.bleepingcomputer.com/forums/t/263302/not-able-to-run-hjt-or-any-anti-virus/and I'm not able to get DDS or HiJackThis to run at the moment, I can't download from this computer (it disappears.) and my fiance' isn't here to download from his.here are the logs from the other forum.From a comand prompt:Volume in drive C is COMPAQVolume Serial Number is 70BB-FF3BDirectory of C:\Windows\ERDNT\cache04/11/2009 02:28 AM 177,152 scecli.dllDirectory of C:\Windows\ERDNT\cache04/11/2009 02:28 AM 592,896 netlogon.dll2 File(s) 770,048 bytesDirectory of C:\Windows\System3204/11/2009 02:28 AM 177,152 scecli.dllDirectory of C:\Windows\System3204/11/2009 02:28 AM 592,896 netlogon.dll2 File(s) 770,048 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e11/02/2006 05:46 AM 176,640 scecli.dll1 File(s) 176,640 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f1201/19/2008 03:36 AM 177,152 scecli.dll1 File(s) 177,152 bytesDirectory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e04/11/2009 02:28 AM 177,152 scecli.dll1 File(s) 177,152 bytesDirectory of C:\Win... Read more

Answer:Peek.bat file inside

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

3 more replies
Relevance 45.51%

Hi i am using windows vista ultimate 32 bit and yesterday my computer went incredibly slow for seemingly no reason so i opened task manager and saw that my CPU usage was at 100%,after looking through the list of processes to see what was being such a resource wh0re, i couldn't see any processes that were using alot of cpu power so i downloaded "Process Explorer" and found that my problem was something called "Hardware Interrupts" which was (and still is) using 88-100% of my cpu how can i fix this problem? PLEASE help as i am completely stumped by this one.oh,and by the way,the 100% cpu usage is constant from the minute my PC is turned on,even with no apps running it stays at a constant 100%.

Thanks,
Tom

Here is my log file:
Deckard's System Scanner v20070328.36
Run by Tom on 2007-04-07 at 21:57:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
12: 2007-04-06 20:49:00 UTC - RP59 - Installed DriverMagic
11: 2007-04-06 14:00:46 UTC - RP58 - Installed Driver Detective
10: 2007-04-06 10:00:24 UTC - RP56 - Restore Operation
9: 2007-04-06 08:51:57 UTC - RP55 - Windows Update
8: 2007-04-05 23:19:12 UTC - RP54 - Restore Operation


-- First Restore Point --
1: 2007-04-04 09:51:03 UTC - RP47 - Removed Autodesk DWF Viewer 7


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Tom.exe) ------------------------------------... Read more

More replies
Relevance 45.51%

Hi,

I am setting up a backup system for my pc, backsup to a remote machine via ftp. The files to backup will be compressed into a zip file and then backed up to the remote machine. My question is, if my pc gets infected with a virus and those files backed up to the remote machine, will the virus infect the remote machine as well ? (if the files are not unzipped on the remote machine & both machines running on windows Xp pro). Appreciate any help or suggestions in this.

Regards
Sudhi

Answer:Virus inside a rar or zip file

No, malware inside a ZIP or RAR file can't infect a machine, unless you extract the malware (and execute it).

So in your case, the simple fact of storing a ZIP backup on a remote machine will not infect that remote machine.

That's why malware researchers share malware samples in password-protected ZIP files.

2 more replies
Relevance 45.51%

Logfile of HijackThis v1.99.1
Scan saved at 12:01:59 PM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\WINDOWS\CDProxyServ.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\ItBill\itbill.exe
F:\New Programs\ITunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
F:\New Programs\iPod\bin\iPodService.exe
F:\New Programs\ITunes\iTunes.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\owner\Desktop\Misc\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/killola/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Softwa... Read more

Answer:MOVIELAND!!! Please help... log file inside

8 more replies
Relevance 45.51%

Major things happening the last few days. 1) insufferable amount of pop-ups (IE powered by Comcast) 2)over 100 shortcut messages (EXAMPLE: MORZE5.lnk refers to a location that is unavailable) at boot-up that have to be clicked through. I do see these on the HJT log and know you will know how to help. 3) Computer crashes, blue screen, white screen, you name it, several times a day.
What I did BEFORE I ran this log. I updated Adavare 6 and ran then deleted all it said, then ran spybot and that was all clear.
Here is the HJT log:Logfile of HijackThis v1.97.7
Scan saved at 10:49:36 AM, on 4/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
C:\WINDOWS\WBLCG0L5.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\... Read more

Answer:PROBLEMS HJT log file inside

16 more replies
Relevance 45.51%

it says ur computer's efficiency slowed down by 47% and internet download tooo.....says infected by PSW.x-Vir trojan...trojan entered through back door.... plzzzz help.....
 

Answer:help removing PSW.x-Vir trojan....its a yellow triange with an exclaimatio inside it.

16 more replies
Relevance 45.51%

Hello!
 
Every month, I scan my computer just in case i had a virus, using "deep scan". I have the clasic "pack 3" (Avast free, Free Comodo firewall and Malwarebytes Premium),  so i scanned with those.. well, only with avast and malwarebytes. They didn't find nothing bad.
I found another Scanner ( Kaspersky Security Scan ) to scan a last time, "just in case" again, but it found 1 trojan:
 
Kaspersky Security Scan
HEUR:Trojan.Script.Agent.gen
- C:\ProgramData\InstallShield\Update\isuspm.ini
 
Is that a real virus/trojan? or a false positive?
 
The computer doesn't have any typical problem ( slow, pop ups, or weird behaviors)
 
After that, i scanned again with tdsskiller in safe mode but it didn't show nothing bad.
 
 
What should i do?
I had Windows 10, Avast free, Free Comodo firewall, Malwarebytes Premium
Thanks!

Answer:HEUR:Trojan.Script.Agent.gen inside isuspm.ini ?

Heur...heuristic....meaning something about that file caused Kaspersky to point to it as possibly malware.
 
I doubt that it is malware as the INSTALL SHIELD UPDATE is a legit program. If you are not experiencing well
known malware or adware issues I would suggest considering it a false positive.

3 more replies
Relevance 45.51%

Hi everyone,I dont want to just delete system files and end processes on my own. I don't want to mess anything up. Norton antivirus finds it but cant fix it and housetrend antivirus doesnt detect it. I have used adware but cant install spybot. I dont understand why norton didnt pick it up because of autoprotect though. I hope to install a different antivirus after this gets fixed (after removing norton) and a firewall.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:08:40 PM, on 1/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\StartupMonitor.exeC:\Program Files\PowerMenu\PowerMenu.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\CyberLink\Shared files\Ric... Read more

Answer:Trojan Smss.exe Inside Of Windows\system32\exec2.exe

Hello viperguts and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware inthe log. It is clean. smss.exe is a valid Windows file. The one showing int he log is the correct one.Let's try a different scanner and see if that shows anything. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - Software Policy Settings
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.Cheers.... Read more

19 more replies
Relevance 45.1%

hello everyone im having numerous pop ups and its slowing down my machine big time for virus scanners and random pop ads. Here is the Hijackthis log file. What do you think?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:21 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\... Read more

More replies
Relevance 45.1%

Logfile of HijackThis v1.98.2
Scan saved at 6:29:52 AM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\nacqzagb.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\... Read more

Answer:Serious help needed!! (log file inside-very long)

bump

thanks

2 more replies
Relevance 45.1%

ok i have windows vista home premium. i am having link redirect problems. not just from google. basically any link i click redirects me. i ran gooredfix.exe deleted what came up still have problems. ran malwarebytes and still having trouble. so i am posting a log file from hijackthis. i would love it for someone to please check it out and give me some advice thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:18:28 PM, on 7/15/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:Windowssystem32sdra64.exeC:Windowssystem32Dwm.exeC:WindowsExplorer.EXEC:Windowssystem32taskeng.exeC:Windowstemp1154251.tmpC:Windowssystem32taskeng.exeC:WindowsSystem32igfxtray.exeC:WindowsSystem32hkcmd.exeC:WindowsSystem32igfxpers.exeC:WindowsRtHDVCpl.exeC:Program FilesSynapticsSynTPSynTPEnh.exeC:WindowsSystem32rundll32.exeC:Program FilesDropboxDropbox.exeC:Windowssystem32igfxsrvc.exeC:Program FilesSynapticsSynTPSynTPHelper.exeC:Program FilesMozilla Firefoxfirefox.exeC:Program FilesTrend MicroHijackThisHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.comcast.net/R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.toshibadirect.com/dpdstartR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=5... Read more

Answer:HiJackThis Log file please help info inside

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 45.1%

are keyloggers part of a program or can they be tiny like viruses. also can i keylogger or a threat be in a .dll file

Answer:Can a keylogger be inside of a file smaller then 3mb?

Well - designed keylogger can fit in few hundreds of bytes. And of course dll can host it.

2 more replies
Relevance 45.1%

Large downloaded file often come in parts I understand the method ..extracting these parts are where I get confused I often see many parts or one zip file..or so..its the different ways of extraction where I get confused..when I select say a large compressed one it extracts to show a rar or series of rar file which then have to be extracted to show the compressed data..it seems a simple task and hard to explain. I am sure I am not re-inventing the wheel here..but I need help..anyone..

Answer:How to extract rar file that have zip files inside

You will see the files named R00, R02, R03 etc.. all you need to do is start the extraction of R00 and the rest should be extracted automatically...

4 more replies
Relevance 45.1%

I got caught this morning. Hungover, tired, and just plain dumb.

"A friend" sent me a file. Supposedly some great an amazing pics of her new baby. On offer was a .zip file which I downloaded. Within there was a "picture" only it was xxx.jpg.xxx.com, so in fact it was really a .com file.

I ran this file (yes, I am dumb), and now my MSN sends out endless requests to other people to download these files from me which will infect them.

Perhaps my saving grace is that I use WinPatrol. When I ran this it detected changes to my registry startup areas which I told it to remove. Once I had rebooted I am no longer sending out nasty messages (so far, its hard to say exactly how often the messages are sent). However, the virus files are still on my machine in an unknown location.

I do still have the original infected file that I was sent which can be made available for analysis.

I am running XP Pro SP2, and use Eset NOD32 V3 with most recent updates. The bug went straight through this like a knife through butter. I have updated and recanned my machine both locally, and with Eset's online scanner. Nothing found. Eset misses the install files for the virus, and also the running virus (my friend's machine is still actively spamming the virus files out).

Hijack log as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:39, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode:... Read more

Answer:MSN Hijacked by .com file wrapped up inside .zip

8 more replies
Relevance 45.1%

I picked up some spyware. The communicator toolbar and also I have a lot of text double underlined and hyperlinked while browsing the internet.

Thanks,
TimS

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symante... Read more

Answer:Communicator Toolbar and More - hjt log file inside

Hi TimS -

If you had followed through on your last thread here we may have avoided another round of cleaning. Please see this through to the end, where you will be given valuable protection information once your system is clean.

I'm going to have you run some scanning tools first, then we'll go after whatever is left.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool ... Read more

1 more replies
Relevance 45.1%

I have a fairly large Fortran 77/90 & C program, compiled using Compaq Visual Fortran 6 & Microsoft Visual C++ 6 under Win XP.  On a particular test case it generally executes ok when invoked outside a batch file, but always fails when invoked from a particular batch file.  It stops on a Fortran 90 Allocate statement, but does not return the STAT result coded into that statement.  Seems to relate more to how much storage has been allocated rather than to the particular array being allocated, because I can reorder the allocation of different arrays and the stop does not occur on the same array.Although this is a large body of code, the test case is small and should not be requiring a large amount of allocated storage.I have tryed cutting the batch file down to just the statements that occur before invoking the EXE file (which are SET /P, ECHO, COPY, DEL, IF EXIST), then running the truncated batch file, then executing the EXE outside the batch file.  The EXE also fails in that usage.Any ideas on what I should be looking for to fix this?

More replies
Relevance 45.1%

https://drive.google.com/open?id=1BJhjrNSaa6rIpQW1d4R_7aFvTuC0Czqx

google file of the .dmp, just started happening 2 days ago after an update so i'm assuming it's software related, doesn't happen constantly, sometimes i can go hours without blue screening, get a DPC watchdog violation when i let it error report

The bugcheck was: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000). 

More replies
Relevance 45.1%

So I downloaded some program off of Limewire and now everything is messed up. When you try to open internet explorer its very slow. It goes to the homepage and then a bunch of pop ups come. I also get error messages such as microsoft C++ buffer underrun error. The popups are like this...http://www.interracialsingles.net/in...D1909&opt=6943 or CID Popups and others. also my desktop background is just the white error that says restore to active desktop I click it and get another error message. How do i fix all this. Am i gonna use Hijackthis and Combofix?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:52, on 2008-02-04Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService... Read more

Answer:Bunch Of Different Virus's Hjt File Inside

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

19 more replies
Relevance 45.1%

Without using any Nero or file burning software, can Windows XP itself supports simple file copying to disc. Not that I know of, but i have a user who can do these.

1. select a file, right click and press SEND TO the burner
2. simply copy and paste the file to the burner
3. reopen a file on a disc, edit it, and then can save it back onto the disc.

Strange, anyone welcome to comment. Thanks.
 

Answer:File burning inside Windows XP only

10 more replies
Relevance 45.1%

Everytime I start my computer my background is changed and it says I have spayware and that I need to remove it. Also my screen saver is roaches eating the screen and I can never change it. Please help
 

Answer:Idk what the virus is but my hijack file is inside.

Hi tony82x,
Welcome to Major Geeks!

I'm making a bug collection, so if you'd like to contribute, please attach a screen shot of the bugs with your next post. Then please continue as follows:

Go to the READ & RUN ME FIRST and work through all the instructions. If there is something you can't do, just make a note of what happens to tell us later and then continue on. When you're finished, use the Manage Attachments button down below the reply window to attach your logs. If you get all four logs, you'll need to post twice, because you can only attach three logs with each post.

Thanks.
abri
 

26 more replies
Relevance 45.1%

i dont know y but from last few days i m getting this thing whenever i open my MY COMPUTER icon ..........even on some other folders i do get the same thing but after custominzing the folder it works fine below is the screen capture



can any one tell me how to remove this thing

Answer:How do i remove this (Hijack This Log file inside)

We'll require a HijackThis log from you.

But before you post your log at the HijackThis Log Help forum, please read through the sticky first.

16 more replies
Relevance 44.69%

Hi everyone, a few weeks ago my computer started playing up, multiple new browser windows keep opening when clicking on a link but not everytime, not sure if its because of some type of feature/link its loading in the page that causes this. In IE it just opens multiple windows. In Ffox it opens lots of 'Index of file:///C:/Program Files/Mozilla Firefox/' windows and also tries to access server called - Firefox can't find the server at [snip]

Can someone please help, I've tried norton, Malwarebytes' Anti-Malware, lots of programs and can't fix it....
HERE IS THE HIJACKTHIS LOG

Also not sure if it's related but my windows firewall is also broken (Bad I know). When I try to start the service it says 'Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service.' In the eventlog it says:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 19/08/2010
Time: 5:27:39 PM
User: N/A
Computer: HOME
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
The system cannot find the file specified.
 

Answer:New IE popup window all the time, Virus or Trojan? - HiJackThisLog inside

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 44.69%

my internet has been running poorly lately and the internet has also been kinda timing out lately and disconnecting and reconnecting frequently i have come to the conclusion i have a virus of some sort. I have run spy sweeper and found that i am infected with the winlogonhook trojan and security2k hijacker adware. can anyone help me remove these thanks alot!!!below are the current hijack this log and the AVG anti-spyware log(im only posting the items that are not tracking cookies cause there seemed like there were alot of tracking cookies)AVG ANTI SPYWARE LOGC:\RECYCLER\NPROTECT\00119989 -> Downloader.TSUpdate.j : Marked for delete on rebootUnkown ErrorC:\RECYCLER\NPROTECT\00120015.js -> Hijacker.Small.jf : Marked for delete on rebootUnkown ErrorC:\Documents and Settings\Adam Ailion\Local Settings\Temporary Internet Files\Content.IE5\3B5VZ50S\ads_nl1[1].htm -> Not-A-Virus.Exploit.HTML.IframeBof : Marked for delete on rebootUnkown ErrorHIJACKTHIS LOGLogfile of HijackThis v1.99.1Scan saved at 4:40:26 PM, on 1/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\... Read more

Answer:Help Removing Winlogonhook Trojan! Hijack And Avg Antivirus Logs Inside

Hello aja656 Welcome to Bleeping Computer! If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log <--link And I'll be happy to look at it for you.Thanks, for your patience. Stelios

7 more replies
Relevance 44.69%

my internet has been running poorly lately and the internet has also been kinda timing out lately and disconnecting and reconnecting frequently i have come to the conclusion i have a virus of some sort. I have run spy sweeper and found that i am infected with the winlogonhook trojan and security2k hijacker adware. can anyone help me remove these thanks a lot!!!

below are the current hijack this log and the AVG anti-spyware log(im only posting the items that are not tracking cookies cause there seemed like there were alot of tracking cookies)
AVG ANTI SPYWARE LOG
C:\RECYCLER\NPROTECT\00119989 -> Downloader.TSUpdate.j : Marked for delete on rebootUnkown Error
C:\RECYCLER\NPROTECT\00120015.js -> Hijacker.Small.jf : Marked for delete on rebootUnkown Error
C:\Documents and Settings\Adam Ailion\Local Settings\Temporary Internet Files\Content.IE5\3B5VZ50S\ads_nl1[1].htm -> Not-A-Virus.Exploit.HTML.IframeBof : Marked for delete on rebootUnkown Error

HIJACKTHIS LOGLogfile of HijackThis v1.99.1
Scan saved at 4:40:26 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Prog... Read more

Answer:Help removing winlogonhook trojan!! HIJACK AND AVG ANTIVIRUS LOGS INSIDE

Hi, Somehow, you have double posted...TSG allows posters one thread for each problem, so I am going to Close this one...your other thread still has no reply but you should get some advice shortly. Please use just that one thread.
 

1 more replies
Relevance 44.69%

my internet has been running poorly lately and the internet has also been kinda timing out lately and disconnecting and reconnecting frequently i have come to the conclusion i have a virus of some sort. I have run spy sweeper and found that i am infected with the winlogonhook trojan and security2k hijacker adware. can anyone help me remove these thanks alot!!!

below are the current hijack this log and the AVG anti-spyware log(im only posting the items that are not tracking cookies cause there seemed like there were alot of tracking cookies)


AVG ANTI SPYWARE LOG
C:\RECYCLER\NPROTECT\00119989 -> Downloader.TSUpdate.j : Marked for delete on rebootUnkown Error
C:\RECYCLER\NPROTECT\00120015.js -> Hijacker.Small.jf : Marked for delete on rebootUnkown Error
C:\Documents and Settings\Adam Ailion\Local Settings\Temporary Internet Files\Content.IE5\3B5VZ50S\ads_nl1[1].htm -> Not-A-Virus.Exploit.HTML.IframeBof : Marked for delete on rebootUnkown Error

HIJACKTHIS LOGLogfile of HijackThis v1.99.1
Scan saved at 4:40:26 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless... Read more

Answer:Help removing winlogonhook trojan!! HIJACK AND AVG ANTIVIRUS LOGS INSIDE

Hello aja656, welcome to TSF and thanks for your patience. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded, click on NEXT.
Now click on Scan Settings
In the scan settings make that the following are selected:Scan using the following Anti-Virus database: extended
Scan Options: Scan Archives and Scan Mail Bases

Click OK
Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
Now under select a target to scan, select My Computer
The program will start and scan your system.
The scan will take a while so be patient and let it run all the way.
Once the scan is complete it will display if your system has be... Read more

19 more replies
Relevance 44.69%

my internet has been running poorly lately and the internet has also been kinda timing out lately and disconnecting and reconnecting frequently i have come to the conclusion i have a virus of some sort. I have run spy sweeper and found that i am infected with the winlogonhook trojan and security2k hijacker adware. can anyone help me remove these thanks alot!!!

below are the current hijack this log and the AVG anti-spyware log(im only posting the items that are not tracking cookies cause there seemed like there were alot of tracking cookies)
AVG ANTI SPYWARE LOG
C:\RECYCLER\NPROTECT\00119989 -> Downloader.TSUpdate.j : Marked for delete on rebootUnkown Error
C:\RECYCLER\NPROTECT\00120015.js -> Hijacker.Small.jf : Marked for delete on rebootUnkown Error
C:\Documents and Settings\Adam Ailion\Local Settings\Temporary Internet Files\Content.IE5\3B5VZ50S\ads_nl1[1].htm -> Not-A-Virus.Exploit.HTML.IframeBof : Marked for delete on rebootUnkown Error

HIJACKTHIS LOGLogfile of HijackThis v1.99.1
Scan saved at 4:40:26 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Progr... Read more

Answer:Help removing winlogonhook trojan!! HIJACK AND AVG ANTIVIRUS LOGS INSIDE

can anyone help me maybe my post was over looked, any help would be greatly appreciated thanks a lot!!
 

3 more replies
Relevance 44.69%

I inadvertently clicked a link in twitter and bam I got hit with the olmarik trojan, I was pretty familiar with some of the steps I needed to take to get the process started in removing the trojan but now I need the help of tech support guy to finish. I have posted three logs hopefully I can fix this problem tonight. Thanks again in advance!

#1: Combofix Log:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 09-09-18.02 - Home 09/20/2009 0:36.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2043 [GMT -4:00]
Running from: c:\users\Home\Documents\Downloads\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-519645941-4178204123-2223990402-500
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\iWin\tbiWi1.dll
c:\users\Home\AppData\Roaming\inst.exe
c:\windows\Installer\2c636ccf.msi
c:\windows\Installer\2c636cda.msi
c:\windows\Installer\2c636ce5.msi
c:\windows\system32\drivers\gasfkyntorximt.sys
c:\windows\system32\gasfkycuftwvda.dat
c:\windows\system32\gasfkydvotypnm.dll
c:\windows\system32\gasfkytmusxese.dll
c:\windows\system32\gasfkyxpfdbnoo.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkypirndywv
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
----... Read more

Answer:Got Hijacked by the Olmarik Trojan: started process logs inside

16 more replies
Relevance 44.28%

For those of you who have been complaining about the perceived slowness of Vista file copy operations (And <insert deity name here> knows ther have been many), I now present to you a copy of Mark Russinovich's blog dated 4 February 2008.

In his blog, he provides in-depth details of how the copy engine works, and what improvments have been made to this engine in Vista SP1.

Happy reading!

----------------------
The original text for this post can be read in Mark Russinovich's blog at http://blogs.technet.com/markrussinovich/
----------------------

Windows Vista SP1 includes a number of enhancements over the original Vista release in the areas of application compatibility, device support, power management, security and reliability. You can see a detailed list of the changes in the Notable Changes in Windows Vista Service Pack 1 whitepaper that you can download here. One of the improvements highlighted in the document is the increased performance of file copying for multiple scenarios, including local copies on the same disk, copying files from remote non-Windows Vista systems, and copying files between SP1 systems. How were these gains achieved? The answer is a complex one and lies in the changes to the file copy engine between Windows XP and Vista and further changes in SP1. Everyone copies files, so I thought it would be worth taking a break from the ?Case of?? posts and dive deep into the evolution of the copy engine to show how SP1 improves its performance.

... Read more

Answer:Inside Vista SP1 File Copy Improvements

I downloaded the article by microsoft about all the inprovements. Too many Kxxx articles to go into. Needless to say there is alot. Waiting for the final release before upgrading.

2 more replies
Relevance 44.28%

the folders when you right click and click properties it is 0 size, or the folder is empty but the file is inside. but i can not open the files, when i right click it just has open with, folder synchronization, send to no other features as usual.And it spread to other files and folders. and when i burn it with Nero, it failed it said the file is too

PLEASE HELP, HOW TO REMOVE THE VIRUS!

Thx.

Answer:New Virus: The Folder is Empty but the file is inside

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 44.28%

Hello,
I have a couple of computers set up in the network. They're all inside the same workgroup.
Every folder I share is visible by everyone.
Now I want to define permissions on only one folder which containes files only to be editable (modified) by, let say, one computer.
So I need to define special peermissions for this particular folder.
However I came accros to a problem. In network neighbourhood I can see all computers and their share folder and they see my shared files. But when I want to define special permissions on only one folder (one user can write and read, the rest is read only access), I cannot see other computers in the "Select user or groups" window just as shown in the attached picture.

One friend of mine told me that this is only possible when computers are on domain. It is really hard for me to understand that permissions cannot be defined for each folder and for each network user separately.

Can you give me any advice?

Thanks
 

Answer:File and folder permissions inside workgroup

Permissions are configured for local users on the machine, not network users or machines.
 

1 more replies
Relevance 44.28%

I'm recently noticed that some zip files that I store images on contain some empty image files "0 KB".
I'm just wondering if anybody knows of a quick way to scan a bunch of folders each with several zip each and then show which zip files contain empty files.

Thank you.

Answer:Check inside zip files for empty file

Use wither 7-zip or Winzip. Basic computing 101.

6 more replies
Relevance 44.28%

Hi I am trying to remove MWMBs and even after using the MWMBs Removal Tool and rebooting twice" its still in "Program Files" It keeps saying: "Error Deleting File or Folder: Cannot Delete the Directory is Not Empty" When I open the MWMBs folder it has one little file with no description in it if I try and drag it to the Recycle Bin it says: "cannot read from the source file or disk" anyone have any ideas please Dazza

Answer:Cannot uninstall MWMByts Folder and 1 File inside

Hello Dazza -2 ideas. First, run chkdsk /r as the problem may be your system -Next, If the problem persists, please contact Malwarebytes Support desk << with this form for personal help -They have just told me that they will look after you as soon as a helper is available -Thank You -

4 more replies
Relevance 44.28%

I'm having problems with my iframe when viewing in IE (version 6)

The problem has to do with the URL/src of the iframe:
http://www.resonline.com.au/affredir/v2/affredir.asp?CommodityTypeID=1&StateID=401&DestinationID=454&AffiliateTheme ID=203&r=5&view=3&AffiliateID=203&refcode=OZACCOMM
(the page contains jscript)

I can view this URL in IE with no probs but when I try to view it within an iframe it won't stop reloading.. about every 2 seconds. It works fine in Firefox.

To see the problem in action you can check this link:
http://members.optusnet.com.au/~reen...comm/test.html

------------
Is there some jscript or something that I can use to force it to stop reloading.

Please HELP!
 

More replies
Relevance 44.28%

How do I encrypt a .txt file inside an Image so that when I change the extension of the Image into .rar and I open the rar file, there's a .txt file in it? This does work, you can try it yourself.
http://www.icon-hack.cc.cc/img/product/2009/200905/20090502/188360_1_Fsdfdf.jpg
Change the file extension to .rar and open it.
 

Answer:Solved: Encrypting a .txt file inside an Image

6 more replies
Relevance 44.28%

Hello folks. I'm trying to fix my mother's computer and needless to say it's in bad shape. The memory is being hogged like crazy and the only form of virus scanner i have at my disposal atm is housecall. What's weird is the terms don't load for me to continue, but hijack this works. Here's the log from safe mode. I'm going to restart and run it normally and see if there are differences. ty in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:23 PM, on 8/2/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Mahnaz\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,... Read more

Answer:Mess of a system (Hijackthis file inside)

not on safe mode:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:28 PM, on 8/2/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mahnaz\Downloads\HijackThis(2).exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:... Read more

2 more replies
Relevance 44.28%

Hi guys,

i come to you after formating my computer and without success to solve my blue screens problem.

when i watch a movie and specially while playing i get a blue screen
i attached the dump file.

thanks a lot!

Answer:Windows crashed + dump file inside

  
Quote: Originally Posted by shiker


Hi guys,

i come to you after formating my computer and without success to solve my blue screens problem.

when i watch a movie and specially while playing i get a blue screen
i attached the dump file.

thanks a lot!


SPDT.SYS used by daemon tools/alcohol and KeyMagic. Both.

Your computer was up for 2 plus days so it isnt happening frequently, and removing those two items may fix it.
Ken J

Please remove any CD virtualization programs such as Daemon Tools and Alcohol 120%. They use a driver, found in your dmp, sptd.sys, that is notorious for causing BSODs. Use this SPTD uninstaller when you're done: DuplexSecure - Downloads
[/quote]
You can use MagicDisc as an alternative.

Freeware MagicISO Virtual CD/DVD-ROM(MagicDisc) Overview


Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\dump_110310-26083-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82a19000 PsLoadedModuleList = 0x82b61810
De... Read more

3 more replies
Relevance 44.28%

hey guys, i got attacked by some virus or trojan or whatever it was, got some services removed and i need some reg keys to restore them....

If you are on Windows 7 x64 sp1, just go here in regedit;

HKEY_LOCAL_MACHINE\SYSTEM\CurrenControlSet\

and export the services subfolder and paste it up in a reply!

All the headache from trying to fix this with solutions now, i think im missing some vital part and only the right registry files can fix.

make sure you are on 7 x64 sp1...

thanks.

Answer:Got a virus, need a reg file, Windows 7 x64 sp1, directions inside.

Hello dek

Here you go hope it helps
Services.zip

Danny

3 more replies
Relevance 44.28%

currently, I'm using CA Security suite, I'm wondering if I can use the anti-virus to scan the inside of a RAR file, which composed of dozens of files, and confirm if there is a virus inside the packed rar file or not
 

Answer:Can anti-virus scan the inside of a RAR or zip file?

NOD32 does... perhaps the CA cra--- uhmmm... product has an option to scan inside archives that needs to be enabled (seems like it should be on by default; it is with NOD32).
 

6 more replies
Relevance 44.28%

PING 192.168.0.3 (192.168.0.3): 56 data bytes
64 bytes from 192.168.0.3: icmp_seq=1 ttl=128 time=0.5 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=128 time=0.2 ms
64 bytes from 192.168.0.3: icmp_seq=4 ttl=128 time=0.3 ms
64 bytes from 192.168.0.3: icmp_seq=7 ttl=128 time=0.3 ms
64 bytes from 192.168.0.3: icmp_seq=13 ttl=128 time=0.5 ms
64 bytes from 192.168.0.3: icmp_seq=14 ttl=128 time=0.5 ms
64 bytes from 192.168.0.3: icmp_seq=15 ttl=128 time=0.2 ms
64 bytes from 192.168.0.3: icmp_seq=17 ttl=128 time=0.4 ms
64 bytes from 192.168.0.3: icmp_seq=18 ttl=128 time=0.5 ms
64 bytes from 192.168.0.3: icmp_seq=19 ttl=128 time=0.2 ms
64 bytes from 192.168.0.3: icmp_seq=20 ttl=128 time=0.2 ms
64 bytes from 192.168.0.3: icmp_seq=25 ttl=128 time=0.5 ms
64 bytes from 192.168.0.3: icmp_seq=27 ttl=128 time=0.2 ms
64 bytes from 192.168.0.3: icmp_seq=28 ttl=128 time=0.3 ms
64 bytes from 192.168.0.3: icmp_seq=29 ttl=128 time=0.4 ms
64 bytes from 192.168.0.3: icmp_seq=30 ttl=128 time=0.1 ms
64 bytes from 192.168.0.3: icmp_seq=46 ttl=128 time=0.4 ms
64 bytes from 192.168.0.3: icmp_seq=49 ttl=128 time=0.5 ms

--- 192.168.0.3 ping statistics ---
50 packets transmitted, 18 packets received, 64% packet loss
round-trip min/avg/max = 0.1/0.3/0.5 ms

I am getting this after doing a fresh install of Debian 3.0r2 on a computer with the following hardware:

Pentium 3 500MHz
2x 256MB PC133 RAM
Asus P2B
ATI RADEON 6500 VIVO
Creative SoundBlaster Live!
3Com 3C905-TX

I've never had problems like this bef... Read more

Answer:Getting 64% Packet Loss - What's causing this? (log file inside)

Seems reltek more reliable in this case, but I bet this is some driver problem...
 

8 more replies
Relevance 44.28%

Is it possible to request elevation inside a CMD/batch file? I have a Command Script( .cmd) and one of the command require admin right to run. I am NOT looking for right-click "Run as administrator", I would like the script itself to call the UAC prompt.Thank you,

Ray

Answer:Request Elevation inside CMD/batch file

Hi,To elevate the permission, please refer to the following article:Windows7 elevated command prompt priviledges throug a scriptThanks,Novak

11 more replies