Explore topic-wise InterviewSolutions in .

My windows folder will duplicate by itself. How to prevent it?Much more info is needed...
What version of Windows is this?
What protection do you have?
When was the last TIME you scanned in Safe Mode?
How does the folder duplicate? Where does it go? Does it contain all of the same files?Is this the same machine that had the other ISSUES ? ?
No right clik FUNCTIONS etc. ? ?
If so i would suggest a format and clean install of XP.O.S. .... XP Profession SP2
Celeron D 2.66Ghz
512 RAM
Duplicate folder is 227kb
AVG Free Edition
Never scan in safe mode

I APOLOGIZE, your post seems to have been overlooked somehow. It can be a bit busy here, as we're understaffed in this section and have a fair amount of people coming in with problems.

If you're still having problems, update your AVG and scan with it in Safe Mode. Once you've done that, download HijackThis and post a log here.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

yes to all three. i'm still trying to see if anyone can get me a windows disc, but no luck so far.wait.

you said that someone gave you that computer?no, i have never said someone gave me this computer. i bought it with my own money..which i'm still paying off actually. i've never been given a computer...

i ran AVG, spybot, and ad-aware two nights ago and they didn't come up with anything.JXY...are you going somewhere with all of these questions?

saytheya, those friends of yours with XP Home/Pro SP2 don't have their CD's? Did you ever try calling Microsoft? You can also ask them about sending you a CD.of course im going somewhere.

saytheya didn't have a windows disc. that happens when someone has given you a computer. and i remember someone saying that they had recieved the computer from someone else. guess i got mixed up with a different topic.

Which brings me to my next question, what type of store did you buy it from.

Because in some places in china, if you buy a computer from a store, it could be just a small street shop.

And unlike larger ELECTRONICS stores, these smaller shops don't give you the windows disc.JXY: as far as i know, new computers aren't given with OS cds anymore. my compaq came with restore cds but no XP cd. i'm usually pretty good about keeping all the papers and cds that come with my computers in a safe spot.

I have never bought a computer "off the street." i don't even trust computer stores to fix my computer..but i also had a bad experience with one so that doesn't help. i bought my compaq from a store similar to walmart and my dell from dell.

CBMatt: i called microsoft to see if they would give me tech support, but i haven't asked them to send me a cd yet. my friend is asking around to see if she can FIND one. so i'm waiting it to be a last resort situation. Quote from: saytheya on August 23, 2007, 05:29:51 PM

CBMatt: i called microsoft to see if they would give me tech support, but i haven't asked them to send me a cd yet. my friend is asking around to see if she can find one. so i'm waiting it to be a last resort situation.

of course im going somewhere.

saytheya didn't have a windows disc. that happens when someone has given you a computer. and i remember someone saying that they had recieved the computer from someone else. guess i got mixed up with a different topic.

Which brings me to my next question, what type of store did you buy it from.

Because in some places in china, if you buy a computer from a store, it could be just a small street shop.

And unlike larger electronics stores, these smaller shops don't give you the windows disc.

no offense, but none of the last few comments have helped along my problem...

Alright there is this virus on my computer, This GUY advertised it as a game CHEAT so i decided to check it out. It added its self on startup and its always running under wpa.dbl.exe in my taskmanager. I try to remove is from startup from typing run and msconfig but no luck the process doesnt show up there or as a service. Now the directory this virus is in is C:\WINDOWS\system32\wpa.dbl.exe . The wierd thing is when i end the process and try to go in that folder its not there. I tried to uncover the hiddin files and again no luck . So i try to delete it with a batch command. It says there is no file in that directory with that name. Now the wierd part is when i try to re start it up with the back command it starts up. Correct me if im wrong but these are the results i get.

BATCH COMMANDS
C:\WINDOWS\system32>DEL wpa.dbl.exe
Could Not Find C:\WINDOWS\system32\wpa.dbl.exe <-----Error

C:\WINDOWS\system32>wpa.dbl.exe <----no running error (it ran successfully.)

C:\WINDOWS\system32>wpa.blahblahblah.exe <---trying a fake file i made up
'wpa.blahblahblah.exe' is not RECOGNIZED as an internal or external command,<--get this error
operable program or batch file.

C:\WINDOWS\system32>

what can i do to get rid of this virus. Im PRETTY sure its a keylogger! its undetectable by all antiviruses.


I've never heard of the Weird *censored* virus, but you do indeed appear to be infected. It appears to be trying to disguise itself as the Windows Protection Activation. Head over to VirusTotal and scan the file by pasting the filepath into the little white text box. Post the results here.

Then download HijackThis to C:\Program Files\HJT and run a scan. Post the log here for us to take a look at.

I'm going to go ahead and move this thread to the appropriate section.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Well I have these 2 computers in my house that both have this problem. When you turn them on, nothing appears on the monitor. It was only a problem with one of them at first but not neither of them work. I am using 2 different monitors and when i PLUGGED my laptop in to the monitors it worked fine. Does anybody have any idea how to fix this?I think this is going to be an hardware problem.
Just odd that the same thing happens to both the computers.
Do you hear the TESTING of your hard drives when you boot?

Jonas um it makes noises if thats what you mean lol well I downloaded this file on one and it messed up and i downloaded the same thing on the other comuter and that one messed up so i think thats the problemYou downloaded a file and ran it on both computers? If this is the COMMON factor then this was likely EITHER a virus or - seeing as you have not explained well - an incorrect video driver. Though I don't understand why it wouldn't even be displaying the BIOS... It would help a lot if we knew what you downloaded...Porn? XDDue to lack of feedback, I am CLOSING this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Hello. I'm LOOKING for some help.

My computer had a virus of some kind and I called my cable company ( whom I have my internet service through) and they said they had a block on my email becuase it appeared I had a virus. So, that confirmed what I knew from my screens freezing and not being able to access anything.

SO, they recommended I run an anti-virus scan, which I did. I have sophos, and ran it. It said I had viruses and so I had it QUARANTINE them and then remove them.

Now, when I go to run my computer it does seem to be better starting up time and such, but it wont open a browser or let me access the web. In the lower right hand corner, the little computers to show the connection have a yellow triangle over them with an exclamation point over it. so, I need help in what I need to reconfigure now?

any advice is welcome.Alright but would you first post a HijackThis so Chriss (CBmatt) could take a look at it he is much better in that than I am.

Did you try to update the drivers of your Internet connection?
Here is how to do it:
1) Press the Winkey + Pause Break
2) go to hardware then to device manager.
3) go to the network adaptor and right cilck on it and click Update.

Let us know if it worked.

Jonas here's the problem. When I clicked on hijackthis link you had, it wanted to run the program. The computer I am on is my laptop and not my main computer where the problem is. I only hooked this one up so I could get online and get some help for the other computer.

Now what?Instead of clicking on the link, right-click on it and go to Save Target As.for the LIMITED connectivity try going to control panel network connections and right clicking your network adapter then disable it and then reenable it.I hate that *censored* yellow sign. Try right clicking the sign and pressing "Repair". If that doesn't work right-click and "Disable" then "enable" it. And if that still doesn't work go to your modem unplug it and wait about 40 seconds then put it back in and wait.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another MODERATOR and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Hello again, im using a dell xps 210 vista premium
lately spyware terminater is finding somthing called
flashget HKCU\software\jetcar.....
I have put it in quaretine and nothing seems affectted.
Can anyone tell me what this is please,and should i remove it.
Thanks for your time........Flashget is an FTP connection client, that is if it's legitimate.

Does your protection app give you a registry entry? If so you should post the entire string it gives. What executable is it pointing to? If you can find this executable you should upload it to www.virustotal.com and see what they think of it . . .http://www.safer-networking.org/en/mirrors/index.html

it could be spyware.

download and install spybot S&D.

run a scan and see of ot picks up the flashget entry.

if it does, ask spybot to fix it for you. otherwise, i don't think it's a problem.

did you install flashget?Thanks for your time on this, spybot,avg,adaware se,
none of them detect it only spyware terminater.
ive just removed it and everything seems fine..
cheers..FlashGet is a download accelerator made by Jetcar. I personally don't trust the program much (programs like this just seem iffy to me), but most people seem to think it's relatively safe. In my EYES, the program you should worry about is Spyware Terminator. It's a subpar program (once considered rogue anti-spyware) and anything it picks up has a chance of being no more than a false positive. It's possible that one of the FlashGet files is considered spyware, but there's also a good chance the Spyware Terminator made a mistake. If I were you, I'd stick with Spybot.Thanks CBMatt,for the advice i found flashget
keeps appearing so i just keep removing it,
i have never had any problems with spyware terminator.
it dose seem to find things the others dont??even when
i had my gateway 2core mediacenter..
but cheers again CBMatt for your time..Oh woops, did I say FTP connection client ? ? I meant download accelerator . . . I was thinking of something else, SmartFTP or something, don't KNOW why. Sorry for any confusion. Thats alright DetltaSlaya..no harm done,
the only thing that gets me is your penguin sign!!!
with my Details on it anyone can read that yes??
i must find a way to stop this as it just feeds my
paranioa of on line ID theft and security...
thanks..P...Well your IP and browser information is given to every website you visit, you can't stop this unless you use a proxy. NOONE else can find out this information unless the website decides to broadcast it.

This is how it works with my signature. Your browser is requesting all the images on the PAGE through the URLs, then it sends its request to the site that my signature is from (danasoft.com). This site uses the information sent to it to generate a new image that is then uploaded to your browser. Go to their site for more information.

www.danasoft.comThanks DeltaSlaya, thats reashuring
but now somthing has happend..
new post...cheers.P...Quote from: paul420 on August 26, 2007, 11:44:47 AM

i have never had any problems with spyware terminator.
it dose seem to find things the others dont??even when
i had my gateway 2core mediacenter..

Logfile of HijackThis v1.99.1
Scan saved at 7:04:23 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\system32\svehost.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jujwakxr.dll",forkonce
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Secondary Logon seclogonSNDSrvc (seclogonSNDSrvc) - Unknown owner - C:\WINDOWS\system32\adsntd.exe (file missing)


In my AVG anti-spyware,I trojans quarantined.But I want to get rid of them.I'm not sure if getting rid of these will mess up my computer.

Here some screenshots of the AVG Infections

http://img72.imageshack.us/my.php?image=avgggqr7.png


http://img187.imageshack.us/my.php?image=avvvddfzv1.png



I see that you have HijackThis running from your desktop. You have it in a permanent location, which is good because it makes important backups that you may end up needing. However, to help you avoid clutter and to help ensure that the backups stay safe, I would like you to MOVE it to a special location.

• Double-click on My Computer to open it and navigate to C:\Program Files.
  
• Right-click on the empty (white) space and go to New > Folder.
  
• Name the folder something like HJT and move HijackThis into that new folder.
  
• If you would still like to run HijackThis from the desktop for convenience, right-click on HijackThis and click on Create Shortcut. This will create a shortcut to the program; move the shortcut to the desktop.

I recently had my computer scanned using Avast Home edition and I got a bunch of viruses most of them Trojans and spywares. after that I was getting some error message saying "Error Message,"Duplicate name exists."" even though Im not connected to a network and it also shows a massage saying "limited or no connectivity" whats worst is I cant access other website such as pldtplay.com(philippine game servers) and I also cant sign in on my yahoo MESSANGER. is there something wrong with my PC? can anyone help...?get superantispyware run it in safe mode(along with any other protections) and dl hijackthis and post log, it might take more then one postthanks, I think Ill try that
I already used system restore but I still get the error but not as alwayswell the superantispyware together with system restore was able to fix things... "kinda"
some of my software was not working "correctly" like my yahoo massager for example some of the pictures and plug ins on it was missing, my browser(firefox and internet explorer both have the same problems) has a big space on the bottom part of it which is very annoying since i cant see most of the contents of a website. some of my files and previously installed PROGRAMS was missing.

I'm thinking of reformatting my PC since i have already backed up all my files.
but i was wondering... can frequent re-formatting(using windows xp installer) damage your hardrive? try windows updates and uninstall firefox and reinstall it

and for the reformatting im not sure someone with more hardware experence might be able to help or google might have the answer i reformat every 3 months and my computers are doing fine. ive had my laptop for over a yr soQuote

my browser(firefox and internet explorer both have the same problems) has a big space on the bottom part of it which is very annoying since i cant see most of the contents of a website.

i reformat every 3 months and my computers are doing fine.

Got a screen shot of this big space?

Ok, well yesterday night whilst I was on MSN Messenger.. and suddenly the internet stopped working although Windows Vista said it was online.... so I tried opening Windows Media Player to listen to some music from my library and I got an error message saying "wmplayer.exe not FOUND" followed by various messages saying that "explorer.exe" not found and others which I cannot remember.... So I thought best thing to do would be restarting the computer.. as soon as I clicked on restart I got a message saying "SystemUI.exe not found" followed by a blue screen... Now each time I boot before I even have a chance to press F8 it tells me Boot\BCD not found and restarts.... constantly.

I can assume the OS has been destroyed but I suspect my personal files are still there so I tried CREATING a bootable version of Windows XP on my UFD using BartPE on annother computer.... although my BIOS is configured properly and I follow all steps completely the computer refuses to boot the UFD....

Windows Repair is not an option as my DVD-RW drive is bust and IT IS a laptop... I got an external DVD-RW but I have it in my other house in annother country.

Annother problem is the fact that I cannot get it repaired in any shop due to the high costs of the service (all wanted €200 or more) which I cannot afford....


Any help please??


Extra Info:
OS: Microsoft Windows Vista Home Basic
Antivirus: AVG Free + AVG AntiRootkit
AntiSpyware: Windows Deffender + AVG AntiSpyware
Firewall: Windows Firewall
RAM: 1024 (128 Graphics) CPU: AMD Turion 64 X2 (1.6GHz)
HDD: 100GB GFX: nVidea GeForce Go! 6150Did you try using the floppy you made on another good machine? If it works on a good 'puter then you really have no other option than replacing the broke DVD-R/W-do you?
What is it you want to accomplish here...
Retrieve your data ?
Repair install so you can use the machine ?
A clean start ?Quote from: patio on July 16, 2007, 07:51:46 PM

What is it you want to accomplish here...
Retrieve your data ?
Repair install so you can use the machine ?
A clean start ?

I would hook up that drive as a slave in a working machine...run a virus scan on the drive, actually all your protection apps...you have a well balanced arsenal there BTW.

Then copy/burn the data you need from that HDD and do a full format on it.

It should then be clean enough for a clean install.

p,s. You may want to add AdAware and Spybot to your package...

p.s.s. Before copying /using any of that data on the new build re-scan the CD just in case.

Then grab one of these...



About 10 bucks at any computer store...lets you connect a laptop HDD to any desktop machine with an available IDE connection.

Handy for quicker backups as well.

I've recently become paranoid after I fell victim to a keylogger last week having a very important password stolen and decided to manually copy and paste my passwords from a notepad document from then on. Might be important to note that since that time I had NEVER typed the password, EVEN to initially create it. Thought I was safe and was surprised to have the same password stolen again. I have run hijackthis, avg, trojan remover, trendmicro online scan, adaware, and win security task manager(actually a safe program believe it or not) and my system turned up clean. I even ran them all in safe mode to be sure. I have a router and use the xp FIREWALL as well. I just don't get it. The only possible way that that password could have been stolen again is if the keylogger is somehow recording my clipboard, which I have began deleting after I paste the password. Is this possible? Is there any way to prevent it happening in the future?can you post the hijackthis log for us to look at?Quote from: endezeichen on August 23, 2007, 12:41:58 AM

The only possible way that that password could have been stolen again is if the keylogger is somehow recording my clipboard, which I have began deleting after I paste the password. Is this possible?

Is there any way to prevent it happening in the future?

I have about 4 or 5 trojan viruses that I can't REMOVE which really pisses me off. But the thing is my computer has been running the same and nothing seems wrong with it. And I've had these trojans for a couple of months. I'm trying to remove them.

But the question is could they cause really bad damage like severly slow my computer down or make it crash etc?In short, yes.
GET rid of them as soon as you can before they cause more damage.
They've most likely CAUSED a lot of damage already and you just haven't noticed.What have you run to get rid of them /
List all your protection apps.Been working on it after I got a PM from the OP . . . I think we're in the clear, just waiting to hear back on final results.
Can't answer your question as I don't know what ELSE was used, but I suggested AVG Antivirus Free, AVG Anti-Spyware, Adaware 2007, and Spybot Search & Destroy. The HijackThis log suggests TrojanHunter, AOL Anti-Spyware and SpySubtract were also used, or at least installed. The log was clean as far as I am aware except from a Zango toolbar which I gave instructions as to how to remove, and out of date Java (Java 6 Update 1) which gave instructions to update.
Lots of stuff running in the background though, I suspect that the computer is running very slowly because of this.Topic resolved via private messaging, no more Trojans.As this issue appears to be resolved (according to Calum), I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

ok so its the LAST time IM at my cousins and my older cousin mike has something on his startup shield we found wen he just got spy sweeper is anyone FAMILIAR with this program? i know what to do its just that i dont feel safe deleting this programqwix seems to be legit, did you Google it?

how do i get rid of this THING, every two days seems to show up and dont know which software to kill it for good i hope lol

adaware & spybot dont kill it

sytem mechanic says it removes it, but shows up again in two days ?

what am i to do ?

any info plzWhat OS do you have?
Do you have any other protection?

Go ahead and post a HijackThis log and we'll take it from there.have xp home, with system mechanic 6 pro , adaware pro, ETRUST pestpartol 5, REGISTRY mechanic, ashampoo - photo commander, antispyware, winoptimizer & burning studio 6, ms office 2003 pro, aol/yahoo/windows live messengers, winamp & limewire pro

the ashampoo one didnt work either, now trying a-squared anti-malware

i see it in the registry, when i scan with spytron of system mechanic, but can't delete it (dont know which files it is in),
Quote from: CBMatt on July 13, 2007, 11:53:56 AM

Go ahead and post a HijackThis log and we'll take it from there.

have xp home, with system mechanic 6 pro , adaware pro, etrust pestpartol 5, registry mechanic, ashampoo - photo commander, antispyware, winoptimizer & burning studio 6, ms office 2003 pro, aol/yahoo/windows live messengers, winamp & limewire pro

the ashampoo one didnt work either, now trying a-squared anti-malware

i see it in the registry, when i scan with spytron of system mechanic, but can't delete it (dont know which files it is in),

Also, none of the software you have sounds like an AV, correct me if I am wrong but it is advised, as I am sure Chris will tell you to get - AVG Anti-Virus Free. (Direct .exe Link).

have xp home, with system mechanic 6 pro , adaware pro, etrust pestpartol 5, registry mechanic, ashampoo - photo commander, antispyware, winoptimizer & burning studio 6, ms office 2003 pro, aol/yahoo/windows live messengers, winamp & limewire pro

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:28:45, on 2007-08-18
Platform: WINDOWS XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (USER 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Compagnon d'AOL.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Mini-icône d'AOL 8.0.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dominique883.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cabO18 - Protocol: bw+0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)O18 - Protocol: bwo0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 UPDATE Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 22024 bytes
CB Matt, ComboFix was the only program that COULD pick up the virus.Alrighty, it looks pretty clean to me. You should, however, check those O18 Logitech entries and fix them with HijackThis. The file is gone, but traces of it are still in the registry. You should also download CCleaner (without Yahoo! toolbar) and use the Cleaner and Issues tools to clean up a bit.

Also, that computer still needs a firewall and a newer version of Java. Other than that, things are looking good.

The pe386 driver that ComboFix removed was related to Rustock (a quick search on Google can verify this), so the infection should be gone.
Are you experiencing any problems with that computer?Thanks, CBMatt. She said she will update Java and download Zonealarm. The computer is working fine. If we run Hijackthis again, do we delete anything related to Logictech?Yes, the O18 entries. Make sure that they have reference to Logitech before deleting though.

Great to see your problem has been resolved and if you don't have it already may I also RECOMMEND CCleaner, as has CBMatt..Yeah, like DeltaSlaya said, just focus on the O18 entries. They're the ones that look like this...

O18 - Protocol: bw+0 - {38F58AFF-C4C6-428B-A886-84F284BFDEFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

Those are the only ones you need to worry about. Leave everything else alone. If you run CCleaner first, it might automatically clean up a lot of those for you.Thanks for all your help. Problems solved.Awesome, I'm glad to hear it.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

ok so i was on the internet with my cousins computer and a window pops up saying
system32.exe is know .bat file? i know wat a bat file is and then a download window pops up and it saying ALP casino download start it downloads and i get a new window that pops up and all my files pop UP like every ONE even the stuff like WoW pop up and it says message from user rong PC error my cousins OS is windows XP HE we had a flash file open and the internet his friend says the same thing happend to his PC it came fron something on the intern cus it open up the CONTACT list and started sending EMAILS it got maybe THREE emails through until we pulled the plug anyone ENCOUNTER this? I'm having trouble finding an infection by this name, but it sounds like a worm of some sort.
What protection do you have?

You should update all protection and scan with it in Safe Mode. Afterwards, post a HijackThis log for us to look at.know dude we cant do a thing like we get to black thing thingy but u cant do anything Without alot more info on your system. OS and what happened prior to this and alot less textspeak it's hard to move on from here.Quote from: wefr0 on AUGUST 03, 2007, 07:58:29 PM

know dude we cant do a thing like we get to black thing thingy but u cant do anything

You still have a couple of bad entries showing up...
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\nyxmqbgx.dll",forkonce

O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)

Also...make sure you delete ALL of the files I listed in my last post. Simply removing the entries isn't enough. If you're having trouble doing this, I can create a batch script that should do it for you.

I still need this...
Quote from: CBMatt on July 21, 2007, 04:54:52 PM

You appear to have a PurityScan infection. Copy everything inside the quote box below (starting with dir) and paste it into Notepad. Go up to File > Save As... and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

Quote

dir C:\Program Files\?racle /a h > files.txt
notepad files.txt

Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad file here.

You could be getting the popups through the messenger service which would indicate that your windows is not uptodate.
If this is the case then update your windows or disable the messenger service.
Start>Settings>Control Panel>Admin Tools>Services>Messenger...Disable.
Did you run the scans I suggested, all 4 of them?

In the add/remove programs list I have windows internet exlporer 7 and IEpro7 entries... is this the same thing? I also have programs that have no size on it?

By the way, here is some info for those programs you listed earlier...

Digital Content Portal
Microsoft .NET Framework 1.1 Hotfix (KB8928366) (Are you sure that's the right number? I can't find info on this exact hotfix.)

Hi everyone,

When playing a little online game, or while using msn, i get disconnected for like 10 seconds or so and then it comes back. On my modem, the ''atm'' light turns off and the ''dsl'' one flashes red. I would need UR help to know if that problem is due to some virus, or just from my internet provider...

Thx a lot for ur help in advance.Check to make sure you have DSL filters on ALL the phone connections in the house...Hi patio, thx for replying.

Yea i actually looked on all the phones and each has its own filter. I use windows xp sp2, high speed bell sympatico internet, amd athlon 1700+, 756 RAM, etc.

The problem must be due to something else. What should I do next? I ran a AVG scan in safe mode and it didn't find anything..Spybot S&D found like 3 spywares, deleted em..and adware SE personnal found 27 tracking cookies, which i deleted too.
Call your ISP and request a line test...they can do this while you are on the phone with them.
Is this a new condition or has it always been this way ? ?
Any new construction going on in your area ?Quote from: bennyman on July 22, 2007, 09:14:21 AM

Hi patio, thx for replying.

Yea i actually looked on all the phones and each has its own filter.
...

Hey all, this is my first post here, im HOPING to et some answers

I'm using Windows XP homeedition. WELL i turned on my computer YESTERDAY to find that none of my programs would open, except windows messenger and Internet Explorer (hence how i'm typing this). When i try to open a program, like iTunes for instance, it comes up with the message "a later version is already installed. installation cannot continue", even though iTunes is allready installed and was working fine yesterday morning.

Another problem i cant access "all programs" from the start menu, clicking on the all prgrams ICON does nothing at all. I cannot system restore as it says its unable to restore at this time. Restarting does not have any affect, starting in safe mode doesnt work and i cant completely wipe my system as im not given this option on startup, even whilst pressing "ctrl + F8"

I can however access photos and word documents ect. allthough i cannot open them due to microsoft word not working.

If anyone can shed some light on the problem, it would be much appreciated. Thanks in advance.Hornzog .......... Strange that all these issues just appeared at the same time and right out of the blue.

You are using XP home .......
Do you have sp2 installed and all the other critical updates ?

Do you have your original windows xp home edition cd if required?

Does your machine have a working updated anti-virus?

If you go to My Computer/Program files ........ open the programs folder and find the program you wish to use, are you able to open the program from there?

Did you do a windows update yesterday before this all started or any other software update?

Are you able to get into the bios if necessary?


dl65 Firstly, thanks for your interest in the problem.

I do have SP2 installed and i did have a working anti-virus system (which now doesnt start up)

I have the windows home edition CD

I did not install any updates before the problem occured, but Windows Automatic Updates keeps trying to update the same security update over and over again.

I was able to install Microsoft Office again by using the CD, and itunes now opens through clicking on a music file in my documents.

Not being totally familiar with computers I don't know what bios is/how to access it.

Through program files i can access a few programs like Windows Media Player, Guitar Pro, but not everything. It seems most of the programs downloaded via the internet work without too many problems. But theres no sign of my anti-virus. And where i used to have around 10 programs starting up, which appeared in the task bar, nothing no longer starts up and the internet only connects when i open internet explorer.

Thanks for your reply.Do you have any antivirus installed?
did it detect and erase any suspected threats?

And if you THINK you might be infected, you may want to POST a HijackThis log.Due to lack of feedback, I am closing this topic. If you are the original POSTER and you would like this topic to be re-opened for any REASON, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

all protection programs have different database and different names for the same infection. those might have found it but couldn't remove it or just quantined it. superantispyware as a nice vundo database along with other infections. and some infections just need specialty tools to remove them completelyWell, your main infection was Vundo. I'm not sure why VundoFix didn't pick it up...it should have recognized the infection because it's not a new version. PERHAPS it was old enough to not be supported. I will see if I can get an ANSWER from the creator. Anyway...although you had Vundo, I don't think it was the one changing your settings. You also had an IE hijacker, which I believe was causing the problems you described. In addition to these, you had a couple of infections that I can't identify.

As for why McAfee and Spyware Doctor didn't catch the infection, just look at unlovedwarrior's post. Personally, I would consider switching from McAfee to AVG Free. It's free and tends to clean infections better than McAfee. I think their firewall is great, but their anti-virus leaves something to be desired.

And yes, there are changes you can make to increase your security. First of all, you should clear out your restore points and create a new one...

1. Go to Start > Programs > Accessories > System Tools > System Restore
2. Click on System Restore Settings.
3. Check Turn off System Restore and click OK.
4. Restart your computer.
5. Follow steps 1 and 2 to return to the settings, uncheck Turn off System Restore, and click OK.
6. Create a new restore point and close the program.

System Restore will now be active again. If you would like to LEARN more about System Restore, go here.

I see that your Java is out of date. You'll want to correct this quickly, as it will help provide further protection for you. To do so, go here and click on Free Java Download. You will be given instructions on what to do next.

For future prevention, I would suggest AdAware SE Personal, AVG Anti-Spyware, and Spybot - Search & Destroy for spyware/adware. You should have at least two of these installed on your program (one may pick up what another can't) and update them regularly. For viruses, AVG Anti-Virus is a very good choice. In my experience, it has been one of the best. And again, make sure you update it regularly. It would also be a good idea to have CCleaner handy for cleaning up unnecessary temporary files and registry entries. Do this at least once a week. I would also advise downloading SiteAdvisor and SpywareBlaster, which will both make your internet browsing a lot safer.

Also...you're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.

For further information on keeping yourself protected, check out this malware guide.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

I recently tired to download Spybot on to my laptop and it went through then told me that I need to have to adminstrator password which is myself, and when entered it STILL didn't go through, so I couldn't FINALIZE the download, what should I do?which browser are you using?
when it refers to "administrator password" it COULD be refering to a master password which is set in the browser. You can access it through options or internet settings..depending on which browser you're using.

I downloaded Embarq online security software,I did not disable My Windows XP Firewall prior installing the other firewall,now I do not have any icons or start menu and my safe MODE is a dark screen.how do i disable one of those firewalls,without being able to acces safe mode and get to add and remove programs.login to your pc, and when you arrive at your iconless and taskbarless desktop, PRESS ctrl+alt+del and add NEW task 'explorer.exe' and see if you can access add/remove programs from there.I tried explore.exe to no avil,Ispent 45 min.with an embarq IT and ET in TASKMANAGER,without any results.hmm....INSTEAD of task manager...try pressing start button + r to bringup the run menu. then type explorer.exe

Sorry if this is in the wrong place, i just thought since this was about viruses and malware...
Does anyone know if i can use Kaspersky 6, Avast, and Zonealarm 7.0 together without problems?
Haven't researched the newest update for Avast so insert whatever number is the latest.NO, do not use more than ONE active antivirus scanner at the same time as they will conflict.

Personally I recommend AVG Free or what I use NOD32.i encountered a similar problem before. my windows xp home had been underperforming for a while. so i used norton antivirus and ran a full SYSTEM scan. the results showed that i had over 300 trojans. However, norton erased them all in one clean SWEEP. I did the scan in normal mode.
What i suggest, is you uninstall 2 of the antivirus softwares, and RUN a scan again using the remaining antivirus software, and see if the threats are erased for good.ZoneAlarm is a FIREWALL, so you should keep it. As for an anti-virus, however, only one is recommended. Using more than one may make it difficult to detect and clean infections, and it may also cause problems with your computer's performance. I would go with AVG, but Kaspersky and Avast are also good choices.So, i should keep zonealarm as a firewall and install avg? Zonealarm also has an antivirus, does that mean i should disable it?Ah, didn't think about that. Yes, I think it would be better to disable it and use the AVG anti-virus instead. But it's entirely up to you, of course.

And personally, when it comes to a firewall, I prefer Comodo, but again...that's up to you.Zonealarm 7 uses the Kaspersky AV engine which in my opinion is just as good (if not better) than AVG. So I would suggest you only use Zonealarm then.
But like CBMatt said... it is entirely up to you.Basically...it's DIFFERENT strokes for different folks. But it doesn't necessarily mean that one is better than the other (we could debate this forever). Whatever you decide upon, just make sure you only have one.Could i use comodo in conjunction with zonealarm?No, you should never have two firewalls. This will create a lot of complications and it may compromise your security, as well as cause lag on your computer.

My pc has been running slow for a while after start up. I checked the start floder and found a new entry ZSSnp211.exe. Can any body help with info on this please .Thanks.Quote from: Richenstony on AUGUST 09, 2007, 02:35:01 AM

http://www.majorgeeks.com/downloadget.php?id=5554&file=10&evp=4122712c2af084c815e5fd4f2b249d83


The download above is for a program called hijackthis , it can detect anything hiding that could be malicious all though it also picks up general window processes , so it cant tell whats bad ........ scan and save log and post your log in the virus section..... do not attempt to FIX anything!

Well I got careless of what I was downloading so now I am stuck with Advertisment Pop-ups, my computer starts extreamly slow, and I think it is hidden. When I do a virus scan with AVG Free I delete the INFECTED files but when I am connected to the internet the Trojan DOWNLOADER downloads all the same viruses/trojans that I deleted, same thing with the adware (Which I use Spybot Seek & DESTROY) is there a way where I can delete all these viruses/trojans without reinstall Windows? Any help would be apperiated.DLoad install update and run AVG Anti-Spyware which is also free...it's more designed for removing trojans which it seems you have...

After that DLoad and run HijackThis...DO NOT LET it fix anything ...instead save the log as a file and post it here after your finished.

It may take 2 or 3 POSTS to fit it all.If i were you, i'd purchase some antivirus software. I'd recommend Norton Internet Security, and Win Antivirus Pro. But if you want to cut back on the cost, you can always just get Norton Antivirus. When i first ran a full system scan using Norton Antivirus, I discovered over 300 trojans. All of them were removed cleanly, and quickly.He has an anti-virus program...

AVG is better than adequate protectionQuote from: JXY on August 08, 2007, 05:34:26 AM

If i were you, i'd purchase some antivirus software. I'd recommend Norton Internet Security, and Win Antivirus Pro.

every time I try to connect to net the avg update process takes place is this normal , taI'm not sure if that is the AVG default or not but I have my auto update turned off because I'm on dialup & prefer to update when it suits me.How LONG has this been happening? How often do you connect to the internet? I'm guessing it's probably just a coincidence. AVG updates PRETTY often, which could be the cause. You could try TURNING off the automatic updates, although I wouldn't really suggest doing so.It's a normal running process...if you click on Schedule in the main PANE and select properties below you can set the time at which AVG updates daily.

Hi. Please excuse me because I've never posted to any forum before.
I had a tech over to check my computer and he found a whole series of files that started out as t1oo (26 of these) and t350 (14 of these) with all different extensions like am, ar, at, b0, etc. They were all 0 KB and had the same modification date. The times for one group was the same, then the next group would be a few minutes later, etc., but all times were between 1:47 and 1:59 PM. When I checked Properties, it said no viruses were found, but it's still a bit disconcerting to have all these useless (?) files there.
He said he was totally unfamiliar with this, did some searching on the web and came up with nothing. Does anyone know what these are, and can I delete them?

I sure hope I can find my way back here to see if anyone has an answer.

BTW, Dell DIMENSION E510, XP Media Center Editon, SP2. Is that enough info?

ArtieWhat dfirectory were they in ? ?
Installed any new hardware/software recently ? ?
Are you USING a webcam or digital camera on that machine ? ?I clicked on My Computer and then Local Disk (C:) and there they were.

No webcam or digital camera.

I had to reinstall my HP printer about a week or two ago because I had done a "restore" trying to get my computer to work better (it sort of had the hiccups and was really slow) and I lost my printer. But nothing was installed on the date that says these files were "modified".

So they are in the root folder of C: ? ?

List all the protection programs you have installed currently and we'll go from there...If opening My Computer and double clicking on Local Disk (C:) which opens a window with a heading of C:\ means it's in the "root folder" of C, then yes.

And by protection programs, I assume that you mean virus, spy and trojan protection?

CounterSpy, Trend Micro PC-cillin, Trojan Hunter, to the BEST of my knowledge (which is obviously quite limited)

I'm not real good at technical stuff.Remove all those programs, I think one of em is actually spyware itself...

GO to www.avast.com, get the free anti virus and enjoy yourself.

And delete those files. They are nothing.Keep your protection programs they are fine.Quote from: lil_falco on August 10, 2007, 07:15:44 PM

Remove all those programs, I think one of em is actually spyware itself...

GO to www.avast.com, get the free anti virus and enjoy yourself.

And delete those files. They are nothing.

Lately I have had to do a restore on my computer every other day. Seems that my computer cpu usage jumps up to 100%. After the restore it goes down to 28% and my computer functions OK. Could this be due to a virus? I run AVG anti virus on my system.

Thanks

EdYou are restoring every other day ? ?
What method ? ?
System restore ?what other protections do you haveUse the Task Manager (Ctrl + Alt + Del ... click on the Processes TAB...a screenshot would help) or Process Explorer to see what's USING up so many resources.Due to LACK of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any REASON, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

I have a blue field in my left hand CORNER of my screen. It has V:15A 2121 Aueno5 12 in that field. Since I have had the message I find that when my screen goes to the screen saver I get flashing bright lights instead of the screen saver. When you look at the desk top items and go to click on ONE it is like the message is above it on the computer screen. I need help this is driving me crazy! I am SORRY if this has been posted some where else. I am new to this web site.Could you give us a screenshot? Hit the Print Screen key and go to Start > Programs > Accessories > Paint. Upload the picture to a site such as PhotoBucket and post the link here. Also, what OS do you have?Due to lack of feedback, I am CLOSING this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with INFORMATION about your computer and your problem.

The following is appearing in my registry, I have know idea where it came from and I cant delete it.

HKEY_CURRENT_USER\Software\Ó¦ÓóÌÐòÏòµ¼Éú³ÉµÄ±¾µØÓ¦ÓóÌÐò


Please find my logfile if is of any assistance.

Logfile of HijackThis v1.99.1
Scan saved at 2:54:57 PM, on 24/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\PROGRA~1\OPTUSI~1\backweb\5543390\Program\SERVIC~1.EXE
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Optus Internet Security Suite\backweb\5543390\program\fsbwsys.exe
C:\Program Files\Optus Internet Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Optus Internet Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Optus Internet Security Suite\backweb\5543390\Program\fspex.exe
C:\Program Files\Optus Internet Security Suite\Common\FCH32.EXE
C:\Program Files\Optus Internet Security Suite\Common\FAMEH32.EXE
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Optus Internet Security Suite\FSPC\fspc.exe
C:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI TECHNOLOGIES\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ASUS\WLAN CARD Utilities\Center.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\OPTUSI~1\ANTI-S~1\fsaw.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Optus Internet Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Gary & Sue\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://desktop.optusnet.com.au/dsl/favorites/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.optusnet.com.au/dsl/favorites/homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.optusnet.com.au/dsl/favorites/homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Optus Internet Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Optus Internet Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
O4 - Global Startup: Optus Internet Security Suite.lnk = C:\Program Files\Optus Internet Security Suite\backweb\5543390\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Optus Internet Security Suite\Anti-Spyware\blockpopups.htm
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Optus Internet Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Optus Internet Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O23 - Service: ASWLSVC - Unknown OWNER - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Optus Internet Security Suite (BackWeb Plug-in - 5543390) - Singtel Optus - C:\PROGRA~1\OPTUSI~1\backweb\5543390\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Optus Internet Security Suite\backweb\5543390\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

A .DLL file appears to be disrupting the LSP chain on your computer. We need to get rid of it.

• Please download LSPFix from here.
  
• Run the LSPFix.exe that you have just finished downloading.
• Check the I know what I'm doing box.
  
• In the Keep box you should see one or more instances of winsflt.dll.
  
• Select every instance of winsflt.dll and move each one to the Remove box by clicking the >> button.
  
• When you are done click Finish>>.
  

• After installing, restart Ad-Aware before running the VX2 Cleaner.
• Using VX2 Cleaner 2.0

• If you have already attempted to remove VX2 with Ad-Aware, do the following:
• Before running the VX2 Cleaner, make sure other anti-virus or anti-spyware applications are closed.
• Run the VX2 Cleaner. If you computer is infected with VX2, a dialog box with text such as “New VX2 variant found” or “VX2 variant 1 found” will appear.
• Press "Clean" and a dialog box with text “The first phase completed. Please reboot and perform a Smart Scan" will appear. After saving your work, reboot your system manually.
• Repeat this until the VX2 Cleaner reports "System clean". Press "Close” to exit.

• Run Ad-Aware one more time and scan your computer to make sure VX2 has been found and removed.

• Please Note Version SE Build 1.06 is now available! This download is for use with Ad-Aware SE versions only.
• Manual Installation: Unzip the archive, replace the existing file and restart Ad-Aware\Ad-Watch.
• You can also use the webupdate component implemented in Ad-Aware to install this update.

i have this contra virus software tring to get us to buy it weird thing is it is comming throgh our windows update icon and we CANT seem to get it to stop and it is bothering the way we use the computer when the message comes up on our computer that our system has been infected we already have virus software what can i do please anyone that can help it is real bothersomeyou might be infected with smitfruad.. what OS and other protections do you have?

look here for removal instructions of this infection.


oh and can i get a mod to move this to the virus section please and THANK youA question for the mod as he has to go to here anyway:
Why has doitinachevy 0 posts?!
He just posted wright?

Jonas

Edit:Oh its off topic!
Sorry my bad. I though we were in other.lol its ok. i Pm a mod to move this postthanks ChrisQuote from: doitinachevy on July 25, 2007, 07:16:03 AM

i have this contra virus software tring to get us to buy it weird thing is it is comming throgh our windows update icon and we cant seem to get it to stop and it is bothering the way we use the computer when the message comes up on our computer that our system has been infected we already have virus software what can i do please anyone that can help it is real bothersome

thanks Chris

Hi All,I'm back again.After following advice on here,I use (amongst other things) Spybot search & destroy.It has pinpointed the spyware as in the topic title.When I click the fix problems button it says they're fixed but another scan shows they are still there.I did a general GOOGLE search for both,The win32 one showed up on a french site but GOOGLES translation didn't help much! The zlob one showed a couple of sites to fix the PROBLEM but the spyware changed the site & diverted me away from it!
I started to follow these suggestions "NOTE: New users might find going through the following steps to be useful:

1. Turn off System Restore if applicable. (Windows ME & XP users)"
When I do this,I get a window that says"You have chosen to turn off System Restore.If you continue,all existing restore points will be deleted and you will not be able to track or undo changes to your computer.Do you want to turn off System Restore?"
I'm not sure I want to delete the existing restore points.I have downloaded hijack this so can do a logfile if it helps.

You should delete all your backups because they may contain backed up malware. Therefore if you were to restore it you would be RESTORING the malware.

Yes, please post a HJT log and experts will take a look at it for you.don't delete them yet wait until we have cleared your infection.. dl superantispyware... and what other protections do you have?? and what windows do you have? and please post a log after youve done a complete superantispyware scanAre you PERFORMING your scans in Safe Mode or in Normal Mode? If you do the scans in Safe Mode, there's a much higher chance of removing the infection. Give it a try, and if you're still having problems, feel free to post a HijackThis log.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Hi, I just ran a hijack VIRUS scan on my computer and found some virus. I am clueless as to how to remove them. Can someone PLEASEEEEEEEE help me. I definitely need a knight in shining armor for this one . Thanks a mil.

Here is what i found:

Logfile of HijackThis v1.99.1
Scan saved at 7:49:11 PM, on 7/27/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\confgldr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\winasp.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\vwgwrbds.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ojndgbtm.exe
C:\WINDOWS\System32\wumgr.exe
C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Register\Remind32.exe
C:\Program Files\Microsoft Office\programs\ccwin9.exe
C:\Program Files\Microsoft Office\programs\alarm.exe
C:\Program Files\Microsoft Office\programs\dad9.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Netropa\OSD.exe
c:\program files\common files\aol\1102561437\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1102561437\ee\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\DOCUMENTS and Settings\Jason Grefski\My Documents\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
O2 - BHO: (no name) - {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} - C:\WINDOWS\System32\pgpwsdhk.dll
O2 - BHO: (no name) - {9B1620DE-F835-7274-BCB0-17E839C0AECB} - C:\WINDOWS\System32\eygdlfmr.dll
O2 - BHO: (no name) - {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} - C:\WINDOWS\System32\wgpfumyy.dll (file missing)
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [vwgwrbds] C:\WINDOWS\System32\vwgwrbds.exe
O4 - HKLM\..\Run: [Video Process] winasp.exe
O4 - HKLM\..\Run: [qyslqvcl] C:\WINDOWS\System32\qyslqvcl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ojndgbtm] C:\WINDOWS\System32\ojndgbtm.exe
O4 - HKLM\..\Run: [Microsoft Update Manager] wumgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Com+ Sys] csrs.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunServices: [Configuration Loader] confgldr.exe
O4 - HKLM\..\RunServices: [Video Process] winasp.exe
O4 - HKLM\..\RunServices: [Com+ Sys] csrs.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] wumgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Manager] wumgr.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Microsoft Office\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Microsoft Office\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Microsoft Office\programs\alarm.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Microsoft Office\programs\dad9.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ACTIVEX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v11/ticker.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/23c1c0030ac94826fe15/netzip/RdxIE2.cab
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/lsacd_xmlwebservices/Http/OIFActiveX/ofmctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Configuration Loader - Unknown owner - C:\WINDOWS\System32\confgldr.exe" -service (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ritmtqunjmkh (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Video Process - Unknown owner - C:\WINDOWS\System32\winasp.exe" -service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Ok do you have any sort of poker games on your computer .......


Tony Download, install & update...
CLEANUP
Ccleaner
(During install, uncheck the Yahoo Toolbar option)
(After install, set Options>Advanced> 'Uncheck the 48 hour box')
ANTI SPYWARE
Adaware
Spybot S&D
ANTI VIRUS
AVG Free
(After install, set Options to 'scan all files')
ANTI TROJAN
Ewido for W2K & XP
or
A-squared a² for 98 & ME
(Winall)

Turn off System Restore if applicable. (ME & XP users)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run AVG Free
Run Ewido or a-squared (a²)
Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users)

Then come back with a fresh HJT log.Before doing anything, I'm going to have to ask you to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
Apply the update and reboot. Do NOT install SP2 at this time!

Once you have done that...

1. Download VundoFix and save it to your desktop.
2. Run VundoFix and click on Scan For Vundo.
3. Once it's done scanning, click on Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files. Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post.

And then, just to be thorough...
1. Download VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and reboot back into normal mode.
5. The program normally produces a VBG.txt file. Please locate this file and paste the contents in your next post.



Post back with those logs, as well as a fresh HijackThis log.


Also...I would advise against turning off System Restore at this point. If anything goes wrong, you won't be able to go back to a previous restore point. It may be infected, but an infected restore point is better than no restore point at all. We will worry about taking care of this after getting you cleaned up. Just MAKE sure you don't use System Restore for the time being.You should dump your other two threads and post all your actions & results in here.Hi,

I apologize for not posting my response in the correct areas, I am not familiar with posting questions/answers on forums.

I am in the process of removing some virus from my computer and was advised to install Service Parck 1a for windows XP, which I did. I was then advised to download Vundo Fix; however, the program found no infected files. I later downloaed VirtumundoBeGone and ran another HijfackThis scan. I was told to re-post my finding so below are these findings. I am new to forums and I receive notification indicating that my message was too long so i split it in two. Thanks a mil!

Here is what I found with VirtumundoBeGone Scan:



[07/28/2007, 17:47:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jason Grefski\My Documents\VirtumundoBeGone.exe" )
[07/28/2007, 17:48:10] - Detected System Information:
[07/28/2007, 17:48:10] - Windows Version: 5.1.2600,
[07/28/2007, 17:48:10] - Current Username: Jason Grefski (Admin)
[07/28/2007, 17:48:10] - Windows is in SAFE mode with Networking.
[07/28/2007, 17:48:10] - Searching for Browser Helper Objects:
[07/28/2007, 17:48:10] - BHO 1: {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} ()
[07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\pgpwsdhk
[07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\pgpwsdhk, continuing.
[07/28/2007, 17:48:10] - BHO 2: {9B1620DE-F835-7274-BCB0-17E839C0AECB} ()
[07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\eygdlfmr
[07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\eygdlfmr, continuing.
[07/28/2007, 17:48:10] - BHO 3: {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} ()
[07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\wgpfumyy
[07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\wgpfumyy, continuing.
[07/28/2007, 17:48:10] - Finished Searching Browser Helper Objects
[07/28/2007, 17:48:10] - Finishing up...
[07/28/2007, 17:48:10] - Nothing found! Exiting...Hi,

this is a continuation of the above response; its my result from Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 5:57:43 PM, on 7/28/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\confgldr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\winasp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\vwgwrbds.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ojndgbtm.exe
C:\WINDOWS\System32\wumgr.exe
C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Microsoft Office\Register\Remind32.exe
C:\Program Files\Microsoft Office\programs\alarm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\programs\dad9.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\common files\aol\1102561437\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1102561437\ee\aolsoftware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Documents and Settings\Jason Grefski\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
O2 - BHO: (no name) - {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} - C:\WINDOWS\System32\pgpwsdhk.dll
O2 - BHO: (no name) - {9B1620DE-F835-7274-BCB0-17E839C0AECB} - C:\WINDOWS\System32\eygdlfmr.dll
O2 - BHO: (no name) - {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} - C:\WINDOWS\System32\wgpfumyy.dll (file missing)
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [vwgwrbds] C:\WINDOWS\System32\vwgwrbds.exe
O4 - HKLM\..\Run: [Video Process] winasp.exe
O4 - HKLM\..\Run: [qyslqvcl] C:\WINDOWS\System32\qyslqvcl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ojndgbtm] C:\WINDOWS\System32\ojndgbtm.exe
O4 - HKLM\..\Run: [Microsoft Update Manager] wumgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Com+ Sys] csrs.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Configuration Loader] confgldr.exe
O4 - HKLM\..\RunServices: [Configuration Loader] confgldr.exe
O4 - HKLM\..\RunServices: [Video Process] winasp.exe
O4 - HKLM\..\RunServices: [Com+ Sys] csrs.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] wumgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Manager] wumgr.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Microsoft Office\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Microsoft Office\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Microsoft Office\programs\alarm.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Microsoft Office\programs\dad9.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v11/ticker.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/23c1c0030ac94826fe15/netzip/RdxIE2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185654450389
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185654429499
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/lsacd_xmlwebservices/Http/OIFActiveX/ofmctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Configuration Loader - Unknown owner - C:\WINDOWS\System32\confgldr.exe" -service (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ritmtqunjmkh (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Video Process - Unknown owner - C:\WINDOWS\System32\winasp.exe" -service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Quote from: Fed on July 27, 2007, 06:58:43 PM

Download, install & update...
CLEANUP
Ccleaner
(During install, uncheck the Yahoo Toolbar option)
(After install, set Options>Advanced> 'Uncheck the 48 hour box')
ANTI SPYWARE
Adaware
Spybot S&D
ANTI VIRUS
AVG Free
(After install, set Options to 'scan all files')
ANTI TROJAN
Ewido for W2K & XP
or
A-squared a² for 98 & ME
(Winall)

Turn off System Restore if applicable. (ME & XP users)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run AVG Free
Run Ewido or a-squared (a²)
Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users)

Then come back with a fresh HJT log.

Uhm well I got this message, and i dont KNOW what the *censored* to do.. please help me :&GT;

I would shoot the messenger. ----> Google it.And update your XP via Windows Update. The messenger feature should be disabled if you are fully updated.Good catch Deerpark. Well I reckon one of my freinds had this problem and it was some kind of spyware If your XP is up to date then this might be a spyware issue. But since you haven't told us whether your XP is fully updated we can't SAY if it's spyware related.Have you tried the suggestions yet?Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you REQUIRE help, please start a New Topic with information about your computer and your problem.

ok this happens when im ONLINE and sometime offline my pc which is a sony OS windows Xp home edition serviuce pack 2........
so a window keeps popping up and it says dilet.org php and it keeps poping up
ive done several virus scans but nothing pops up if i should block this SITE tell me and give me directions on howFirst of all, you should update your anti-virus and scan with it in SAFE MODE.

If you're still having problems after that, post a HijackThis log.Due to lack of FEEDBACK, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or ANOTHER moderator and it can be arranged.

If you are not the original poster and you REQUIRE help, please start a New Topic with information about your computer and your problem.

When I receive an email I can't open links. Ex: Kohl's sends an ad and says "start shopping" and I click and go no where.

I have XP . someone please help. This doesn't sound like a virus issue to me. Might have to do with your settings. Have you always had this problem? When did it start? Just for the heck of it...what protection do you have?DUE to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Please help I downloaded defender pro on my computer and nothing but problems so I uninstalled and reinstalled norton. I currently have norton antivirus only!!! And I searched through the forums and found some free SPYWARE and such but when I scan my computer it says that it fixed 5 of my 441 errors please help !!!!!And I forgot to say that my computer is running really slow and it keeps freezing up on me . I was wondering if there is SOMTHING else I am to do after I deleated it?Time for a MAJOR cleanup. See here...

Suggestion - dump Norton and install AVG Free anti-virus and Zone ALARM Free firewall..

Good luckThank-you for your help I downloaded AVG but I went to spybot and downloaded it and it said I have 1024 bugs and pay his amount I went to it straight from your link??? I thought it was free Please help am I doing somthing wrong?Quote from: cindyann on August 04, 2007, 05:58:32 AM

Thank-you for your help I downloaded AVG but I went to spybot and downloaded it ..."

and it said I have 1024 bugs and pay his amount I went to it straight from your link??? I thought it was free Please help am I doing somthing wrong?

I hope someone can read this and help me out because i dont know what i'm doing.

[Saving disk SPACE - old attachment deleted by admin]Download, install & update...
CLEANUP
Ccleaner
(During install, uncheck the Yahoo Toolbar option)
(After install, set Options&GT;Advanced> 'Uncheck the 48 hour box')
ANTI SPYWARE
Adaware
Spybot S&D
ANTI VIRUS
AVG Free
(After install, set Options to 'scan all files')
ANTI TROJAN
Ewido for W2K & XP
or
A-squared a² for 98 & ME
(Winall)

Turn off System Restore if applicable. (ME & XP USERS)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run AVG Free
Run Ewido or a-squared (a²)
Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users)
Then come back with a fresh HJT log.well i think it worked everything is working great. thank you very much.

[Saving disk space - old attachment deleted by admin]You log seems to suggest that svchost.exe is missing from your computer. This may be a mistake, but it's a VITAL system file, so we should make sure. Navigate to the C:\WINDOWS\system32 folder and tell me, is there a svchost.exe file? Also, do you have an official Windows CD?

There are also a few things in your log that should be taken care of. Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet...

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)

O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.328.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.328.0\ZangoSA.exe"

O13 - Gopher Prefix:

Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

Hotbar
Video ActiveX Access
Zango

Please note any other programs that you dont recognize in that list in your next response.

Navigate to and delete the following folder(s) if present...

C:\Program Files\Video ActiveX Access
C:\Program Files\Zango

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.

Because it's not necessary, I will lock your other thread to avoid confusion.Due to lack of feedback, I am closing this topic. If you are the ORIGINAL poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

I have a Virus on a different computer that's named Matcash F., should i use HIJACKTHIS to get rid of it? I'm using Microsoft win xp sp2.DLoad and run Stinger in safemode with System Restore turned off...
Then run any other protection apps you have as well the same way.
Then post a list of what you have run and also a HJT log for our RESIDENT Guru's to check out...We often use HijackThis to aid us in the removal of infections, but you should never make any changes with it unless you know what you're doing or are advised by someone who KNOWS what they're doing. Go ahead and follow patio's instructions and we'll take it from there.

However, I would suggest not turning off System Restore just yet.Due to lack of feedback, I am closing this topic. If you are the original POSTER and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a NEW Topic with information about your computer and your problem.

By the way, you should get yourself a firewall. You're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.Hi CBMatt

Thanks for answering my latest questions (again!)your knowledge is invaluable you know.

In regards to a firewall, I am pretty sure that my Nortons has a firewall on it at the moment HOWEVER, I understand also from a reliable source here on the board that Comodo is the one to go with. As soon as I get a free minute I am going to download it, just havent had time yet. I went to buy some RAM TODAY with my results from "Crucial" and they told me that it could be tricky installing it as I would have to "earth" myself. YIKES!! what is that all about? Sounds electrically scary! Thus, I have been persuaded to have a Harvey Norman technician install it for me when it comes in, apparently the RAM in my computer at the moment is "old" RAM so they have to order it in. What next! Anyway, at least theres light at the end of the tunnel.

Thanks again CBMatt

Installing RAM is generally not at all difficult. You just need to ensure that the stick is the correct way round and it has been inserted until both latches 'latch' onto the notches. Make sure that the power plug is completely out.

By 'grounding' yourself the Harvey Norman people SIMPLY mean: not working on static prone surfaces, such as carpet, touching / holding the case or power supply of the computer, or using an electrostatic wrist band.

Glad to see this forum has helped you.When it comes to a firewall, I would definitely say Comodo is about the best. I recently switched over to it and I'm very pleased with how well it works. I would suggest ditching Norton and just sticking with free alternatives.

As for RAM...like DeltaSlaya said, it's pretty easy to install. Not scary at all. You just have to ground yourself by holding onto the metal of the computer case. It's to avoid any static shock that may damage components. It's really pretty simple, though. But if you're not comfortable with it, then it might be best to have someone else do it.

Hi there, I'd install the Symantec Antivirus 10 Corporate Edition on a computer that runs Windows XP, but I have some clue about it, because it has been INSTALLED the SQL Server database manager, and I don't know why, because the old VERSION doesn't install it. Please help me with this because it makes that the cumputer turns slowly.

Best RegardsYou should forget about NORTON and get AVG Free. It's free, it works really well, and it's easy on your resources.

almost three months past, my old HD say goodbye to me (got damaged and did not leave anything to me)
so i bought a new one and install a fresh xp sp2 pro.
i have still no internet in my house so i cant follow most of the rules in here.
The virus/worm or LET say malware name i noticed is "Cn.wAQdn Isass.exe" in folder C-windows.1
(but when i take a look that folder, i cant FIND this *censored* thing) the SS&D ALWAYS found everytime i scanned it.
i found in google 2 cases but no definite remedy.
i got infected coz of the flash drive of my friend (he ask some of video converter) since i have no internet i did not bother to install AV, AS, FW.
so here my problem: its always puting a folder name "New folder" in every drive connected with my pc with info (when mouse pointing the folder there is= Company: IT University File Version: 1.0.0 )
Run,TaskManager, System Restore and folder option are all missing. i noticed that everytime i scanned and fixed with SS&D, Run and TaskManager are coming back but system restore still missing. But when i reboot again, back to square one again(infected again).

So how i gonna deal with this? im getting afraid to lost again my data.
i only inquired this here in the pc here my work (even my flash drive is getting infected everytime i connect to my pc in the house)
so i mustt scanned it here via AVg before i open and always found boot.exe worm

just let me know what to do.
Please help me and thanks in advance

[Saving disk space - old attachment deleted by admin]Your infection looks pretty bad. I'm not sure how much we can do for you as far as cleaning it goes. You should update your protection and scan with it in Safe Mode (not Normal Mode).

Then download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.



One thing that throws me off is your Windows folder. It's named WINDOWS.1, which isn't typical. Has it always been this way? Do you also have a WINDOWs (without the number) folder? Do you perhaps have two installations of your OS?

Please post back with your results, answers, and a new HijackThis log (from Normal Mode).Quote from: CBMatt on July 28, 2007, 09:59:18 PM

Your infection looks pretty bad. I'm not sure how much we can do for you as far as cleaning it goes. You should update your protection and scan with it in Safe Mode (not Normal Mode).

Then download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.



One thing that throws me off is your Windows folder. It's named WINDOWS.1, which isn't typical. Has it always been this way? Do you also have a WINDOWs (without the number) folder? Do you perhaps have two installations of your OS?

Please post back with your results, answers, and a new HijackThis log (from Normal Mode).

Sorry for not showing this forum thread an eye for the last couple of days I had a holiday, well the AVG scan in safe mode found no threats so I guess I am clear

ALSO SP2 CREATES lag for RTCW: Enemy Territory.

Thanks for all the help.
Again, I'm wondering what your specs are. Also, what kind of connection you have.
Enemy Territory runs pretty smoothly on my computer with SP2. The only thing that has ever caused me lag is my connection.Both games you mentioned have Forums and not many references to trouble with SP2...
I AGREE with CBMatt.Due to LACK of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

His virus's consumed him ...... and soon the WORLD.....

TONY

Ive seen him on TODAY....Due to lack of feedback, I am closing this topic. If you are the ORIGINAL poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

I got the "ASSERT FAILED" and ddcmigrate.exe Application Error - these two alerts come up as SOON as the boot completes. I click OK a couple times and they GO away...
\Projects\wtkernel\src\Win32\cm\Core\cmCodeModule.cpp:90 m_CodeHandle!=NULL
I ran CCLEANER, anti-malware and HijackThis. I am running XP with SP3
Here are my 3 logs. Please let me know if you see anything I can do. Thanks!

see attached

[attachment deleted by admin]

Dell Dimension 2400 desktop
Intel Pentium 2.19 GHz
512 RAM Windows XP Home SP2
80G DRIVE Malewarebytes
AVG 8.5387 Anti Virus
avg anti spyware

I have used my computer for many years and run my anti virus many times but this time after running I am told that I have 62 virus that cannot be removed as standard USER rights. It then asks if I want to remove threat as power user and presents a run as WINDOW to enter a user other than current user with a box for user name and pass word. ---There is no other user but me. I tried putting in my user(fredand bev)and my email password but nothing I enter lets me continue. Any HELP would be greatly appreciated.

BEV