|
| ||
| Trouble with a virus? Have hijackthis log. Hello. I am new here and have been doing some reading. I downloaded and ran hijackthis and I have the log file. I can't find anything that really helps me figure out what shouldn't be in here. I've never used hijackthis before and hope I did it right. Anyway, whatever I have keeps telling me that my computer is in danger; warning! security report; system crashed; system error messages. There is a red ball with an X in it in the task bar that never goes away. I've ran AVG, and Spybot and they haven't worked. I'll post the log, and then maybe somebody can help. Thank you very much. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:54:25 AM, on 1/3/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\iPod\bin\iPodService.exe C:\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe c:\svchost.exe C:\svchost.exe C:\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Cass Mortenson\Desktop\WTF\HijackThis.exe c:\svchost.exe c:\svchost.exe c:\svchost.exe C:\svchost.exe c:\svchost.exe C:\svchost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Nsamacibisovu] rundll32.exe "C:\WINDOWS\Kkicifureq.dll",e O4 - HKLM\..\Run: [Cyojicoziqo] rundll32.exe "C:\WINDOWS\ucumizufa.dll",e O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdplu.exe] C:\WINDOWS\system32\kdplu.exe O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\AHUIr.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\AHUIr.exe O4 - HKCU\..\Policies\Explorer\Run: [RunAntivirus] iexplore http://scan.scannerantispyware.com/10299/3/ O4 - HKCU\..\Policies\Explorer\Run: [Msn] c:\svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [MsnHost] c:\svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [MsnLoad] c:\svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [MsnConvert] c:\svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [MsnMessendger] c:\svchost.exe O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [RunAntivirus] iexplore http://scan.scannerantispyware.com/10299/3/ (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnHost] c:\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnLoad] c:\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnConvert] c:\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\svchost.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [RunAntivirus] iexplore http://scan.scannerantispyware.com/10299/3/ (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Send to phone (myPhoneFiles.com) - C:\Program Files\SiGi - MyPhoneFiles.com Desktop Extension\mpfexe.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0F8D54B-5C86-4F0F-AC17-A3439D6B9548}: NameServer = 85.255.112.92;85.255.112.74 O17 - HKLM\System\CCS\Services\Tcpip\..\{AAEBDEDB-4DBA-4CAD-9A7E-293635805C68}: NameServer = 85.255.112.92;85.255.112.74 O17 - HKLM\System\CCS\Services\Tcpip\..\{B256CBCE-6EE8-4E66-843B-0AC1BFC69517}: NameServer = 85.255.112.92;85.255.112.74 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file) O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - C:\DOCUME~1\CASSMO~1\LOCALS~1\Temp\wndutl32.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 8571 bytes |
| ||
| Re: Trouble with a virus? Have hijackthis log. Quote:
"Read me before posting a request for assistance" a few program to run before scaning and posting a hijackthis log ! good luck |
| ||
| Re: Trouble with a virus? Have hijackthis log. Here is the link that caperjack is referring to http://www.daniweb.com/forums/thread134865.html Also, please turn off the SpyBot TeaTimer as it can interfere with any fixes attempted. To do this open the program and go up to Mode. Choose Advanced. Then go to Tools and then choose Resident. When that opens take the check mark OUT of TeaTimer. Close the program. Reboot the computer. Begin the steps in the link above. Ignore the portion about Deckard Scanner, it isn't available anymore. Do especially the MBA-M scan and be sure to have it remove everything found. Reboot the computer after you run MBA-M Then do the ESET Scanner and also have it remove everything found. The instructions in the link say not to do that but I would prefer than you do have it remove. Save the logs for both programs. Then run a new HJT scan and save the log. Post back here with all three logs. Judy |
| ||
| Re: Trouble with a virus? Have hijackthis log. Thank you for the information. I will read what is in the link and follow the steps. Thanks again!!!! |
| ||
| Re: Trouble with a virus? Have hijackthis log. OK. I ran the Windows Malicious Software Removal Tool, ATF-Cleaner, Malwarebytes' Anti-Malware, ESET Online Scanner, and HijackThis. I think I still have a problem. I have XP, I use AVG, and I use the Windows Firewall. Well, at random times, AVG will put up an alert saying that there is an infection: Trojan horse Clicker.VMS and the path to it is C:\svchost.exe. When this pops up, the firewall is shut down, and I have to start it again. Here are the logs, I followed the steps in Read Me Before Posting, hopefully somebody can help. Thanks Malwarebytes' Anti-Malware 1.32 Database version: 1623 Windows 5.1.2600 Service Pack 2 1/6/2009 6:10:48 AM mbam-log-2009-01-06 (06-10-48).txt Scan type: Full Scan (C:\|) Objects scanned: 111966 Time elapsed: 1 hour(s), 9 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Update.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully. ____________________________________________________ # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3742 (20090106) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=f91d9786077f8549b46ee4445bfea2a0 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2009-01-06 01:04:35 # local_time=2009-01-06 07:04:35 (-0600, Central Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=236441 # found=0 # scan_time=2689 ____________________________________________________ Adobe Acrobat - Reader 6.0.2 Update Adobe Flash Player 10 ActiveX Adobe Reader 6.0.1 America Online (Choose which version to remove) AOL Coach Version 1.0(Build:20040229.1 en) AOL Connectivity Services Apple Software Update AVG Free 8.0 Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Command & Conquer 3 Dell Media Experience Dell Picture Studio v3.0 Dell Support 5.0.0 (630) EarthLink setup files ESET Online Scanner HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB909394) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB952287) Intel(R) 537EP V9x DF PCI Modem Intel(R) Extreme Graphics 2 Driver Intel(R) PRO Network Adapters and Drivers Intel(R) PROSet for Wired Connections Internet Explorer Default Page iPod for Windows 2005-10-12 iTunes J2SE Runtime Environment 5.0 Update 2 Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_03 Macromedia Flash Player Macromedia Shockwave Player Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft ActiveSync Microsoft Compression Client Pack 1.0 for Windows XP Microsoft DirectX SDK (August 2008) Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Modem Event Monitor Modem Helper Modem On Hold MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Musicmatch® Jukebox Napster Napster Burn Engine NetZeroInstallers Photo Click PowerDVD 5.3 Qualxserve Service Agreement QuickBooks Simple Start Special Edition QuickTime RealPlayer Basic Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB960714) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338-v2) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Sid Meier's Civilization 4 SiGi 1.0 Beta Sonic DLA Sonic MyDVD Sonic RecordNow! Plus Sonic Update Manager Spybot - Search & Destroy Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) Viewpoint Media Player Windows Defender Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 Beta 2 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix - KB894476 Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 WordPerfect Office 12 ____________________________________________________ Here is the the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:11:31 AM, on 1/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdplu.exe] C:\WINDOWS\system32\kdplu.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Policies\Explorer\Run: [Msn] c:\svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [MsnHost] c:\svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [MsnLoad] c:\svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [MsnConvert] c:\svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [MsnMessendger] c:\svchost.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnLoad] c:\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnConvert] c:\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\svchost.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\svchost.exe (User 'Default user') O8 - Extra context menu item: Send to phone (myPhoneFiles.com) - C:\Program Files\SiGi - MyPhoneFiles.com Desktop Extension\mpfexe.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 7998 bytes ___________________________________________________________ Thanks again for your help |
| ||
| Re: Trouble with a virus? Have hijackthis log. Download SDFix double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button. A window will now open showing SDFix being extracted into the C:\SDFix folder. Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions. * Next, please reboot your computer into Safe Mode by doing the following: 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the first option, to run Windows in Safe Mode. 5. When you are at the logon prompt, log in as the same user that you had performed the previous steps as. * When your computer has started in safe mode, and you see the desktop, close all open Windows. * Click on the Start button, click on the Run menu option, and type the following into the Open: field: C:\SDFix\RunThis.bat Then press the OK button. The SDFix window will open containing some brief info and a disclaimer on the use of the tool, press the Y key on your keyboard and then press enter SDFix will now start scanning your computer for known infections. This process can take a while, so you may want to do something else and periodically check back on the status of SDFix. When the scanning process has finished you will see a new screen stating that you need to restart your computer in order to continue. At this point you should press any key on your computer's keyboard in order to restart the computer. After your computer reboots SDFix will automatically start and perform a last check. You will now be presented with a screen stating that SDFix has finished. At this point you should press any key on your computer's keyboard in order to continue to your desktop. When you are back at your Windows desktop, the SDFix log will automatically be opened in notepad save the log and post back here with that log. |
| ||
| Re: Trouble with a virus? Have hijackthis log. Thank you for your help jholland!!! I did what you said. Hopefully it will work. I will leave the computer running and see if the Firewall turns off again. I'll let you know that when the computer started up again, the firewall was off. But this time, the red shield warning came up telling me that the firewall wasn't running. It never did that any of the other times the firewall turned off. So hopefully that is a good thing. So I turned on the firewall, and here is the log. Once again, thank you soooo much. SDFix: Version 1.240 Run by Cass Mortenson on Tue 01/06/2009 at 01:18 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-06 13:39:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\DOCUME~1\\CASSMO~1\\LOCALS~1\\Temp\\60325cahp25cas.exe"="C:\\DOCUME~1\\CASSMO~1\\LOCALS~1\\Temp\\60325cahp25cas.exe:*:Enabled:Enabled" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" Remaining Files : Files with Hidden Attributes : Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL" Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL" Tue 27 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE" Tue 27 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE" Tue 17 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL" Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS" Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS" Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS" Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS" Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE" Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE" Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE" Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL" Tue 27 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE" Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL" Wed 19 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL" Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL" Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL" Tue 27 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE" Tue 27 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE" Tue 17 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL" Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS" Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS" Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS" Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS" Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE" Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE" Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE" Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL" Tue 27 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE" Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL" Wed 19 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL" Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe" Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe" Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe" Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll" Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll" Thu 28 Apr 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 9 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Sun 9 Nov 2008 857 ...HR --- "C:\Documents and Settings\Cass Mortenson\Application Data\SecuROM\UserData\securom_v7_01.bak" Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Cass Mortenson\Application Data\U3\temp\Launchpad Removal.exe" Thu 28 Apr 2005 4,348 ...H. --- "C:\Documents and Settings\Cass Mortenson\My Documents\My Music\License Backup\drmv1key.bak" Mon 29 Aug 2005 20 A..H. --- "C:\Documents and Settings\Cass Mortenson\My Documents\My Music\License Backup\drmv1lic.bak" Wed 27 Apr 2005 400 A.SH. --- "C:\Documents and Settings\Cass Mortenson\My Documents\My Music\License Backup\drmv2key.bak" Fri 22 Apr 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp" Fri 22 Apr 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp" Tue 26 Apr 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp" Tue 26 Apr 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp" Finished! |
| ||
| Re: Trouble with a virus? Have hijackthis log. Tell you what, there is definitely "something" there because they are showing in your hjt log, these other programs aren't locating anything so it or they must be hiding. Please do this: Download ComboFix Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop. Once the download is complete you will see the Combofix on the desktop. * Close all open Windows including this one. * Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Doubleclick the combofix icon on the desktop to run the program. * Windows will issue a prompt asking whether you wish to run the program, click Run You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer. Now just sit back and allow the program to run Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. When ComboFix has finished running, you will see a screen stating that it is preparing the log report. This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. When all is complete then please post back here with that log. |
| ||
| Re: Trouble with a virus? Have hijackthis log. I can't get Combofix to run. I have AVG and can't seen to get it to stop running. I close all of the processes for AVG, and then try to run Combofix. It says that AVG scanner is running. I go back into task mgr again and the processes are back. Shoul I just uninstall it so I can run Combofix? |
| ||
| Re: Trouble with a virus? Have hijackthis log. Stop them all in Task Manager. Ctrl-Alt-Delete Then highlight each AVG file and end process. |
| All times are GMT -4. The time now is 10:57 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC