Posts by DontknowIT

I m now sure that the problem have gone since it has been a long time now.
So thank you again

DontknowIT 0 Light Poster

17 Years Ago

ComboFix 07-08-14.4 - "Michael" 2008-05-19 18:28:49.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1639 [GMT 1:00]
Command switches used ::  C:\Documents and Settings\Michael\Desktop\CFScript.txt
* Created a new restore point


FILE::
C:\WINDOWS\system32\vtUmKCTK.dll



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



C:\VundoFix Backups
C:\WINDOWS\system32\vtUmKCTK.dll



(((((((((((((((((((((((((   Files Created from 2008-04-19 to 2008-05-19  )))))))))))))))))))))))))))))))



2008-05-18 09:14    51,200  --a------   C:\WINDOWS\nircmd.exe
2008-05-17 15:20    345 --ahs----   C:\WINDOWS\system32\cfeeOqss.ini2
2008-05-10 01:06    <DIR>    d--------   C:\Program Files\Microsoft Games
2008-05-10 01:00    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\WinRAR
2008-05-08 03:00    <DIR>    d--------   C:\Program Files\MSXML 4.0
2008-05-07 21:36    <DIR>    d--------   C:\Program Files\DAMN NFO Viewer
2008-05-07 20:30    <DIR>    d--------   C:\Program Files\CCleaner
2008-05-07 19:45    27,048  --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-07 19:45    15,864  --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-05-07 19:45    <DIR>    d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-05-07 19:45    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\Malwarebytes
2008-05-07 19:45    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-05-07 19:44    <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2008-05-07 04:06    <DIR>    d--------   C:\Program Files\Enigma Software Group
2008-05-07 00:16    <DIR>    d--------   C:\Program Files\DAEMON Tools Lite
2008-05-07 00:12    717,296 --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-05-07 00:12    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\DAEMON Tools
2008-05-06 23:52    90,112  --a------   C:\WINDOWS\system32\TG_SYNC.DLL
2008-05-06 23:52    110,592 --a------   C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-05-06 23:52    102,400 --a------   C:\WINDOWS\system32\TG_VIEW0607.DLL
2008-05-06 23:16    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\Bioshock
2008-05-06 21:47    <DIR>    d--------   C:\Program Files\MyFree Codec
2008-05-06 21:44    974,848 --a------   C:\WINDOWS\system32\mfc70.dll
2008-05-06 21:44    921,600 --a------   C:\WINDOWS\system32\vorbisenc.dll
2008-05-06 21:44    89,088  --a------   C:\WINDOWS\system32\atl71.dll
2008-05-06 21:44    82,432  --a------   C:\WINDOWS\system32\msxml4r.dll
2008-05-06 21:44    57,344  --a------   C:\WINDOWS\system32\MTXSYNCICON.dll
2008-05-06 21:44    57,344  --a------   C:\WINDOWS\system32\MK_Lyric.dll
2008-05-06 21:44    507,904 --a------   C:\WINDOWS\system32\MSLUP71.dll
2008-05-06 21:44    49,152  --a------   C:\WINDOWS\system32\MaJGUILib.dll
2008-05-06 21:44    471,040 --a------   C:\WINDOWS\system32\muzapp.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\Ogg.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\MaXMLProto.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\MACXMLProto.dll
2008-05-06 21:44    44,544  --a------   C:\WINDOWS\system32\msxml4a.dll
2008-05-06 21:44    40,960  --a------   C:\WINDOWS\system32\MTTELECHIP.dll
2008-05-06 21:44 …

DontknowIT 0 Light Poster

17 Years Ago

This Jotti's scan of vtUmKCTK.dll

Scan taken on 18 May 2008 12:01:19 (GMT)
A-Squared Found nothing
AntiVir Found ADSPY/Virtumonde.rcq
ArcaVir Found Adware.Virtumonde.Rcq
Avast Found nothing
AVG Antivirus Found Generic10.WPE
BitDefender Found Trojan.Vundo.ELK
ClamAV Found Trojan.Vundo-2991
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.Virtumonde.rcq (4, 1, 400)
Fortinet Found Adware/VirtuMonde
Ikarus Found Trojan.Vundo.ELK
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Virtumonde.rcq
NOD32 Found nothing
Norman Virus Control Found W32/Virtumonde.VKG
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Jotti's scan of MTXSYNCICON.dll

status for this file was ok nothing found at all

Jotti's scan of MK_Lyric.dll

status for this file was ok nothing found at all

virustotal scan of vtUmKCTK.dll

Antivirus Version Last Update Result
AhnLab-V3 2008.5.10.0 2008.05.13 -
AntiVir 7.8.0.17 2008.05.13 ADSPY/Virtumonde.rcq
Authentium 5.1.0.4 2008.05.14 -
Avast 4.8.1169.0 2008.05.12 -
AVG 7.5.0.516 2008.05.13 Generic10.WPE
BitDefender 7.2 2008.05.08 Trojan.Vundo.ELK
CAT-QuickHeal 9.50 2008.05.12 -
ClamAV 0.92.1 2008.05.13 -
DrWeb 4.44.0.09170 2008.05.13 -
eSafe 7.0.15.0 2008.05.12 -
eTrust-Vet 31.4.5784 2008.05.13 -
Ewido 4.0 2008.05.13 -
F-Prot 4.4.2.54 2008.05.13 -
F-Secure 6.70.13260.0 2008.05.13 -
Fortinet 3.14.0.0 2008.05.13 -
GData 2.0.7306.1023 2008.05.14 -
Ikarus T3.1.1.26.0 2008.05.13 …

DontknowIT 0 Light Poster

17 Years Ago

Here is the combofix log

ComboFix 07-08-14.4 - "Michael" 2008-05-18  9:15:34.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.44.1033.18.1668 [GMT 1:00]
* Created a new restore point



(((((((((((((((((((((((((   Files Created from 2008-04-18 to 2008-05-18  )))))))))))))))))))))))))))))))



2008-05-18 09:14    51,200  --a------   C:\WINDOWS\nircmd.exe
2008-05-17 15:20    345 --ahs----   C:\WINDOWS\system32\cfeeOqss.ini2
2008-05-10 10:18    <DIR>    d--------   C:\VundoFix Backups
2008-05-10 01:54    57,344  --a------   C:\WINDOWS\system32\vtUmKCTK.dll
2008-05-10 01:06    <DIR>    d--------   C:\Program Files\Microsoft Games
2008-05-10 01:00    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\WinRAR
2008-05-08 03:00    <DIR>    d--------   C:\Program Files\MSXML 4.0
2008-05-07 21:36    <DIR>    d--------   C:\Program Files\DAMN NFO Viewer
2008-05-07 20:30    <DIR>    d--------   C:\Program Files\CCleaner
2008-05-07 19:45    27,048  --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-07 19:45    15,864  --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-05-07 19:45    <DIR>    d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-05-07 19:45    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\Malwarebytes
2008-05-07 19:45    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-05-07 19:44    <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2008-05-07 04:06    <DIR>    d--------   C:\Program Files\Enigma Software Group
2008-05-07 00:16    <DIR>    d--------   C:\Program Files\DAEMON Tools Lite
2008-05-07 00:12    717,296 --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-05-07 00:12    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\DAEMON Tools
2008-05-06 23:52    90,112  --a------   C:\WINDOWS\system32\TG_SYNC.DLL
2008-05-06 23:52    110,592 --a------   C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-05-06 23:52    102,400 --a------   C:\WINDOWS\system32\TG_VIEW0607.DLL
2008-05-06 23:16    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\Bioshock
2008-05-06 21:47    <DIR>    d--------   C:\Program Files\MyFree Codec
2008-05-06 21:44    974,848 --a------   C:\WINDOWS\system32\mfc70.dll
2008-05-06 21:44    921,600 --a------   C:\WINDOWS\system32\vorbisenc.dll
2008-05-06 21:44    89,088  --a------   C:\WINDOWS\system32\atl71.dll
2008-05-06 21:44    82,432  --a------   C:\WINDOWS\system32\msxml4r.dll
2008-05-06 21:44    57,344  --a------   C:\WINDOWS\system32\MTXSYNCICON.dll
2008-05-06 21:44    57,344  --a------   C:\WINDOWS\system32\MK_Lyric.dll
2008-05-06 21:44    507,904 --a------   C:\WINDOWS\system32\MSLUP71.dll
2008-05-06 21:44    49,152  --a------   C:\WINDOWS\system32\MaJGUILib.dll
2008-05-06 21:44    471,040 --a------   C:\WINDOWS\system32\muzapp.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\Ogg.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\MaXMLProto.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\MACXMLProto.dll
2008-05-06 21:44    44,544  --a------   C:\WINDOWS\system32\msxml4a.dll
2008-05-06 21:44    40,960  --a------   C:\WINDOWS\system32\MTTELECHIP.dll
2008-05-06 21:44 …

DontknowIT 0 Light Poster

17 Years Ago

Malwarebytes' Anti-Malware 1.12
Database version: 760

Scan type: Full Scan (C:\|)
Objects scanned: 51751
Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qoMeCsRi.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c92e65b1-42bb-4ac3-96e5-4c4b5bad4edb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c92e65b1-42bb-4ac3-96e5-4c4b5bad4edb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\qoMeCsRi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iRsCeMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iRsCeMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:39:51, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

DontknowIT 0 Light Poster

17 Years Ago

Here is the log from the rename exe scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:36, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\General\Repair tool\hijack\analysethis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - C:\WINDOWS\system32\vtUmKCTK.dll
O2 - BHO: (no name) - {82D34086-E929-489E-ACCC-17C07AE6488D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] …

Problems with desktop, no icons and task bar

DontknowIT 0 Light Poster

17 Years Ago

Hey everyone

I have been having problems with my desktop, this time the icons and task bar disappeared. I was alerted that there were some torjan that have been founded by Avast, which was removed at the time, and then soon after the icons and task bar disappeared.

Not knowing what was wrong i restarted my machine, the problem persisted and on start up once windows loaded up a error came out saying a there is a missing dll. sockins32.dll, i think, not have the icons and task bar I then went about using the task manager so that i use anti-malware and other cleanup programs.

I used Malwarebytes' Anti-Malware to try to remove the problems which it did at first the error also disappeared, but about 15 or so minute after windows loaded without problem the icons and task bar will suddenly disappear again and then going back to Malwarebytes the trojan vundo returns. I cant seem to remove these trojan.

This is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:48, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Re: Can't change desktop/180Solutions Adware

DontknowIT 0 Light Poster

17 Years Ago

Sorry about the mix up it was late at night when i discovered the problem and posted the my thread, and at the same i was looking for any other similar threads

Re: sudden change to windows theme and infection messages

DontknowIT 0 Light Poster

17 Years Ago

Anti-Malware 1.12

Malwarebytes' Anti-Malware 1.12
Database version: 729

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 58374
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 40

Memory Processes Infected:
C:\WINDOWS\system32\wmsdkns.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\winself.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Michael\Local Settings\Temp\ie.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and …

Re: Can't change desktop/180Solutions Adware

DontknowIT 0 Light Poster

17 Years Ago

oh i forgot one thing the task manager have been disabled by these problems windows claims that tack manager was disabled by the admin but i havnt can someone tell me whats going on.

sudden change to windows theme and infection messages

DontknowIT 0 Light Poster

17 Years Ago

Hey everyone
I have recently reformated my machine, but it seem that something have infected it already. I am currently using avast 4.8 with a up to virus database. The problem is that moments before the wallpaper changed to a warning.. there was a few torjans that was detected and removed, the messages started popping up saying that sometime was trying to infect my computer, which i suspect are the very people telling me to protect my computer in other words ads, anyway, i have used ad-aware and advaced windowscare to scan for any problems and AWC shows nothing wrong, but ad aware shows two items that seems to have been removed but continues to come back again and again. The two items are identified as:

Adware.180solutions.seekm... Adware

istbar Malware

Please can someone help with removing them i have also done a Hijackthis log just in case

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:22:02, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

DontknowIT 0 Light Poster

17 Years Ago

thanks guy for all your advise, i will try the replacing method first and if that doesnt work then fresh installation it is

DontknowIT 0 Light Poster

17 Years Ago

I think at the end of the day i will have to reload windows, but just out of interest is it possible to repair windows... ie to replace of the essential files without a full format of the C: drive

DontknowIT 0 Light Poster

17 Years Ago

I spoke too soon on the success of the system restore the problem came back within an hour and i am back on square one.
i understand that some of the program can be turned off, but what i dont understand is that i have had this program for at least two - three months and the computer have always been at top shape, so why has it slowed all of the sudden, this HAPPENED over night, not a gradual process. I was watching a film, and fell asleep the next morning the video and sound was like slow motion and whole machine just slowed down over night, and all the above programs had been on the machine for at least a month without problem, roryk do you know what the actual problem is. I just dont understand what is going on with me pc

DontknowIT 0 Light Poster

17 Years Ago

the HJT report is on http://www.daniweb.com/forums/thread108318.html
and i used the windows tool to defrag the machine.
I have just done a system restore and the system seem to have regained its speed. but i still dont the problem and how prevent it from happening again, so if anybody have any suggestion please feel free.
Also there is one that have refused to go away and that is a disableregistry... it was found on advance windowscare v2 on the system optimization section and show up as a explorer problem. This problem shows up after every restart

DontknowIT 0 Light Poster

17 Years Ago

i just have the machine cleared, there were nothing with the fans and there didnt seem to have a much dust, but there was no change after the cleaning. also no have replied yet to my Hijackthis log thread. If there are any more ideas around please post it and i will try it. thanks

DontknowIT 0 Light Poster

17 Years Ago

i have used CClearer and advanced windowscare V2, but it doesnt seem to help even though the programs say that all the problems have been solved. And every time the machine is restarted a few problem is contantly on the problem list. I have also posted a hijackthis log on the virus forum but no one have replied yet, so i will get post the foundings when i hear anything from that thread.

DontknowIT 0 Light Poster

17 Years Ago

Slow PC can someone help

My have in the last 2 days slowed to a snails pace, i have check with AVG anti virus and sypware and nothing came up, so can some take a look a my Hijack log and see if there are any problem any insight would be great thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:05:09, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproScheduler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\General\Repair tool\hijack\HiJackThis.exe

DontknowIT 0 Light Poster

17 Years Ago

I am certain the problem is not with the codecs, but i tried anyway and nothing changed the problem is with the windows itself it took a long time to start up windows, something that should only take moments and did only take moments just 2 days ago. loading anyway app take a long time and even copy files or moving file take at least 5 times as long as before. for example a 700Mb file that took no more than 5 min to copy or cut and paste, now takes more 30 min to copy.
Please help me, if not fixing the problem then please tell whats wrong and whats happened to my pc. I dont know understand where the problem came from, i have only had this machine for 5-6 months and it worked fine apart from a few minor problems

DontknowIT 0 Light Poster

17 Years Ago

the vids are all on the hard drive and didnt have a problem, on the start up there are the usual anti virus, and spyware programs... Deamon tool msn messenger so on.... i have the K-lite mega codec pack from free-codec.com
the problem isnt just on the wmp... other program and even windows is sluggish and somethings the screen freezes for a few seconds.. startup is take a long time, well longer then it use to be the whole pc is just slow

Slow PC, can't find reason please help

DontknowIT 0 Light Poster

17 Years Ago

Hey Everyone
There seens to be a problem with my pc and i cant find any reason for it, it was working fine just the day before and now it has slowed to a point where i cant even watch vids WMP take a long time to load up and then the vids cant run smoothly at all.
I have ran registry checks, spyware and antivirus checks, but i have not defrag the machine yet something which i am about to do. However i am just wondering where anyone knows why or where the problem is coming from.
If anyone can please tell me what you need to know to help

Specs
AMD Athlon 64 x2 4800+
2GB ram
Geforce 7600GT
320 GB hard drive
all drive up to date

thanks

Re: Please help graphics problems with games after defrag

DontknowIT 0 Light Poster

17 Years Ago

sorry for the late reply guys, my internet decided to pack up when eariler.

after speaking to a few other people i think the major problem is with the graphic card hardware although i havent had time to test my theory yet i am now quite certain.

Anyway sorry for wasting your time and thanks for posting

Please help graphics problems with games after defrag

DontknowIT 0 Light Poster

17 Years Ago

I posted a thread eariler but had no replies, so here it goes again.
I am having a problem with my graphics card after defraging my pc, when i play games the blocks appear on screen and covers some of the graphics my pc believes the graphics if fine, because the print screen of the game is prefect, but on screen as the game runs the graphic is covered by blocks.
I have tried reinstalling drivers and games use different pc repair software, defraged again to see if it helps and nothing have helped.
thanks for your time

DontknowIT 0 Light Poster

17 Years Ago

Re: Problem after C: defrag

Correction on the situation my pc is able to render the graphics but there are purple square covering the graphics, i am not sure how to upload the pictures so if you can tell how to upload the picture then i can show you guys want i mean

DontknowIT 0 Light Poster

17 Years Ago

Re: Problem after C: defrag

sorry guys, one of the problem is that i dont know how to discribe it... its like my pc is unable to render the graphics install come up with a whole screen of purple squares... I have tried reinstalling drivers, games and use all kind of thing to try to fixes it but nothing worked it has happen to all the game apart from overload... NFSC, Bioshock, Lost planet and i not sure what else but those are the ones that i know have been affected

DontknowIT 0 Light Poster

17 Years Ago

Problem after C: defrag

Hey i was wonder if anyone can help, the problem is that after defraging the C: drive some of my game start not to work properly, the basic function is fine but all the game start to act up the games will start but the screen is not as it should be, all that is on the screen for every game is purple pixel.
please help if anyone know whats wrong

Many many problems with windows

DontknowIT 0 Light Poster

17 Years Ago

My pc have been rather slow lately and keep getting stuck at windows loading screen, originally i was planning to format the machine, but i chose to use the auto repair on the XP CD instead. Well i am now able to get into windows but a lot of problem have been caused, for examlpe i am not longer able to get windows updated.. frankly i am not sure if its my pc or problems on mircosoft side, then i am now not able to use daemon tool or uninstall it and i simply dont have clue what is going on so if anyone have any ideas please help
thanks for your time

Re: How to turn off welcome screen on start up

DontknowIT 0 Light Poster

17 Years Ago

cool thanks man

How to turn off welcome screen on start up

DontknowIT 0 Light Poster

17 Years Ago

Hello everyone i have a rather small but very annoying problem on my windows xp, when my pc start up windows gets struck on the welcome screen and every time i have to manually log instead of being logged in straight away, i dont understand why because the pc only have 1 user and it is normally not necessary for a manual log in so if anyone know why windows is doing this or can help getting rid of it please post a solution and if there is anything you need to find the problem please let me
thank you for your time

DontknowIT 0 Light Poster

17 Years Ago

i have checked my system using the cleaners that you have posted and here is the log from AVG anti-spyware

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:45:39 PM 8/23/2007

+ Scan result:

Nothing found.

::Report end

there nothing that could have effected my system and yet the system is still have the unread message issue, without the messenger being logged on.

DontknowIT 0 Light Poster

17 Years Ago

I have done as you have asked and the vundofix doesnt seem to have came up with anything different anyway here is the log for vundofix

VundoFix V6.5.7

Checking Java version...

Sun Java not detected
Scan started at 12:25:13 AM 8/23/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.5.7

Checking Java version...

Sun Java not detected
Scan started at 12:36:17 AM 8/23/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.5.7

Checking Java version...

Sun Java not detected
Scan started at 12:37:10 AM 8/23/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

and here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:08 AM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

DontknowIT 0 Light Poster

17 Years Ago

There is something i dont understand... the efffge.dll is no longer affecting startup of the system.. also now on start up windows constantly tell me that there are messages that are unread but anyway that something else i will get back to you as soon i have time to try out the your instructions above

DontknowIT 0 Light Poster

17 Years Ago

also i wondered if combofix needs to be ran in safe mode because i ran it in normal mode after restarting

DontknowIT 0 Light Poster

17 Years Ago

Thanks for your help gerbil

this is the vundofix log

VundoFix V6.5.7

Checking Java version...

Sun Java not detected
Scan started at 7:49:29 PM 8/17/2007

Listing files found while scanning....

C:\WINDOWS\efffge.dll
C:\WINDOWS\egfffe.ini

Beginning removal...

Attempting to delete C:\WINDOWS\egfffe.ini
C:\WINDOWS\egfffe.ini Has been deleted!

Performing Repairs to the registry.
Done!

this is the combofix log

ComboFix 07-08-14.4 - "Owner" 2007-08-17 20:04:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1684 [GMT 8:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Owner\APPLIC~1\tmpE.tmp.exe
C:\WINDOWS\system32\dn5c8f77dc.dat

((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))

2007-08-17 20:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 19:49 <DIR> d-------- C:\VundoFix Backups
2007-08-17 02:42 <DIR> d-------- C:\Program Files\MSBuild
2007-08-17 02:40 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-17 02:40 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-17 02:39 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-17 02:39 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-17 02:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-17 02:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-17 02:36 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-08-17 02:35 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-17 02:35 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-17 02:35 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-17 02:08 <DIR> d-------- C:\Program Files\IObit
2007-08-13 19:16 <DIR> d-------- C:\WINDOWS\SpaceForce - Rogue Universe
2007-08-13 19:16 <DIR> d-------- C:\Program Files\DreamCatcher
2007-08-13 19:10 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2007-08-13 18:35 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-13 18:35 740,442 --a------ C:\WINDOWS\system32\divx.dll

DontknowIT 0 Light Poster

17 Years Ago

missing rundll file

hey everyone i am new to the site and as the name suggest dont know much about computers so please if anyone have the time please help

I was dealing with a torjan horse generic6 with AVG and have deleted a file called efffge.dll. originally when the my pc was still infected by torjan horse the error message came up with a access denied and since AVG took care of it by deleting the file now windows always start with error message saying that the module is missing... It would be great if someone can tell me what its for and what program it belong to

Here is the Hijackthis notes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:59 AM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal