Posts by tapped

tapped 0 Newbie Poster

16 Years Ago

Re: Unstoppable PoP-Ups; HiJack This log

Thank you for the help hear is the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:33 PM, on 5/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\FONTS\2509E.com
C:\windows\ld08.exe
C:\windows\pp06.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Outlook on the Desktop\OutlookDesktop.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Documents and Settings\Owner\Application Data\ptidle\ptidle.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\316488442.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\SYS32DLL.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\a8md5.exe
…

Information Security windows-virus

tapped 0 Newbie Poster

16 Years Ago

Unstoppable PoP-Ups; HiJack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:35 PM, on 5/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Information Security windows-virus

tapped 0 Newbie Poster

16 Years Ago

I Need To Find Used Space On My Harddrive

I need a program or a way to find used space on my harddrive. The folders that I can see accumulate to about half of my HD space. Right now it shows that I have about a 1 GB of space left. I have looked in My Docs, Doc and Settings, Program Files, and etc, but I cant find where all my space has gone, PLEASE HELP!!!

Microsoft Windows windows-nt-2000-xp

tapped 0 Newbie Poster

16 Years Ago

Re: Explorer.exe crashes them restarts

Here is the new log, everything is running smooth I thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:08 PM, on 2/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital …

Information Security windows-virus

tapped 0 Newbie Poster

16 Years Ago

Re: Explorer.exe crashes them restarts

I have ran the Hijackthis with it renamed and here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:37 PM, on 2/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 …

Information Security windows-virus

tapped 0 Newbie Poster

16 Years Ago

Re: Explorer.exe crashes them restarts

This is my log from Malwarebytes, this was taken after the scan was completed.

Malwarebytes' Anti-Malware 1.34
Database version: 1770
Windows 5.1.2600 Service Pack 2

2/17/2009 9:46:58 PM
mbam-log-2009-02-17 (21-46-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 216524
Time elapsed: 6 hour(s), 16 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 49
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 9
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\cbXNDWqN.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jkkJbbxX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{107a1a0a-aaaf-4425-a7b7-79d2019b9c17} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{107a1a0a-aaaf-4425-a7b7-79d2019b9c17} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkjbbxx (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{107a1a0a-aaaf-4425-a7b7-79d2019b9c17} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
…

Information Security windows-virus

tapped 0 Newbie Poster

16 Years Ago

Re: Explorer.exe crashes them restarts

Hi and welcome to the Daniweb forums :).
==========
Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Make sure that you restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Post new HJT log.

Thanx for the reply, the program you suggested worked like a charm. After the restart everything was back to normal. I did the full and it found 69 assorted trojans and other things. Once again thank you.

Information Security windows-virus

tapped 0 Newbie Poster

16 Years Ago

Explorer.exe crashes them restarts

Hello my explorer exe crashes and then restarts along with that I cant open folders and start menu blinks as well. I have installed the new hiJackThis and would love some advice on what to do. This is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:13 PM, on 2/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: …

Information Security windows-virus