Everything posted by coltm4carbine
-
HijackThis Log
maybe. (IMHO anything is better than norton). did you uninstall the previous antivirus(es) properly? (including through the reg) ok forget this idea- its better to be infected than nothing to be infected with. ok heres a wiser option try and use avg free edition and see will it get rid of your viruses.
-
HijackThis Log
ok are you on as the admin? if try running it when ur the admin if that don't work then it looks like you need to do what it says.
-
MSN Messenger 7.5 problem
you might also wanna fix this if it's still here (don't worry if it's not spybot might of got rid of it already) O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.e3e (CAUTION - executable file)"
-
Trojan Help Please =(
*edit* ok seen the virus info Post ur info on the virusscan (right click the red/black "m" in the sys tray-> virusscan-> about) espiecially the DAT versions. the latest DAT file for it is 4626 or 4624. (depends). it was released on 11/11/05 (for comercial users). for home users you should have the 4624 DAT.
-
MSN Messenger 7.5 problem
o10s- This section corresponds to Winsock Hijackers or otherwise known as LSP (Layered Service Provider). LSPs are a way to chain a piece of software to your Winsock 2 implementation on your computer. Since the LSPs are chained together, when Winsock is used, the data is also transported through each of the LSPs in the chain. Spyware and Hijackers can use LSPs to see all traffic being transported over your Internet connection. You should use extreme caution when deleting these objects if it is removed without properly fixing the gap in the chain, you can have loss of Internet access. Example Listing "O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing" Many Virus Scanners are starting to scan for Viruses, Trojans, etc at the Winsock level. The problem is that many tend to not recreate the LSPs in the right order after deleting the offending LSP (for example Norton). This can cause HijackThis to see a problem and issue a warning, which may be similar to the example above, even though the Internet is indeed still working. It is also advised that you use LSPFix to fix these. Spybot can generally fix these but make sure you get the latest version as the older ones had problems. There is a tool designed for this type of issue that would probably be better to use, called LSPFix. for exmaple if i remove new.net then while removing it i might lose my internet connection. if i do then i will use lspfix to fix the lsp chain. you don't often see these in logs because most of the time they are bad (exept for norton etc). Hopefully someone will give you a better explaination on the o10s. *edit again* Don't fix the o10 you have (O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll )- its a legit one.
-
HijackThis Log
ok, ok most of them are in the restore so you will have to disable system restore (from my experiance @ the McAfee forums). instructions here and here after disabling system restore run your symantec (norton) in safemode and see will it find and delete them. some of them might even come up as adware.[/url]
-
Win32.P2P-Worm.Alcan.a *still need help*
ok reformatting is a bit too drastic. The files found should be in your Restore Points. If you are sure your computer is working fine (apart from the malware) you can get rid of the (infected) System restore points. you can to this by following this procedure by following the instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
-
HijackThis Log
logs looks ok - unless i missed any. Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply) +++++ If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro. see if they find any more and get rid of them. try running norton in safemode (f8 while booting up) and see what it finds. post it here with the path.
-
MSN Messenger 7.5 problem
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) <- You don't have to fix this. The program is msn messenger 7.5 but very often incorrectly listed by HijackThis as missing. ok i might get banned for this but if you are ever gonna fix an o10 make sure 1) you know how to restore a backup. (To restore the backups: [*:30h23xrl]Open HiJackThis [*:30h23xrl]Click Open the Misc Tools section [*:30h23xrl]Click the Backups button [*:30h23xrl]Place a check mark next to everything in that window [*:30h23xrl]Click Restore [*:30h23xrl]Click Yes [*:30h23xrl]Reboot your computer [*:30h23xrl]Re-open HiJackThis and post a new logfile for review.) 2) ok using canned speech for new.net same priciple just change all new.net to webhancer.: First, Download LSPFix[Caution: ExecutableFile] to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet In the event that you lose Internet access after removing New.Net, please double-click LSPFix[Caution: ExecutableFile] that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program.
-
MSN Messenger 7.5 problem
ok before anyone even thinks about fixing the o10's please DON'T thats gonna rip apart the lsp chain and make the user unable to connect to the internet. heres a quick tip: Please download Spybot Search & Destroy and AdAware. then run a scan with both of these softwares. Those programs should get rid of most of the webhancer things.
-
hijackthis log check Please
ok bit of info- winfixer should be same as trojan vundo in it's adware form. try the symantec removal tool first. here vundo also creates random file names. "O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\pmkjk.dll " see if anyone can see anything suspicious about it. delete this line first O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/013efebd3fa ... xIE601.cab if i have made a mistake it shouldn't do any damage- should the active x object be needed again you can redownload it. it should be the netster spyware.
-
My hijit log
at last i have found the canned speech for the autoinstaller. Download and run the following HijackThis autoinstall program from ]here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
-
HijackThis Log
hi back using canned speech again: ...nvm now you tell me... thats why i don't like norton but thats another thing. well there is only a few things wrong with it (from what i can see anyway everyone else feel free to correct me) Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'C:\Program Files\Hijackthis' or C:\HiJackThis\. We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here: http://www.microsoft.com/windowsxp/down ... fault.mspx fix these: O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0852228669 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll then repost a new HJT log and it should be clean.
-
HijackThis Log
ok i take a proper look at the log after a shower. poo! before you do any of that please can you move the HJT out of the temp (into c:/HJT for example). THis ensures back-ups are made should anything go wrong. had a quick scan and tell him to uninstall SpywareBeGone- it is a rogue and gives you spyware/ adware. Also known to produce lots of false possitives. after uninstalling it through add/ remove programs fix this line: O4 - HKCU\..\Run: [spyware Begone] "C:\spywarebegone\SpywareBeGone.e3e (CAUTION - executable file)" -FastScan get ad-aware and spybot instead. they are better and free. run a scan with those and post back a new log.
-
i have some problems with spyware
if you remove everything it finds u'll be ok
-
Can someone please check my HJT Log?
thats because it is sountaskmgr (<- notice the missing "d") ok no worries. do you know what ECO-CEE.at.schneider-electric.com is? Same canned speech as before- i don't know what you have been doing but to me it's getting worst. W32/Sober.r@MM mass-mailing worm- don't open attachments in email!!! W32/Sdbot-ACG worm. first try and update your computer- lots of Vulnerabilities. after the update(s) then can you do this (i know you have already done this but i am not convinced your computer is clean from viruses): Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply) +++++ If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro. After those scans (again) downlod this: Stinger. run it. after all that post back a new log.
-
Can someone please check my HJT Log?
ok can you post a new hijack this log? if you disable sountaskmgr from the task manager (ctrl+alt+delete) does the still appear? :( i was gonna let mercifull take over once i have sorted out the main infections - i will be on holiday soon and i won't have a pc. besides mercifull will know a lot more than me.
-
Can someone please check my HJT Log?
opps i think i clicked on a bad link while looking at your first log. nvm. yeh soz i meant C:\WINNT\System32. ok fix that 04 line too. it should come out bad anyway. I did want you to send it to webimmune to get it analyzed by hand but nvm- thats for McAfee users only (link i got anyway). omfg i don't beieve this... i forgot to press submit. anyway heres the reply like half and hour ago.
-
Can someone please check my HJT Log?
Your computer is a lot worst than i thought it would be... how long have this error message about your AV been popping up? If you disable "sountaskmgr or sountaskmgr[Caution: ExecutableFile]" does the error message still pop up? suprisingly the unindentified trojan/ worm is still here... and i am sure it is bad but i won't fix it incase i am wrong. ok another canned speech this time for submitting a file see if it comes back negative. I am a bit suprised that they still haven't found out the trojan/ worm from the online scans. If you know it, tell me what it is and if not, please can you also submit the following file to one of these online file scanners. Be sure you're able to view hidden files , and find the following files/ folders in bold (if found) and send it to the online scanner listed below: sountaskmgr (most like to be somewhere in the C:\WINDOWS\System32 folder but i won't count on it.) Jotti File Scan VirusTotal File Scan This will produce a report after the scan is complete, please copy and paste those results in your next post. After that you will need to rehide the files. see if it comes back with anything. forget that link its not going to help if you use symantec. McAfee only.
-
My hijit log
ok delete the one you got in my documents but KEEP the one in the C:/. hopefully you will get it right and we can actually start fixing something. :)
-
Can someone please check my HJT Log?
i guess i should let him take over the log then cos i don't want what happened last time to be repeated. ok using another canned speech for ewido security suite. might not be helpful but it should hopefully pick up any trojans that the other scanners have missed. Welcome, Please follow the instructions provided, you may want to print out these instructions and use them as a reference. First: Please download ewido security suite it is a trial version of the program. [*:1emcjs9n]Install ewido security suite [*:1emcjs9n]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". [*:1emcjs9n]Launch ewido, there should be an icon on your desktop double-click it. [*:1emcjs9n]The program will prompt you to update click the OK button [*:1emcjs9n]The program will now go to the main screenYou will need to update ewido to the latest definition files. [*:1emcjs9n]On the left hand side of the main screen click update [*:1emcjs9n]Click on StartThe update will start and a progress bar will show the updates being installed. Once the updates are installed do the following: [*:1emcjs9n]Click on scanner [*:1emcjs9n]Make sure the following boxes are checked before scanning: [*:1emcjs9n]Binder [*:1emcjs9n]Crypter [*:1emcjs9n]Archives [*:1emcjs9n]Click on Start Scan [*:1emcjs9n]Let the program scan the machine While the scan is in progress you will be prompted to clean files, click OK Once the scan has completed, there will be a button located on the bottom of the screen named Save report [*:1emcjs9n]Click Save report [*:1emcjs9n]Save the report to your desktopReboot your machine and post back a new HJT Log and the Ewido Scan .txt Log file you saved by using Add Reply
-
My hijit log
ok one more time :) Delete HJT from your temp folder (Start-> my computer->C:\-> temp) After that can you re-download HiJack This and save it to your desktop. It should be in a compressed folder. now right click on the folder and select extract all. keep on pressing next until you have finished. after that post a new HJT log. the reason why i have to do this is, if during or after the fix something goes wrong you will still have a back-up instead of a huge paper-weight. IMHO it is better to be infected than have a huge paper weight. got to sleep in a sec got french first period tomorrow :( I look at the replies tomorrow.
-
My hijit log
ok can u post me a fresh log so i can see how it's going?
-
My hijit log
delete the HJT you got right now. re-download it but this time save it to somewhere like C:\Prgram Files\HJT. open it and windows should ask you if you want to extract it. select yes. btw the link is here well it is 100% your choice. so if you want to delete it then delete it, if you want to keep it then keep it.
-
My hijit log
ok this is the problem: wild tangent and game spy arcade is an advertising spyware. It's your call, have a few spywares or have a cleaner pc.