nycste

another day with no help BUM<P

Right click on My Computer and choose Manage. Now go to Computer Management (Local) > System Tools > Event Viewer > System. There are two other main event logs as well...Application and Security. IE7 adds another one, PowerShell adds one and Office 2007 adds two more. eww lots of warnings and errors on mine haha. thanks

and here is hijack log 1. before another safemode scan and fix. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:42:13 PM, on 9/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Prevx2\PXAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Documents and Settings\user\Desktop\HiJackThis v.200b.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file) O4 - HKLM\..\Run: [smcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing) -- End of file - 7372 bytes

ok this is hijack log after doing some more cleanup on my own. ill run the following Do all of the scans from the sticky list posted in this thread in Safe Mode. Then boot back into Normal Mode, run HijackThis and post a log. Edit: Removed text taken from the wiki at Lunarsoft.

um where is the systemlog located? cuz once you start and keep installing programs and drivers boot times just keep geting much worse when they should get faster since everythign is supposed to be found correctly. i ran this program drive agent and this was found Disk Drives ST3250823AS 2001.07.01 ST3200826AS 2001.07.01 Display adapters NVIDIA GeForce 7600 GS 2007.06.29 2007.06.29 DVD/CD-ROM drives AXV CD/DVD-ROM SCSI CdRom Device 2001.07.01 LITE-ON DVDRW LDW-851S 2001.07.01 IDE ATA/ATAPI controllers Intel® ICH8 2 port Serial ATA Storage Controller - 2825 2006.04.10 Intel® ICH8 4 port Serial ATA Storage Controller - 2820 2006.04.10 Standard Dual Channel PCI IDE Controller 2001.07.01 2007.07.05 Keyboards Standard 101/102-Key or Microsoft Natural PS/2 Keyboard 2001.07.01 Mice and other pointing devices Microsoft USB Wheel Mouse Optical 2001.07.01 2005.12.01 Monitors Plug and Play Monitor 2001.06.06 Network adapters Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller 2006.09.18 2007.06.26 Ports Communications Port (COM1) 2001.07.01 Printer Port (LPT1) 2001.07.01 Processors Intel® Core(tm)2 CPU 6300 @ 1.86GHz n/a Sound, video and game controllers Realtek High Definition Audio 2006.07.24 2007.07.18 System Devices Intel® P965/G965/G35 PCI Express Root Port - 29A1 2007.02.06 Intel® P965/G965/G35 Processor to I/O Controller - 29A0 2007.02.06 Intel® ICH8 Family PCI Express Root Port 5 - 2847 2006.05.16 Intel® ICH8 Family PCI Express Root Port 4 - 2845 2006.05.16 Intel® ICH8 Family PCI Express Root Port 1 - 283F 2006.05.16 Intel® ICH8 Family SMBus Controller - 283E 2006.04.10 Intel® ICH8/ICH8R Family LPC Interface Controller - 2810 2006.05.16 Universal Serial Bus controllers Intel® ICH8 Family USB2 Enhanced Host Controller - 283A 2006.04.10 Intel® ICH8 Family USB2 Enhanced Host Controller - 2836 2006.04.10 Intel® ICH8 Family USB Universal Host Controller - 2835 2006.04.10 Intel® ICH8 Family USB Universal Host Controller - 2834 2006.04.10 Intel® ICH8 Family USB Universal Host Controller - 2832 2006.04.10 Intel® ICH8 Family USB Universal Host Controller - 2831 2006.04.10 Intel® ICH8 Family USB Universal Host Controller - 2830 2006.04.10 the file is Microsoft Office Document Imaging i cannot upload it here and done know how to convert it

will do later thanks. [q]Originally posted by: John Upload it to virustotal.com to see if it's detected.[/q] i cant find the file on my computer but it said it was running weird. and something turned on my system restore even though ive always had it off. installed a program prevx. and it found 3 issues ill update lata

humm program GodZBSY.exe is running for some reason and google shows up nothing

Logfile of Spyware Terminator v2.0.0.194 (db:1.0.924.684) Scan Time: 9/12/2007 12:37:57 AM length: 2540 s Platform: Windows XP Service Pack 2 (WINNT 5.1.2600) User: Admin Boot Mode: Normal Scan type: Full_Spyware_Scan Scanned Objects: 160910 (Critical:0) Filter: No System items, No Safe items, No Invalid items Running Processes : nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe pidgin.exe [The Pidgin developer community] : C:\Program Files\Pidgin\pidgin.exe ConvertXtoDvd.exe [VSO Software SARL] : C:\Program Files\vso\ConvertXtoDVD\ConvertXtoDvd.exe SpybotSD.exe [safer Networking Limited] : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Internet Settings R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain = R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName = BHO 02 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - [Orbitdownloader.com] : C:\Program Files\Orbitdownloader\orbitcth.dll StartUps 04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : : C:\WINDOWS\system32\UDBDEF.EXE Shell Extensions 7-Zip Shell Extension - {23170F69-40C1-278A-1000-000100020000} - [igor Pavlov] : C:\Program Files\7-Zip\7-zip.dll AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll Microsoft Office Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL - {42042206-2D85-11D3-8CFF-005004838597} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\msohev.dll WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - : C:\Program Files\Unlocker\UnlockerCOM.dll Desktop Manager - {709C6E11-538F-4759-86AC-6ACB302AA0DE} - : C:\WINDOWS\system32\msvdm.dll Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll - {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll AVG7 Shell Extension Class - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll AVG7 Find Extension Class - {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll Protocol Filters - {807553E5-5146-11D5-A672-00B0D022E945} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL Protocol Handler Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL Data Page Plugable Protocal mso-offdap11 Handler - {32505114-5902-49B2-880A-1F7738E5A384} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [skype Technologies] : C:\Program Files\Common Files\Skype\Skype4COM.dll Winsock 2 [Avira GmbH] : C:\WINDOWS\system32\avsda.dll [Avira GmbH] : C:\WINDOWS\system32\avsda.dll [Avira GmbH] : C:\WINDOWS\system32\avsda.dll Services 23 - : C:\WINDOWS\system32\DRIVERS\a347bus.sys 23 - : C:\WINDOWS\system32\Drivers\a347scsi.sys 23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS 23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS 23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS 23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS 23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS 23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys 23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys 23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys 23 - [Elaborate Bytes AG] : C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 23 - : C:\WINDOWS\system32\giveio.sys 23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys 23 - [Kensington Technology Group] : C:\WINDOWS\system32\drivers\KID_SYS.sys 23 - [Kensington Technology Group] : C:\WINDOWS\system32\drivers\ntxpusb.sys 23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe 23 - : C:\WINDOWS\system32\DRIVERS\OREANS32.SYS 23 - [VSO Software] : C:\WINDOWS\system32\Drivers\pcouffin.sys 23 - [Elaborate Bytes] : C:\WINDOWS\system32\Drivers\RegKill.sys 23 - : C:\Program Files\SUPERANTISPYWARE\SASDIFSV.SYS 23 - : C:\Program Files\SUPERANTISPYWARE\SASKUTIL.SYS 23 - [Windows ® 2000 DDK provider] : C:\WINDOWS\system32\speedfan.sys 23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\Teefer.sys 23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg3n.sys 23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg4n.sys 23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg5n.sys 23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg6n.sys 23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\DRIVERS\WPSDRVNT.SYS 23 - [Marvell] : C:\WINDOWS\system32\DRIVERS\yk51x86.sys 23 - [EnTech Taiwan] : C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS Winlogon Notify HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon, DLLName : [sUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

File setup.exe received on 09.12.2007 07:08:36 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 1/32 (3.13%) -details Prevx1 V2 2007.09.12 Heuristic: Suspicious Hijacker

AppName: explorer.exe AppVer: 6.0.2900.3156 ModName: libavcodec.dll ModVer: 0.0.0.0 Offset: 001f09a1 is the explorer crash and update spybot is now working and scanning

File ntinstall.ini received on 09.12.2007 07:07:52 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) File qb.bat received on 09.12.2007 07:07:57 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) File qbkill.bat received on 09.12.2007 07:08:10 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) File smnt.scr received on 09.12.2007 07:08:23 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) File kill.bat received on 09.12.2007 07:07:43 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) File kill.exe received on 09.12.2007 07:07:48 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 1/32 (3.13%) -details Fortinet 3.11.0.0 2007.09.12 Misc/MSKILL

for some reason spybot wont do a full scan keep saying stopped by user. gonna see what happens after reboot. also internet exploere tried to take over firefox again. exploxer crashed. checking all those files in dir wtf15. at vir ustotal.com File 123.bat received on 09.12.2007 07:05:00 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) File 139.txt received on 09.12.2007 07:05:41 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) File fixt received on 09.12.2007 07:05:50 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) File httpget.exe received on 09.12.2007 07:06:08 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 7/32 (21.88%) -details AhnLab-V3 2007.9.11.1 2007.09.11 - AntiVir 7.6.0.5 2007.09.12 - Authentium 4.93.8 2007.09.12 Possibly a new variant of W32/CrazyCrunch-based!Maximus Avast 4.7.1043.0 2007.09.11 - AVG 7.5.0.485 2007.09.11 - BitDefender 7.2 2007.09.12 - CAT-QuickHeal 9.00 2007.09.11 (Suspicious) - DNAScan ClamAV 0.91.2 2007.09.12 - DrWeb 4.33 2007.09.11 - eSafe 7.0.15.0 2007.09.11 suspicious Trojan/Worm eTrust-Vet 31.1.5127 2007.09.12 - Ewido 4.0 2007.09.11 - FileAdvisor 1 2007.09.12 Low threat detected Fortinet 3.11.0.0 2007.09.12 PossibleThreat F-Prot 4.3.2.48 2007.09.12 - F-Secure 6.70.13030.0 2007.09.11 - Ikarus T3.1.1.12 2007.09.12 - Kaspersky 4.0.2.24 2007.09.12 - McAfee 5117 2007.09.11 - Microsoft 1.2803 2007.09.12 - NOD32v2 2523 2007.09.12 - Norman 5.80.02 2007.09.11 - Panda 9.0.0.4 2007.09.11 Suspicious file Prevx1 V2 2007.09.12 - Rising 19.40.20.00 2007.09.12 - Sophos 4.21.0 2007.09.12 - Sunbelt 2.2.907.0 2007.09.12 - Symantec 10 2007.09.12 - TheHacker 6.1.10.184 2007.09.11 - VBA32 3.12.2.4 2007.09.12 - VirusBuster 4.3.26:9 2007.09.11 - Webwasher-Gateway 6.0.1 2007.09.12 Trojan.Downloader.Win32.Malware.gen (suspicious) Additional information File size: 17566 bytes MD5: 7aa74d465d11a1c4308530eb13b19029 SHA1: 1918cb3e8b8dcc6d92f9b67f0ba784b70c10539f Bit9 info: http://fileadvisor.bit9.com/services/extin...08530eb13b19029 packers: Aspack

[q]Originally posted by: NYCSTE2003 [Q]Originally posted by: mechBgon Try uploading each file from that folder to the analyzer at [L=http://www.virustotal.com]http://www.virustotal.com[/L] and paste the resulting diagnoses for each file here. This should be interesting...[/Q] will do thankyou. running 3 programs now. spybot search and destroy spyware terminator combofix aboutbuster Prevx2Agent.1.0.2.86 avg antitoolkit after reboot [/q]

alright ive been finding more and more programs which help scan clean etc etc. programs you use after your infected and i run several scans daily for the past couple days trying to rid my system of whatever bug i have that appears to keep dodging all scan programs. avg antispyware just found C:\WINDOWS\system32\drivers\etc\wtf15\pnc.exe its quarantined i think. this wtf15 folder has shown up on a few searches over the past couple days does anyone know if the folder itself is important can i just delete it? here is a picture of said folder looking for advice. just ran adaware se and it found nothing. while keeping avg always running and i tried antivir as main AV for a few days and that worked well too just testing out diff programs since i plan on reformating anyway

ive seen an old p3 boot into windows faster then any other rig ive ever seen. like 10seconds. my current setup takes forever like over a min. its truly re tarded. tried bootvis that doesnt seem to even work nowadays as i never get the second popup and not sure if it does anything trying that free scanner now

looking for some advice peoples

hey jeremy i could be doing this totally wrong but find that hard to believe but.. after i have started using ultimate defrag i love what it looks like and attempts to do but my games have been slower load times and nothing seems better. so just wanted to share and see if anyone had any comments.

my dvd cannot be read period. shows nothing on the disc. never had this problem and ive tried 1.35 and 1.4b any help nlite dudes?

used nero and burnimg. none have been working. and yes i use cdrws. like i said its weird ive been using nlite for years and this is new. and really annoying cuz i gotta reformat now and i dont have my old cds i lost them or gave to a friend and well no idea where they are

ok ive been using nlite from the beginning or really early stages and have had issues along the way. no biggie some of them were caused cuz i removed to much and i admit that. some where caused by bugs in the program or whatever so thats why nlite has become what it is today. my current issue with v 1.35 and 1.4b is that the cds i burn. dont burn correctly. i make the isos and the folders they seem to work if i open the iso with magic iso and all but when i burn them the cds showup as 702mb which isnt the size of the file and dont work. ive burned over 10 cds trying to get any of them to be read by my computer and they cant be read. ive never had this issue with nlite so im not sure what the problem is. im willing to help in anyway i can just ask what you want to see posted. thanks.

tried all that. alt f does nothing

just wanted to say thanks. ill be reading it soon prob.

alright someone told me to install and run windows live onecare. installed scanned and nothing really came up. so at this point i dont see how something is hiding in my system anymore and if possible just changed the folder settings and taskbar settings that arent allowing them too work. i have no idea what they are properly called any help there would be great. id guess title bar, start bar or button and not sure what >> is called. those are the only things not working and wrong

results from 3 more online scanners found nothing important.

also was infected with c:\windows\system32\msnmsg.exe this started up after i cleaned out the first stuff. after this nothing else showed up. but im running the 3 online scanners so far fsecure found nothing but 3 more to go.