Over 1 million tech questions and answers.

[SOLVED] "not-a-virus" virus and "javaclass" trojan keep appearing on virus scans

Q: [SOLVED] "not-a-virus" virus and "javaclass" trojan keep appearing on virus scans

Hello
I have been experiencing some problems with my computer recently. Firstly, my virus scanner (AVG) keeps on finding a virus called 'not-a-virus:RemoteAdmin.Win32.WinVNC-based.f' and some trojans called 'Trojan.JavaClass'. I have also been getting random pop-ups whenever I have been browsing the internet, and my computer seems to be running very sluggish, especially at startup.

I also believe that, last week, someone gained remote access to my computer, as all of a sudden, my mouse wouldn't move properly and the computer became really slow. This only stopped when I engaged the internet lock on my Zonealarm firewall.

Today, I was asked by Zonealarm to give a program called spoolsv.exe "access to privileged rights" which I have never seen before for this program. When I looked at the properties of spoolsv.exe, it said that it was created in 2006 but modified in 2005 (???), and so therefore didn't allow the program access. (I don't know if that has anything to do with the problems that I am having but thought I would mention it)

I have done "the 5 things you need to do" before posting a blog; here are the files requested:

Panda Scan:

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Carla Greenwood\Application Data\Mozilla\Firefox\Profiles\4n4qe3mx.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Carla Greenwood\Application Data\Mozilla\Firefox\Profiles\4n4qe3mx.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Carla Greenwood\Application Data\Mozilla\Firefox\Profiles\4n4qe3mx.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Carla Greenwood\Cookies\carla [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Carla Greenwood\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][3].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Cookies\[email protected][1].txt
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\Chris Tunnicliffe\Desktop\EvID4226Patch223d-en\EvID4226Patch.exe


Deckard's System Scanner v20071014.68
Run by Chris Tunnicliffe on 2007-12-03 10:00:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Chris Tunnicliffe.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:54, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\mqsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Chris Tunnicliffe\Desktop\dss.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CHRIST~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected]
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?a4d23ea7722c49f9bdac14e535fefaf5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?a4d23ea7722c49f9bdac14e535fefaf5
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Microgaming\Poker\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O15 - Trusted Zone: http://www.studivz.net
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/...ib/FlashAX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11291 bytes

-- Files created between 2007-11-03 and 2007-12-03 -----------------------------

2007-12-03 09:35:48 0 d-------- C:\Program Files\Trend Micro
2007-12-02 23:44:02 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-01 10:44:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-12-01 10:43:28 0 d-------- C:\WINDOWS\CSC
2007-11-30 18:27:50 0 d-------- C:\ie-spyad_zo
2007-11-30 18:19:41 0 d-------- C:\Program Files\SpywareBlaster
2007-11-30 13:13:07 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-26 23:56:40 0 d-------- C:\Microgaming
2007-11-23 14:52:29 0 d-------- C:\Program Files\QuickTime
2007-11-15 05:14:01 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\ppPokerDir
2007-11-12 23:58:06 0 d-------- C:\Program Files\PartyGaming
2007-11-08 02:16:44 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\dwhelper
2007-11-08 01:20:54 0 d-------- C:\Program Files\OxigenInstall
2007-11-07 12:58:02 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\VersionTracker Pro
2007-11-07 03:23:40 0 d-------- C:\Program Files\TechTracker
2007-11-07 03:14:43 0 d-------- C:\Program Files\Lavasoft
2007-11-07 03:14:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-07 03:14:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-04 22:52:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-11-04 22:52:22 0 d-------- C:\Program Files\Logitech
2007-11-04 22:52:22 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-11-04 18:20:51 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-04 18:20:51 3932160 --a------ C:\Documents and Settings\Chris Tunnicliffe\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2007-12-03 09:59:08 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\Skype
2007-12-03 09:57:45 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\MailFrontier
2007-12-03 09:57:29 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-03 09:57:16 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\AVG7
2007-12-03 09:28:31 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\Microgaming
2007-12-03 00:18:35 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-03 00:10:52 0 d-------- C:\Program Files\iTunes
2007-12-03 00:09:14 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-12-02 13:58:24 512 --a------ C:\ScanSectorLog.dat
2007-12-01 13:32:12 0 d-------- C:\Program Files\MSN Messenger
2007-11-22 02:55:48 0 d-------- C:\Program Files\Common Files\Real
2007-11-22 02:55:41 0 d-------- C:\Program Files\Common Files
2007-11-22 02:55:32 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\Real
2007-11-15 02:11:09 0 d-------- C:\Program Files\Dl_cats
2007-11-02 01:15:46 0 d-------- C:\Program Files\Skype
2007-11-02 01:15:40 0 d-------- C:\Program Files\Common Files\Skype
2007-11-01 17:17:37 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\Uniblue
2007-11-01 17:17:31 0 d-------- C:\Program Files\Uniblue
2007-11-01 16:53:09 0 d-------- C:\Program Files\DivX
2007-10-23 13:20:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-16 00:57:14 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\CyberLink
2007-10-16 00:57:08 0 d-------- C:\Documents and Settings\Chris Tunnicliffe\Application Data\HP
2007-10-12 04:29:32 0 d-------- C:\Program Files\iPod
2007-10-12 04:28:29 0 d-------- C:\Program Files\Apple Software Update
2007-10-12 04:27:51 0 d-------- C:\Program Files\Common Files\Apple
2007-10-10 04:16:58 1459 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 05:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 06:58]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [23/03/2006 13:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [23/03/2006 13:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [23/03/2006 13:17]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [02/06/2006 16:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2006 06:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [23/06/2006 14:43]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/06/2006 15:21]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [19/06/2006 10:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 10:23]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [09/02/2006 09:52]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [15/03/2006 21:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [15/03/2006 21:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [15/03/2006 21:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [15/03/2006 21:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [15/03/2006 21:00]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [08/09/2005 19:55]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 17:17]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [25/10/2007 13:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 14:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 20:16]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 05:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 13:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [13/09/2007 13:31]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [24/09/2005 17:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [07/11/2007 03:23:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"




-- End of Deckard's System Scanner: finished at 2007-12-03 10:03:06 ------------

Many thanks in advance for your help.
Chris

RELEVANCY SCORE 200
Preferred Solution: [SOLVED] "not-a-virus" virus and "javaclass" trojan keep appearing on virus scans

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: [SOLVED] "not-a-virus" virus and "javaclass" trojan keep appearing on virus scans

Bump.

Read other 4 answers
RELEVANCY SCORE 170.8

I did what was suggested on one of the "Solved" posts regarding this messy virus. Here's where I am. I probably started in the middle, I see, after reading many posts about this same problem.

Did the Smitfraudfix and forgot to save the text box info; can redo if necessary.

Did the Super Anti-Spyware, here is that info:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2010 at 07:58 PM

Application Version : 4.44.1000

Core Rules Database Version : 5685
Trace Rules Database Version: 3497

Scan type : Complete Scan
Total Scan Time : 02:40:44

Memory items scanned : 619
Memory threats detected : 1
Registry items scanned : 9059
Registry threats detected : 43
File items scanned : 151710
File threats detected : 874

Trojan.SVCHost/Fake
C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
[svchost] C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-11D9B1DB.pf

Adware.MyWebSearch/FunWebProducts
HKLM\Software\Classes\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB}
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\Control
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InprocServer32
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InprocServer32#ThreadingModel
HKCR\CLSID\{1D4DB7D2-6E... Read more

A:"Anti-Virus" Virus, Started on Fix from "solved" post, what now?

Read other 16 answers
RELEVANCY SCORE 170.8

The System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64.

ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:

The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7!

1. System Fix Virus (the first virus that affected my Windows system, 2 days ago.)
2. Privacy Protection Virus (behaves almost exactly like the aforementioned virus)
3. Google-Redirect Malware (redirects all my searches to this site: 63.209.69.107)

Thanks in advance to ANY users for helping me and others with this malware/virus problem: I understand and read the previous pinned-thread about the revelant malware/virus issue that Windows-users solved with the programs I've been unable to install on my system. The aforementioned malware/viruses began to infect my PC on December 14, 2011 (since that day, I haven't found a single anti-virus program that can detect the Google-redirect malware/virus on my system).
&nbs... Read more

Read other answers
RELEVANCY SCORE 169.6

virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
this is what I get when I start internetexplorer
Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

TOP RATED
Pest Trap
Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

Visit Website Free Scan
Malware Wipe
Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

Visit Website Free Scan
The Spy Guard
Developed as the most efficient spyware cleaner with realtime protection.

Visit Website Free Scan
Brave Sentry
Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

Visit Website Free Scan
AD Protect
World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

Visit Website Free Scan

WARNING! YOUR SYSTEM IS VULNERABLE TO HACKERS' ATTACKS AND BREAKDOWNS!
Attention! Your system is currently exposed. Any remote computer can easily browse following folders and files on your computer:
- \Windows\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official intrusion detection system (IDS software)
YOUR PRIVATE INFORMATION IS IN OPEN ACCESS TO OTHER COMPUTERS
Your... Read more

A:Solved: virus.. popup "Malware Wipe" "the spy guard" and alot of commercials

Read other 14 answers
RELEVANCY SCORE 165.2

Hey everyone,
        I am trying to get the REST queries to work with the sharepoint end points instead of graph end points. I first created an app with relevant permissions and have given it the admin consent. Then I am hitting the https://login.microsoftonline.com/<tenant>.onmicrosoft.com/oauth2/token?Content-Type=application/x-www-form-urlencoded end
point with https://<tenant>.sharepoint.com as resource. I am then using the access token retrieved to give the rest call to https://<tenant>.sharepoint.com/_api/v2.0/drives/b!3indYSbqZ0-hVSPnCgIZy-2xDMh7jH9AuQnEzJMc6TEfQoSJvJT-R6tT0lFBQiPr/root/delta
but it is failing with "error":{"code":"generalException","message":"General exception while processing"}}. The REST response code is 401 Unauthorized. I have filed a Microsoft support ticket but they
have asked me to post on these forms. Can someone please help me with this? I am not able to move forward because the error is pretty generic and doesn't give any additional details.
Thanks,
Sai Kiran Katuri.

Read other answers
RELEVANCY SCORE 164

Maybe you can help... I found a virus or trojan (don't really know which) and was able to boot in safe mode and disable it at startup. I don't think it bothers my system anymore but I'd like to know a safe way to remove it, but when I look up either name above I find absolutely nothing.

When I look in System Config, under the Startup programs where I disabled this, it reads as:

Startup Item: gutigiwiz
Manufacturer: Unknown
Command: Runndll32.exe "c:\progra~2\yavuhoki\yavuhoki.dll",a
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Has anyone heard of this, and can you give me a hand? I'd really appreciate it, thank you. ~RTG

A:Virus/Trojan -- "gutigiwiz" and "yavuhoki.dll"

Hi and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

Read other 1 answers
RELEVANCY SCORE 161.6

In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds".

Any thoughts as to how to change this?
 

A:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

Read other 16 answers
RELEVANCY SCORE 161.2

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

Read other answers
RELEVANCY SCORE 161.2

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\sy... Read more

A:"Your System Is Infected" Background + "Internet Security 2010" virus/malware problem

Hi and welcome to TSF.

I'm afraid HijackThis no longer provides the information we require.

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

Read other 1 answers
RELEVANCY SCORE 160

I think I am infected with Malware, Spyware, or some type of virus. My desktop background has become a bright red screen with a toxic symbol on it and underneath it, it says "Your Privacy Is In Danger!" On the bottom right, in the taskbar, right next to the time and date, it says "Virus Alert!" My computer is also attempting to run anti-Spyware programs all by itself, opening browsers with websites to Spy programs and pop-ups warning me of possible hackers. Below is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:36: VIRUS ALERT!, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched... Read more

Read other answers
RELEVANCY SCORE 160

The "Idle-time Full System Scan" in Norton 360 v4 is bogging down my computer constantly, and there is no option to turn it off in "Automatic Tasks".

I contacted Norton and (after several attempts to find someone at Norton who could understand what I just said above and getting "hung-up" on over Norton chat. Inexcusable!!!) I was able to get a hold of a technician who told me that Norton intentionally removed this option "for security reasons, because they didn't want people turning it off".

The problem is, people will then be forced to turn it off by turning off ALL scheduled tasks (under "Settings/Scheduling/Schedule:Manual Schedule") and that is an even worse security problem than the relatively small one that would be created by turning off idle-time full system scanning.

Once the system has completed a full system scan, all files are on-access scanned anyway, so running a full system scan every 3-4 days is rather silly and extremely annoying--especially, because it will continue to try to run every time the system is idle if you cancel it.

A warning urging the user to not turn off idle-time full system scans without fully understanding the risks, and after explaining the risks, would be VERY preferable. Or at least the option to run the full system scans when the system is idle on a certain day of the month/week! The schedule for idle-time full system scans really needs to be separate from other tasks. In fact, t... Read more

Read other answers
RELEVANCY SCORE 160

my computer was hijacked by "support tool" a so called virus protection hijacker. i'm in safe mode with networking now & attached you see my hjt log file. help please. THanks!

actually, i'm on a different computer. it has windows xp home ed. & its a dell inspiron 530S

also, in trying to fix the problem initially, my wife deleted the file "rundll32" beacause the virus stated that had a virus error. so this file may be missing as well & we may need to replace it.
 

A:Computer Hijacked by "Support Tool" "Virus Protection" Prog

I posted this yesterday to get help for a "Support Tool" hijack on a computer. Please help. Log file attached. Thanks.
 

Read other 3 answers
RELEVANCY SCORE 160

hi every body
My PC has lots of files called "Thumbs.db" & "System volume information" in all its drives.I cant delete these files and I think the cause of shutting my pc down automatically and showing blue screen is these files.the operating system is win xp/sp2.
I don't know what to do with these and what anti virus will delete them.please help me.
thanks
 

Read other answers
RELEVANCY SCORE 159.6

hi,

i have tried a bunch of times tonight to run my "Ad-Aware" and wasn't able to, then i tried both my "HJT" as well as my killbox (just to see if it would load, didn't), and wasn't able to because of some "OLEAUT32.dll". i don't know if i am in the correct forum for help with this or not, but i thought it was worth a shot, if anyone can assist me i'd be grateful.
if i'm in the wrong forum please tip me off to that as well, as well as a hint which one to use, thanx!

i run windows me

i guess i shoulda said it said the OLEAUT32.dll, is out of date and those programs need a newer version
 

A:Solved: Can't run my "Ad-Aware", "HJT" or virus scan

Hi, You need the VB Runtime files to replace the newer OLEAUT32.dll file:

http://www.microsoft.com/downloads/...F9-B5C5-48F4-8EDD-CDF2D29A79D5&displaylang=en
 

Read other 3 answers
RELEVANCY SCORE 159.2

Picked up virus. Get a screen that is locked entitled "Police Cybercrime Investigation Department". When shutdown and reboot this screen comes up during boot up and is locked - can't get by it or remove it.

Info on the screen requests an on-line payment of $100. to unlock the computer.

OS - Windows Vista Home Premium, SP 2 , 32 Bit.

Help!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:26:32 PM, on 11/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Peter\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Mic... Read more

A:Infected with "Police Cybercrime Investigation Department" virus - scans included

Read other 12 answers
RELEVANCY SCORE 158.4

My home-bilt desktop and browser [Win98SE & Mozilla] "seem" to be running a little slower these days. My "protection" consists of - AntiVir, Tiny Personal Firewall, SpyBot, AdAware, plus Spyware Blaster & WinPatrol running in the background. All of this has shown no serious malware. SpyBot and AdAware have an occasional item, but I suspect that Spyware Blaster is blocking a lot from even trying to get on.

So, I have been trying some of those "FREE virus scans" such as Trend Micro, NoAdware and Registry Mechanic. ALL of these turn up "some problems" that they will gladly remove IF ONLY you will buy their program $$$.

However [and the reason for this posting] they never pick up THE SAME ITEMS !!! I'm just paranoid enough to believe that SOME of them find "broken links" and "orphan strings" and declare them as "dangerous" !!!

Any comments, opinions, suggestions ???
 

A:Opinion of "FREE online virus scans"

I have seen "Kaspersky" and "Panda" free scans recommended by 'experts' here at TSG. Use a Google search to obtain the download sites. "Ewido," also frequently recommeded, can be downloaded for free use, and updates are acknowledged. Just ignore the termination notice of the trial period. {redoak}
 

Read other 1 answers
RELEVANCY SCORE 158.4

My friend's computer seemingly got a virus, since it sent an email to somebody in her email list, on its own. She asked me to take a look.

She had a virus checker, but it had never been updated. So I installed "AVGfree" and ran that. It found a "trojan horse" virus as well as some other stuff that it said should be removed, so I did. I then ran "ccleaner" and it suggested to remove a TON of crap, like 500mb worth of files (she installs dumb stuff on her computer all the time). I removed these files. Then I ran "spybot" and it removed some stuff. I then defragged, which it needed.

So here I am, feeling like a hero, but then I reboot and there's a message saying that "lsass.exe" cannot be found. I cancel this message, and then there's another message saying that "ipwins.dll" cannot be found.

I tell her to just ignore these messages until I figure it out, but then she informs me today that she cannot access her email account on her computer. So I've gotta figure out how to fix this.

Any advice?? Thanks.

A:After virus checking and cleaning, "lsass.exe" and "ipwins.dll" missing

She could try the system file checker : tell her to prepare her XP CD (she'll need it if it asks to replace the missing files), then she will have to go to start => run, and type "sfc /scannow".

If that fails, she can perform a repair install if she has an OEM, retail or upgrade XP CD (recovery CD's cant' do that). She will have to boot on the cd, thus she needs first to change the boot order in the bios to CD-rom first. Then, when XP setup loads, choose the option "To setup Windows XP now" (not the one about recovery console). On the next screen (after the licence agreement) she should be given the option to repair her current xp installation by typing R.

Once that's done, if the CD wasn't a SP2 version, first thing is to go to windows update to reinstall XP SP2 and all updates she could have done since. Don't surf on the internet before any antivirus and firewall (either windows or another) is enabled.

Read other 2 answers
RELEVANCY SCORE 158.4

Hey guys, Ive run Adaware, Spybot, and Symantec in safemode. Adaware and Symantec successfully removed some entries but the problem still persists. Im getting constant popups including "netster", "heavy.com", "smashits", and others. Heres my log, and thank you in advance!

Logfile of HijackThis v1.99.1
Scan saved at 8:43:05 PM, on 7/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1... Read more

A:"Byte.Verify", "Downloader" virus, and endless popups

Also Backdoor.DSNX, Dropper.Agent.PP and Trojan.Dropper

Was looking around in the root C drive and found some interesting things there as well, but didnt want to do anything without advice first. Heres a "dir" listing

07/22/2006 04:38 PM 586,928 626_101newer.exe
09/25/2005 11:25 PM 219,412 adlog.txt
07/22/2006 08:44 PM 627 asdf.txt
07/26/2004 06:18 PM 0 AUTOEXEC.BAT
08/26/2005 07:53 PM 11,859,569 AVG7QT.DAT
07/26/2004 06:18 PM 0 CONFIG.SYS
07/26/2004 06:28 PM 10 csb.log
05/17/2006 10:47 PM 81 CTX.DAT
07/22/2006 04:37 PM 73,728 dfndred_7.exe
07/22/2006 04:38 PM 27,648 dist13.exe
07/26/2004 06:22 PM <DIR> Documents and Settings
06/30/2006 10:41 PM <DIR> Downloads
07/22/2006 08:44 PM 32,768 drsmartload.exe
07/22/2006 08:45 PM 20,480 drsmartload45a7d.exe
07/22/2006 08:45 PM 20,480 drsmartload46a7d.exe
07/22/2006 08:45 PM 20,480 drsmartload849a7d.exe
07/22/2006 08:45 PM 578,560 Installer3.exe
07/22/2006 08:45 PM 290,816 installerwnusnewer.exe
11/16/2004 05:11 PM <DIR> KPCMS
07/22/2006 04:37 PM 28,672 kybrded_7.exe
07/29/2004 02:16 PM <DIR> mj-comp-files
07/22/2006 08:45 PM 25,105 MTE3NDI6ODoxNg.exe
07/22/2006 08:44 PM 25,105 MTE3NDI... Read more

Read other 19 answers
RELEVANCY SCORE 158.4

HI, first of all, I found out that my home computer was infected by the lovelorn worm. Plan to clean that tonight.

Secondly, I found copies of 2 files named "folder" and "desktop" in almost all folders. The files where identical so I suspect that there is a virus that's propagating this. Is my hunch correct? Is this related to the lovelorn virus or is it another kind? What should I do?

Thanks!!!
 

A:files named "folder" & "desktop" in all directories.. is this a virus???

Symantec site you may want to review. I don't see anything about the file replication you are experiencing but the site may be helpful to you.
 

Read other 1 answers
RELEVANCY SCORE 157.6

Ok, so i am new to this site and please be understanding if i do not know what to do at some points. I have AVG anti-spyware and AVG anti-virus, both free and home edition. I was on my computer and i was downloading some software and an AVG screen popped up and said threat detected, it was in red which meant it was at high risk.. I have about maybe 7 of these pop up in the last 5 days i guess. Some of the ones that popped up were the trojan virus and then others popped up as the " Virus Found Lop ".

I have had problems now on my computer because of this. I use Mozilla Firefox but i also have Internet explorer. When ever i would open IE a little box with pop up from IE and saying that i have security and privacy issues. It would say that my whole computer could be at risk and i could lose important information. My computer is very slow now, i will click to open my internet and it takes about just under a minute to load. SOme sites do now work and others do. I also have been have Adult sites pop up.

I ran my AVG anti-virus and it came up clean all the time. I would only know i have a virus or whatever when it pops up like i said before, ( " Threat Detected" ). I have ran my AVG anti-Spyware and it came up with 4 or 5 medium risks so i just deleted them.

When the threats were detected by AVG anti-virus they were not heal-able so i put them in the virus vault. After a day or so i just deleted them from the vault. Im not sure if that was the right idea or s... Read more

A:" Virus Found Lop " and " Trojan " Please Help!

Not so long ago i was running my AVG anti-spyware and it came up with 11 threats detected at medium risk and i also glanced over at something and it said Malware Detected: 107
sooo i really dont think that is good. I really need help with this, please someone reply.
 

Read other 1 answers
RELEVANCY SCORE 156.8

Listing requested logs for this issue. Thanks in advance for your assistance.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Philip at 2015-06-01 11:10:33
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-733529448-3193121913-2867107617-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-733529448-3193121913-2867107617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-733529448-3193121913-2867107617-1003 - Limited - Enabled)
Philip (S-1-5-21-733529448-3193121913-2867107617-1001 - Administrator - Enabled) => C:\Users\Philip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled man... Read more

A:Side bar "crazy score" and browser re-directs immediately after mbam-malware scans removing virus

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Philip at 2015-06-01 11:10:33
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-733529448-3193121913-2867107617-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-733529448-3193121913-2867107617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-733529448-3193121913-2867107617-1003 - Limited - Enabled)
Philip (S-1-5-21-733529448-3193121913-2867107617-1001 - Administrator - Enabled) => C:\Users\Philip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version:... Read more

Read other 5 answers
RELEVANCY SCORE 156.4

it says

james137, you do not have permission to access this page. This could be due to one of several reasons:

Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

can some administrator fix this

sorry its not at the right forum. dont know where to post it could you move it the the correct location if there is one

A:[SOLVED] offtopic: forums help (cant post at &quot;Virus/Trojan/Spyware Help&quot; )

Dont worry about it, I get the same message. Im guessing its because they only let the administrators that know what they are doing help out with getting rid of viruses.

Read other 2 answers
RELEVANCY SCORE 156

Although the performance of my computer hasn't experienced any problems, I do have these following viruses, as discovered by Kaspersky Online Scanner.

Kaspersky report:

KASPERSKY ON-LINE SCANNER REPORT
Friday, June 09, 2006 1:35:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 9/06/2006
Kaspersky Anti-Virus database records: 199415
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics
Total number of scanned objects 232844
Number of viruses found 3
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 02:30:38

Infected Object Name Virus Name Last Action
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virusownloader.Win32.PopCap.b skipped

C:\WINDOWS\system32\drivers\etc\hosts.bak Infected: Trojan.Win32.Qhost skipped

C:\WINDOWS\system32\pmnnl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.av skipped

Scan process completed.

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:18:27 PM, on 6/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WIND... Read more

A:Solved: Trojan; "not-a-virus" problems: HJT & Kaspersky

Read other 11 answers
RELEVANCY SCORE 155.6

Could anyone explain the differences to me.
Also, does anyone know a good piece of virus toolkit that can actually remove them as well as prevent them?

T.I.A.
 

A:Difference between a "virus removal tool" and a "patch"?

A virus removal tool removes the virus from your computer meaning that the file is already on your system and running, so it stops it from running and removes the file. A patch however is used to prevent bad things from being installed, usually released when big worms hit, like SoBig, MSBlast, CodeRED...etc...So patches are to prevent and removal tools are to remove files already installed.
 

Read other 2 answers
RELEVANCY SCORE 155.6

I believe i have the Adclicker virus, however neither my Adaware or my Norton Antivirus has found it. I get popups continously and I have noticed the IEXPLOER.EXE running. When i delete it, Size File.exe runs and reloads IEXPLORER.EXE. I have done a search for Size File.exe and deleted it then deleted IEXPLORER.EXE but then SIZE FILE.EXE appears again and I go through the whole cycle again. Please help me delete this sucker. I have also ran CWShredder and it didn't find anything (not sure if i ran the right one though). Please help! Thank you.

Here's my HijackThis file:

Logfile of HijackThis v1.99.1
Scan saved at 9:19:25 AM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files... Read more

A:Virus: "IEXPLORERE.EXE" & "Size File.exe" - Can Anyone Help Remove?

Read other 9 answers
RELEVANCY SCORE 155.6

I was looking at these freeware AntiVirus program's to replace InoculateIt. The Company is ending InoculateIt support in May.
:
"Avast!" (ALWIL Software); "AVG" (Grisoft)
:
Both seem to get pretty good ratings, and I was thinking of getting one of them, then getting Norton AntiVirus when I have the extra $$$ available.
:
Any opinion's as to their ability to stop unwanted stuff from getting in, ease of setup & use would be appreciated.
One thing I've noticed is AVG only issues updates monthly--and I think Avast! is the same--is this often enough to effectively defend against new virii?
:
Will be using whichever one I get with ZoneAlarm (Freeware) Version 2.6.231
 

A:"Avast!" and "AVG" Anti-Virus program's. Opinion's?

Read other 7 answers
RELEVANCY SCORE 151.6

Hi guys i inserted my brother's usb/pen drive /stick in to my computer a week before and just after inserting the pen drive a dialogue box or screen appeared which says ''gotcha you" and "you are in my control".

this same virus caused my brother's laptop to go haywire around two months ago.it slowed the whole OS of that laptop like opening media player took like a couple of minutes also the mouse cursor acted weirdly.so i had to format the laptop's hard drive and reinstall XP.

now i am worried this virus slowing my pc down too.but i really don't want to format and reinstall my XP as all my games and programs are installed and finely tuned.

so anybody knows what is name of this virus/Trojan/spy ware(?) and which anti virus software can successfully detect,remove/delete it from my pc?
I already tried AVG free edition but it can't even detect it and again please tell me the name of this virus if you know so that when the right anti virus software detects it i can delete or remove it with certainty.

thanks for reading my big post

A:Virus says "Gotcha you" and "you are in my control" it's from Usb/pen Drive help

Hello and welcome to TSF.

It's not possible to determine the cause of the problem and to assist you without the proper set of logs.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 151.6

I am running Windows XP SP3, fully updated, on an Acer lap top PC.

I have several folders full of .mp3's and want to see the bit rate and duration. To do this I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

The two new columns appear, but the format of the "Duration" column appears to be "hours:minutes", so I see "00:04" or "00:03" for most .mp3's, when what I want to see is 'hours:minutes:seconds", e.g. "00:03:45".

This also happens for video files (.avi files), e.g. all my episodes of "Heroes" (sad, I know) have a duration of "00:42" instead of "00:42:xx".


Here are two pictures showing the problem with the .mp3's. The first is of Explorer showing the Duration as "Hours:Minutes":




The second picture is of the properties window of the first .mp3 in the list above:




I copied some .mp3 files to another (old) PC on my home network, and it displayed the duration field correctly:




Also, the properties window correctly shows the duration also:





I'm not the only person to have this problem. I received a private message from a member of another forum where I posted about this problem several weeks ago. That person also has the same problem with the duration field.

The tech guys on that forum were unable to find the source... Read more

A:Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

* bump *

Tricky, this one!

Read other 8 answers
RELEVANCY SCORE 151.2

Alright someone sent me something on AIM that said "Hey look at this" and me not even thinking of trojans or viruses clicked on it. Now whenever i go AIM that message is sent to everyone on my list and theres no way i can stop it. An IM will come up then exit almost immediately after that message is sent. It is being sent to my family and friends and after i notice i've been sending it i have to go to each person and tell them i'm sorry and don't click on it. ANY HELP TO REMOVE THIS WOULD BE GREATLY APPRECIATED.
 

A:Solved: "Hey Look At This" trojan/virus help me!!!

Read other 9 answers
RELEVANCY SCORE 151.2

Ok, so im new here so hey everybody..

to the point: my laptop is "stuttering"/lagging/skipping.
whatever you wanna call it its doing it.
my video/music/and cursor skip every second for a splt second it starts on start-up and dont stop til i turn my laptop off. it happens in a pattern its not random, ive done checked my drivers, spyware, and m RAM is good.. so can someone please help me? ***could it be because my battery wont hold a charger? so it has to be hooked up to the charger at ALL times or it dies Example: is the charger not got the "juice" to run the laptop by itself so it studders/skips..*** i dont know if this has anything to do with my problem but i ran "event viewer" and found this : The following boot-start or system-start driver(s) failed to load:
Cdrom
Imapi
redbook

PLEASE HELP




OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
Hard Drives: C: Total - 39723 MB, Free - 23484 MB; D: Total - 12684 MB, Free - 3633 MB;
Motherboard: Dell Inc., 0FF049, , .HWPLLB1.CN1296167S5169.
Antivirus: McAfee VirusScan, Updated: Yes, On-Demand Scanner: Disable
 

A:Solved: Whole computer "studders"/"skips"/"lags" .. have event viewer report (PLEASE

Read other 6 answers
RELEVANCY SCORE 151.2

I double-click and get "search" instead of "open"--only when I click a disk, like Hard Drive C: or Floppy A: or CD F: and so on.

It didn't used to do this, so I must've inadvertently changed some setting somewhere, but darned if I can find it now.

Any ideas?
 

A:Solved: On the "my computer" list, I double-click on disks and get "search" instead of "open"

Read other 12 answers
RELEVANCY SCORE 149.2

I've done everything I was supposed to do except I can't make hijack this it's own folder in C :P I don't know why. Anyway, here is my log. I appreciate your time and look forward to your advice!
Thanks in advance!

Logfile of HijackThis v1.97.7
Scan saved at 9:46:45 PM, on 9/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program ... Read more

A:Multiple pop-ups and virus eTriust calls "!update.exe" or win32/clspring.FH"

You are using an outdated version of HiJackThis. Please click on the link below to download the latest version:
http://www.bleepingcomputer.com/file...ckthis_sfx.exe

1. Delete your current HiJackThis.exe file
2. Double-click on the file you just downloaded.
3. Click on the "Unzip" button to install the newer version.
4. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

I require your next HJT log to be from this newer version

Read other 10 answers
RELEVANCY SCORE 148.8

One lapse of judgement and I'm out of action for the weekend...
Anyway, I've run Avast and removed a number of viruses it found, but I still have these annoying popups, etc.
Log:

reLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:49: VIRUS ALERT!, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technol... Read more

A:Time changed to 24h and reads "VIRUS ALERT!" also various "Security Alert" popups

Apologies for the double-post. I could not see an edit function.
I've cleaned out a couple of nasties with Adaware, although i've not seen much change - still getting the same "VIRUS ALERT!" and popups. Still, I thought it best to update the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37: VIRUS ALERT!, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE... Read more

Read other 9 answers
RELEVANCY SCORE 148.4

ok!!!!!!!!!! what is it and how do i fix it,,,, eyes crossed knees woobly help?????????????????????
 

A:[Solved] mplay32.exe,1"/play/close"%L"." and sndrec32.exe"%L"."

Read other 9 answers
RELEVANCY SCORE 148

hi,

was in the middle of browsing last night and got hit with this virus. a screen popped up and said my computer was infected and to scan my drives. at the same time, it shut down chrome and my ad-aware watch popped up and said started a live scan. I let ad-aware finish, restarted my computer, and I got the same fake antivirus pop ups as before. ad-aware started again in the background. I let it finish again and restarted again, and the same process happened. this is the popup I get after I restart:


it also turns my desktop white after I click OK.

I stopped the scan and tried to open chrome, firefox, IE, nothing works. sometimes they won't even open (and a popup will say that the file is infected) and sometimes it will open but will not display any websites; the browser just remains white or gives me a "this webpage cannot be displayed" general error.

I tried to open add/remove programs and nothing shows up (the window opens but I do not get a list of programs, the area is just white).

I was able to save GMER and DDS to a flash drive and ran them from the desktop.

during my GMER scan I had periodic popups saying my files were infected and that a scan would begin (which of course it didn't). eventually the pop ups stopped but all 3 browsers still don't work.

also, regarding the GMER scan, I have two hard drives, C: and F: (not partitioned, 2 actual drives). I unchecked F and left C checked. while the main drive is C, most of my actual file... Read more

A:virus prompting me to install fake anti-virus software.. "Worm.Win32.Netsky"

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please see this >> http://img.photobucket.com/albums/v6...ee_disable.gif

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 15 answers
RELEVANCY SCORE 147.6

Hi!
I use Yahoo search engine and everytime I try to search for anything lately, in the search results, in addition to the words I entered, "200" and "YST" are highlighted as if they were entered in the search perameters when they weren't, thus limiting and completely screwing up what I am looking for. Can anyone help? Thanks in advance!

Here's my HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 10:24:55 PM, on 8/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe
C:\Program Files\Java\j2r... Read more

Read other answers
RELEVANCY SCORE 147.6

the other day I was downloading something from sharebee.com when i got a popup from the site. the popup's address was a sketchy looking ".info" site and the page was blank except for a small box in the middle. I figured that this was an infected page so i did a google search on it and it showed up as containing "antivirus2008" virus on some diagnostic site that i do not remember... shortly after this page loaded my computer became really sluggish to the point where i couldnt do anything. so i restarted it.

then i saw somethin i've never seen before. a red window showed up on screen before windows loaded saying that "Trend Chipaway Virus has detected a boot virus on your hard disk" and won't let me load up windows. I tried to boot anyway, but when i click on my username it just logs me right back off. I tried to boot it in safe mode, and it also logged me right off immediately. It tells me to insert a bootable floppy disk, which i do not have. I do however have an xp disk. I put that in my disk drive and tried to reinstall windows. I chose to do a repair installation, and it went through the first part of the installation and rebooted. then the setup screen came up and it went through the "collecting information" "dynamic update" and "preparing installation" portions, however once it got to the installing windows section i recieved a fatal error saying "An error has been encountered that prevents Setup from co... Read more

A:boot virus causing "trend chipaway virus" message. can't log on, reinstall hangs AH!!

nothing huh.

Read other 3 answers
RELEVANCY SCORE 147.2

My computer was working fine yesterday and I had been working on a video when I needed to leave to go shopping, so I shut it down as I normally do when I leave the house. When I came home later, I turned it on to see the message "CD-ROM Boot Priority ..No Medium. Reboot and Select proper Boot device or Insert Boot Media in selected Boot device and press a key". When I press a key, it repeats the same message, and I tried restarting it and it said the same thing. Someone I talked to said that it might be because the computer doesn't recognize the hard drive, and I'm wondering if it could be caused by some sort of virus due to something I downloaded, but I'm hoping that it's just a lose wire or something fixable. I had a lot of important documents on it and I was almost finished with that video, which I had spent countless hours on, and it would be terrible if I lost it all. If someone could help me fix this problem, I would be forever grateful.

A:Message "CD-ROM Boot Priority ..No Medium" [Moved from Virus/Trojan Help]

Hello OtakuGirl,

By any chance did you leave a disk in the CD ROM drive? If so, remove it.

Read other 8 answers
RELEVANCY SCORE 147.2

Few weeks ago my Gateway DX4300 displayed a dialogue box that stated, "Your Computer has detected a Trojan Horse Virus, Shutting down." It then shut down, as the message stated it would. No Biggy...figured the computer was doing what it was meant to do upon a security threat. Well, after a few minutes I tried restarting the computer, and nothing, no power, no lights, no noises, completely dead.

So...thus far, I have tested the PSU with the paper clip trick, and an actual PSU tester, and it works just fine, according to those 2 test. I have also replaced the motherboard, thinking for sure that had to be the problem, but of course not, still no power whatsoever. I then figured, maybe it is the power button itself, so I used a screwdriver to short the 2 power on switch pins, and nothing. I have also replaced the CMOS battery, tested multiple outlets, power cord is good, reseated all connections. Also tried jumping it by moving the jumper from pins 1 & 2 to 2 & 3. And still nothing...

I have no idea what to try next...any help would be greatly appreciated!

Was also wondering is there a Trojan Horse that can actually cause a complete power/system failure...tried googling it, couldn't find anything on it.

Computer Specs:
Gateway DX4300 | Vista Home Premium 64x | AMD Phenom 9750 Quad Core Processor | ATI Radeon 4650 GPU

A:PC won't restart after "Computer has Detected Trojan Horse Virus, Shutting Down"

I currently have this same thread in the "Memory and Power Supply" section. The individuals that have responded are all saying it is the PSU that is faulty. I will be acquiring a working PSU tomorrow evening to confirm that is the issue at hand. Once testing is complete, I will follow up with an update...

Read other 3 answers
RELEVANCY SCORE 147.2

Ok here is my problem, I have a virus in my master boot record!! I am running Windows XP Professional on a compaq computer with a Western Digital hard drive. I have throughly been through this site and followed alot of the advice given to others with no success. I have first repaired the master boot record using the XP cd and then replaced the MBR neither one of these worked either. I REALLY DON'T WANT TO FORMAT AND RELOAD my system.

Can anyone please tell me how to get rid of this most annoying trojan????? The only real problem that I am expierencing is that it takes about 3-5 minutes to reboot the computer......I am extremely frustrated at this point and time.....

HELP ME PLEASE!!!!!!
 

A:Trojan virus "CRACKERBOX.EXE" in the master boot record on windows XP

ok firstly crackerbox.exe,which is trojan.crabox is not a virus.
what informed you that it was in the MBR?

go here: www.moosoft.com and download "the cleaner"...update it and scan your computer.
post back with the result.
 

Read other 2 answers
RELEVANCY SCORE 147.2

I have been using my roommates computer and recently started having a "Run As" dialog box pop up whenever the computer starts up. I have always pushed "cancel." I downloaded AVG, which showed a clean system. I ran a check with Emisoft anti-malware, which detected the following:

Emsisoft Anti-Malware - Version 6.6
quarantine log

Emsisoft Anti-Malware - Version 6.6
quarantine log

Date Source Event Behavior/Infection
7/22/2012 12:01:29 AM C:\Documents and Settings\Matt Rhoades\Desktop\wc3_tft_CDKeyGrabber11800.exe Moved to quarantine Trojan.Conjar!E2
7/22/2012 12:01:29 AM C:\Documents and Settings\Matt Rhoades\Desktop\wc3_tft_CDKeyGrabber11800.rar Moved to quarantine Trojan.Conjar!E2
7/22/2012 12:01:29 AM C:\Documents and Settings\Matt Rhoades\Application Data\Sun\Java\Deployment\cache\6.0\59\207a307b-1f56d3e5 File not found Trojan.Java.Agent!E2
7/22/2012 12:01:29 AM C:\Documents and Settings\Matt Rhoades\Application Data\Sun\Java\Deployment\cache\6.0\61\221053fd-310b1728 Moved to quarantine Exploit.Java.CVE-2009!E2
7/22/2012 12:01:29 AM C:\Documents and Settings\Matt Rhoades\Application Data\Sun\Java\Deployment\cache\6.0\59\207a307b-1f56d3e5 Moved to quarantine Exploit.Java.CVE-2010-0840!E2
7/22/2012 12:01:28 AM C:\Documents and Settings\Matt Rhoades\Application Data\Sun\Java\Deployment\cache\6.0\17\14287991-5de45c99 Moved to quarantine Trojan-Downloader.Java.OpenConnection!E2
7/22/2012 12:01:28 AM C:\Documents and Settings\Matt Rhoades\Application Data\... Read more

A:Suspicious "Run As" Dialog Box & BSODs Virus/Trojan Suspected

Read other 13 answers
RELEVANCY SCORE 147.2

My other computer (Windows XP) is in BIG trouble, and I need urgent help. I was on Encyclopedia Dramatica, as it was the first thing that came up in a Google search. I've heard of it before, and I thought it wasn't dangerous, but I now know otherwise.

I looked at an article, laughed a bit, read on, looked at a video, then got sick of the disguisting advertisements, so I clicked one of my bookmarks (using Google Chrome) to leave the site. Then, some very large window appeared. It said something along the lines of "warning:virus! click here!"

The instant it popped up, McAfee appeared to warn me it was a virus (as if I didn't know). It said it was a "generic trojan" or something along those lines. I clicked "okay" on McAfee's confrimation that the virus was blocked. However, the warning popped up again.

I knew something was wrong, because the trojan window wasn't gone, and apparently it was trying to download something still, because McAfee appeared again (or at least that's what I think). So I press CTRL+ALT+DEL... It doesn't work. Oh crap, this just got real.

When I tried to get the task manager to work it said in a pop-up "task manager disabled by administrator" I just pressed the power button, I didn't want to get any deeper into this. However, as everything was closing, I noticed something like, I forget what it was, but it was something like a free trial that tried to download, and someth... Read more

A:HELP! "Generic Trojan" virus! Computer unable to start up!

Still really need assistance!
 

Read other 3 answers
RELEVANCY SCORE 147.2

Hi. I have a folder that appeared in C:\Windows\Program Files called "microsoft frontpage" (lowercase letters). It contains a folder entitled "version 3.0" which contains a folder entitled "bin" which appears to contain nothing at all. After trying to use a file/folder unlocker to help delete the folder it stated that a process entitled winlogon.exe was keeping the folder from being deleted and the process path was \??\C:\WINDOWS\system32\winlogon.exe. I've read that some trojans\viruses attach themselves to winlogon.exe and that appears to be the problem. Does anyone know how I can safely remove the virus from winlogon.exe as well as delete the fake microsoft frontpage folder?

Any help is appreciated and thank you in advance.

A:In need of help with Trojan/Virus. Fake "microsoft frontpage" is the location.

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 147.2

Hello,
I have a Toshiba A75-s206 that runs pretty slow after some hours of usage(a bout two hrs). I have DSL but sometimes pages take a long time to load. Also, when working with office documents, and I want to switch to another application (web browser), the computer lags for ever and ever and ever. I've also noticed that it takes about three minutes just to reload in the begining, and sometimes shut down takes a while as well. One additional problem that's been going on is that the sound doesn't work, it seems the sound drivers do not load up at start-up, and the sound also fails when I get svshost. error messages. I've done all the steps 1-5 on the main page and here's the log. I hope you guys can help me get my laptop back on track :-) :-) :-)


Jose R

Logfile of HijackThis v1.99.1
Scan saved at 4:08:12 PM, on 7/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\C... Read more

A:Very Slow PC, "pic009.com" infested possible trojan, hijacker, virus??

I forgot to mention in the title that this is a HijackThis Log!!! thanks alot

Read other 17 answers
RELEVANCY SCORE 147.2

Hi there,

I recently got an alert from McAfee that a Trojan virus came onto my computer. I stupidly did not record the name of the virus before my computer shut down on its own. Now whenever I sign on to AOL Explorer I have a page that comes up instead of my AOL homepage that says "Browser Warning" and states "Your internet privacy is being compromised", that this is my #10 warning and that all sorts of pornographic words are being investigated and sent over to authorities, etc. Then it says that I need to buy their software. Obvious scare tactics. It might also be a total figment of my imagination but it seems like sometimes my cursor has a mind of its own. Not sure if this is what they call hijacking or if I am just being paranoid. I know next to nothing about computers. Any help you can offer would be greatly appreciated. Thanks very much in advance! I've pasted the DSS reports below.


Deckard's System Scanner v20071014.68
Run by Rob on 2008-01-28 22:16:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-01-29 06:17:03 UTC - RP316 - Deckard's System Scanner Restore Point
60: 2008-01-28 07:58:19 UTC - RP315 - Software Distribution Service 3.0
59: 2008-01-28 07:55:27 UTC - RP314 - Software Dis... Read more

A:Trojan virus on my comp/"Your internet privacy is being compromised"

bump up

Read other 2 answers
RELEVANCY SCORE 147.2

I am running AVG virus protection, and I got an virus hit for my services.exe file-"Trojan house Dropper.Generic_c.MMI" was detected.

In my most recent scan of AVG, there is also an error message for Firefox. "Luhe.sirefef.A" was detected.

Below I have pasted my System Info, HijackThis log, DDS log, TTSSKiller log, and ASWMBR log. DDS "attach.txt" is also attached.

Any help is greatly, greatly appreciated. Thanks in advance!!

*****

***********************
*********SYSINFO*******
***********************

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4078 Mb
Graphics Card: ATI Radeon HD 3600 Series, 256 Mb
Hard Drives: D: Total - 1907625 MB, Free - 135729 MB; S: Total - 114470 MB, Free - 57826 MB;
Motherboard: ASRock, P67 Extreme4
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

**************************
******HIJACKTHIS**********
**************************

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:03 PM, on 8/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
S:\Program Files (x86)\Formosa21\PowerConfig\PowerConfig.exe
S:\Program Files (x86)\AVG\AVG2012\avgtray.exe
S:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
S:\Program Files (... Read more

Read other answers