Over 1 million tech questions and answers.

Was Infected With Vundo And Boaxe.dll Now Windows Can Not File Programs To Open Files On My Desktop (dss Included)

Q: Was Infected With Vundo And Boaxe.dll Now Windows Can Not File Programs To Open Files On My Desktop (dss Included)

Quietman7 sent me here after he helped me remove all the adware and trojans from my computer.... I recieve a message box that states:Windows can not open this file:File: (name of file ) To open this file Windows needs to know what program created it. Windows can go online and look for it automatically, or you can manually select from a list of programs on your computer. What do you want to do?Use a web service to find an appropriate programSelect from a listThis box pops up after every program I click on except IE, AOL, Recycle Bin, & My Computer I think that my automatic updates have started again because earlier I saw the the Yellow diamond in my task bar. But its not there now. I had to fiddle around in my : My computer folder to find the appropriate file to open programs on my desk top ... The pics from the icons on my desktop are changed to that little white box with red and blue lil dialog box..Please help me!!!!!!!!!!Deckard's System Scanner v20071014.68Run by Owner on 2008-06-22 16:45:02Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --50: 2008-06-22 20:45:37 UTC - RP1784 - Deckard's System Scanner Restore Point49: 2008-06-22 18:09:37 UTC - RP1783 - System Checkpoint48: 2008-06-21 17:19:33 UTC - RP1782 - Restore Operation47: 2008-06-20 17:31:19 UTC - RP1781 - System Checkpoint46: 2008-06-19 16:46:18 UTC - RP1780 - System Checkpoint-- First Restore Point -- 1: 2008-05-15 01:57:49 UTC - RP1735 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-06-22 16:47:19Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\SYSTEM32\services.exeC:\WINDOWS\SYSTEM32\lsass.exeC:\WINDOWS\SYSTEM32\svchost.exeC:\WINDOWS\SYSTEM32\svchost.exeC:\WINDOWS\explorer.exeC:\WINDOWS\SYSTEM32\spoolsv.exeC:\WINDOWS\SYSTEM32\PackethSvc.exeC:\WINDOWS\SYSTEM32\dllhost.exeC:\Program Files\mcafee.com\Agent\Mcdetect.exeC:\Program Files\mcafee.com\VSO\McShield.exeC:\Program Files\mcafee.com\Agent\McTskshd.exeC:\Program Files\mcafee.com\VSO\oasclnt.exeC:\Program Files\McAfee\SpamKiller\MSKSrvr.exeC:\Program Files\mcafee.com\VSO\mcvsshld.exeC:\Program Files\mcafee.com\VSO\McVSEscn.exeC:\WINDOWS\SYSTEM32\nvsvc32.exeC:\WINDOWS\SYSTEM32\HPZipm12.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\SYSTEM32\svchost.exeC:\WINDOWS\SYSTEM32\dmadmin.exeC:\Program Files\Common Files\AOL\ACS\AOLacsd.exeC:\WINDOWS\SYSTEM32\ctfmon.exeC:\Program Files\Common Files\AOL\1211590469\ee\aolsoftware.exeC:\Program Files\Traysoft\PhoneTray\PhoneTray.exeC:\WINDOWS\SYSTEM32\wuauclt.exeC:\Documents and Settings\Owner\Desktop\dss.exeC:\Program Files\America Online 9.0\waol.exeC:\Program Files\America Online 9.0\shellmon.exeC:\Program Files\America Online 9.0\aolwbspd.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.comR1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%sR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lotterypost.com/forum/3R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR3 - Default URLSearchHook is missingO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {BB1B1C2E-F0C1-44F2-AC35-5CC8E02F7907} - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M44OI8Q8\3077ahntdksr[1].dll (file missing)O2 - BHO: (no name) - {E60A96EE-9C19-4CCB-A716-2665CB3809Fe} - (no file)O2 - BHO: {75163809-9eab-89db-1854-c9af090840ce} - {ec048090-fa9c-4581-bd98-bae990836157} - C:\WINDOWS\SYSTEM32\tcnwmkuh.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\mcafee.com\VSO\mcvsshl.dllO3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_1_6_0.dllO3 - Toolbar: (no name) - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - (no file)O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exeO4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exeO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMainO4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeO4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startupO4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exeO4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /secondO4 - HKCU\..\Run: [Igl] C:\WINDOWS\System32\l?ass.exeO4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeO4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exeO4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dllO9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpyO9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpyO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://search-soft.net (HKCU)O16 - DPF: {11111111-1111-1111-1111-111111113457} () - file://c:\ied_s7m.cabO16 - DPF: {11111111-1111-1111-1111-511111113457} () - file://c:\x.cabO16 - DPF: {11111111-1111-1111-1111-511111113458} () - file://c:\x.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...77/mcinsctl.cabO16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210893136734O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210989330546O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,18/mcgdmgr.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/.../yiebio4029.cabO17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{01D1C6CD-6D44-46B6-BA89-10155A459FBE}: NameServer = 69.50.166.94,69.31.80.244O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{A0F3549F-A6F5-419F-B32D-3F976AA07F8C}: NameServer = 69.50.166.94,69.31.80.244O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{E09FF6F1-A6FA-474D-8D69-B393B98DA065}: NameServer = 205.188.146.145O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\SYSTEM32\msvidctl.dllO18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dllO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\acsd.exeO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\mcafee.com\Agent\Mcdetect.exeO23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\mcafee.com\VSO\McShield.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\mcafee.com\Agent\McTskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\mcafee.com\Agent\mcupdmgr.exeO23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exeO23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\SYSTEM32\PackethSvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exeO23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe--End of file - 9436 bytes-- File Associations -----------------------------------------------------------.bat - unable to read key.bat - unable to read key.bat - unable to read key.com - unable to read key.com - unable to read key.exe - unable to read key.exe - unable to read key.lnk - unable to read key.pif - unable to read key.reg - unable to read key.reg - unable to read key.reg - unable to read key.scr - unable to read key-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ? 2000 DDK provider; Windows ? 2000 DDK driver>R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus? ASPI Shell>S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)S3 Freedom (FREEDOM Miniport) - c:\windows\system32\drivers\freedom.sys (file missing)S3 PCDRDRV (Pcdr Helper Driver) - c:\windows\system32\drivers\pcdrdrv.sys (file missing)S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>R2 PackethSvc (Virtual NIC Service) - c:\windows\system32\packethsvc.exe <Not Verified; America Online, Inc.; America Online>S2 WinToolsSvc (WinTools for IE service) - c:\program files\common files\wintools\wtoolss.exe (file missing)S4 TBPSSvc (WebSeach Toolbar support NT service) - c:\progra~1\toolbar\tbpssvc.exe (file missing)-- Device Manager: Disabled ----------------------------------------------------Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Parallel DeviceDevice ID: ROOT\LEGACY_HPFECP11\0000Manufacturer: Name: Parallel DevicePNP Device ID: ROOT\LEGACY_HPFECP11\0000Service: HPFECP11-- Scheduled Tasks -------------------------------------------------------------2008-06-16 10:25:02 300 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job-- Files created between 2008-05-22 and 2008-06-22 -----------------------------2008-06-22 15:06:08 0 d-------- C:\WINDOWS\ERUNT2008-06-22 14:59:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities2008-06-22 14:59:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel2008-06-22 14:59:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe2008-06-22 14:59:01 0 d-------- C:\Documents and Settings\Administrator\WINDOWS2008-06-22 14:59:01 0 d--h----- C:\Documents and Settings\Administrator\Templates2008-06-22 14:59:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu2008-06-22 14:59:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo2008-06-22 14:59:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent2008-06-22 14:59:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood2008-06-22 14:59:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood2008-06-22 14:59:01 0 dr------- C:\Documents and Settings\Administrator\My Documents2008-06-22 14:59:01 0 d--h----- C:\Documents and Settings\Administrator\Local Settings2008-06-22 14:59:01 0 dr------- C:\Documents and Settings\Administrator\Favorites2008-06-22 14:59:01 0 d-------- C:\Documents and Settings\Administrator\Desktop2008-06-22 14:59:01 0 d--hs---- C:\Documents and Settings\Administrator\Cookies2008-06-22 14:59:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data2008-06-22 14:59:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft2008-06-22 14:59:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust2008-06-22 14:59:00 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT2008-06-22 00:49:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes2008-06-22 00:48:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-06-22 00:48:30 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-06-21 19:31:19 0 dr-h----- C:\Documents and Settings\Owner\Recent2008-06-21 18:42:41 0 d-------- C:\Program Files\CCleaner2008-06-21 18:21:51 0 d-------- C:\VundoFix Backups2008-06-21 15:48:41 99328 --a------ C:\WINDOWS\system32\tcnwmkuh.dll2008-06-20 21:35:28 90112 --a------ C:\WINDOWS\system32\lhjbodol.dll2008-06-19 21:33:44 90112 --a------ C:\WINDOWS\system32\wttepfqe.dll2008-06-17 21:30:32 90112 --a------ C:\WINDOWS\system32\fggureyw.dll2008-06-16 18:50:52 90112 --a------ C:\WINDOWS\system32\rvvfxlrl.dll2008-06-15 18:42:58 90112 --a------ C:\WINDOWS\system32\bjavnnkf.dll2008-06-14 21:45:16 99328 --a------ C:\WINDOWS\system32\jnsrlcyr.dll2008-06-13 21:26:29 99328 --a------ C:\WINDOWS\system32\yuavewtj.dll2008-06-13 21:17:28 89600 --a------ C:\WINDOWS\system32\wqarowmr.dll2008-06-10 22:39:17 145 --a------ C:\WINDOWS\system32\winver.bat2008-06-08 22:24:38 0 d-------- C:\Program Files\7-Zip2008-06-05 17:21:35 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller2008-06-05 17:20:55 0 d-------- C:\Program Files\Windows Live2008-06-05 17:20:22 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller2008-06-05 16:29:28 0 d-------- C:\Program Files\Windows Media Connect 22008-06-05 16:23:37 0 d-------- C:\WINDOWS\system32\LogFiles2008-06-05 16:23:37 0 d-------- C:\WINDOWS\system32\drivers\UMDF2008-06-05 14:59:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage2008-06-05 03:53:48 0 d-------- C:\Program Files\Shareaza2008-06-05 03:53:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Shareaza2008-06-03 22:55:44 0 d-------- C:\Program Files\Traysoft2008-06-03 20:28:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express2008-05-30 20:12:01 0 d-------- C:\WINDOWS\Downloaded Installations2008-05-26 04:28:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe2008-05-24 11:24:40 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore2008-05-23 20:54:02 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP-- Find3M Report ---------------------------------------------------------------2008-06-15 15:19:52 0 d-------- C:\Program Files\PC-Doctor for Windows XP2008-06-11 18:25:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe2008-06-11 16:42:51 0 d-a------ C:\Program Files\Common Files2008-06-11 16:42:13 0 d-------- C:\Program Files\HP DeskJet 810C Series2008-06-11 16:38:11 0 d-------- C:\Program Files\Common Files\Adobe2008-06-11 16:34:56 0 d-------- C:\Program Files\Common Files\Motive2008-06-04 00:11:47 0 d-------- C:\Program Files\Common Files\AOL2008-05-31 02:17:46 0 d-------- C:\Program Files\My Movies2008-05-31 02:07:27 0 d-------- C:\Program Files\America Online 9.02008-05-30 20:12:09 0 d-------- C:\Program Files\HP2008-05-26 03:19:39 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN62008-05-24 11:23:11 0 d-------- C:\Documents and Settings\Owner\Application Data\AOL2008-05-23 18:36:19 0 d-------- C:\Program Files\Common Files\midaddle2008-05-22 01:36:01 0 d-------- C:\Program Files\microsoft frontpage2008-05-21 22:59:15 106680 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT2008-05-21 22:52:37 0 d-------- C:\Program Files\Print Workshop 2004 LE2008-05-21 22:51:39 0 d--h----- C:\Program Files\InstallShield Installation Information2008-05-21 22:46:15 0 d-------- C:\Program Files\Business Card Workshop2008-05-21 22:44:30 0 d-------- C:\Program Files\Common Files\InstallShield2008-05-20 17:15:08 0 d-------- C:\Program Files\Logitech2008-05-20 17:13:50 0 d-------- C:\Program Files\Common Files\Logitech2008-05-16 17:14:54 123996 --a------ C:\WINDOWS\HPHins12.dat2008-05-16 17:14:28 0 d-------- C:\Documents and Settings\Owner\Application Data\HP2008-05-16 17:09:16 0 d-------- C:\Program Files\Common Files\HP2008-05-16 17:06:17 0 d-------- C:\Program Files\Hewlett-Packard2008-05-13 20:59:52 0 d-------- C:\Program Files\AOL Companion2008-05-13 20:59:50 0 d-------- C:\Program Files\Common Files\aolshare2008-05-13 19:52:43 0 d-------- C:\Program Files\Common Files\Real-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB1B1C2E-F0C1-44F2-AC35-5CC8E02F7907}] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M44OI8Q8\3077ahntdksr[1].dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E60A96EE-9C19-4CCB-A716-2665CB3809Fe}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ec048090-fa9c-4581-bd98-bae990836157}]06/21/2008 03:49 PM 99328 --a------ C:\WINDOWS\system32\tcnwmkuh.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 12:05 PM]"checktime"="c:\program files\HPSelect\Frontend\ct.exe" [08/13/2001 11:23 PM]"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [07/08/2005 06:18 PM]"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" [05/10/2004 08:40 PM]"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [03/23/2005 04:33 PM]"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [03/23/2005 03:47 PM]"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [09/16/2004 05:15 PM]"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [06/19/2008 05:47 PM]"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [09/22/2005 06:29 PM]"SDFix"="C:\SDFix\RunThis.bat /second" [][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Igl"="C:\WINDOWS\System32\l?ass.exe" [08/04/2004 01:56 AM]"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [03/23/2005 04:33 PM]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [05/20/2008 05:14 PM]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk - C:\Program Files\hp center\137903\Shadow\ShadowBar.exe [11/6/2001 10:46:15 PM]hp center.lnk - C:\Program Files\hp center\137903\Program\BackWeb-137903.exe [11/6/2001 10:46:17 PM]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnkbackup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bj62Sp77U]C:\documents and settings\owner\local settings\temp\Bj62Sp77U.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]c:\Program Files\Microsoft Works\WkDetect.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]"C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]"C:\Program Files\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ntsij]C:\documents and settings\owner\local settings\temp\Ntsij.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]C:\Program Files\WildTangent\Apps\GameChannel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yne32o]C:\documents and settings\owner\local settings\temp\Yne32o.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"TBPSSvc"=3 (0x3)"MyWebSearchService"=2 (0x2)-- End of Deckard's System Scanner: finished at 2008-06-22 16:51:19 ------------Attached is the extra.txt file from Deckard
extra.txt 19.11KB
33 downloads

RELEVANCY SCORE 200
Preferred Solution: Was Infected With Vundo And Boaxe.dll Now Windows Can Not File Programs To Open Files On My Desktop (dss Included)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Was Infected With Vundo And Boaxe.dll Now Windows Can Not File Programs To Open Files On My Desktop (dss Included)

Hello anetrev and welcome to BC. It looks like vundo is still in there along with some other fun little things. Let's see what else we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
Reg - File Associations
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Save the file to your desktop or other location where you can find it back.Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post). Cheers.OT

Read other 12 answers
RELEVANCY SCORE 83.6

I did an update to AdWords Editor and my screen flashed afterwards and now most file type icons have reverted to no icon. Some are still there but most are not. They are missing in the folders and desktop. I have already deleted the IconCache.db several times and rebooted. The default program associations are working fine. Every file opens as it should. Even if I do change this, the icon does not return. I tried changing .txt files to open by default with Word but still nothing. Please help.

A:Desktop & file icons not showing up, only certain programs, files open

For some reason, I was missing the following folders under C:\Windows\Installer. No clue how, once I re-added from another computer, problem solved:

{90140000-0011-0000-1000-0000000FF1CE} - this is for Office
{AC76BA86-1033-FFFF-7760-000000000006} - this is for Acrobat

Read other 1 answers
RELEVANCY SCORE 76

Hi, this is my first time and I am a novice at this, but I just can't ignore what my TrendMicro OfficeScan software told me it found a WinAntiSpyware2007 spyware and then I scanned my computer with SpyHunter v2.9 and it found a Trojan.vundo file in the registry. Can anyone help! Thanks so much!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:13 PM, on 8/16/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32... Read more

A:Solved: Help! Infected by WinAntiSpyware2007 and Trojan.vundo! HiJackThis file included.

Apparently my OfficeScan software actually was able to get rid of the spyware after I closed out my Internet explorer session but it just did not remove it from my computer regsitry, but I have been informed that it probably can't hurt anything. My computer has not started acting up on me or anything, so this is all that I can assume.
 

Read other 1 answers
RELEVANCY SCORE 70.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:36:58 PM, on 8/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Pr... Read more

A:Infected With System 32\boaxe.dll

HiDownload Deckard's System Scanner (formerly Comboscan) to your Desktop.Note: You must be logged onto an account with administrator privileges.1. Close all applications and windows. 2. Double-click on dss.exe to run it, and follow the prompts. 3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized 4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.5. Then do the same with extra.txtNote: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txtPlease remember to post both txt files ...Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.THEN ..Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be... Read more

Read other 21 answers
RELEVANCY SCORE 70.4

Cannot open most of my files, especially .exe
I tried to download the file and when I clicked on "Run", I got the window which
is typical of the probblem I am having. Below is the link to the window.

http://shell.windows.com/fileassoc/0...ir.asp?EXT=exe

Almost all of my icons have a little white page with little icons on it. I have
tried to download PC Housecall and it downloaded, but when I tried to install/run
it, up pops the window above. Then the download icon turns into one of the little
window icons. I feel like I am caught in a sci-fi movie!

I just got this computer and it was fine when I started it up. Right away, I noticed
it didn't have Yahoo messenger, so I tried to download it. I made a mistake I think when
I used a download site from Yahoo search, but I thought I was downloading from
the Yhaoo site. Anyway, I had to download this "Pidgin" software. That is when this
all started. The computer was fine before that. The next thing I know, there is no YIM,
AND I have all of these stupid little icons all over, on my desktop, in my programs ... and,
when I try to open one, it takes me to that window online. So, I found in Yahoo Answers
That I could reboot in safe mode and get to Sytem Restore that way, because this problem
wouldn't let me use it. So, I used it and it seemed to fix it, but then I was still having problems
with my cursor. It goes all over the place and I have to type stuff over and over. It will wipe
out whole paragra... Read more

A:I can't open my files on my desktop or in my programs

Read other 11 answers
RELEVANCY SCORE 70.4

Referred by Broni at http://www.bleepingcomputer.com/forums/topic420376.html

Hello. I cannot not open any programs on my desktop (firefox, microsoft office, itunes etc..). I've noticed that all of these programs that will not open are exe files. I also noticed that certain adobe files (for ex. youtube videos) don't work either. I would run a scan with Malwarebytes but I cannot get any programs to run. This problem began two days ago when I installed a software on my computer so I could use my ps3 controller to play games on my computer. Also when I try to run video or music files on my computer, I get an error message from windows media player. Any help for my situation would be greatly appreciated.

A:Desktop Programs/exe files won't open

I followed the Prep. guide instructions to produce a log step by step and was unsuccessful. I downloaded defogger, DDS, and Gmer. I was unable to get any of the programs to run. When I clicked on the programs to open them, nothing happened.

Read other 3 answers
RELEVANCY SCORE 70

My friend dropped off his computer as he was having a problem. The computer will not run any .exe files. When I try, a dialog box comes up asking what program to use to open the file. I downloaded malwarebytes but since I can not install it, I am getting no where. Also, I try to boot in Safe Mode but the computer will not do that either.

Any suggestions?

Thanks.

A:Infected?? Can not open any .exe files/programs

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Butt... Read more

Read other 7 answers
RELEVANCY SCORE 69.6

I cannot open the add/remove programs in my control panel. I am not having any trouble with other control panel functions.

Logfile of HijackThis v1.99.1
Scan saved at 12:39:41 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Important Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Sta... Read more

A:Windows XP ~ cannot open add/remove programs (HJT log included)

The log looks fairly clean to me (but not an expert). Two questions:

When it refuses to open, do you get any kind of pop-up box about restrictions?

Go to C:\Windows\System32. Look for the file appwiz.cpl. Does it exist, and what happens if you double-click on it?
 

Read other 2 answers
RELEVANCY SCORE 69.2

Earlier today my PC crashed while playing a video game. It went to a red screen and restarted. I wasn't too worried at the time it had happened a couple times already with the game I had been playing so I thought it was just a game glitchWhen it restarted I went to open up Firefox to browse but accidentally hit windows media player and when it came up it just froze right away. I tried to open tsk manager and that wouldnt open. Internet still worked though so I ignored it and thought it was a random glitch. But now I've realized after coming back windows media player is still stuck, can't open tsk manager, can't start firewalls, can't get into control panel, and if I tight click on any application and hit run as admin itopen an error box saying it didnt respond In a timely fashion. I'm suspecting malware idk, sorry if it didn't make sense or had errors I wrote this on my phone, I'm off computer just in case but Firefox still works.
I just posted this in windows 8 forum but feel that was the wrong place. Just want help!

Read other answers
RELEVANCY SCORE 63.6

Hi, Recently i've visited a friend at a college and brought my laptop over there and ever since then i've been having issues with my laptop (Dell inspiron 1520)

Everytime i try and open a folder for any file it will automatically close within 2 secs and the desktop will disappear, or even when i open a folder to get to a setting for example i tried to go to remove/add programs however within like 2 secs the folder will close on its own and my desktop will disappear but my wallpaper is still up and the current programs that are running will still be there ( ex aim will still be on without the desktop there )

I've researched my issue over the web and it's been said that it may be a infection called Virtumonde/Vundo infection? i've never heard of such a thing

However i didn't get to do all 5 steps because computers been acting up when i try to process things.

here are the contents of the Main.txt

Deckard's System Scanner v20071014.68
Run by Hyun on 2008-03-17 15:05:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-03-17 07:14:05 UTC - RP145 - Restore Operation
6: 2008-03-15 08:07:05 UTC - RP144 - Installed McAfee VirusScan Enterprise
5: 2008-03-14 18:07:33 UTC - RP143 - Installed Ad-Aware 2007
4: 2008-03-13 23:14:13 UTC - RP142 - Windows Update
3: 2008-03-13 05:49:03 UTC - RP141 - Windows Update


-- First Restore Point --
1: 2008-03-11 11:35:23 UTC ... Read more

A:Windows Vista infected with Virtumonde/Vundo infection / Can't open any folders

Hi shintx

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please take note of instructions for Vista users you will not need to install the recovery console

Please ensure you read this guide carefully


Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

If you have any questions along the way, STOP and ask them before proceeding.

=================

In your next post, please include fresh logs from: ComboFix.txt
HiJackThis
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves... Read more

Read other 1 answers
RELEVANCY SCORE 63.6

Symantec's auto protect has been showing that I'm infected with a Vundo and I get random pop-ups on normally pop-up free sites. Any help would be appreciated, thanks in advance. Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:15:44 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla ... Read more

A:Solved: Infected w/ Vundo HJT log included

Read other 11 answers
RELEVANCY SCORE 62.8

So, lately I've been getting a lot of internet explorer pop ups. I ran my norton (that's old and expired) and also an AVG, about to run a Spybot SD search.

After running my AVG though, it put a bunch of my application .exe's in the vault, which saddened me, and now every time I boot up, I get two errors about unable to find awvvw.exe and also a csfhstds.dll failure or something rather.

I searched for both, and csfhstds.dll didn't show up with anything under google, and the awvvw.exe brought me to a forum similar to TSG, and some of the posters said it was a vundo virus.

(By the way, after running AVG, the popups are rarer, but still occasional.

Anyway, here is my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:21:44 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDO... Read more

A:Solved: I'm infected, with vundo virus maybe? (HJT included)

Read other 16 answers
RELEVANCY SCORE 62

Its the weirdest thing I have ever encountered, I have been somewhat involved in tech support myself for about 12 years...
I'm using Windows 7 Ultimate, and the OS is/has been running silky smooth as always, no spyware, or viruses to speak of, problem started a week ago, I was in my Gmail account and went to attach a file and all of my libraries were showing up empty? I tried a different browser, same issue, couldnt attach anything, all libraries empty... Then a few mins later I noticed I couldn't "open" a file while in Audacity, and had to right click on the file and open it that way, however when it came to saving my project, it was impossible, pressing save would not bring up a sub-menu, it was as if i wasnt even pressing the save button. The program itself was functioning correctly. Then, I opened a media player, and tried to open a file and could not. I go to file/open and nothing happens, same when i try to mount an image from the software itself, no response. Same with Word, try to goto file/open and no response
The programs are working fine, and windows is running fine, its just this hiccup I cant figure out.
Games, burning, surfing, downloading, editing videos, everythings is perfect, basically just cant save, or attach files?? right clicking on the file is my workaround for opening....hope i didnt blab on too long here, any help would be much obliged. -Cheers
 

Read other answers
RELEVANCY SCORE 62

Hi
I have a problem with my desktop (using friends laptop at moment). I have had a fake programme (Windows XP Defender) telling me that I have viruses etc, have tried to delete this fake programme, and used Task Manager to identify it when it posted a virus message. It was linked to vp.exe(if I remember correctly). I removed this file. Now I am unable to open any programmes, files, etc, and have the following message -
Error "Windows cannot access the specified devide, path or file. You may not have the appropriate permissions to access the item"

I cannot open Outlook Express, Internet Explorer, or any files. Help??
thank you
 

A:Windows XP - cannot run programs or open files

laceys, Go to the link below and scroll down to line 12 (left column) and click on "EXE (lnk and regfile) Fix for Windows XP
" to download a reg file fix. Save the REG File to your hard disk. Double click it or right click it and choose "merge" and answer yes to the import prompt.

http://www.kellys-korner-xp.com/xp_tweaks.htm

If you can't run the file do the following:

Press CTRL-ALT-DEL and open Task Manager. Once there, click File, then hold down the CTRL key and click New Task (Run). This will open a Command Prompt window. Enter REGEDIT.exe and press Enter. Once regedit is open click File>Import and locate that reg file fix, hilite it and click Open.

Note: If you can't access the Internet with the problem computer use another computer to download the reg file fix onto a CD, thumb drive, or floppy and transfer the file to the problem computer and run it..

After that .reg file is merged into the registry successfully restart your computer.

Tufenuf
 

Read other 3 answers
RELEVANCY SCORE 61.6

I've run AntiVirus and the FixVundo from Symantec's website, to no avail. The file on my system is named C:\Windows\system32\awvtq.dll

Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 8:31:09 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Mobility Manager\Mobility Manager\FMM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Prog... Read more

A:Solved: Trojan.Vundo-Help! - Log File included

Read other 13 answers
RELEVANCY SCORE 61.6

also no hope with with Ms Defender, McAfee VirusScan 11.2SuperAntiSpyware keep detecting and removing Trojan.Winfixer and Adware.Vundo. Disconnected from Internet and scan my computer (with SuperAntiSpyware) a dozen times then SuperAntiSpyware is nolonger be able to detect these Trojans. Yet, a.s.a I connect to the internet, SuperAntiSpyware alert with the same Trojan.My laptop configuration:Dell 640m - CPU: Duo Core 1.66x2, RAM:2x512, OS: XP Home SP2, Browser: IE7 + FFox 2.0.0.7Please kindly find below my HJT log. Looking forward to hearing from you---------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:45:23 PM, on 10/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Programs\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mc... Read more

A:Infected With Adware.vundo, Trojan.winfixer (hjt Logged Included)

Hello teddybear_ab I will be helping you with your problems.If you could navigate to Start>My computer\C:\HijackThis\HijackThis.exe and then right click on it and select rename. Rename it to Demon.exe. Next run Demon.exe and choose "do a system scan and save a logfile". Please post the resultant log in a reply to this thread and i will take a look for you.Thanks DC

Read other 2 answers
RELEVANCY SCORE 61.2

Hello all,
I have some .mkv files on my system.
Windows 7 does not seem to remember the programs that I used to open those files with.
I keep getting the default open with menu option without any available programs and then select a default program.
Even if open the file with WMP64, Winamp, BSplayer or Media Player Classic, those programs do not appear in the open with context menu, and I cant quickly open the file with those programs.

Is there something wrong which I can fix? thanks in advance!

A:Windows does not remember programs used to open a file

When you right click and go to open with, go to choose default program and select your suitable mkv player.
If one isn't there click to browse find it and select it.
Then check option always use selected program to open this kind of file.

Attachment 26984

Read other 7 answers
RELEVANCY SCORE 60.8

Hi all, I'm new here and sure could use some help. Somehow I was infected with a nasty virus, but I think I managed to clean it up, or at least I think so. However, now I cannot do many things on my computer. I can't upload files to email, I can't change the wallpaper or screensaver on my computer, I can't open any .exe files, and most programs will not open.

I've tried many internet searches for these problems and tried to run various scans and registry fixes, but nothing seems to work. I'd really rather not use the repair install cd but I'm afraid I might have to.

So, it seems to me that files are corrupted and something is blocking me from using my computer. It is very frustrating and I could sure use your advice. Thank you.

A:Can't open most programs, upload files, change settings, or open .exe files

Oh and please don't ask me to download any .exe files, because I can't run them!!

Read other 2 answers
RELEVANCY SCORE 60.8

Hi there!

I have been trying to combine rar files to make one big one....what i found was the extention wasn't named correctly (.000 should have been .r00) ....I have fixed that but I messed up previously trying to right click/open with/selected win rar ...now i can do anything with the two files I tried to open with like that.....one is a 003 file and the other a 004 file....so anytime it sees them it changes the icon not to a rar file but a stange icon mixed between rar and a notepad ...thats the best description i can come up with!

What I need to know is there a way to clear windows history of what programs to open files with? I can change it to another program but I fear it won't change anything
I basically want to 'reset' its memory if thats the word then i will be in the clear
I can then rename the file and compile away
 

A:Clearing windows memory of which programs to open files with?

Hi animal28

You should be able to change that in the Folder Options:
Open My Computer,
Tools > Folder Options > File Types tab
Scroll down and select the extension you want to change, you can then either change the association by clicking the Change button and selecting the desired program, or edit using the Advanced button.

If you created a File Type/extension, such as .000 it can be deleted, Windows will ask what program you want to use, to open the file.
As a precaution, note the information contained for the File Type before deleting.

Let us know if that works for you or not.
 

Read other 2 answers
RELEVANCY SCORE 60.8

I did a clean install on my toshiba A105-S1013 after 5 years of using. I'm happy that the speed is improved, but I cannot seem to install anything.

When installing a zip file (drivers) I could never open them from my desktop. I got a message:
"WinZip Self-Extractor header corrupt. Possible cause: bad disk or file transfer error" every time I opened a zip file.

However, when I saved the same file on a usb drive and ran it, it had no problems. I was also able to get it to work when I "run" the file instead of saving it on to my hard drive.

Also, when I try to install programs that are not in zip format, I get messages like: "The filename, directory name, or volume label syntax is incorrect" "error launching installer" or "Unknown installer error"

It seems like there is something wrong with the system. What can I do?
Thanks for the help :D

A:After reinstalling windows xp, cannot open zip files and install programs

This is one avenue-> http://kb.winzip.com/kb/?View=entry&EntryID=185

Read other 9 answers
RELEVANCY SCORE 60.8

I'm having a problem with windows media player, it won't open files while im using the Unreal development Kit,and also while i'm using certain other programs, this is especially annoying because when im trying to watch a tutorial for the UDK and go along with it. It won't even let me play songs on Ares whilst these programs are running the exact error message is.

"Windows media player encountered a problem while playing the file."

Help would be greatly appreciated. thanks.
BTW, this is a macbook pro Dual booting windows 7 if that would have anything to do with it.

A:Windows Media Player Won't open files while other programs run.

Try these 3 for additional information on WMP crashes -

1. WERCON -
START | type view | "View all Problem Reports" | 2x-click on line item for additional crash info

2. Reliability Monitor -
START | type perfmon /rel

3. Event Viewer -
START | type eventvwr.msc | Custom Views | Administrative Events

Regards. . .

jcgriff2

`

Read other 2 answers
RELEVANCY SCORE 60.8

Here is what happens, friday night I was using chrome as usual, and i get bored, so I wanted to see Breaking Bad and then I will go to bed, but when I close chrome and tried to open VLC media player, didn't work, gives me this error (sorry if it is in spanish, but i don't know how to traduce that, I'm from Colombia):
 
"No se pudo iniciar la aplicación; la configuración en paralelo no es correcta. Consulte el registro de eventos de la aplicación o use la herramienta sxstrace.exe de la línea de comandos para obtener más detalles". 
 
So I decide to restart my laptop. When I do that, I realized that it is EXTREMELY SLOW, like it took 20 minutes to reboot properly. And when I tried to open anything, ANYTHING, gives me the same error. I tried to open "sxstrace.exe" in the execute line, but it doesn't work, doesn't even appears in the task manager, even in the secure mode. Also i tried to run sfc /scannow but when it reaches 51% fails. I restore my laptop a month ago, but doesn't happen anything. In safe mode the only thing that works is CCleaner, so I erase the registry values, and clean the cache, and everything you can do in CCleaner, but nothing happens, doesn't work anything. Then I tried to follow the steps in this page: http://www.selectrealsecurity.com/malware-removal-guide Doing this http://www.selectrealsecurity.com/stop-malicious-processes
 and this http://www.selectrealsecurity.com/fix-programs . The... Read more

A:Programs don't open, only files from windows, extremely slow

Please, someone

Read other 4 answers
RELEVANCY SCORE 60

Hello Community! Please help!
 
Ever since I had gotten rid of a virus, my computer just won't function properly. A whole lot of problems and weird occurrences like a red X on my internet connection, yet I can still use the internet. I also can't hear any sound whatsoever.
Upon trying to open files it just wouldn't open no matter how many times i clicked, or it would show me an error message to reboot my computer and believe me I tried.
I tried using system restore to get everything back to normal, and yet again, another error message. It says:
 
'System restore does not appear to functioning correctly on this system
A Volume Shadow Copy Service encountered an unexpected error. Check the application event log for more information.'
 
I have been having this problem for about a couple of weeks now. I've been trying to just get the sound back at least but no luck there either.
I fear I might have to buy a new Windows 7 installation disk. I wanted to wait till windows 10 updated but i'm almost positive that this problem is going to prevent it from updating.

A:Windows 7 won't open programs, play audio or let me access files

Hello,
 
please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 
Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Last 10 Event Viewer Errors
 
Post log here .

Read other 4 answers
RELEVANCY SCORE 60

Okay, I have posted on this topic twice already on bleepingcomputer and have yet to figure out the cause of it (once in the "am I infected?" and another in the 'virus, malware, trojan, spyware log' sections).  Links to them both for reference of what is going on will be below, but here is a synopsis of the problem:
 
About a couple weeks ago, I returned home to a laptop that just became laggy/unresponsive when trying to open files or programs on Windows 7.  I mean, the cursor would act as if it was loading something massive, even if I didn't even touch anything.  And when trying to click something, it would basically stall out to the point of essentially being unusable that it could be deemed as crashing.  I could not even restart it normally because the system would just stop while the cursor loaded with the blue lagging ring of death.  I would have to hold the power button to my computer to turn it off.  Then turning it back on in normal mode would not make anything better.  It is only consistently accessible in safe mode.  Now it randomly goes without crashing every once in a while.  Yet the common trend when I have access to it again, web browsing tends to lag it again.
 
I remember going to repair computer and using the farbar scan from bleepingcomputer and my computer was able to boot up normal and be able to open files and programs like normal (it even rebooted normally).  But connecting it to the interne... Read more

A:Windows 7 Extremely lags/Crashes when trying to open/ run any programs or files

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 .  Post the link, do not cut;paste the report data.
 
Louis

Read other 16 answers
RELEVANCY SCORE 60

I messed up my computer last night and Im trying to reset it back 24 hrs, windows xp. But everything I try to do gives me the same prompt. all my icons on computer have the same image, i cant go to system tools or system restore, or even internet explore, the only thing i can to is use a google prog I have to get online, thank god. the message i get when i try to open anything is: WINDOWS CANNOT OPEN THIS FILE
TO OPEN THIS FILE WINDOWS NEEDS TO KNOW WHAT PROGRAM CREATED IT. WIND. CAN GO ONLINE TO LOOK IT UP AUTOMATICALLY OR YOU CAN MANUAL SELECT FROM A LIST OF PROGRAMS ON YOUR COMPUTER

WHAT DO YOU WANT TO DO?
USE THE WEB SERVICE TO FIND APPROPRIATE PROGRAM
SELECT THE PROGRAM FROM A LIST

System boots OK OK, but can't find programs due to file extensions being reset to .lnk.
please help me please

Read other answers
RELEVANCY SCORE 60

Hello, I have installed wireless printer drivers, using the provided CD, onto a laptop running Windows 7. I needed to download some software updates for that printer. When I tried to config the wireless printer to the network, the search remained in a "frozen searching" loop. I was able to CTRL+ALT+DEL to escape the loop. I then tried to uninstall, but that uninstall exited without completing. So, I right click on the file from the CD, to dump into Recycle Bin, then emptied that out of the Recycle Bin.

Now, Windows runs very slow and only the internet will open properly. Is there some part of that download still running in the background? RKill didn't seem to open properly either.

Thanks.

A:Windows 7 struggles to open programs after file wouldn't uninstall.

Try using a system restore point before the problem started.

And always, always use the latest drivers from the manufacturers website.

Never the cd.

Read other 1 answers
RELEVANCY SCORE 60

I messed up my computer last night and Im trying to reset it back 24 hrs, windows xp. But everything I try to do gives me the same prompt. all my icons on computer have the same image, i cant go to system tools or system restore, or even internet explore, the only thing i can to is use a google prog I have to get online, thank god. the message i get when i try to open anything is: WINDOWS CANNOT OPEN THIS FILE
TO OPEN THIS FILE WINDOWS NEEDS TO KNOW WHAT PROGRAM CREATED IT. WIND. CAN GO ONLINE TO LOOK IT UP AUTOMATICALLY OR YOU CAN MANUAL SELECT FROM A LIST OF PROGRAMS ON YOUR COMPUTER

WHAT DO YOU WANT TO DO?
USE THE WEB SERVICE TO FIND APPROPRIATE PROGRAM
SELECT THE PROGRAM FROM A LIST

System boots OK OK, but can't find programs due to file extensions being reset to .lnk.
please help me please

A:CANNOT RUN ANY PROGRAMS/ windows cannot open file-exe. are now lnk.---icons for every program are not appearing

if anyone can help or if theres anything i can do, screenshot or anything to help you help me, please tell me how and Ill promptly do it

Read other 1 answers
RELEVANCY SCORE 59.2

Thanks in advance for your assistance.

System boots OK OK, but can't find programs due to file extensions being reset to .lnk.

Was able to get back some functions by restoring .exe file association in folder options filetype tab. The system issued a message that I had recovered from a serious error.

All desktop icons are still not fixed yet. I suspect an infection but dont know how to interpret Hijackthis log. Was able to restore RUN program functionality when i fixed the file extension.

I would appreciate someone who is knowledgeable to interpret my hijack log and guide me through the steps to get any malware or worm cleaned.

Do not have the ability yet for an IE Windows update. This machine is a Dell XPS desktop about 5 years old I have upgraded my graphics card but aside from that no other hardware changes. I just ran TrendMicro House Call and found a RogueAV 709 which I will fix with Trendmicro. I have supported TechGuy and will continue to support. Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:57 AM, on 6/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sys... Read more

Read other answers
RELEVANCY SCORE 58.8

Hello everyone, I have a serious case of the Vundo virus so let me give you my symptoms before posting my HJT log to give a more detailed description.- As the title states, most of my programs can't operate or operate incorrectly. HJT will only run in Safe Mode and even then sometimes it won't work. MBAM can only do a quick scan, starting a full scan causes it to shut down instantly. Used MBAM's quick scan and it found 15 things, but there are still 3 objects I cannot get rid of. Also when I run MBAM, I'm not completely sure but it closes when before the quarantining process finishes. It's right after Verifying Folders or something like that when it closes.- An NT/Authority shutdown takes place in about 45 min-1 hr. use of the computer, in both safe mode and normal mode. - Firefox chugs through slowly when starting up, the list of my history is messed up. As in my most viewed websites aren't first when I type in the first letter or so.- Also, I think my version of Java is very outdated if that helps any. - It has stopped happening for now but a few days ago I started getting quite a couple of BSOD's, different ones everytime.- I have NOD32 installed. Many of my taskbar objects such as NOD32 doesn't show up. Although when I view the processes in Task Manager, it shows ekrn.exe is running [Which is NOD32]So, I'm really hoping you guys can somehow help me, honestly this virus is a pain and with the limitations on my programs I'm not sure how I can handle. I'm pretty sure if you ... Read more

A:Trojan.H.Vundo Most programs won't open. Help requested.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Read other 28 answers
RELEVANCY SCORE 58.8

Starting yesterday, I have been getting Corrupted Files error messages on startup, and several of my programs won't work (I tried to update my SuperAntiSpyware and Spyware Blaster and both said they couldn't update due to corrupted files). ITunes, IE, Safari have all had a lot of trouble. I have no idea what the problem is. Could someone look at my Hijack This file and give me a suggestion?

Thanks! I don't know what I would do without you!

*******************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:59 AM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\... Read more

Read other answers
RELEVANCY SCORE 58.4

I have a nasty virus that keeps directing me to <http://antispyspider.com/69>. It also changes the background of my display to a bright red color. This virus has disabled my ability to use task manager (I was able to get around this using a registry edit line I found online. I'm also unable to edit my registry by typing "regedit" in run. I've run PC tools antivirus and it's deleted some .dll files that keep popping back up every once in awhile. I've tried using virtumundobegone, fixvundo, and vundofix. None of them detect a vundo virus. I get a windows security error on my taskbar that says "windows has detected spyware" and a windows security manager message, "your computer is running slowly due to malware activity." When I close it the <http://antispyspider.com/69> link pops up again.Here is my Deckard System scan:Deckard's System Scanner v20071014.68Run by Michael on 2008-04-27 22:59:39Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-04-27 23:00:06Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system... Read more

A:Infected With Vundo (i Think) No Fix Programs Worked So Far

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log and an Uninstall List (instructions forthcoming)Step # 1: Download and Run HijackThisDownload HJTInstall.exe to your Desktop. Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Copy/Paste the log to your next reply please.Don't use the Analyse This button, its findings are dangerous if misinterpreted. Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.Step # 2 Download CCleanerDownload CCleaner fr... Read more

Read other 3 answers
RELEVANCY SCORE 58

Windows 7 infected with Locky.  Jpeg files will not open.  Please advise on how to remove Locky.

A:Windows 7 infected with Locky. Jpeg files will not open. Please advise.

Hi cjameson
 
If you have Locky I suggest you remove your computer from any network that has shared network drives.Typical symptoms of Locky:
Locky_recover_instructions.txt file in folders that Locky has performed encryption.
Wallpaper changed to Locky wallpaper
Files renamed to .locky
If you machine has symptoms described above please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
 
If you have any questions feel free to ask.
 

Read other 1 answers
RELEVANCY SCORE 58

Just started doing funny things like my Volume contol keeps going to zero on the screen,Or Musicmatch keeps starting or A media window ops ups showing all the media programs I have with a close or open lines above them.

I ran A virus scan and no show thing , I ran spy sweeper and nothing is found.
What else should I run Adware or something else..Also where are the programs to Dl to check them.

Now my start Menu keeps poping up

Help Help
Thanks
Here is my Hijack This Log

Logfile of HijackThis v1.98.2
Scan saved at 12:04:14 AM, on 8/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\anvshell.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDT... Read more

A:Help Please Media Programs keep poping up Hijack This File Included

Carn't help with the list but you need to run virus and spyware programmes to clean your pc, go here for info, or here for more info and tools.
I would suggest online virus checks, adaware and spybot, make sure you update them before you run them, also run cwshredder.

good luck.
 

Read other 1 answers
RELEVANCY SCORE 57.6

While surfing the web, Norton came up and said that C:\Windows\dlm.exe was infected with a Trojan virus. It could neither repair nor quarantine the file, and I was not sure if I should hastily delete it or not. I stumbled upon this site and saw others with similar cases. So, I downloaded Hijack This and ran a scan. Here's the log below. Thanks to anyone willing to help!
Logfile of HijackThis v1.97.7
Scan saved at 6:14:04 PM, on 12/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\dl.exe
C:\WINDOWS\dlm.exe
C:\PROGRA~1\Proc Ford Software\Wave road regs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Progr... Read more

A:Infected File, Can't Quarantine - Log File Included

Have a look at this thread http://forums.techguy.org/showthread.php?threadid=215474&90068ef66b0d48b4d35365630275933b
 

Read other 1 answers
RELEVANCY SCORE 57.6

Help! I scanned with norton and I had 0 infected files. I update its defentitions and I have 7! There all Trojan. Zonebac EXE.

All were quarantined but 1
tfswctrl.exe
It also couldn't be deleted

Logfile of HijackThis v1.99.1
Scan saved at 9:18:11 AM, on 11/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fantasysports.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll (file missing)
O2 - BHO: AcroIEHlprObj Cla... Read more

A:Help! 7 Infected Files, HJ Included

hi, welcome to TSG.
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!
Comodo firewall. Sign up it's free!

http://www.personalfirewall.trustix.com/
Threads on comodo!

http://www.wilderssecurity.com/forumdisplay.php?f=31


Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php

Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run Ewido and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.

* Click here to download ATF Cleaner by Atribune and save it to your desktop.

http://majorgeeks.com/... Read more

Read other 1 answers
RELEVANCY SCORE 57.6

My firewall stopped SVC Host from connecting outbound. The report read that something had commanded it to connect and was closing that application.

When I cleaned out my offline files and history, all of my cookies except four were also gone. I have my machine set to where it only allows the cookies I accept, and never erase them.

I ran Spybot and get this as a threat: Win32.Agent.pz path:C:\windows\system32\wnspoem\.

Shortly after this threat appears on the screen, but before the scan is complete, the computer will shut off and will not restart until I unplug it.

The same happens when I run AVG, except I don't get an error before the system shuts down. NOD32 comes up clean.

I restored to a known good point, and at least I can boot up, where as before it would boot, shut down and reboot continiously.

All of my saved login names and passwords are also missing and have to be re-entered.

The system runs great until I try to scan.

Here is my log. All help is greatly appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 2:54:15 AM, on 5/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG An... Read more

A:I have been infected!! HJT file included.

I finally got SpyBot to run an entire session and removed the only thing it found. Could someone please look at my HJT and tell me if everything is OK before I start entering usernames and passwords again.

I need to pay some bills, but don't won't my information hijacked.

Thanks all. When I am sure this thing is safe I definitely will donate.
 

Read other 2 answers
RELEVANCY SCORE 57.2

hit by Vundo and seem to have lost my desktop after trying to resolve

hijackthis, kaspersky, adaware, s&d, vundofix, etc... kaspersky was reporting that winlogon.exe was trying to inject into explorer.exe

running panda right now

no desktop displayed after logging in - I can only lauch apps thru Task Manager.

I think I may have screwed something up... :(

had similar prob about 2 weeks ago and thought I had resolved (not sure I saw vundo at that time though) - too many things tried to know what fixed it...

winxp pro - I'm thinking I need to run a repair and/or re-install

any suggestions/help would be greatly appreciated - hijackthis log attached for review/comment

A:infected by Vundo and now can't see Desktop

dss log:

Deckard's System Scanner v20070411.38
Run by Joe on 2007-04-21 at 21:26:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-04-22 01:27:38 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Joe.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:31:35 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Downloads\dss.exe
C:\PROGRA~1\HijackThis\Joe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://... Read more

Read other 4 answers
RELEVANCY SCORE 57.2

Could you tell me what to do first. I have been running mbam and spybot all day. What should I post ?
 

A:My desktop is infected with Vundo

Read other 16 answers
RELEVANCY SCORE 57.2

I'm in a very tricky situation, trying to help my PC novice sister from Sweden while she is in the UK.
She has an Acer desktop, WinXP SP2, 1400mhz, 40GB.. with Norton 2005, IE7, completely up to date Windows but a sadly out of date Adaware /or Adwatch? running. Its quite old now, from 2002 but runs okay normally but a 12 and 2 10 year olds surfing at times too, so perhaps not as secure as it should be.

From what she said last night it sounds like a Vundo infection, redirections from Google, pop ups galore, no Ctr, Alt Del or task manager functions.

So I find you guys and some awesome threads, but then ran into failures installing any programs to help.
Combofix and MBAM won't open, she gets errors with Temp file production so the files fail. I had to email the files as txt files for her to rename back to exe's, and tried renaming Combofix file name too but no luck.

Her Norton 2005 fails to find anything after a 30minute scan instead of close to 2 hours, and her adaware (not recently updated Grrrr) won't open either. (" system error service is not online application terminates etc" the other one (ad watch) just wont respond"

I'm assuming we can't run Hijack this either since it also won't open/install.. it got late last night.

Any suggestions... please??

And anyway I can access her remotely without Windows remote assistance. We never had an luck while I was on WinXP too. I'm now running on Vista so not sure if that wi... Read more

A:Solved: Helping from overseas, probable Vundo, Removal programs won't open.

I know I shouldn't bump my post but we really need some help desparately..

http://forums.techguy.org/malware-r...-helping-overseas-probable-vundo-removal.html

My sister can't even get her PC to boot up properly most of the time, and without being able to install help programs we are at a loss.

Please please can somene help us.

Tonight, Monday 15th
Sister tried HJT and it amazingly work, her friend is trying to help but i fear his help might mess it up further.

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:42, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNo... Read more

Read other 2 answers
RELEVANCY SCORE 56.8

Dear Tenforums users,

Since a few weeks I found myself unable to open any documents (Word, Powerpoint) from the 'Recent files list' in my office applications. Everytime I try to open it, I get the message: "The item you selected is unavailable. It might have been moved, renamed or removed. Do you want to remove it from the list?"
I already tried the automatic repair function but it was in vain so far.

Thank you in advance!

-esmorax

Read other answers
RELEVANCY SCORE 56.8

I have a Windows XP user who can open PDF files on our secondary file server (e.g. \\serverB\shares\marketing\file.pdf) but not from the main server (\\serverA\shares\marketing\file.pdf). Same with copying PDF files. He can
copy them to his desktop. from server B but not from server A. Server A is the one assigned to him because server B is being pre-seeded for DFS and is in a different office anyway.

The problem is only with PDF files. He can open and copy any other files. And it's only on his Windows XP machine. His Windows 7 machine works just fine (he can copy and open PDF files from server A).

The two servers (Windows 2016) are set up identically as far as NTFS permissions. The only difference is that server A is set up in DFS while server B is being pre-seeded before being added to DFS.

DFS namespace type is: domain (Windows Server 2008 mode).

The XP machine had no problem under server A when the DFS namespace type was Server 2000 mode, but I'm not sure that would cause the problem.

Read other answers
RELEVANCY SCORE 56.8

I am in desperate need of assistance and guidance. I have good reason to believe I have a virus or that I have been hacked in some way.

Some Symptoms:
1. WiFi is set to off, but comes on automatically
2. Once WiFi comes on, it brings up the dialog box to open a file
3. My open brower (Firefox) also closes automatically
4. In IE I get a dialog box that pops up asking me to enter a term to search for a file.

I have run virus scans several times to no avail. I have Microsoft Security Essentials.

HijackThis Log follows:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:02:02 AM, on 9/1/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\ZTE WiMAX CM\cm\UIExec.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\ZTE WiMAX CM\cm\WiMAX CM.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\... Read more

A:Open file dialog box comes up automatically - HijackThis Log included

Hiya

Sorry for the lateness in a reply, but these forums are very busy

Are you still having this problem? If so, can you do the following:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

Regards

eddie
 

Read other 1 answers
RELEVANCY SCORE 56.8

My desktop has some sort of virus(s) that causes emails to be sent out at random to addresses in my contact list with malicious links attached, I can't open 'Control Panel' without errors, and computer slow and acts flaky. Need help badly - thanks so much for your time in advance!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:17:58 AM, on 10/8/2010Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Nhksrv.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\System32\WgaTray.exeC:\WINDOWS... Read more

A:Desktop computer infected - hijackthis log included - at theend of my rope!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 56.8

I use XP home.This bogus Windows Security Center antivirus software is popping up and telling me that all my files are infected. And it wants me to buy their software. It has disabled McAfee and I cannot open or run anything! When I try to open a web page it says that web page is not secure. I have no idea how to get rid of this. I ran mbam in safe mode and it found and deleted 5 threats. Then I ran rkill and mbam in normal mode and mbam found nothing! But when I restarted my computer, it is still there.I ran Rkill and was able to get this DDS log.DDS (Ver_10-03-17.01) - NTFSx86 Run by Reagan Gibfried at 9:34:30.92 on Thu 04/01/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2387 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CSHelper.exeC:\Program Files\Common Files&... Read more

A:Bogus Windows Security Center popups warning me of infected files!! I can't open or run ANYTHING!!, I am cl...

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

Read other 11 answers
RELEVANCY SCORE 56.8

I use XP home.

This bogus Windows Security Center antivirus software is popping up and telling me that all my files are infected. And it wants me to buy their software. It has disabled McAfee and I cannot open or run anything! When I try to open a web page it says that web page is not secure. I have no idea how to get rid of this. I ran mbam in safe mode and it found and deleted 5 threats. Then I ran rkill and mbam in normal mode and mbam found nothing! But when I restarted my computer, it is still there.

I can't run DDS or GMER without running rkill first. Will that mess it up? Or can I run those in safe mode?

Help? Thank you!

A:Bogus Windows Security Center popups warning me of infected files!! I can't open or run ANYTHING!!

If you can run Rkill and get at least a DDS log do so.. If you have to use safe mode do that. Just post the DDS log here in a new topic.Virus, Trojan, Spyware, and Malware Removal LogsIf you can get DDS and GMER post both. Mention in the new topic if you used safe mode.Let me know here if it went OK>

Read other 3 answers
RELEVANCY SCORE 56.8

Since last 2 days my desktop (XP media center Sp3) has been plagued by Trojan.vundo Initially it had disabled my copy of Malwarebytes' Anti-Malware program. I am able to run it only after if renamed the "mbam.exe" file to "mbam.bat". After every scan MBAM keeps finding at least 5 files infected by Trojan.Vundo. Based on your guidelines, I went thru these steps for preparation: - ran the DeFogger which did not find any issues - ran the DDS Tool - I was not able to run the GMER tool. About halfway thru, my desktop either hangs up or reboots. If there is anything that I can do to get it run, please let me knowAny help would be greatly appreciated. Here are the contents of the DDS.txt log:DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 12:03:35.89 on Sun 02/28/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2868 [GMT -6:00]AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2009\vsserv.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC: ... Read more

A:Desktop infected by Trojan.Vundo

So that's it? No one can help me with this?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has be... Read more

Read other 16 answers