Tech Support banner

Status
Not open for further replies.
1 - 18 of 18 Posts

·
Registered
Joined
·
19 Posts
Discussion Starter #1
Hi everyone! My system is always being shut down by some NT authority (always while connected to the internet) and AVG Guard is always finding some virus. I always try to heal it but it doesn't seem to work. Also, I get loads of registry error popups while connected to the internet. Help! My HijackThis Log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 10:50:56 PM, on 9/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4mon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\OpenOffice.org 1.9.113\program\soffice.exe
C:\Program Files\OpenOffice.org 1.9.113\program\soffice.BIN
C:\Program Files\Gaim\gaim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\eeya\LOCALS~1\Temp\Rar$EX00.564\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - Startup: OpenOffice.org 1.9.113.lnk = C:\Program Files\OpenOffice.org 1.9.113\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F33118-CE68-47FF-885C-479A50F69DA8}: NameServer = 202.81.160.6 202.81.160.7
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
 

·
Registered
Joined
·
6,574 Posts
Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

Perform an online scan in Internet Explorer with Panda ActiveScan

  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
 

·
Registered
Joined
·
19 Posts
Discussion Starter #3
Hi. I couldn't run panda cus I only have mozilla. I don't have internet explorer in my PC but I did run Trend MIcro. Btw, some NT authority keeps shutting down my PC.. something to do with C:\WINDOWS\system32\lsass.exe?

ANyway, here are the resulsts. THanks so much. Looking forward to a reply. =)


Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'SOFTWARE\Classes\ed2k'
Found '' in 'SOFTWARE\Classes\ed2k\DefaultIcon'
Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning
 

·
Registered
Joined
·
19 Posts
Discussion Starter #4
also my programs keep on hanging. ie when i open a file in microsoft word or try to attach a file in yahoo mail. =(
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Please download and run the following tool....

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Once thats complete......

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download, install, and update Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
  • Once finished, click the [Save report] button
  • Save the report to your desktop
Close Ewido

Reboot back to normal mode and post the Ewido log. Let me know if you still get the NTShutdown message.
 

·
Registered
Joined
·
19 Posts
Discussion Starter #6
Hi. I did all the things you mentioned above. So far, my system hasn't been shut down by some NT authority but that usually takes a while so I'm not sure if it would happen again. My programs still hang though, especially when I'm attaching a file using mozilla.

Here are the reports from FIx Blast and Ewido.


W32.Blaster.Worm has not been found on your computer.


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:23:05 PM, 10/2/2005
+ Report-Checksum: F9169A62

+ Scan result:

C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost : Cleaned with backup
C:\WINDOWS\system32\TFTP880 -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\TFTP1348 -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\WINDOWS\system32\cool.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\WINDOWS\system32\hpdriver.sys -> Trojan.Rootkit.Agent.ae : Cleaned with backup
:mozilla.10:C:\Documents and Settings\eeya\Application Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\eeya\Application Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP37\A0008252.exe -> Backdoor.Agobot : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP37\A0009278.exe -> Worm.Plexus.a : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP37\A0009333.sys -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP37\A0009342.sys -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP37\A0010342.sys -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP37\A0010352.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP37\A0010371.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010390.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010399.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010410.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010426.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010433.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010448.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010459.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010472.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010481.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010493.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP38\A0010503.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP39\A0010512.exe -> Worm.Plexus.a : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP39\A0010571.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP39\A0010581.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP39\A0010588.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP39\A0010598.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP39\A0010607.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP39\A0010613.exe -> Backdoor.SdBot : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP39\A0010616.SYS -> Trojan.Rootkit.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{9D880C6B-8571-4EE1-ABFD-B65500095A32}\RP39\A0010670.exe -> Backdoor.SdBot : Cleaned with backup


::Report End

How's my system? Thanks.
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Still need to look deeper....

Download WinPFInd http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Download Track qoo http://www.geekstogo.com/downloads/Trackqoo.zip
Save it somewhere you will remember like the Desktop. Unzip the Track qoo.vbs inside to your desktop. DO NOT run it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.!



Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.! Once the Scan is Complete it will make a txt file (log) of what was found.

1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Please post those results in your next post!

REBOOT to normal mode.

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

So I need the following tool logs..

WinPFind.txt log
Track qoo.vbs log
 

·
Registered
Joined
·
19 Posts
Discussion Starter #8
Hi! =) Here are the logs:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/23/2001 11:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
winsync 8/23/2001 11:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Umonitor 8/29/2002 3:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll

Checking %System%\Drivers folder and sub-folders...
UPX! 8/30/2005 11:48:30 AM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 8/30/2005 11:48:30 AM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 8/30/2005 11:48:30 AM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 8/30/2005 11:48:30 AM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/28/2005 12:29:02 AM RHS 82432 C:\WINDOWS\clmss.exe
8/30/2005 10:21:32 PM HS 9728 C:\WINDOWS\Thumbs.db
9/27/2005 7:13:28 PM H 54156 C:\WINDOWS\QTFont.qfn
10/2/2005 6:32:44 PM S 2048 C:\WINDOWS\bootstat.dat
10/2/2005 10:41:54 AM H 4212 C:\WINDOWS\system32\zllictbl.dat
10/2/2005 6:31:54 PM H 765952 C:\WINDOWS\system32\config\system.LOG
10/2/2005 6:31:54 PM H 102400 C:\WINDOWS\system32\config\software.LOG
10/2/2005 6:31:54 PM H 8192 C:\WINDOWS\system32\config\default.LOG
10/2/2005 6:32:54 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
10/2/2005 6:32:44 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
10/2/2005 6:31:52 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/23/2001 11:00:00 PM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/17/2001 10:37:02 PM 48128 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/24/2001 7:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/24/2001 7:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/29/2002 11:41:28 AM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/29/2002 3:41:28 AM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/23/2001 11:00:00 PM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/24/2005 10:34:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/24/2005 10:15:40 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
7/24/2005 10:34:32 PM HS 84 C:\Documents and Settings\eeya\Start Menu\Programs\Startup\desktop.ini
7/25/2005 11:31:32 PM 810 C:\Documents and Settings\eeya\Start Menu\Programs\Startup\OpenOffice.org 1.9.113.lnk

Checking files in %USERPROFILE%\Application Data folder...
7/24/2005 10:15:40 PM HS 62 C:\Documents and Settings\eeya\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
= "C:\Program Files\OpenOffice.org 1.9.113\program\shlxthdl.dll"

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TrackPointSrv tp4mon.exe
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32
NoBackButton 0
NoFileMru 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/2/2005 6:41:16 PM



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4mon.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
C:\Program Files\Grisoft\AVG Free\avgse.dll

Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
"C:\Program Files\OpenOffice.org 1.9.113\program\shlxthdl.dll"

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
==============================
C:\Documents and Settings\eeya\Start Menu\Programs\Startup

desktop.ini
desktop.ini
OpenOffice.org 1.9.113.lnk
==============================
C:\WINDOWS\system32 cpl files


hdwwiz.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
irprops.cpl Microsoft Corporation
access.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
 

·
Registered
Joined
·
6,574 Posts
You said you run a Trend Micro Scan before.. what did it find..? Can you run a new scan and supply the results?

And can you please get the exact name and location of this NT Authority you're referring to?
 

·
Registered
Joined
·
19 Posts
Discussion Starter #11
TrendMicro didn't find any threats.

Actually, my system is a lot better now. I used to get disconnected from the internet every 2 minutes and I think it's a lot faster. But I still get NT Authority shutdowns from: C:\WINDOWS\system32\lsass.exe. So far, my programs are running smoothly.
 

·
Registered
Joined
·
19 Posts
Discussion Starter #13
Here are the results:

File: clmss.exe
Status:
INFECTED/MALWARE
MD5 2bb7d6291bab879e5a9335b9d6a735c0
Packers detected:
PESPIN
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found Win32.HLLW.MyBot.based
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Backdoor.Win32.SdBot.aad
NOD32
Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing
 

·
Premium Member
Joined
·
14,311 Posts
Delete that file you scanned earlier...it's bad.

Download Stinger and run it. See if it finds anything. See if you have this update already. If not, get it now to see if it fixes up the NT Authority shutdown problem.
 

·
Registered
Joined
·
19 Posts
Discussion Starter #15
i can't delete the two files: lsass.exe and clmss.exe cus I can't find it in the windows directy. But ewido found clmss.exe and deleted it. i ran stinger (couldn't update it though) and NO NT authority shutdowns so far. do i need to find and dlete lsass.exe?
 

·
Premium Member
Joined
·
14,311 Posts
No, don't delete lsass.exe anywhere else if you can't find it in the windows folder.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
 

·
Registered
Joined
·
19 Posts
Discussion Starter #17
Yup, I don't get NT authority shutdowns anymore, but now I have two more problems. Nothing seems to work. tried adaware, spybot, microsoft anti-spyware, ewido, AVG.
I keep on getting popups about the virus and my PC keeps on hanging:

trojan horse downloader.generic.lf
Trojan Horse Generic.ASV

goaway.exe

Help! Thanks..
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Do you still need help with this issue? What is alerting you to the presence of that problem?

Are you sure that, even though you use Mozilla FireFox as your browser, IE has been removed from your system? IE is an integrated part of the Windows operating system. How do you get your Windows Updates to keep XP patched?

There is another option for an online virus scan...this is different from the AntiSpyware tool you used earlier.

Go to Trend Micro Housecall Europe. This online scanner supports most browsers and operating systems.

Click on Check My PC now, and follow the prompts. If there is an Auto Clean option given, please select it. Save any results possible, and post them here.
 
1 - 18 of 18 Posts
Status
Not open for further replies.
Top