chi-chi

Comments

  • I just removed some program that was also misc. got installed called shopping reports. But I am still getting the same 6 Virtumonde malware infections in my adaware scan. The problem still seems to have ceased.. for now
  • I keep getting (2) 16-Bit MS-DOS subsystem messages one is C:\PROGRA~1\Creative\SBAUDI~1\CTSysVol.exe The NTVDM CPU Has encountered an illegal instruction CS:0546 IP:ffe0 OP:ff ff1e098b Choose 'Close' to terminate application and C:\PROGRA~1\MIFB84~1\point32.exe and upon shutdown I receive drive a:/ not ready or accessible…
  • I believe the ctsysvol.exe is part of the soundblaster audio card software included with your soundblaster drivers. You should try do update your driver and see if there are any improvements. For the other MS scripts, please post screenshots of the MS Scripts you are encountering as this may give us a better understanding…
  • My symtems include at start up a ms dos promp/****** runs with some funny letters and symbols then tells me that ctsys.vol isnt working properly and i have anothe ms dos ****** that runs. upon shut down i get another type of windows prompt as well. but here is my new log hope this helps Logfile of Trend Micro HijackThis…
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:43 PM, on 3/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:51:16 AM, on 3/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:37:32 PM, on 3/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…
  • First here is the location of the infected file sent via yousendit http://download.yousendit.com/68EC83F909A6B354 Second there was no such file C:\WINDOWS\system32\cvhnbnsc.dll (I even did a search for it to no avail) Last I got confused as to if you wanted me to upload the file here in this post but i did so anyway,…
  • I did delete some from the msconfig based on the one reply someone in this post left however I did what you informed me to do and am posting a new HTJ log. I have not set any proxy server addresses so I dont know why I have a saudi arabian mask address. I did once have a hide IP program which masked you real location but…
  • Scan Log Version of virus signature database: 2888 (20080220) Date: 3/7/2008 Time: 1:44:13 PM Scanned disks, folders and files: Operating memory;A:\Boot sector;A:\;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\;F:\Boot sector;F:\ Boot sector of disk A: - error opening [4] A:\ - error opening [4] C:\hiberfil.sys -…
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:38:17 AM, on 3/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…
  • The name of the file is hijacktis.log. And if you have installed it correctly it should be here: C:\program files\trend micro\hijackthis\hijackthis.log If not uninstall it and reinstall the hijackthis installer. I did a search for the file and windows found nothing, I also removed and re downloaded the program and still I…
  • <<The path to the log is mentioned in the "Path to log file" textbox>>. Next to the "Browse" button you can see the path. You can use the "Browse" option to select where to save the log. Please give me the log. How do i get you a copy of the log for this? I have the file saved. and when i hit browse to upload an attachment…
  • I hae checked there and even did an unhide of folders its not in any of those locations?? Is there a way within the program to just specify where i want to save my log file and if so how? cus i cant seem to find it. or do u suggest uninstalling the program and reinstaling it? thanks in advance
  • Ok the online scanner got hung up and is frozen but it got toward the end and no infections found so its just sitting on freeze right now maybe it will load? the malware is running now and i changed the time! thanks a million
  • OK i really appreciate all your help farbar as the red x is gone and everything seems to be back to normal minus the clock. Its showing the time right but soon as 1pm hits it will be in military time and the date shows as 2008-02-27 which is the correct date but the formatting is off? this is not a big deal but just a…
  • [*]Open a notepad, make sure the word wrap under format menu is not selected. Copy and paste the text in bold into it. REGEDIT 4 [-KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]…
  • Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon]…
  • The icon for the c:/ drive is still showing the red "X" and I still have the "help and support center" and "windows update" icons on my desktop. However the img. for the icon is now not showing and the generic default pic is there although the name and place holder for the icons remain, FYI. Hope any of this helps?
  • The posxx.tmp files are gone!! here is the log ComboFix 08-02-23 - chi-chi 2008-02-26 9:50:25.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.56 [GMT -5:00] Running from: C:\Documents and Settings\chi-chi\Desktop\ComboFix.exe Command switches used :: C:\Documents and…
  • ComboFix 08-02-23 - chi-chi 2008-02-25 17:43:56.3 - NTFSx86 Running from: C:\Documents and Settings\chi-chi\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\chi-chi\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! .…
  • chi-chi, I removed your PM because you have given me a link (probably to the uploaded infected file?) without any explanation and I didn't wanted to risk clicking on it. The instruction to upload a file is given in my previous post. The attachments are going to be downloaded by virus researchers and the moderators of the…
  • Of course that helps, the more you give me feedback the more I know what is happening there and the better I can help. Please read all my post and follow the steps in the order they are written. If you face a problem please report back before going to the next step. So please do the step 1. before we go further. well how…
  • WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\gsvgewwg.dllbox . ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))) .…
  • Yes there are still a ton of pos*.tmp filed under the c:/ directory! I also could not find bit lord or yahoo IM in my add/remove programs under the control panel as i never found the java either? So i went under start meny and uninstalled bitlord but wasnt able to find the uninstaller for yahoo hope that helps!??
  • ComboFix 08-02-23 - cohene-asante 2008-02-22 4:09:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.89 [GMT -5:00] Running from: C:\Documents and Settings\cohene-asante\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! .…
  • Now my clock and date is acting up showing military time or a 0 before the time if i try to change it, and the date is right but backwards ??
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:51, on 2008-02-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe…
  • I hope this helps this is my HJT log (I think I figured that much out) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:47 PM, on 2/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe…
  • I dont know how to use hijack this or w/e but i have seen that i need to do that and i have seen it on other sites please help..
Default Avatar