|
Windows Vista Problem solving for the Windows Vista Operating System. Please remember to state which edition of Vista you are using - Home Basic, Home Premium, Business, Ultimate etc. and whether you are using the 32-bit or 64-bit version if you know. |
|
Topic Tools |
#31
|
|||
|
|||
Windows is managing for all drives but my backup drive
|
#32
|
||||
|
||||
Your RootRepeal Log is fine.
You seem to be convinced that your operating system is infected even though I have found no evidence to that effect so let's get a second opinion. If you have installed any antivirus software, please disable it and close Internet Explorer. Click on your Start Menu and rightclick on the Internet Explorer icon and choose "Run as Administrator". IE will open again. Go here -> http://www.eset.com/onlinescan and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: Remove found threats Scan unwanted applications Click Start. This scan may take a while, so please be patient. Go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt. Click Edit - Select All then copy/paste that log back here. |
#33
|
|||
|
|||
So far 7 threats found... Will post log in an hour or so
Code:
# version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3967 (20090326) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=1e89aaa74a676244bb85e727913d250a # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-03-27 03:41:01 # local_time=2009-03-26 10:41:01 (-0600, Central Daylight Time) # country="United States" # osver=6.0.6001 NT Service Pack 1 # scanned=365995 # found=13 # scan_time=3789 C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\Local\msf3\lib\rex\exploitation\heaplib.js.b64 JS/TrojanDownloader.Agent.GJ trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\Local\msf3\lib\rex\exploitation\.svn\text-base\heaplib.js.b64.svn-base JS/TrojanDownloader.Agent.GJ trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\Local\msf3\modules\exploits\windows\browser\ie_createobject.rb JS/TrojanDownloader.Psyme.NCX trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\Local\msf3\modules\exploits\windows\browser\.svn\text-base\ie_createobject.rb.svn-base JS/TrojanDownloader.Psyme.NCX trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1720b4c2-4da8ea06 Win32/Poison.NAE trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\35d6db88-31602192 Win32/Poison.NAE trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Windows\System32\ConTest.dll Win32/Adware.Ascentive application (unable to clean - deleted) 00000000000000000000000000000000 Last edited by DHansen; March 27th, 2009 at 05:18 AM. |
#34
|
||||
|
||||
Ok.
|
#35
|
|||
|
|||
[code]
version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3967 (20090326) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=1e89aaa74a676244bb85e727913d250a # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-03-27 03:41:01 # local_time=2009-03-26 10:41:01 (-0600, Central Daylight Time) # country="United States" # osver=6.0.6001 NT Service Pack 1 # scanned=365995 # found=13 # scan_time=3789 C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\Local\msf3\lib\rex\exploitati on\heaplib.js.b64 JS/TrojanDownloader.Agent.GJ trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\Local\msf3\lib\rex\exploitati on\.svn\text-base\heaplib.js.b64.svn-base JS/TrojanDownloader.Agent.GJ trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\Local\msf3\modules\exploits\w indows\browser\ie_createobject.rb JS/TrojanDownloader.Psyme.NCX trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\Local\msf3\modules\exploits\w indows\browser\.svn\text-base\ie_createobject.rb.svn-base JS/TrojanDownloader.Psyme.NCX trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\ cache\6.0\2\1720b4c2-4da8ea06 Win32/Poison.NAE trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\ cache\6.0\8\35d6db88-31602192 Win32/Poison.NAE trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Windows\System32\ConTest.dll Win32/Adware.Ascentive application (unable to clean - deleted) 00000000000000000000000000000000 |
#36
|
||||
|
||||
The log shows that 13 threats were found yet your post only shows 8. Why did you edit the log?
Quote:
Quote:
Quote:
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} When you have done that, go here and download and install the latest version of Sun Java (Java Runtime Environment (JRE) 6 Update 13 - offline version). Quote:
So now that Nod32 has removed these threats, is your problem resolved? |
#37
|
|||
|
|||
Thanks, I'll check when I get home today.
I honestly have no idea what msf3/netbus is and how they got on my computer :/ |
#38
|
||||
|
||||
Ok. Does anyone else have access to your computer?
|
#39
|
|||
|
|||
They did, I bought this laptop used. Also, the problem still exists
|
#40
|
||||
|
||||
Ok, well I suspect your problem may be RAM related. For help with this, post a new topic in our Hardware Forum and include all your specs. Also include details of the BSOD's you have been experiencing.
|
#41
|
|||
|
|||
Well this could be a problem...
Last edited by DHansen; March 28th, 2009 at 02:06 AM. |
#42
|
||||
|
||||
Hit the Windows key plus r and type msinfo32 in the Run box and click ok. Can you see your specs now?
|
#43
|
|||
|
|||
Nope, I get a "Cant Collect Information" message
|
#45
|
|||
|
|||
I did it, now when I try to start it, it says that there is no such service :/
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Virus? Hardware? Time for a new PC? HJT Log (moved from Cyber Safety Forum) | majakdragon | Hardware | 2 | December 29th, 2008 07:48 PM |
Anti-virus suggestion? (Moved from Cyber Safety Forum) | acsdeb | Applications | 2 | July 7th, 2008 11:57 AM |
HELP! Hijack This Log. Virus problem w/IE/MS (Moved from Cyber Safety Forum) | jillyb | Windows NT, 2000, 2003, 2008, 2012 | 3 | April 30th, 2008 10:06 PM |
Any Recomendations for Anti Virus? (moved from Cyber Safety Forum) | redpete | Applications | 8 | March 15th, 2008 01:35 AM |
antispyware/virus?? (Moved from Cyber Safety Forum) | cheesewheels99 | Applications | 6 | March 7th, 2008 11:36 PM |
All times are GMT +1. The time now is 12:06 AM.