Home > Hijackthis Log > Hijackthis Log From Asus Eee PC HELP

Hijackthis Log From Asus Eee PC HELP

Using any peer-to-peer (P2P) or file sharing program is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information. Once installed, you should see a blue screen prompt that says: "The Recovery Console was successfully installed."Very Important! antivirus 4.8.1335 [VPS 090525-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\zip32.dll.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_GXVXCSERV.SYS-------\Service_gxvxcserv.sys((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 ))))))))))))))))))))))))))))))).2010-11-18 00:56 . Finals are coming up, and im getting like the AVG pop up with infections (it always says trojans and often says vundo) like every few minutes!

Advertisement Recent Posts No valid ip address error,... Please save that log to post in your next reply. Yes, my password is: Forgot your password? Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... More hints

Short URL to this thread: https://techguy.org/1091342 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? You can break logs into parts and use separate posts here when replying and posting the log files, if needed. -------------- Also click here and download the installer for Gmer to scanning hidden files ... Close any open browsers and any other programs you might have running Double click on renamed combofix.exe & follow the prompts.If you are using windows XP It might display a pop

Here's my logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:02:42 PM, on 1/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\TUProgSt.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Elantech\ETDDect.exeC:\Program Files\EeePC\ACPI\AsTray.exeC:\Program c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . I've also been noticing that my PC has gone slower from a couple of months ago.Here's my Hijackthis log. C:\WINDOWS\system32\jopisado.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning Register now! It is dangerous and incorrect to assume that because the trojan has been removed the computer is now secure. http://www.bleepingcomputer.com/forums/t/306592/hijackthis-log-help/ This will also purge the restore folder and clear any malware that has been put in there.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-26 549040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "mnumsg.exe"=c:\program files\MyShoppingGenie\mnumsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LiveUpdate"=AsusSender.exe c:\program Join our site today to ask your question. Hi! If you are prompted to Reboot during the cleanup, select Yes.

Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . www.cybertechhelp.com | home Cyber Tech Help Support Forums > Software > Malware Removal Forum HijackThis Log Help User Name Remember Me? TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device -> \Driver\iaStor \Device\Harddisk0\DR0 85535EC5 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\iaStor.sys RSIT will also create a second log, info.txt, which will be minimized to your taskbar.

I think what also happened, besides getting bad stuff, as the spybot was on the setting where it asked me about registry changes...and...um....I probably messed it up. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. combifix restarted when the system restarted but i think it crashed when other programmes automatically reopened.

C:\WINDOWS\system32\okekimaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Zeno Attached Files: hijackthis zeno1.txt File size: 9.5 KB Views: 0 Oct 12, 2010 #1 crunchie Malware Helper Posts: 728 Hi and welcome to TechSpot forums . ==== Please read Be sure top save it to the Desktop.

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged I uninstalled spyboy, and ill reinstall it later and tell it to NOT ask me...cause clearly I dont know a damm thing! self protection module/ALWIL Software) ZwCreateProcessEx [0x9976AB9C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast!

I followed the instructions disconnecting from the internet and stopping all monitoring software.

Alternate DDS download link Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds Thread Status: Not open for further replies. Please note that many features won't work unless you enable it. Blogs Advanced Search Forums Spyware Help help?

I think I have malware on my system as I am often redirected by IE. File name: unvise32.exe Submission date: 2010-09-14 18:26:33 (UTC) Current status: finished Result: 0 /41 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. http://magicnewspaper.com/hijackthis-log/help-me-with-this-hijackthis-log.html Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:21:24 PM, on 2/28/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired.

Several functions may not work. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 gringo_pr gringo_pr Bleepin Gringo Malware Response Team 136,771 posts OFFLINE Gender:Male Location:Puerto rico Local time:06:49 At that time please let me know how the computer is running . Loading...

Please do not attach the logs unless requested, or unless they are to large to paste. Make sure it is set to Instant Notification, then click Subscribe.I would like to get a better look at your system, please do the following so I can get some more Jintan View Public Profile Find all posts by Jintan Bookmarks Digg del.icio.us StumbleUpon Google « Previous Topic | Next Topic » Topic Tools Show Printable Version Email this Page Posting Rules Back to top Back to Resolved/Inactive HijackThis Logs 1 user(s) are reading this topic 0 members, 1 guests, 0 anonymous users Reply to quoted postsClear Lavasoft Support Forums → Archived

If you have problems create a thread in the forum, please.Don't post your log into other user's topic, create a new one. Double click the adwcleaner.exe to run the tool. Javascript You have disabled Javascript in your browser. but if i leave the error message and just do whatever else, the computer is working.except im still getting all these random redirections on firefox and internet explorer.

Also do not use your computer during the scan). Ask a question and give support. TechSpot Account Sign up for free, it takes 30 seconds. scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-92224594-1781928976-2335987522-1006\Software\Avance\AC97 Audio] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-92224594-1781928976-2335987522-1006\Software\InterVideo\Common] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\Atheros Communications Inc.\Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver]

TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast!