W32.Allim - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 03-12-2006, 09:34 PM   #1 (permalink)
Super Techie
 
Join Date: Jan 2006
Location: Wetaskiwin Alberta
Posts: 498
Send a message via MSN to nVdia Send a message via Yahoo to nVdia
Default W32.Allim

W32.Allim: Hey, I got this virus from a file some one sent over msn messenger, and I cannot get rid of it. It closes AVG; and norton cannot remove it please help!

file it's in is smss.exe
__________________

__________________
Intel Core 2 duo E6750
Gigabyte S series N650 SLI
Evga 8800GT Superclocked 512MB
4 Patriot Extreme DDR2800
Seagate Barracuda 320gig SATA 2
Seagate Barracuda 200gig SATA 2
Antec 900 Gaming Case
Enermax Liberty 620watt Modular
Acer 22inch Widescreen HDTV/DVI
Windows Vista Ultimate 32 Bit
nVdia is offline  
Old 03-12-2006, 10:27 PM   #2 (permalink)
Monster Techie
 
Join Date: Mar 2006
Posts: 1,533
Default

download ewido anti-malware & full database updates
http://www.ewido.net/en/download/
http://www.ewido.net/en/download/updates/
install it & the updates but during installation under "Additional Options" uncheck "Install background guard" , restart info safe mode (press F8 right before windows loads and select "safe mode") run ewido and do as follows
1. Click on "Scanner" and choose "Settings".
2. Under the bottom section "What to Scan?" make sure "Scan every file" is selected.
3. Select "OK" and you will return to scanning options.
4. On the main screen click on "Complete System Scan" to start the scan.
5. While the scan is in progress, you will be prompted to clean the first infected file if finds. Put a check next to "Perform action on all infections" in the lower left corner.
6. Then choose "Clean" and click "OK".
7. After everything was cleaned exit ewido and restart

W32.Allim disables regedit & task manager , to enable em do as follows:
1) goto start-->run-->cmd copy & paste this command and press enter :
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
(ctrl+v will not work in cmd you gotta right click anywhere in the window and click "paste")

2) follow instructions on http://windowsxp.mvps.org/Taskmanager_error.htm

even if you got the W32.Allim removed it doesnt have to mean you dont have other spyware/worms so download hijackthis
http://www.majorgeeks.com/download3155.html
click "do a system scan and save a logfile" and open a new thread at this section http://www.techist.com/forumdisplay.php?forumid=126
and copy & paste it
__________________

jeremy is offline  
Old 03-12-2006, 11:15 PM   #3 (permalink)
Super Techie
 
Join Date: Jan 2006
Location: Wetaskiwin Alberta
Posts: 498
Send a message via MSN to nVdia Send a message via Yahoo to nVdia
Default

ewido isnt working the virus is blocking it its also blocking hijack this. S ill boot it in safe mode then i'll send the log file
__________________
Intel Core 2 duo E6750
Gigabyte S series N650 SLI
Evga 8800GT Superclocked 512MB
4 Patriot Extreme DDR2800
Seagate Barracuda 320gig SATA 2
Seagate Barracuda 200gig SATA 2
Antec 900 Gaming Case
Enermax Liberty 620watt Modular
Acer 22inch Widescreen HDTV/DVI
Windows Vista Ultimate 32 Bit
nVdia is offline  
Old 03-12-2006, 11:43 PM   #4 (permalink)
Monster Techie
 
Join Date: Mar 2006
Posts: 1,533
Default

have you followed my instructions and did exactly as i wrote? your suppost to run ewido in safe mode not in standard mode
jeremy is offline  
Old 03-13-2006, 11:04 AM   #5 (permalink)
Super Techie
 
Join Date: Jan 2006
Location: Wetaskiwin Alberta
Posts: 498
Send a message via MSN to nVdia Send a message via Yahoo to nVdia
Default

Edit: It's blocking the ewido site I cannot download it,
No okay Im going to print that page out so I can follow every step. I have to go to school right now so I'll update you later tonight.

Thanks

Here's my highjackthis log:

Logfile of HijackThis v1.99.0
Scan saved at 9:40:42 PM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Fixes\Hijack & DLL\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.messengersite.net/forum/portal.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
F3 - REG:win.ini: load=C:\WINDOWS\system32\wjdovuiwvm\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\wjdovuiwvm\csrss.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bcomcomputer.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{41803723-0E5F-48E5-8F81-6CA979EDE348}: NameServer = 199.185.220.36 199.185.220.52
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
__________________
Intel Core 2 duo E6750
Gigabyte S series N650 SLI
Evga 8800GT Superclocked 512MB
4 Patriot Extreme DDR2800
Seagate Barracuda 320gig SATA 2
Seagate Barracuda 200gig SATA 2
Antec 900 Gaming Case
Enermax Liberty 620watt Modular
Acer 22inch Widescreen HDTV/DVI
Windows Vista Ultimate 32 Bit
nVdia is offline  
Old 03-13-2006, 07:34 PM   #6 (permalink)
Super Techie
 
Join Date: Jan 2006
Location: Wetaskiwin Alberta
Posts: 498
Send a message via MSN to nVdia Send a message via Yahoo to nVdia
Default

Okay I got to the site by using Vtunnel

Edit: It blocked me form download it from Vtunnel
__________________
Intel Core 2 duo E6750
Gigabyte S series N650 SLI
Evga 8800GT Superclocked 512MB
4 Patriot Extreme DDR2800
Seagate Barracuda 320gig SATA 2
Seagate Barracuda 200gig SATA 2
Antec 900 Gaming Case
Enermax Liberty 620watt Modular
Acer 22inch Widescreen HDTV/DVI
Windows Vista Ultimate 32 Bit
nVdia is offline  
Old 03-13-2006, 11:14 PM   #7 (permalink)
Monster Techie
 
Join Date: Mar 2006
Posts: 1,533
Default

goto start-->run-->notepad c:\windows\system32\drivers\etc\hosts
delete all entries except this one
127.0.0.1 localhost

as for the logfile better do these while in safe mode, tick these items and click "fix checked" and "yes"
F3 - REG:win.ini: load=C:\WINDOWS\system32\wjdovuiwvm\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\wjdovuiwvm\csrss.exe
then goto "my computer" in menu goto tools--folder options--view and make sure "show hidden files and folders" is selected if it aint then select it and click ok , navigate to c:\windows\system32 and delete the folder wjdovuiwvm and restart make a new hijackthis log and copy & paste
jeremy is offline  
Old 03-14-2006, 10:24 PM   #8 (permalink)
Super Techie
 
Join Date: Jan 2006
Location: Wetaskiwin Alberta
Posts: 498
Send a message via MSN to nVdia Send a message via Yahoo to nVdia
Default

Logfile of HijackThis v1.99.0
Scan saved at 8:17:40 PM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Fixes\Hijack & DLL\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.messengersite.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bcomcomputer.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{41803723-0E5F-48E5-8F81-6CA979EDE348}: NameServer = 199.185.220.36 199.185.220.52
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I couldn't find that one file. wjdovuiwvm
__________________
Intel Core 2 duo E6750
Gigabyte S series N650 SLI
Evga 8800GT Superclocked 512MB
4 Patriot Extreme DDR2800
Seagate Barracuda 320gig SATA 2
Seagate Barracuda 200gig SATA 2
Antec 900 Gaming Case
Enermax Liberty 620watt Modular
Acer 22inch Widescreen HDTV/DVI
Windows Vista Ultimate 32 Bit
nVdia is offline  
Old 03-15-2006, 06:01 PM   #9 (permalink)
Monster Techie
 
Join Date: Mar 2006
Posts: 1,533
Default

looks like i missed one thing, remove this
O4 - Startup: csrss.lnk = ?
anyway its a folder not a file did you tick the options i mentioned in the search advanced options? if you did then norton probably deleted it , anyway make a new log after removing the entry , also i just noticed your using 1.99.0 and not 1.99.1 which is the latest which might detect more thing not sure about it download 1.99.1 from here http://www.download.com/HijackThis/3...-10227353.html
jeremy is offline  
Old 03-17-2006, 12:40 PM   #10 (permalink)
Super Techie
 
Join Date: Jan 2006
Location: Wetaskiwin Alberta
Posts: 498
Send a message via MSN to nVdia Send a message via Yahoo to nVdia
Default

I fixed the O4 - Startup: csrss.lnk = ? and yes I did tick the option view hidden folders and I still can't find it. Its blocking me from downloading the newer hijack this.
__________________

__________________
Intel Core 2 duo E6750
Gigabyte S series N650 SLI
Evga 8800GT Superclocked 512MB
4 Patriot Extreme DDR2800
Seagate Barracuda 320gig SATA 2
Seagate Barracuda 200gig SATA 2
Antec 900 Gaming Case
Enermax Liberty 620watt Modular
Acer 22inch Widescreen HDTV/DVI
Windows Vista Ultimate 32 Bit
nVdia is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 05:03 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.