Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Hijack This Log


  • This topic is locked This topic is locked
8 replies to this topic

#1 deadguy138

deadguy138

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 22 January 2007 - 09:01 PM

need to know what to delete.

something is sucking CPU constantly (98 percent at times)

any advice would be a great help. THANKS.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:21 PM, on 1/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Rar$EX01.781\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

F3 - REG:win.ini: run=
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Necutray] NECUTRAY.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Mike"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

BC AdBot (Login to Remove)

 


#2 deadguy138

deadguy138
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 23 January 2007 - 05:09 AM

please! what should i do?

i dont mean to bump - im desperate.

#3 deadguy138

deadguy138
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 24 January 2007 - 10:30 PM

need my computer to be running at full speed for a job coming up. im in panic mode.

i dont know what to do. ive got 2 gig of ram and it takes 10 minutes to boot up. i cant run more than one application at a time and some dont work at all.

something is sucking CPU constantly (98 percent at times)

any advice would be a great help. THANKS.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:21 PM, on 1/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Rar$EX01.781\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

F3 - REG:win.ini: run=
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Necutray] NECUTRAY.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Mike"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
User is online!Profile CardPM


:thumbsup:
Go to the top of the page
+

#4 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:05:14 PM

Posted 29 January 2007 - 06:01 AM

Hi deadguy138 and welcome to the Forums :flowers:

You're running HijackThis from a bad location...
Download HijackThis to your desktop from here

Create a new folder for HijackThis and move HijackThis.exe into it.

At first some protection...

You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:You don't have an antivirus on your computer, you must install one antivirus. Otherwise you'll get infected.

These are good (free) antiviruses:============

Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:
PokerStars

and any other programs you didn't install or don't recognize - if your not sure please ask first

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
F3 - REG:win.ini: run=
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Restart the computer.

Go to the My Computer and delete the following folder (if present):
C:\Program Files\PokerStars

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
:thumbsup:
UNITE & ASAP member since 2006
Posted Image
Posted Image

#5 deadguy138

deadguy138
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 30 January 2007 - 06:41 AM

thanks so much.

here's how went:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 30, 2007 5:37:53 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/01/2007
Kaspersky Anti-Virus database records: 263319
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 45244
Number of viruses found: 2
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:50:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mike\installer_MARKETING35.exe Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temp\~DF786C.tmp Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mike\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Advanced Spyware Remover\Quarantine\NDNuninstall6_38.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\c3q.exe Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\meloqndw30103lib.dll Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\z6x.sys Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\z6x.sys Object is locked skipped
G:\System Volume Information\_restore{6794949A-14CF-44AC-8B5E-AA09DA29E5CD}\RP10\A0003387.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.aq skipped

Scan process completed.

#6 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:05:14 PM

Posted 30 January 2007 - 07:34 AM

Hi :thumbsup:

There were a few suspicious looking files in the log. We'll do a little research.

Go to virustotal.com
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\c3q.exe
Click on Send
Wait for the scan to end.

Go to virustotal.com
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\z6x.sys
Click on Send
Wait for the scan to end.

Copy & Paste the scan results to here.
UNITE & ASAP member since 2006
Posted Image
Posted Image

#7 deadguy138

deadguy138
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 30 January 2007 - 08:51 AM

STATUS: FINISHEDComplete scanning result of "c3q.exe", received in VirusTotal at 01.30.2007, 14:45:05 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.32 01.30.2007 no virus found
Authentium 4.93.8 01.29.2007 no virus found
Avast 4.7.936.0 01.29.2007 no virus found
AVG 386 01.30.2007 no virus found
BitDefender 7.2 01.30.2007 no virus found
CAT-QuickHeal 9.00 01.29.2007 no virus found
ClamAV devel-20060426 01.30.2007 no virus found
DrWeb 4.33 01.30.2007 no virus found
eSafe 7.0.14.0 01.29.2007 no virus found
eTrust-InoculateIT 23.73.128 01.30.2007 no virus found
eTrust-Vet 30.3.3358 01.29.2007 no virus found
Ewido 4.0 01.29.2007 no virus found
Fortinet 2.85.0.0 01.30.2007 no virus found
F-Prot 4.2.1.29 01.30.2007 no virus found
Ikarus T3.1.0.27 01.30.2007 no virus found
Kaspersky 4.0.2.24 01.30.2007 no virus found
McAfee 4951 01.29.2007 no virus found
Microsoft 1.2101 01.30.2007 no virus found
NOD32v2 2019 01.30.2007 no virus found
Norman 5.80.02 01.30.2007 no virus found
Panda 9.0.0.4 01.29.2007 no virus found
Prevx1 V2 01.30.2007 no virus found
Sophos 4.13.0 01.28.2007 no virus found
Sunbelt 2.2.907.0 01.26.2007 no virus found
Symantec 10 01.30.2007 no virus found
TheHacker 6.0.3.159 01.28.2007 no virus found
UNA 1.83 01.29.2007 no virus found
VBA32 3.11.2 01.29.2007 no virus found
VirusBuster 4.3.19:9 01.29.2007 no virus found


Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709





and some new piece of security noticed something when i went to scan the next file.

STATUS: FINISHEDComplete scanning result of "z6x.sys", received in VirusTotal at 01.30.2007, 14:45:37 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.32 01.30.2007 no virus found
Authentium 4.93.8 01.29.2007 no virus found
Avast 4.7.936.0 01.29.2007 no virus found
AVG 386 01.30.2007 no virus found
BitDefender 7.2 01.30.2007 no virus found
CAT-QuickHeal 9.00 01.29.2007 no virus found
ClamAV devel-20060426 01.30.2007 no virus found
DrWeb 4.33 01.30.2007 no virus found
eSafe 7.0.14.0 01.29.2007 no virus found
eTrust-InoculateIT 23.73.128 01.30.2007 no virus found
eTrust-Vet 30.3.3358 01.29.2007 no virus found
Ewido 4.0 01.29.2007 no virus found
Fortinet 2.85.0.0 01.30.2007 no virus found
F-Prot 4.2.1.29 01.30.2007 no virus found
Ikarus T3.1.0.27 01.30.2007 no virus found
Kaspersky 4.0.2.24 01.30.2007 no virus found
McAfee 4951 01.29.2007 no virus found
Microsoft 1.2101 01.30.2007 no virus found
NOD32v2 2019 01.30.2007 no virus found
Norman 5.80.02 01.30.2007 no virus found
Panda 9.0.0.4 01.29.2007 no virus found
Prevx1 V2 01.30.2007 no virus found
Sophos 4.13.0 01.28.2007 no virus found
Sunbelt 2.2.907.0 01.26.2007 no virus found
Symantec 10 01.30.2007 no virus found
TheHacker 6.0.3.159 01.28.2007 no virus found
UNA 1.83 01.29.2007 no virus found
VBA32 3.11.2 01.29.2007 no virus found
VirusBuster 4.3.19:9 01.29.2007 no virus found


Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

#8 deadguy138

deadguy138
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 30 January 2007 - 08:53 AM

also -

should i not reinstall a new version of pokerstars?

#9 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:05:14 PM

Posted 30 January 2007 - 01:45 PM

Hi again :flowers:

Ok the two files were 0 bytes in size which means that they weren't uploaded succesfully - something is blocking. We'll need to try another way.

Please download the Suspicious file Packer from Safer-Networking.Org and unzip it to your desktop.

Run SFP.exe.

Please copy the following lines into the Step 1: Paste Text window:
C:\WINDOWS\system32\c3q.exe
C:\WINDOWS\system32\z6x.sys
C:\WINDOWS\z6x.sys

then click "Continue".

This will create a .cab file on your desktop named requested-files[Date/Time].cab

Next please go to here -> http://www.bleepingcomputer.com/submit-malware.php

to the "Browse to the file you want to submit:", please browse to that requested-files[Date/Time].cab on your desktop.
to the "Link to topic where this file was requested:, please copy the link of this topic

Finally click on "Send file"- button. Then I'll check the files.

Then pokerstars is a non-recommended program -> link

EDIT. Locked because the user started a new thread! :thumbsup:

Edited by Mr_JAk3, 12 February 2007 - 05:26 AM.

UNITE & ASAP member since 2006
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users