TechSpot

HJT log

By ChrisTyler
Aug 3, 2006
  1. Been having problems lately, removed SmitFraud and that helped a lot, but im still having problems with a file called !update in my temp folder, I have deleted it but I keeps coming back..... hopefully you guys can help.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system is infected with a variety of nasties.

    Go HERE and follow all the instructions exactly.

    Post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of ChrisTyler only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. ChrisTyler

    ChrisTyler TS Rookie Topic Starter

    New HJT

    Followed instructions, new HJT log, Thanks again.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Before we go any further, can you answer a couple of questions please?

    Do you know what this software is? c:\program files\terra firma\netvault service

    Do you know what this software is? c:\visionaire\modules\vs.updates\net updater

    Regards Howard :)
     
  5. ChrisTyler

    ChrisTyler TS Rookie Topic Starter

    Answers

    Yes, those are 2 tcp/ip applications I wrote for my company.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In that case, just have HJT fix these entries.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).


    O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TFIT
    O17 - HKLM\Software\..\Telephony: DomainName = TFIT
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6FE3DF8D-67E5-468B-B800-85C538D30A64}: NameServer = 10.1.1.6,10.1.1.4
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TFIT

    Only fix the above 017 entries, if they don`t belong to your ISP.

    O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Other than the above, your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of ChrisTyler only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...