Home > Having Problems > Having Problems With Generic Downloader.ab And QLowZones-15 (HiJackThisLog Included)

Having Problems With Generic Downloader.ab And QLowZones-15 (HiJackThisLog Included)

Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\MPFCONSOLE.EXE-28DB672E.pf currently in use. Please re-enable javascript to access full functionality. Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\AHC.EXE-0B1F4764.pf currently in use. After it has finished, two logs will open. have a peek here

Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\WABMIG.EXE-2E14CC18.pf currently in use. I heal it each time, but it keeps happening more and more frequently. Will be deleted when Windows is restarted.C:\Documents and Settings\Mine\Local Settings\Temporary Internet Files\Content.IE5\C1MB41MJ\moregames[1].htm currently in use. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. https://forums.techguy.org/threads/having-problems-with-generic-downloader-ab-and-qlowzones-15-hijackthislog-included.484123/

Read more Answer:Infected with Win 32 Generic Trojan Downloader V8 Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. So i uninstalled Nero And ran CC cleaner and done a registry clean with that program then i ran spybot search and destroy and it came up clean. AVG is seeing a trojan horse: 'trojan horse backdoor generic 17.err', but cannot correct or fix it. Get Expert Help McAfeeVirus Removal Service Connect to one of our Security Experts by phone.

Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\WIN21.TMP.EXE-0619616F.pf currently in use. So below i have the RSIT log files and i tried the kaspersky online scanner but everytime i try to run it my computer crashes and restarts no blue screen just Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\RUNDLL32.EXE-612C6D05.pf currently in use. finished on 07/18/06 16:19:03. 0 Advertisements #2 Shaba Posted 19 July 2006 - 02:53 AM Shaba Malware Expert Member 558 posts Hi Michelle HoltonOpen HijackThis, click do a system scan only

Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\MPFAGENT.EXE-03CC93F4.pf currently in use. The good news is bleeping computer is not blocked.I have since installed Spy Bot S&D, HJT and MAM, but they don't seem to detect anything. Thanks.Logfile of HijackThis v1.99.1Scan saved at 16:18:11, on 2/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\mcafee.com\agent\mc... https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=7401074 Will be deleted when Windows is restarted.C:\DOCUME~1\Mine\LOCALS~1\Temp\Adobe\Acrobat\6.0\ - deletedC:\DOCUME~1\Mine\LOCALS~1\Temp\Adobe\Acrobat\ - deletedC:\DOCUME~1\Mine\LOCALS~1\Temp\Adobe\ - deletedC:\DOCUME~1\Mine\LOCALS~1\Temp\msoclip1\01\ - deletedC:\DOCUME~1\Mine\LOCALS~1\Temp\msoclip1\ - deletedC:\DOCUME~1\Mine\LOCALS~1\Temp\VBE\ - deletedC:\DOCUME~1\Mine\LOCALS~1\Temp\~DF46C6.tmp currently in use.

Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. Will be deleted when Windows is restarted.C:\Documents and Settings\Mine\locals~1\tempor~1\Content.IE5\C1MB41MJ\help[1].htm currently in use. must be posted in Notepad. Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\HKCMD.EXE-0F06AE14.pf currently in use.

Zbassartz, Jul 17, 2006 #1 Sponsor Cheeseball81 Moderator Joined: Mar 3, 2004 Messages: 84,310 Hi and welcome Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to This virus seems to know I'm after it.Please help: what can do to fix this one? Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf currently in use. Will be deleted when Windows is restarted.C:\Documents and Settings\Mine\Local Settings\Temporary Internet Files\Content.IE5\WH41E78H\msngame[1].htm currently in use.

I have tried starting my computer in safe mode, but when I do the monitor just goes all black and nothing happens....Please help me outta here. navigate here Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf currently in use. Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\REALPLAY.EXE-05411014.pf currently in use. I have had this computer over 2 years and never had a problem, so this is very frustrating Computer is a Dell Dimension E510 running Windows XPModel Dell DM051X86-basedx86 Family 15

Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\WINWORD.EXE-23347E4F.pf currently in use. Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\IGFXPERS.EXE-19DA7B04.pf currently in use. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap Check This Out Read more 22 more replies Relevance 68.06% Question: Infected with HEUR:Backdoor.Win32.Generic..."Banzo.exe" Ok on the 20th of December i noticed a HUGE slow down of my pc So i scanned it with

Cheeseball81, Jul 18, 2006 #6 Zbassartz Thread Starter Joined: Jul 17, 2006 Messages: 4 Logfile of HijackThis v1.99.1 Scan saved at 5:22:49 PM, on 7/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) Read more Answer:Infected With Downloader.agent.iug + Backdoor.ircbot + More Please Help ! Same thing happened.

Thanks much in advance for the help!

Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - Not in spam or junk mail. Also, I am getting an ambundance of pop-ups every time I turn the computer on, even if Firefox and IE are closed. Here's the logfile:Logfile of HijackThis v1.99.1Scan saved at 10:23:58 AM, on 8/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exec:\program files\mcafee.com\agent\mcdetect.exeC:\WINDOWS\system32\ishost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\Program Files\McAfee.com\VSO\oasclnt.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\system32\ismon.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\Creative\Shared Files\Module

SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\pmnqguh.dll -> Missing File »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\ismon.exe Deleted C:\WINDOWS\system32\isnotify.exe Cheeseball81, Jul 17, 2006 #4 Zbassartz Thread Starter Joined: Jul 17, 2006 Messages: 4 SmitFraudFix v2.73 Scan done at 22:50:56.12, Mon 07/17/2006 Run from C:\Documents and Settings\james\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP On opening one of them (the setup.exe was fine, by the way, and was exactly what I needed) a Malicious Threat warning popped up from my AVG. http://inc1.net/having-problems/having-problems-with-hijack-this.html I have read all the stickies, installed and run the recommended antispyware programs.

Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf currently in use. I am also seeing that web browsing is slow and several web pages are blocked in IE and Firefox (antivirus and security related pages). Read more Answer:INFECTED WITH MULTIPLE THREATS: Trojan Horse Agents, Crypt, Generic 26 and 27 as well as Backdoor Hello and Welcome to the forums! Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\MCINSUPD.EXE-0387E4B8.pf currently in use.

It displays virus detection and deleted messages for Generic.dx, Generic downloder.dx, and Puper Trojons in Temp folder. Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] They have detected other infected files, cleaned those and here I am after all this cleaning, still getting the warning about the generic downloader. SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Zbassartz, Jul 17, 2006 #3 Cheeseball81 Moderator Joined: Mar 3, 2004 Messages: 84,310 You

You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. Will be deleted when Windows is restarted.C:\Documents and Settings\Mine\locals~1\tempor~1\Content.IE5\AD0JUTIX\about[1].htm currently in use. Will be deleted when Windows is restarted.C:\WINDOWS\Prefetch\ISUSPM.EXE-2D1ACA75.pf currently in use.