Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: 16 bit ms-dos subsystem  (Read 6614 times)

0 Members and 1 Guest are viewing this topic.

blair1

    Topic Starter


    Greenhorn

    16 bit ms-dos subsystem
    « on: April 17, 2009, 02:56:15 AM »

    Thanked: 0
    OS: Windows XP
    Experience: Beginner


     16 bit ms-dos subsystem
    « on: April 16, 2009, 03:10:11 PM »  

    --------------------------------------------------------------------------------
    hi please help when on the net i end up with this message c:\windows\sysvxd.exe the ntvdm cpu has encountered an illegal instruction cs:of 70 ip: 0231 of : 68 75 2069  is my pc buggered

     
    Logged

    blair1

      Topic Starter


      Greenhorn

      Re: 16 bit ms-dos subsystem
      « Reply #1 on: April 17, 2009, 05:02:08 AM »
      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 04/17/2009 at 11:43 AM

      Application Version : 4.26.1000

      Core Rules Database Version : 3849
      Trace Rules Database Version: 1803

      Scan type       : Complete Scan
      Total Scan Time : 01:01:38

      Memory items scanned      : 520
      Memory threats detected   : 1
      Registry items scanned    : 5826
      Registry threats detected : 1
      File items scanned        : 98043
      File threats detected     : 4

      Trojan.Unknown Origin
         C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
         C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
         [SVCHOST.EXE] C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE

      Trojan.Dropper/Gen-NV
         C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEEN\SEEKEEN140.EXE

      Trojan.Seekeen/A
         C:\PROGRAM FILES\SEEKEEN\SEEKEEN.EXE

      Adware.SeekSuggest
         C:\WINDOWS\JESTERTB.DLL
      Logged

      blair1

        Topic Starter


        Greenhorn

        Re: 16 bit ms-dos subsystem
        « Reply #2 on: April 17, 2009, 05:40:05 AM »
        1992
        Windows 5.1.2600 Service Pack 3

        17/04/2009 12:39:35
        mbam-log-2009-04-17 (12-39-35).txt

        Scan type: Quick Scan
        Objects scanned: 78412
        Time elapsed: 10 minute(s), 42 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 4
        Registry Values Infected: 1
        Registry Data Items Infected: 2
        Folders Infected: 5
        Files Infected: 9

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekeen (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

        Registry Values Infected:
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

        Registry Data Items Infected:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

        Folders Infected:
        C:\Documents and Settings\All Users\Application Data\Seekeen (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\Program Files\Seekeen (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\Documents and Settings\HP_Administrator\Application Data\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
        C:\Documents and Settings\HP_Administrator\Application Data\MalwareRemovalBot\Log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
        C:\Documents and Settings\HP_Administrator\Application Data\MalwareRemovalBot\Settings (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

        Files Infected:
        C:\Program Files\Seekeen\home.js (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\Program Files\Seekeen\readme.html (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\Program Files\Seekeen\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\Documents and Settings\HP_Administrator\Application Data\MalwareRemovalBot\rs.dat (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
        C:\Documents and Settings\HP_Administrator\Application Data\MalwareRemovalBot\Log\2009 Apr 16 - 09_48_35 PM_837.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
        C:\Documents and Settings\HP_Administrator\Application Data\MalwareRemovalBot\Log\2009 Apr 16 - 10_13_07 PM_437.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
        C:\Documents and Settings\HP_Administrator\Application Data\MalwareRemovalBot\Settings\ScanResults.pie (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
        C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        C:\WINDOWS\Tasks\MalwareRemovalBot Scheduled Scan.job (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
        Logged

        blair1

          Topic Starter


          Greenhorn

          Re: 16 bit ms-dos subsystem
          « Reply #3 on: April 17, 2009, 05:57:09 AM »
          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 12:52:53, on 17/04/2009
          Platform: Windows XP SP3 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16827)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\arservice.exe
          C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
          C:\WINDOWS\system32\cisvc.exe
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          C:\Program Files\Java\jre6\bin\jqs.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\PROGRA~1\AVG\AVG8\avgrsx.exe
          C:\PROGRA~1\AVG\AVG8\avgnsx.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\svchost.exe
          C:\PROGRA~1\AVG\AVG8\avgemc.exe
          C:\Program Files\AVG\AVG8\avgcsrvx.exe
          C:\WINDOWS\ehome\ehtray.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\WINDOWS\ARPWRMSG.EXE
          C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
          C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\PROGRA~1\AVG\AVG8\avgtray.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\Java\jre6\bin\jusched.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\WINDOWS\eHome\ehmsas.exe
          C:\Program Files\Registry Mechanic\RegMech.exe
          C:\WINDOWS\system32\dllhost.exe
          C:\Program Files\IncrediMail\bin\IMApp.exe
          C:\HP\KBD\KBD.EXE
          c:\windows\system\hpsysdrv.exe
          C:\Program Files\IncrediMail\bin\IncMail.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\AVG\AVG8\aAvgApi.exe
          C:\WINDOWS\system32\cidaemon.exe
          C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=029&gwCountry=GB&language=en&PURCH_DT_MONTH=02&PURCH_DT_DAY=19&PURCH_DT_YEAR=2008&PROD_SERIAL_ID=CZX644FM5M&application=305&modelID=RJ165AA&LF=blue
          R3 - Default URLSearchHook is missing
          O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
          O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
          O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
          O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
          O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
          O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
          O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
          O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
          O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
          O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
          O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
          O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
          O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
          O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
          O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\WINDOWS\TEMP\E_SAF.tmp" /EF "HKCU"
          O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
          O4 - HKUS\S-1-5-21-3433659892-2226377926-1664480631-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
          O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
          O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
          O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
          O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
          O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
          O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
          O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Seekeen Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Seekeen\seekeen140.exe (file missing)
          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

          --
          End of file - 10434 bytes
          Logged

          blair1

            Topic Starter


            Greenhorn

            Re: 16 bit ms-dos subsystem
            « Reply #4 on: April 17, 2009, 12:09:02 PM »
            HI GUYS ANY UPDATE ON THIS TOPIC THANKS IN ADVANCE
            Logged

            blair1

              Topic Starter


              Greenhorn

              Re: 16 bit ms-dos subsystem
              « Reply #5 on: April 18, 2009, 05:01:06 PM »
              HELP
              Logged

              Helpmeh



                Guru

              • Roar.
                • Thanked: 123
                • Yes
                • Yes
              • Computer: Specs
              • Experience: Familiar
              • OS: Windows 8
              Re: 16 bit ms-dos subsystem
              « Reply #6 on: April 18, 2009, 05:06:54 PM »
              Quote from: blair1 on April 18, 2009, 05:01:06 PM
              HELP

              Please stop bumping your own thread. Everyone here volunteers to help, and there are lots of people who need it. Just wait, and soon someone will come to help you. I suggest in the meantime, click the !Notify button, so you can get emails when you get a reply.
              Logged
              Where's MagicSpeed?
              Quote from: 'matt'
              He's playing a game called IRL. Great graphics, *censored* gameplay.
              Pages: [1]   Go Up
              « previous next »