Trace.Known Threat Sources C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4Z678LGH\warning[1].gif C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IVWLSH6D\loads[1].htm C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8DIZ0XE3\winlogon[1].htm
I have similar problem with globalroot/systemroot/system32. Symantech is detecting a UACS**.dll file in this path but could not remove it. It asks for rebooting the system, but if I reboot it the login screen will not show up.
I have searched the net completely related to this and found your thread useful. I have taken the log using rootpeal but dont know what to do with it. I have sent the log to you. can you please help me with this as I could not login to my system unless I restart it for 10 - 15 times.
sorry i have not been on here (work). but i have downloaded norton 360 works wonders cleand most of my unused/ temp files. my system Runs much better i can run games better as well (less lag). by the way i ran root repeal again and it came up with some red files no clue what this means but can you take a look at them.everything else checks out
Thanks Quads =D
ROOTREPEAL (c) AD, 2007-2008 ================================================== Scan Time: 2009/06/10 23:42 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP2 ==================================================
Ok.. I have this same issue. I use Zone Alarm and was using Spybot S&D but I have since uninstalled that. I've tried to get the various programs listed, I got "first" and "third" (that was referred to on previous thread) but could not get the Malwarebytes to install. I did find a program called: Spy Hunter 3 from enigmasoftware, it "see" alot but of course won't clean anything until it uses the web to authenticate the program BUT it's blocked.. great huh?
I saw a post about "Avenger" and DL'd that but with ZA running, if I start it ZA shuts it down as a "bad progrom" and won't let it run and I am a little concerned about adding to my issue. Suggestions? I have been able to find "gxvx*" entries in my registry and I deleted those along with the "block", "My*" and all the other listings that were with that. Figured they all came together, all get deleted together.
In working with Zonelabs, they suggested clearing the Hosts file to leave only "127,0,0,1 localhosts" and then the two websites ZA needs to update, ZA now updates, see's the one High virus in memory, reboots.. it's gone then I guess with me doing something - like opening a browser, it comes back.. I also seem to have that darn "re-direction" thing too.. "overture" or something that sends me to other search engines or undesired webpages..
Hi Quads its been a wile since i was here... i had a question i was wondering if u could tell me what is the stuff that rootrepeal keeps finding i posted it here [link removed]
[edit: Link removed. If you wish to attach logs, please post them directly to the thread or use the INSERT CODE button in the editor..]
There have been some improvements since you were here last. Please post the log again, but use the attachment link you will find under the post button.