|
|
paulgtfc
regular
Reg'd: Sun
Posts: 32
Loc: Grimsby, Lincolnshire
|
|
Does anyone know how to find out if I have a keylogger?
I was sent a file last night on MSN and now the person is acting quite strange trying to get me to sign into different web sites, I haven't obviously as I'm not sure if I have one, but I may need to use the web sites soon so need rid of the keylogger ASAP.
How can I find out if I have one and how do I remove it?
Thanks.
|
|
predator
regular
Reg'd: Sun
Posts: 541
|
|
Download and run something like AdAware or Spybot - they'll scan your system for any spyware including keyloggers, and should remove them for you as well.
http://www.predatorconservation.com
|
owen
regular
Reg'd: Thu
Posts: 3236
Loc: Lancashire, United Kingdom
|
|
Have a read of this post.
Owen,
http://www.isecurity.org.uk
Useful Diagnostics:
Disable System Restore
Post a Hijack This Log
Download ALL Critical Updates and Service Packs
Show Hidden Files and Folders
|
paulgtfc
regular
Reg'd: Sun
Posts: 32
Loc: Grimsby, Lincolnshire
|
|
I've used ad-aware and spybot but they haven't found keyloggers.
That link posted doesn't work!
|
paulgtfc
regular
Reg'd: Sun
Posts: 32
Loc: Grimsby, Lincolnshire
|
|
Apparently it's these two thing what appear in my task manager:
csrs.exe
spoolsv.exe
I have to close these but when I restart my computer they're back again.
How can I get rid of these and will those be the keyloggers?
|
TheFatControlleR
Forum Admin
Reg'd: Fri
Posts: 6529
Loc: Megatripolis
|
|
Hi Paul,
spoolsv.exe appears to be part of Windows printer spooling - see here..
However, csrs.exe looks like a baddie, see here.. 
 TFC
'Truth and reason are common to all men, and no more belong to the man who first uttered them than to him that repeated them after him' - Michel De Montaigne
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28203
Loc: belfast
|
|
you sure it's not CSRSS.EXE
and why did you accept a file from someone you didn't know. you should have scanned it with your anti virus BEFORE you opened it. 
AVG ANTIVIRUS..AVG email scanner..SYGATE FIREWALL..ADAWARE..SPYWAREBLASTER..HIJACK THIS..WINDOWS UPDATE..COOLWEBSHREDDER.. SPYWARE GUARD..WINZIP.. DISKEEPERLITE
BARNEYS PLACE
Sic biscuitus disintegratum
|
paulgtfc
regular
Reg'd: Sun
Posts: 32
Loc: Grimsby, Lincolnshire
|
|
I don't think it's CSRSS.EXE because it won't let me end that task it says "This is a critical window process. Task manager cannot end this process".
I read about the csrs.exe on that site and how to remove it but I need sophos, I have Norton and without updated virus definitions.
|
greysts
regular
Reg'd: Thu
Posts: 17690
Loc: Colchester
|
|
So are you saying that you don't have any antivirus software on your PC? Norton without updated definitions is about as useful as a letterbox on a jumbo jet.
Do you know that we're all in line for succession to the throne? Really?
Well, if forty-eight million, two hundred thousand, seven hundred and one people died I'd be Queen.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28203
Loc: belfast
|
|
with updates coming out nearly everyday.your wasting disk space keeping norton without updates. click on AVG in my signature. it's FREE.
if you had read the link i posted about csrss.exe it told you it was a system process. don't touch it.
AVG ANTIVIRUS..AVG email scanner..SYGATE FIREWALL..ADAWARE..SPYWAREBLASTER..HIJACK THIS..WINDOWS UPDATE..COOLWEBSHREDDER.. SPYWARE GUARD..WINZIP.. DISKEEPERLITE
BARNEYS PLACE
Sic biscuitus disintegratum
|
paulgtfc
regular
Reg'd: Sun
Posts: 32
Loc: Grimsby, Lincolnshire
|
|
Hi bricat,
I downloaded the AVG software you said, and after I rebooted, the computer come up with a 'stop error screen' or 'error stop screen', telling me any newly installed hardware or software should be removed, I rebooted the computer again but the same thing happened so I had to run safe mode and uninstall AVG. Thanks anyway.
I am still having problems trying to remove that 'csrs.exe' file what re-appears in the task manager each time I restart the computer.
|
KangarooPoo
regular
Reg'd: Thu
Posts: 1090
|
|
Please download HijackThis.
Launch HijackThis, then press Scan, and press Save Log.
This will generate a text file that will list all running processes,
all applications that are loaded automatically when you start Windows,
and more.
Open that file.
Go to Edit | Select all
Now click Edit | copy to copy it.
Do not change anything just yet.
Come back to the forum, Right Click and paste its contents here.
|
paulgtfc
regular
Reg'd: Sun
Posts: 32
Loc: Grimsby, Lincolnshire
|
|
Here is my report: (note that in the running processes there should be 'csrs.exe' and 'spoolsv.exe' but I closed those processes as apparently the crsr.exe is a baddie)
Logfile of HijackThis v1.97.7
Scan saved at 12:30:45, on 12/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\TSKMNGR32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Paul Donner\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.extra-gtfc.co.uk/mbp3321885900php/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TaskManager Load Module] TSKMNGR32.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Eastenders Screenmate] C:\Program Files\Eastenders Screenmates\SM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [TaskManager Load Module] TSKMNGR32.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.146.72.210:8111/AxisCamControl.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} (ProductIDGatherer.WindowsGatherer) - http://download.microsoft.com/download/a/3/7/a377aea1-7b14-4fa1-933c-43e657b37995/ProductIDGatherer.CAB
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
|
KangarooPoo
regular
Reg'd: Thu
Posts: 1090
|
|
In reply to:
(note that in the running processes there should be 'csrs.exe' and 'spoolsv.exe' but I closed those processes as apparently the crsr.exe is a baddie
So which is it? You've spelt it two different ways. Please don't close any processes when posting a HijackThis log.
|
paulgtfc
regular
Reg'd: Sun
Posts: 32
Loc: Grimsby, Lincolnshire
|
|
Hi, sorry about that, it's the 'csrs.exe'.
Here is my new hijackthis report without any of the processes closed:
Logfile of HijackThis v1.97.7
Scan saved at 17:06:24, on 12/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\TSKMNGR32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Documents and Settings\Paul Donner\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.extra-gtfc.co.uk/mbp3321885900php/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TaskManager Load Module] TSKMNGR32.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Eastenders Screenmate] C:\Program Files\Eastenders Screenmates\SM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [TaskManager Load Module] TSKMNGR32.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.146.72.210:8111/AxisCamControl.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} (ProductIDGatherer.WindowsGatherer) - http://download.microsoft.com/download/a/3/7/a377aea1-7b14-4fa1-933c-43e657b37995/ProductIDGatherer.CAB
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28203
Loc: belfast
|
|
HOW TO BOOT UP IN SAFE MODE
boot up in safe mode and go to :-
C:\WINDOWS\system32 and delete csrs.exe
then reboot and post a fresh log.
AVG ANTIVIRUS..AVG email scanner..SYGATE FIREWALL..ADAWARE..SPYWAREBLASTER..HIJACK THIS..WINDOWS UPDATE..COOLWEBSHREDDER.. SPYWARE GUARD..WINZIP.. DISKEEPERLITE
BARNEYS PLACE
Sic biscuitus disintegratum
|
KangarooPoo
regular
Reg'd: Thu
Posts: 1090
|
|
Run one of the following on-line virus scans: Housecall or Bitdefender as well.
|
paulgtfc
regular
Reg'd: Sun
Posts: 32
Loc: Grimsby, Lincolnshire
|
|
I rebooted in safe mode then wen to system32 but there was no file called csrs.exe, the only ones with csrs was 'csrss.exe' and 'csrsrv.exe'.
I even did a search for all files and folders looking for csrs.exe but nothing came up.
This is confusing, if csrs.exe is in the task manager processes, it must be on my computer somewhere.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28203
Loc: belfast
|
|
Go to C:\WINDOWS\System32 and delete TSKMNGR32.EXE. but only in that location.
you'll probably have to delete it in safe mode.
reboot and post a fresh HJT log.
AVG ANTIVIRUS..AVG email scanner..SYGATE FIREWALL..ADAWARE..SPYWAREBLASTER..HIJACK THIS..WINDOWS UPDATE..COOLWEBSHREDDER.. SPYWARE GUARD..WINZIP.. DISKEEPERLITE
BARNEYS PLACE
Sic biscuitus disintegratum
|
paulgtfc
regular
Reg'd: Sun
Posts: 32
Loc: Grimsby, Lincolnshire
|
|
Hi bricat,
'TSKMNGR32.EXE' isn't there anymore, I think it might be because I downloaded AVG again and this time it worked, it found about 18 viruses and removed them all to a virus vault or something like that, but there was one that couldn't be removed, 'csrs.dll'. I have rebooted into safe mode and tried in normal mode but it says 'Cannot delete csrs: Access is denied. Make sure the disk it not full or write-protected and that the file is not in use'.
I have tried to unregister the file but that also showed an access is denied error.
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
