HI how is it going today. I have a Windows 7 home premium computer and recently the person who uses it said that it seemed slow to him so today I download the lasted version of Hitman pro. I then scanned the following computer and something came up in the results here is the information below:
name of file: nisdt.dll
Location of file:
c:\users\gary\AppData\local\temp according to hitman pro this file is Suspicious
What I would like to now if this is a sign of an infection.
HI The issue I am having is when hitman pro got done scanning and the above file came up suspious I had trouble finding the file on the computer. I was also wondering would it just be easier to put the logs to clean this computer in this topic.
You can click on the right in hitman pro where stands quarantine, deleteor ignore, click on that and you can go
in the dropdown menu directly to the file. Then you can move or copy it to your desktop so you find it later.
And then you can upload it to Virustotal.com.
If you want you can post the link of the scan here. (In Adress bar)
HI Tried to run Hitman pro twice it froze the first time before it even got done it was stuck on 32% and it would not go any where so I did a hard shut down and restarted the computer once again then I re started Hit man pro again this time it got to 66% and then it froze again so I tried to exit hitman pro and it said cancelling but nothing happened. Then here is the strange part the fans on the computer started to go and the motor or what ever stated to go faster and faster. I was just wondering can this also be a sighn of a virus. The only way I could exit out of hitman pro because it did freeze a second time was to do a nother hard shutdown. What should I do should I be concerned that this computer could have an infection on it especially when the motor starts going faster this is an inclosed tower everything is in the tower itself.
Then go to the Location: c:\users\gary\AppData\local\temp
To see the folder go on the botten left to organize and choose Folder and search options.
There should be a list in one of the tabs, somewhere at the end of that list tick show hidden files and folders, now you should see the folder.
HI I did what you said in your last reply but I am having trouble finding the folder name it is a lot of files and I am not sure of the folder to get. Is their a simper way to find this folder.
Open Start menu
2.Click on computer
3.Double click on the hard drive that is named with (C:) at the end
Double click on users
5.Double click on gary
6.Double click on AppData
7.Double click on local
8.Double click on temp(folder)
9.Write or copy and paste file name in the search box in the top right.
The file name is nisdt.dll
10.Copy the file to your desktop (right click on the file and copy, go to your desktop right click and paste.
Go to Virustotal.com in your browser
12.In the middle is a bar with says no file selected, at the right of the bar is a button “choose file”, click on it.
13.Select desktop on the left
14.Choose the file and click open on the bottom left
Click on the big blue button below that says scan it!
If a window opens up that the file already has been analysed, click on reanalyse.
Wait till the file has been analysed.
18.Copy the link in the address bar to your next post, the link looks like this:
HI if I download otl and submit the logs in this thread would the otl logs be able to tell the malware expert anything like if their is a virus on this computer at all.
HI I just thought I would let the malware expert now that I downloaded Aswmbr to a usb stick first and then tried to run it on Windows 7 home premium computer and it crashed this computer if you want me to run it for some reason let me now please this computer is really slow and I want to be sure it has not got a virus or malware currently on it.
I have all the logs except the above program logs.
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKLM\..\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z5xdm013YYca&ptnrS=Z5xdm013YYca&ptb=270B9E54-221E-40D8-9222-8A586FD3D9E8&ind=2011081203&n=77dea9f3&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3820247636-946552630-513738638-1000\..\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z5xdm013YYca&ptnrS=Z5xdm013YYca&ptb=270B9E54-221E-40D8-9222-8A586FD3D9E8&ind=2011081203&n=77dea9f3&psa=&st=sb&searchfor={searchTerms}
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2010/07/09 22:31:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/05 13:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/01 01:40:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3820247636-946552630-513738638-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3820247636-946552630-513738638-1000\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-3820247636-946552630-513738638-1000..\Run: [SearchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe File not found
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.