well it appears to me that i have a virus.. certain sites wont open for me while they work on my other pc.. also when i tried iinstalling mcafee i get the BSOD and it tells me pptp64.sys at the bottom. i cant install anything since it crashes.. i installed avg and nod32 but they dont find anything.

can someone please help me

Windows probably saw your avatar and decided to kill itself. If you are set it's a virus I would try PC-Cillins house call and Kaspersky Online scanner. They both do a pretty good job at finding some of the hard ones. Also may want to try some things like if possible do a repair install, run chkdsk, also make sure you are running the ant-viruses in safe mode. A good one for that since I don't believe AVG works in safe mode is Antivir.

Windows probably saw your avatar and decided to kill itself.....


ROFL !?!?!? where did that come from ?!?!?!?

You do have an infection.

Download and run HighJackThis, then post the logfile.

Once that is posted, I'll have you remove some files, and do some more scans to ensure you are clean.

http://www.ocforums.com/showthread.php?t=451581

well i cant install mcafee it gives me some sort of script error so i cant do anything on the setup.. norton gives me the blue screen.. and the other anti virus programs dont seem to pick anything up


and here is my highjackthis log

http://www.google.com/search?hl=en&q=pptp32.dll&btnG=Google+Search

This is the culprit:

O20 - Winlogon Notify: pptp32 - C:\WINDOWS\SYSTEM32\pptp32.dll

Unless you know why these are there, you can also remove these ones - they are directing you to a webserver whose configuration appears to have not yet been completed:

O17 - HKLM\System\CCS\Services\Tcpip\..\{3005377D-474F-4287-B4AE-42ABD700EEF7}: NameServer = 85.255.115.82,85.255.112.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{C63EB619-6AFD-4767-97CC-83CF334117AB}: NameServer = 85.255.115.82,85.255.112.143

Download killbox and tell it to delete pptp32.dll upon the next restart. Other than that, you may want to also look on symantec at some of the haxdoor variants (there are about 8 :rolleyes: ). Then you can decide if theres anything else you want to make sure you don't find on your system.

Some variants drop a rootkit which also runs in safe mode, and these can do keylogging and remote control.

k i deleted those 2 things.. i ran killbox and i just type in pptp32.dll in the thing and hit delete on reboot and hit the red x.. i hope thats all.. and im wondering what do u mean by those variants?? im sort of lost there

New "variants" of a virus are sometimes slightly modified from the original virus files in order to get around existing virus protection.

I assumed the nameserver entries were yours, which may have been the wrong assumption (thanks imog).

so what can i do?

is the pptp32.dll file still in that location or is it gone?

so what can i do?

Try one of the online/free scanners like Housecall (http://www.trendmicro.com/offers/banners/hc/iframe.asp). Write down everything it finds just in case it doesn't actually remove it.

it doesnt find anything

If we're going to go any further in this, let us know what the error is when you try to install McAfee. What online scanners give you nothing? Run McAfee's (http://www.google.com/url?sa=t&ct=res&cd=2&url=http%3A//us.mcafee.com/root/mfs/scan.asp) online scan, or Symantec's (http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//security.symantec.com/), or Trendmicro's (http://housecall.trendmicro.com/).

If none of them turn anything up, then you can rest mostly assured that your fine. So long as your run entries in the registry are clean (HJT looks at those), you don't have anything to worry about.

If your still having trouble installing McAfee or Norton, you might want to take a gander at any remnent registry settings previous installs might have left behind, or reinstall the latest version of the MS Installer package.

a would down load on a another comp try this links i use them http://housecall.trendmicro.com/ http://www.trendmicro.com/spyware-scan/ good luck

here is the error i get when installing mcafee

problem resolved.. i got nod32 ran a in depth analysis and it found some sort of exploits i rebooted then it found that pptp32 file was trying to access all sorts of things i deleted it and now my computer is running normal again :D NOD32 owns

thx for all ur help

Back in your first post, you said...
I installed avg and nod32 but they dont find anything.
...then in this last post you said:
problem resolved.. i got nod32 ran a in depth analysis and it found some sort of exploits
I'm a little confused as to how NOD was able to find the exploits after you ran it this last time, but was unable to find anything the first time you ran it.

i dont know beats me.. but i was soo frustrated i decided to put a virus scanner on there and keep it and then i ran a indepth analysis and it found 1 exploit rebooted.. as it was loading stuff in windows it found the pptp32 thing and i got rid of it rebooted again and now my system is fine again.. maybe it was cause i didnt reboot the first time i installed nod32 i just ran a scanner this time i installed it ran scanner.. rebooted found thing and rebooted again :D

http://www.google.com/search?hl=en&q=pptp32.dll&btnG=Google+Search

This is the culprit:

O20 - Winlogon Notify: pptp32 - C:\WINDOWS\SYSTEM32\pptp32.dll

Killbox is pretty useless for most of the good infections nowadays. Best cure for unruly invaders is to pull the drive, connect it as slave/data HD on another box, boot into windows using the other computer's installation and just deleting the infected files from the infected drive. As long as you're not running the version of windows the infection is on, generally you can kill anything on a drive. There's stuff out there (like ERD commander and other alt os'es) that allow you to run removals under a non-windows operating system. Most exploits needs windows running to work, hence why they're called "exploits".

Just a FYI to anyone else out there running into these removal issues.

Also, very early into the troubleshooting steps we identified the issue, you said you tried to clean/delete it, then we asked you to verify the file was gone (but you didn't). You wasted a lot of time not following instructions ;).

Also, very early into the troubleshooting steps we identified the issue, you said you tried to clean/delete it, then we asked you to verify the file was gone (but you didn't). You wasted a lot of time not following instructions ;).

QFT