Tech Problem Aggregator

:angry: "system Error! Your Computer Was Infected By Unknown Trojan. It's Dangerous For Your System (critical Files...

Q: :angry: "system Error! Your Computer Was Infected By Unknown Trojan. It's Dangerous For Your System (critical Files...

HiI thought PC Tools was suppose to find and eliminate these kind of threats,but it does not i am usingAVG 8 FreePlease help me find and fix this problem manually...When I click on "My Computer" and any other folder this thing pop up twice. "System Error!Your computer was infected by unknown Trojan.It's dangerous for your system (critical files can be lost)!Click OK to download the antispyware program to clean your system! (Recommended)" then it open my internetto:http://spywareadvancedscanner.com/2008/3/_freescan.php?aid=880202Or Click on Cancel which does not cancel but also open my internet to:http://spywareadvancedscanner.com/2008/3/_freescan.php?aid=880202How do I remove it?MY hijack this Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:08:02 AM, on 7/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20815)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\sttray.exeC:\WINDOWS\tsnp2std.exeC:\WINDOWS\vsnp2std.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\OpenVPN\bin\openvpn-gui.exeC:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\WINDOWS\svcadmin.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\STacSV.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Webroot\Spy Sweeper\SSU.EXEC:\Program Files\Windows Live\Mail\wlmail.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLLO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - C:\WINDOWS\system32\RichVideoCodec.dllO2 - BHO: VideoCodec Class - {949859A7-EB1F-400D-BDBC-C48238BDF788} - C:\WINDOWS\system32\AswBHO.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLLO4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\sttray.exe"O4 - HKLM\..\Run: [tsnp2std] "C:\WINDOWS\tsnp2std.exe"O4 - HKLM\..\Run: [snp2std] "C:\WINDOWS\vsnp2std.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [openvpn-gui] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Startup: AVG Free Tray Icon.lnk = C:\Program Files\AVG\AVG8\avgtray.exeO8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htmO8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exeO9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{EAD8EEED-DE99-4DD2-A8A0-E5B4148F09CA}: NameServer = 202.188.0.133 202.188.1.5O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLLO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exeO23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe--End of file - 10212 bytesOr You can read the attach files.Please help me if anyone know what this virus is.Anyone???

A: :angry: "system Error! Your Computer Was Infected By Unknown Trojan. It's Dangerous For Your System (critical Files...

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

2 more replies
Answer Match 85.2%

Good afternoon (from my point of view) - again!I have already used this forum when I messed up some HW stuff. And have been very grateful for your help. Now, it seems to be some malware...It's been only 2 days since I started the martyrdom of downgrading my HP Pavilion dv6560ec to Win xp. I've been downloading and installing the necessary drivers, as the HP doesn't support XP on the machines, as I learned later.Now, being almost done, I got this warning everytime I wanted to open IE 6.0.2900 (have SP3):CRITICAL ERROR! Attention (users name) Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted.This may lead to the destruction of important files in C:WindowsDownload Protection Software now!Click OK to download the antispyware (Recommended)......... ........: YES: : NO :::::::: :::::::In the window, where my homepage is supposed to display, a note that it is redirecting me to another page appears. When I press "No". Then the IE shuts down and a note about some error displays prompting me to send it to the MS.I did the following:- ran Norton Internet Security (2007.2, updated the day before yesterday) full scan of the C: drive (as there are only 4 files on the other partition yet - haven't installed almost any sw yet) - nothing problematic detected. - updated and ran a free ad-ware application - this found 71 or so tracking cookies and deleted them, one file in quarantine.- before any installations of any drivers, I installed ... Read more

A:Critical Error! Some Dangerous Viruses Detected In Your System. Microsoft Windows Xp Files Corrupted.

Hello and Welcome to the forums! My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Please do not run any other tool untill instructed to do so!Please reply to this thread, do not start another!Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix. If you follow these instructions, everything should go smoothly. I am sorry that we were unable to reply to your post sooner. The forums have been very busy. If you are still in need of assistance, please scan again with HijackThis and post a fresh log. Also, please make an uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.Post the fresh HijackThis log and the uninstall list in the bo... Read more

2 more replies
Answer Match 80.7%

when i open my browser i get this prompt"System Error: your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download the antispyware program to clean your system! (recommended)"i ran housecall and cleaned my system then i ran smitfraudfix and cleaned my system. the prompt is gone but i woud like to know if there is anything else i need to do. thank you for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:38:53 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\Program Files\AIM6\aim6.exeC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\WINDOWS\system32\run... Read more

A:"system Error: Your Computer Was Infected By Unknown Trojan.

Hello sum wun, I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player If you uninstalled, please navigate to and delete the following folders C:\Program Files\Viewpoint*******************you need to realize that you are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer. I recommend you download the free Avast or AntiVir orAVG antivirus Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously! Post the log from the antivirus program, a fresh Hijackthis log and tell me how your computer is running.

2 more replies
Answer Match 80.7%

I am at my wits end. I've tried everything to get rid of this pop-up. I tried smitfraudfix.exec and it did not get rid of it. I tried to find hijackthis.exec and every site takes me to some software place. I ran the combo exec and still it comes back. I ran a bunch of spyware software. Cleaned registars, deleted temp files. I am running windows XP. Here is my Rapport. txt. I ran it tonight. 02/19/2008.Help!I ran hijackthis.... see below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:02:32 PM, on 2/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files... Read more

A:System Error! Your Computer Was Infected By Unknown Trojan

This problem is fixed. I ran SuperAntiSpyWare. It deleted MSVIDC32.DLL located in my Windows folder. It also removed key 2A4601BC-8376422D-A2FC-DDF0A40570BD. I bought Spy Sweeper and it said it removed something but it did not remove the IEDEFENDER Tojan. SmitfraudFix did not find this. As you can see NOW! It is located in the HJT log:

O2 - BHO: MS Video Control 1.0 - {2A4601BC-8376-422D-A2FC-DDF0A40570BD} - C:\WINDOWS\msvidc32.dll

Smarter and wiser!

2 more replies
Answer Match 79.8%

Hi,My son downloaded a video codec & unwittingly installed a trojan popup (Trojan.Downloader.Codec.E?) which appears whenever you move around in windows explorer or open a new page in internet explorer. I have tried to get rid of it but failed and I would appreciate your help.I have followed the preparation instructions and Bit Defender found a trojan it couldn't delete in msvidc32.dll. I am reluctant to try and remove this myself without your advice.Below is the Bit Defender report followed by the Hijack This reportchrisssScanned File Status C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Infected with: Trojan.Downloader.Codec.E C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Disinfection failed C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Deleted C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Infected with: Trojan.Downloader.Codec.E C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Disinfection failed C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Deleted C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf Detected with: Application.MWS C:\WINDOWS\Downloaded Program Files�... Read more

A:System Error! Your Computer Was Infected By An Unknown Trojan (trojan.downloader.codec.e?)

Hello chrisss,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry key... Read more

12 more replies
Answer Match 79.8%

Hi, I keep getting this pop-up window message whenever I click on any link in my Internet Explorer:System ErrorYour computer was infected by an unknown trojan. It's dangerous for your system (Critical Files can be lost!). Click OK to download the antispyware problem to clean your system (Recommended).It has also highjacked the yahoo and google search results so I have to now copy and paste them to the browser.Please let me know what should I do to clean this...Please help!!! Please let me know if you want me to post it in some other forum. Thanks!I am attaching HIjackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:32:00 AM, on 2/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwlt... Read more

A:Ie Popup System Error: Your Computer Was Infected By Unknown Trojan..

Is this the problem line?? I have no clue but just browsing through web i gathered this, i may be wrong...thanks!

O2 - BHO: Sysem Player - {2AE4C401-AAC4-4F41-9665-1EC88C3BDD7D} - C:\WINDOWS\sysvol32.dll

2 more replies
Answer Match 79.8%

Hi, how are you?

Everytime I open anything from folder to 'my computer' I get this error.

"Your computer was infected by unknown trojan.
It's dangerous for your system (critical files can be lost)!
Click OK to download the antispyware program to clean your system! (Recommended)"

I ran ad-aware, and mcafee. Still Nothing.

I ran hijack and this is what I get. Any help would be really appreciate it! Thank you so much!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:08 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:... Read more

A:System Error: Your computer is infected with unknown trojan popup

9 more replies
Answer Match 78.9%

I was stupid and followed a dodgy link, now every time I open a folder or open IE there's a pop-up box that says "System Error: your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download the antispyware program to clean your system! (recommended)"Now when I run Spybot there's 41 problems and even if I fix them they just come right back.Obviously some malware has been installed and this is part of it.I ran Hijack This and this is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:47:41, on 13/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\... Read more

A:Help! Windows Displays "system Error: Your Computer Was Infected By Unknown Trojan"

anyone?

4 more replies
Answer Match 107.1%

DANGEROUS ERROR! Attention (users name) Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted.This may lead to the destruction of important files in C:\WindowsDownload Protection Software now!Click OK to download the antispyware (Recommended)Yes / NoClicking either brings me to a website, with this message popping up again. Clicking no seems to produce another tab and another message, while yes brings me to another website without a popup. I get this message when I move around (ie go between folders) in My Computer.Scanned with TrendMicro (normal antivirus), found nothing. Trend was updated.I can't scan using online scanners I cannot access the internet without being shifted to the websites they want me to download from.My home page is still the same, on internet options, just that they keep intercepting me. Trusted Sites are empty. I have been downloading several anti viruses and shifting them over on a thumbdrive. (Thus, Step 5 in the preparation guide has been skipped, but I have Stinger, and Step 4)My HJ logs are Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:26:04 AM, on 9/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svcho... Read more

A:Dangerous Error! Attention (users Name) Some Dangerous Viruses Detected In Your System. Microsoft Windows Xp Files Corrupted.

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

1 more replies
Answer Match 105.84%

Please help me, I Found this website on google.com after a Popup with the title Critical error! keeps on popping up everytime i access my C: drive and internet explorer. The popup reads:

Attention, ! Some dangerous viruss detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now! Click OK to download the antispyware. (Recommended) and i have an option of clicking yes to download the software and no which opens up an internet explorer page to software's website which will try to convince me to download the software.

I have read some posts on this forums with the same problems and have done the 5 steps on the "5 Steps before posting a log" thread. I have attatched the Panda Activescan log as well as copied and pasted it below but i could not attach the Hijackthis log as the attach page says it is an invalid file and so, i just copied and pasted it below. Any help will be appreciated. I will try to check this thread for replies whenever i can. Thanks!

Activescan log attachment:ActiveScan.txt



Activescan log:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-14 20:52:01
PROTECTIONS: 1
MALWARE: 39
SUSPECTS: 7
;*****************************************************************************************... Read more

A:Help pls. Popup: Critical Error! Attention, ! Dangerous viruses detected in system...

BUMP, please

1 more replies
Answer Match 101.64%

Gotta another sick system I am needing help with. getting the pop up "Your system was infected by dangerous trojan Note: your critical files can be lost....." when i try to click on anything and have to click th epop up off before what i want comes up. Here are the requested logs attached to the post.

A:Your System Was Infected By Dangerous Trojan

Hello Hasledash, Gotta another sick system I am needing help withI see you posted on Apr 4 with a computer problem on another comptuer. Are you a company's IT department or computer shop?

5 more replies
Answer Match 101.64%

A quick scan of the internet shows that I am not the only one to get this during the last several days. When I try to access Control Panel > Fonts, I get a popup reading "System error! Your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download the anti-spyware program to clean your system! (Recommended)"

Then I get a message to the effect that Windows Explorer has encountered an error & must close. So I never get to Fonts.

What it wants to download, I gather, is the rogue antispyware program "Files-Secure." Of course, I haven't pressed the button to download it, but I can't get rid of the damned thing--AVG, A-Squared, Bit Defender, AdAware, SpybotS&D--and not one of them zaps it.

Here my log from SmitfraudFix, which I just ran:

SmitFraudFix v2.274

Scan done at 12:57:45.40, Fri 01/18/2008
Run from C:\Documents and Settings\Stephen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Av... Read more

More replies
Answer Match 101.64%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:38 PM, on 3/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Win... Read more

A:"Your computer was infected by unknown trojan" System Error

Hi Dr_Omels

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.

If this is a business computer or a computer from a work place then please advise your IT department of the concerning issues before commencing further.

Please follow these directions in the order they are set out for you.

On with the fix.....

Please download Malwarebytes' Anti-Malware from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is che... Read more

1 more replies
Answer Match 99.54%

Hi,

I got this error "Critical System Error! / System Alert:Trojan [email protected] " a few days ago. I had to select a Restore point in order to get back on the internet and now my computer is running excruciatingly slow. I ran Trend Micro Call, spybot, and a few others to try and get rid of the problem before I found this website. I have included the log as requested. Any assistance would be appreciated!!! Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:26 PM, on 12/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\... Read more

A:Critical System Error! / System Alert:Trojan [email protected]

Bump
 

1 more replies
Answer Match 99.12%

Hi,

This is my first post on the techsupportforum, so i go...

Recently I've been getting popup message when I'm using IE or I'm on my local hardrive, the message says:

Your computer was been infected by unknown trojan.

It's dangerous for your system (critical file can be lost)!

Click Ok to download the antispyware program to clean your System!

and then i click cancel.

------------------------

Here is the log. Extra is attached

Deckard's System Scanner v20071014.68
Run by Alex on 2008-03-21 10:13:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-03-20 23:13:12 UTC - RP91 - Deckard's System Scanner Restore Point
66: 2008-03-20 11:12:12 UTC - RP90 - Removed Personality Voices
65: 2008-03-20 11:11:38 UTC - RP89 - Removed Female Voice Pack
64: 2008-03-19 08:58:37 UTC - RP88 - System Checkpoint
63: 2008-03-18 08:28:58 UTC - RP87 - System Checkpoint


-- First Restore Point --
1: 2007-12-21 23:31:16 UTC - RP25 - Installed DirectX


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-21 10:16:11
Platform: Windows XP Service Pa... Read more

More replies
Answer Match 96.6%

Hello.I just got home from a three day trip, and when i turned on my comp the first thing that came popping up was this error screen: I have no ideas of its origins, i'm guessing my brother stumbled upon it somewhere, but it's here now and i'd very much like it not to be I've tried reading in on the subject, but without grater success. According to the information i've found i'm dealing with some sort of SmitFraud here?So now i humbly turn to you for help.Here are the first logs:MAIN.TXTDeckard's System Scanner v20071014.68
Run by kim on 2008-05-24 14:40:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
81: 2008-05-24 11:40:17 UTC - RP370 - Deckard's System Scanner Restore Point
80: 2008-05-24 07:08:36 UTC - RP369 - Removed SPYWAREfighter.
79: 2008-05-23 18:05:51 UTC - RP368 - Installed SPYWAREfighter.
78: 2008-05-22 13:34:30 UTC - RP367 - System Checkpoint
77: 2008-05-21 13:06:29 UTC - RP366 - System Checkpoint
-- First Restore Point --
1: 2008-02-24 17:06:54 UTC - RP290 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Tr... Read more

A:Error Message: Your System Is Infected By Dangerous Virus!

Hello mrrej89,Download FixIEDef.exe by ShadowPuterDude to the Desktop. Mirrors: Alternate official download locations for FixIEDef.exe http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe http://hosts-file.net/download/fixiedef/fixiedef.exe http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef http://archives.mysteryfcm.co.uk/?f=Securi...pyware/FixIEDef Double-click FixIEDef.exe, this will create a folder named FixIEDef on your Desktop. Double-click of the FixIEDef folder. NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender. WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process VISTA Users: Double-click on DisableUAC inside the FixIEDef folder and answer "Yes" if asked if you want to merge with the registry. After the script has finished double-click on EnableUAC.reg inside the FixIEDef folder to re-enable UAC. Answer "Yes" if asked if you want to merge with the registry. Locate FixIEDef.bat and double-click on it. VISTA Users: Right-click on FixIEDef.bat and select "Run as Administrator&q... Read more

2 more replies
Answer Match 95.76%

System Error: Attention, <NAME>, Some Dangerous Trojan Horses Detected In Your System.

Caught a Trojan Malware virus, leads me to a Anti-Virus scan site that wants my money. I ran a ComboFix log on it, and here's my current log:

ComboFix 08-06-20.4 - Owner 2008-06-29 23:09:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.648 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\My Documents\My Received Files\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\smp.bat
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.
2008-06-29 17:06 . 2008-06-29 17:06 <DIR> d-------- C:\Games
2008-06-29 17:06 . 2008-06-29 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-29 17:05 . 2008-06-29 17:05 <DIR> d-------- C:\Program Files\Resources Wizard
2008-06-29 16:43 . 2008-06-29 16:43 26,624 --a------ C:\WINDOWS\system32\xmlview.dll
2008-06-29 16:42 . 2008-06-29 16:42 26,624 --a------ C:\WINDOWS\system32\domview.dll
2008-06-29 16:17 . 2008-06-29 17:28 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-06-29 16:16 . 2008-06-29 16:43 1,682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-29 16:16 . 2008-06-29 16:43 56 -r-hs... Read more

More replies
Answer Match 94.92%

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

More replies
Answer Match 94.08%

How I think I received the infectionI was searching for a site where I could watch a program I missed on TV.From what I know, I never clicked anything consisting of ''download'' or ''run'',I think I simply got it by surfing through potentially malicious websites. ________________________________________________________________________________________________The virusI first encountered the virus by having an AVG window pop up telling me that I've been infected (I rolled my mouse over the buttons of the popup to check that it was legit)The AVG-antivirus detection name of the virus is Trojan Horse Dropper.generic_c.MMIThe object name is C:\Windows\System32\services.exeAVG couldn't remove it because it's inside of a critical system file_________________________________________________________________________________________________How I have tried to deal with itI searched the virus on google and came across a forum post relating to this virus specifically. Someone had been infected by it and was asking for help. In the end of the forum post someone had been able to remove it through the use offileASSASSIN, a tool inside of Malwarebytes anti-malware. I downloaded Malwarebytes and did a normal scan with it to test my luck. Malwarebytes did find the viruses. Malwarebytes ''removed'' the viruses and told me to restart the computer, but everytime I've restarted it and started a new scan the viruses are st... Read more

A:Infected with Trojan, critical system file.

Hello Jrav,Welcome to the forum.For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 ... Read more

48 more replies
Answer Match 93.66%

Every time I go to open my document folders I get the message: Attention, (name)! Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!
Click OK to download the antispyware. (Recommended)

Once I click NO, I'm lead to this site: http://fast-viruscanner.com/id/4912933/4/1/

How can I get rid of this bug??

My HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:56 PM, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Z... Read more

A:HELP! Error message: Attention! Some dangerous trojan horses detected in your system.

Please visit this webpage for instructions on installing recovery console and downloading/running ComboFix.

Post the log from ComboFix along with a new HijackThis log.
 

1 more replies
Answer Match 92.82%

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

UPDATE: It appears my I386 backup copy of the WINLOGON.EX_ was also infected: I used the Recovery Center at startup to expand this backup copy and replace the current infected one in the system32 folder. The virus was still detected in the same location by AVG. The only solution I can find is to replace the infected winlogon.exe files (along with the explorer.exe ones) with a legitimate copy from another computer. I must either acquire a new W... Read more

More replies
Answer Match 92.82%

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

UPDATE: It appears my I386 backup copy of the WINLOGON.EX_ was also infected: I used the Recovery Center at startup to expand this backup copy and replace the current infected one in the system32 folder. The virus was still detected in the same location by AVG. The only solution I can find is to replace the infected winlogon.exe files (along with the explorer.exe ones) with a legitimate copy from another computer. I must either acquire a new ... Read more

More replies
Answer Match 91.98%

hallomine name is lizaura and I am 35 years hold. I live in Holland and I have 2 children. I have a 17 year old daughter and a 13 year old son.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:32:57 PM, on 12/17/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\SurfRight\Caretaker\Notifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Users\lizaura\Program Files\BitTorrent_DNA\dna.exeC:... Read more

A:Infected Critical System Error

Hello lizaura, I am SifuMike and I will be helping you. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ***************************** Reconfigure Windows Vista to show hidden files: To enable the viewing of Hidden files follow these steps: Close all programs so that you are at your desktop. Access Control Panel. Click Folder Options. After the new window appears select the View tab. Put a checkmark in the checkbox labeled Display the contents of system folders. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. Remove the checkmark from the checkbox labeled Hide protected operating system files. Press the Apply button and then the OK button and shutdown My Computer. Now your computer is configured to show all hidden files.... Read more

2 more replies
Answer Match 91.14%

Hi!

I don't know what to do with these reports, actually I know nothing about computers but I try to do just something...

I did run Hijack this, SmitfraudFix (in safe mode and did registry cleaning), ewido, and Hijack this. Here are the reports:

Logfile of HijackThis v1.99.1
Scan saved at 13:06:05, on 7.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Media-Codec\isamonitor.exe
C:\Program Files\Media-Codec\pmsngr.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\FBM Software\ZeroSpyware 2004\NetGuard.exe
C:\Program Files\Media-Codec\pmmon.exe
C:\Program Files\Media-Codec\isamini.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\... Read more

A:trojan SPM/LX and critical system error

Welcome to TSG

Please navigate to Add/Remove Programs located in your Control Panel. Remove the following (if present):

Spywarefighter
Then, Delete the following Folder C:\Program Files\SPYWAREfighter

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only
Save it to your desktop

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

====================================================

Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spfprc.exe
O21 - SSODL: imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d} - C:\WINDOWS\system32\duxzj.dll

2. After checking these ite... Read more

3 more replies
Answer Match 88.2%

Hello All!..it's my first post trying to get help with this annoying pop up i have inherited on my computer.It keeps popping up stating 'Critical system error- trojan win32 agent AKK' it then asks you to download anti virus software..I have saved a Hijack this! logfile, (first time! heh!) and was wondering if anyone can help me find the problem.Cheers! KurskLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:13:17 PM, on 12/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre1.6.0_02\bi... Read more

A:Critical System Error Popup-trojan Win32 Agent Akk

Welcome to the BleepingComputer HijackThis Logs and Analysis forum KurskMy name is Richie and i'll be helping you to fix your problems.Please move HijackThis to a permanent folder on the hard drive such as C:\HJT. Create a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.If you need help,follow the info in the link below:http://russelltexas.com/malware/createhjtfolder.htmYou have ClamWin and AVG7 installed.Its not a good idea to have more than one antivirus program installed on your computer. Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.You should uninstall one of them now,then restart your pc.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have ... Read more

1 more replies
Answer Match 88.2%
Answer Match 87.78%

Thanks in advance!I downloaded a video codec (or so I thought) and since have been dealing with this. I'm comfortable with regedit, and would appreciate any guidance in getting rid of this thing!Here's my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:35:59 PM, on 12/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\... Read more

A:Critical Systems Error! Your Computer Was Infected By Trojan.

Hello herrgan, I am SifuMike and I will be helping you. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ***************************** Reconfigure Windows XP to show hidden files: Go to My Computer and double-click C. Go to the Tools menu and select 'Folder Options'. On the 'View' tab select 'show hidden files and folders' and deselect (uncheck) 'hide protected operating system files (recommended)'. Now your computer is configured to show all hidden files. ***************************** I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. How to disable TeaTimer during HijackThis CleanupWhen everything is done and your log is clean again, you can enable it again.Then, Download Reset... Read more

6 more replies
Answer Match 86.52%

My computer has been very slow to start up and is running slowly overall. The hard drive makes clicking sounds too often, even if I'm offline. I recently keep getting a pop-up that says, "Critical System Warning. Trojan.z10b - x.a" I have not clicked on the pop-up except to X out of it. I ran all of the programs you suggested as well as my anti-virus program and they have not come up with anything. When I scan my computer with my Panda anti-virus program, the scan for virus' box is grayed out and I can't fix that either, so I wonder if something got into my system. Something is not right, but I cannot find it. Please help! Thank you very much.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:16:25 PM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2004\TPSrv.exeC:\WINDOWS\syst... Read more

A:Do I Have A Viurs? Slow Computer And "critical System Warning. Trojan.z10b - X.a" Pop-ups.

Hello jmufroggie,Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 3. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firef... Read more

8 more replies
Answer Match 86.1%

An unknown Trojan (assuming due to the infections detected by AVG) has infected my pc. I am running XP, use Firefox to browse, and have AVG Free updated and full system scans run.

AVG is finding and cleaning programs, ("Fm9.exe", e.g.) but there are new ones each time I scan.

Symptoms include popup windows, and bogus "antivirus" download popups "antimalware" was one I saw.

I saw another post that mentions "whitesmoketoolbar", this is currently installed on this pc...is it the issue?

I can provide screen shots or whatever is most useful. Please let me know your questions.

THANKS FOR READING!
Jake

P.S. I've been trying to post to the Virus, Trojan, Spyware, and Malware Removal Logs, but it won't work...am I forbidden for some reason?

A:Infected with Unknown Trojan, causing popups, system instability

I think I put this in the wrong forum by accident. I am looking, but do not see a way to move it. Sorry for the inconvenience.
Thanks,
Jake

1 more replies
Answer Match 86.1%

I have a number of files in my system32 folder that I can't indentify and I believe they may be a trojan or worm of some sort. (shomw.exe, pmonntri.exe, oisen.exe, mdriverm.exe, lsi.exe, crnsaves.exe, cdp18073.exe, bdbase.exe, _intll.exe) They all have the same modification date. I have noticed by browser will launch on its' own at various times at boot. Norton has caught the following 3 files attempting to access the internet (bdbasew.exe, r50_qcxi.exe & M20ennuf.exe) which I blocked. Virus scanned has detected nothing. Do I have issues or just paranoid.

Thanks,
1C
 

A:Solved: Unknown System 32 files ~ Trojan or worm??

11 more replies
Answer Match 85.26%

This popup has been so annoying! If anyone could help me get rid of I'd really appreciate it. I downloaded HJT and have the log file here:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:54:03 PM, on 6/17/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\ISSVC.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exec:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS... Read more

A:your system is infected with dangerous virus

Hello andeethree, Sorry for the delay. We have many logs backed up. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender.After all of the fixes are complete it is very important that you enable Real-time Protection again.lease download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the res... Read more

2 more replies
Answer Match 85.26%

Please help if you can, Its my own fault i got this malware as i opened up a video which i shouldn't have. I havent used hijack this before so I hope i do it rightDeckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft? Windows Vista? Home Premium (build 6000)Architecture: X86; Language: EnglishCPU 0: AMD Athlon™ 64 X2 Dual Core Processor 5000+Percentage of Memory in Use: 40%Physical Memory (total/avail): 1981.88 MiB / 1179.33 MiBPagefile Memory (total/avail): 4182.39 MiB / 3190.91 MiBVirtual Memory (total/avail): 2047.88 MiB / 1926.92 MiBC: is Fixed (NTFS) - 222.78 GiB total, 166.24 GiB free. D: is Fixed (NTFS) - 10 GiB total, 5.99 GiB free. E: is CDROM (No Media)F: is CDROM (No Media)G: is Removable (No Media)H: is Removable (No Media)I: is Removable (No Media)J: is Removable (No Media)\\.\PHYSICALDRIVE0 - Hitachi HDT725025VLA SCSI Disk Device - 232.83 GiB - 3 partitions \PARTITION0 - Unknown - 54.88 MiB \PARTITION1 - Installable File System - 10 GiB - D: \PARTITION2 (bootable) - Installable File System - 222.78 GiB - C:\\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device\\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device\\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device�... Read more

A:Your System Is Infected With Dangerous Virus

I only just noticed there was a second part of the log....sorry about that!Deckard's System Scanner v20071014.68Run by Steve on 2008-04-21 00:54:22Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --18: 2008-04-19 12:50:58 UTC - RP52 - Scheduled Checkpoint17: 2008-04-18 08:14:13 UTC - RP51 - Windows Update16: 2008-04-17 17:16:57 UTC - RP50 - Windows Update15: 2008-04-17 09:58:22 UTC - RP49 - Scheduled Checkpoint14: 2008-04-16 09:43:45 UTC - RP48 - Windows Update-- First Restore Point -- 1: 2008-04-06 11:29:41 UTC - RP35 - Windows UpdateBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Steve.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:55:38, on 21/04/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Windows\System32\rundll32.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Windows\ehome\ehtray.exeC:\Program Files ... Read more

3 more replies
Answer Match 85.26%

Hello everyone, i need urgent help. First of all i dont know if this is the right forum for this but i have an unknown trojan i need to get rid of ASAP. Everytime i want to open something new a pop up comes up saying system error unknown trojan and they recommend downloading a program. What do i have to do in order to get rid of it. Please Help!!

A:System Error Unknown Trojan

Hello emanuel_v19From what you describe, it sounds like a scare tactic to goad you into purchasing a bogus removal program. There are many such rogue applications which utilize such tactics. Can you provide more specific info as to what the full error message says?What OS (Win XP, XP SP1, XP SP2/2000, etc) are you using? What type of anti-virus are you using? Have you performed any anti-spyware scans? Have you tried doing your scans in "Safe Mode"? Are you doing scans while logged into the "Administrator Account" or an "account with administrator privileges"?

7 more replies
Answer Match 85.26%

Hi,

This is just like the other guys thread but my OS is Vista basic home edition. I want to know if I can follow the same proceedure or advise by Pancake. I am a complete newbee and doesn't know much about computer so please bear with me. I have a spysweeper and did all cleaning or scan but to no success.


PHP Code:



Please download the OTMoveIt by OldTimer

Save it to your desktop
.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them 
and pressing CTRL (or, after highlightingright-click an... Read more

More replies
Answer Match 84.84%

I got another call from my Dad today. After cleaning his computer completely last month with help from BleepingComputer.com there is another problem so I went to check it out. I can't believe it.

Now on startup a fake system scan runs with many warning of I/O errors and critical hard drive problems. It tries to take you to file-recovery-system.com to buy something. Obviously it is a virus/hijack. I searched on the web for fixes and was able to use RKill.exe to at least stop the process and the warnings. I tried to install MBAM but the install failed twice, I get a permission denied warning. I tried to install after restarting in safe mode, but had the same access denied at the end of the install.

Computer is Windows 7. I am posting from my clean computer since the browser redirects on his computer make it almost impossible.

A:file-recovery-system.com takeover, critical system error warnings

Boot into safemode with networkingDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

28 more replies
Answer Match 84.42%

Greetings, I made the mistake of allowing an Active-X code to run in IE7. (Went brain-dead for a second.) Don't know what this popup is called but the full text is: "System error Your system is infected with dangerous virus! Note: Strongly recommend to install antispyware program to clean your system and avoid total crash of hour computer! Click OK to download the antispyware. (Recommended)" It pops up 3 times while IE7 is loading my home page. It pops up 2 out of 3 times when double-clicking on My Computer. When I double-click on My Docs, it does not. It shows up at other odd places. When you search for anything in the Google search toolbar, the 2nd and 3rd entry are obviously supplied by the malware. 2) Error - your computer was infected etc etc. 3) You Tube - Porn - Watch now. I have never clicked on OK or these bogus Google search results. I have run Kasperski 7.0 full system scan many times. No threats are ever detected. A few general questions before I post the logs. 1. I have an attached USB drive for data. Do these things infect attached drives that are data only? 2. Why doesn't Kaspersky 7.0 ever find anything? 3. What causes System Restore not to work? What a disappointment! I went back as far as I could go. How do I make it work in the future? 4. I have turned on Kaspersky Proactive Defense and have blocked all suspicious activity, the Internet Explorer finally runs without popups... Read more

A:"your System Is Infected With Dangerous Virus..." Popup

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. You are running an older version of Java. This can be a security risk so let's get you the latest version.Upgrading Java:Download the latest version of Java Runtime Environment (JRE) 6 Update 6.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".Click on Continue.Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..Close any programs you may have running - especially your web browser.Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java version.Reboot your computer once all Java components are removed.Then from your desktop double-click on the download to install the newest version.Please post a new log from DSS.

6 more replies
Answer Match 84.42%

Hi all I would welcome your consideration of the following log(s).BASELINE HIJACKTHIS LOG (PRE-CLEAN)DECKARD'S SYSTEM SCANNER (main.txt)HIJACKTHIS LOG (POST-CLEAN)I have also attached a small JPG file which is a copy of the offending pop-up (image).So far I have used the following tools in an attempt to clean my system of this malware.Spybot, AVG Ant-spyware 7.5 Freeversion, DSS, CUREIT, UNDOFIX, PROVW21, CCLEANER v2.06,567 (current version)Thank-you for your assistance.RegardsAlan========================================================================BASELINE HIJACKTHIS LOG (PRE-CLEAN)--------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:57:43 PM, on 15/04/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Rundll32.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_05\bin... Read more

A:***** "your System Is Infected With Dangerous Virus!" Popup *****

Hello plshelpme2,Download FixIEDef.exe by ShadowPuterDude to the Desktop. Mirrors: Alternate official download locations for FixIEDef.exe http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe http://hosts-file.net/download/fixiedef/fixiedef.exe http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef http://archives.mysteryfcm.co.uk/?f=Securi...pyware/FixIEDef Double-click FixIEDef.exe, this will create a folder named FixIEDef on your Desktop. Double-click of the FixIEDef folder. NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender. WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process VISTA Users: Double-click on DisableUAC inside the FixIEDef folder and answer "Yes" if asked if you want to merge with the registry. After the script has finished double-click on EnableUAC.reg inside the FixIEDef folder to re-enable UAC. Answer "Yes" if asked if you want to merge with the registry. Locate FixIEDef.bat and double-click on it. VISTA Users: Right-click on FixIEDef.bat and select "Run as Administrato... Read more

2 more replies
Answer Match 84%

MY computer keeps popping up this System Error! saying:

"Your computer was infected by unknown trojan. It's dangerous for system.

Click OK to download the antispyware program to clean your system (Recommended)"

Need help removing this trojan. Help!!!

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:40 PM, on 3/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsyn... Read more

A:System Error keeps popping up! Unknown Trojan. Help?!

I cant see any problems in the log..

Ok.We need to download ComboFix.exe. This will give a better view to what is running on your computer.

Please visit this webpage for download links, and instructions for running the tool


When the tool is finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

1 more replies
Answer Match 84%

My computer keeps popping up this System Error! saying:

"Your computer was infected by unknown trojan. It's dangerous for system.

Click OK to download the antispyware program to clean your system (Recommended)"

Need help removing this trojan. Help!!!

Here is the DDS main.txt log (extra.txt is attached):

Deckard's System Scanner v20071014.68
Run by Derek on 2008-03-13 00:18:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
26: 2008-03-12 22:58:27 UTC - RP27 - Restore Operation
25: 2008-03-12 22:50:41 UTC - RP26 - Restore Operation
24: 2008-03-12 22:30:25 UTC - RP25 - Windows Update
23: 2008-03-11 02:57:24 UTC - RP24 - Installed Ad-Aware 2007
22: 2008-03-11 02:46:00 UTC - RP23 - Device Driver Package Install: Symantec Network Service


-- First Restore Point --
1: 2008-02-29 02:45:05 UTC - RP2 - Scripted restore


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Derek.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:05 AM, on 3/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indic... Read more

A:System Error keeps popping up! Unknown Trojan. Help?!

Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should NOT have any open browsers when you are following the procedures below.

Download AVG Anti-Spyware at http://www.ewido.net/en/download/ and install it.
- Locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the Update icon, then select the Update now link.
- Next select the Start Update button. The update will start and a progress bar will show the updates being installed.
- Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
- Once in the Settings screen click on Recommended actions and then select Quarantine.
- Under Reports, select Automatically generate report after every scan.
- Unselect Only if threats were found.

Close AVG Anti-Spyware. Do not run a scan just yet.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1. Don't run it yet.

Download SmitfraudFix at http://siri.urz.free.fr/Fix/SmitfraudFix.zip and extract the content (a folder named SmitfraudFix) to your desktop. Do not run it yet.

Restart your computer and boot into Safe Mode. If you don't know how, go to http://www.bleepingcomputer.com/tuto...utorial61.... Read more

1 more replies
Answer Match 83.58%

Hi, i have no idea what's goin on with my computer. I came home and I see a new icon on the system tray. I'm not the only one that uses this computer so it could be something someone downloaded. It's flashing with an exclamation mark and and balloon that says that I have critical system errors. Here is my HJT Log...

Logfile of HijackThis v1.99.1
Scan saved at 11:54:13 PM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:... Read more

A:critical system error popups from system tray

You do have Smitfraud so we need to do the following:

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report ... Read more

3 more replies
Answer Match 82.74%

I need a little help.

Getting Error:
Your Computer was infected by unknown Trojan. Its Dangerous for your system (Critical Files can be lost)
Click OK to Download the antispyware Program to clean your system!

I have ran Norton and Spybot and I am still unable to to find and remove this.

A:ERROR 'Your Computer was infected by Unknown Trojan'

Hi damon4105,

Have you taken the time to familiarize yourself with the following sticky before posting?

(Updated!) IMPORTANT - Read This Before Posting A Log

Please go through the 5 steps outlined in the link below and post back the requested logs in this thread.

1 more replies
Answer Match 82.74%

Deckard's System Scanner v20071014.68Run by Umair on 2008-07-03 11:46:28Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-07-03 05:46:35 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 80% (more than 75%).Total Physical Memory: 254 MiB (512 MiB recommended).-- HijackThis (run as Umair.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:48:54, on 03/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Network Associates\VirusScan\Avsynmgr.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\Explorer.EXEC:\MDaemon\WebAdmin\... Read more

A:Some Dangerous Trojan Horses Detected In Your System Please Download

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new DSS log

2 more replies
Answer Match 81.9%

Hi guys

I've been having minor problems with my laptop for a few months now (slow to shut down etc) but didn't think it was anything serious until I started getting alerts that some system files were infected by a Patch El trojan or something...

I've been using ESET Smart Security and MalwareBytes. MWB reckons nothing is wrong whereas ESET detected 65 infected files. They cleaned 4 of them but left out the others.

I am coying my log here in case people can make sense out of it and perhaps help me out?! that would be awesome.

Here is the Scan log. It's quite long so...

>>>> Please SKIP if irrelevant <<<<

Scan Log
Version of virus signature database: 5103 (20100510)
Date: 10/05/2010 Time: 23:07:30
Scanned disks, folders and files: C:\
C:\pagefile.sys - error opening [4]
C:\DELL\drivers\R114079\Lang\ESN\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R114079\Lang\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R114079\Lang\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R114079\Lang\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R153830\Graphics\LANG\HDMI\esp\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R153830\Graphics\LANG\HDMI\ita\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R153830\Graphics\LANG\HDMI\ptb\license.txt » MIME - is... Read more

More replies
Answer Match 81.9%

Every time I go to open my document folders I get the message: Attention, (name)! Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!
Click OK to download the antispyware. (Recommended)

Once I click NO, I'm lead to this site: http://fast-viruscanner.com/id/4912933/4/1/

++++++++++++++++++++++++++++++++++++++++
if you got this error (it success)
go to this web http://www.windowsbbs.com/showthread.php?t=74202
or download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

lookpom : thailand
 

More replies
Answer Match 79.8%

Logfile of HijackThis v1.99.1
Scan saved at 6:12:16 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\XP User\Desktop\HijackThis.exe

R3 - Default URLSearc... Read more

A:I seem to have aquired the "Critical System Error" Trojan

8 more replies
Answer Match 78.96%

I've been getting a System Error pop-up that reads:Your computer was infected by an unknown Trojan. It's dangerous for your system (critical files can be lost)! Click ok to download the antispyware program to clean your system. (Recommended) There was an icon on my taskbar that looked like the windows update icon and when I clicked on it I was taken to a site for Virus Heal. The icon is gone but I'm still getting this pop-up continually. I have AT&T Anti virus Suite which includes antispyware, and a firewall. I've downloaded and ran all of the programs listed on the page concerning what to do before you post a Hijackthis log. I'm going insane, PLEASE HELP. Thank you Madec68. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:58:37 PM, on 1/31/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\ZoneLabs\vsmon.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINNT\system32\cisvc.exeC:\Program Files\Co... Read more

A:Infected With A Trojan? System Error Pop-up

Hello and Welcome to Bleeping Computer.

I'm EnigmaChick and I will be assisting you with your malware problem today.

Please give me some time to analyze your log, and I will post back with instructions.

20 more replies
Answer Match 77.7%

Hi there, this is my first post as I'm pretty new. I really hope you guys can help me sort this out, as I've searched everywhere for a solution and I'm really starting to panic, as I have no clue about this sort of thing.Ok so a couple of days ago I was just browsing the internet, on msn etc. as you do when this fake virus scan popped up, along with a cmd window. I noticed system32 in the cmd window and a message popped up saying something along the lines of 'do you want to enable antivirus software?'. I tried clicking no because I thought it was fake, the blue screen popped up and my laptop proceeded to turn itself off.I got worried when I turned it back on, and the same thing popped up as soon as I logged on: Fake scan -> Blue screen -> restart. So I managed to boot it up in safe mode. Now my subscription to Windows Live OneCare had run out, but usually it quarantines threats for me as and when I get them. For whatever reason, it would not let me run this in safe mode. NB - at this point I still had a task bar, could still browse files and programs from the start menu and using explorer. So, I thought to myself I would try and System Restore, as this usually resolves problems. I tried running System Restore but kept getting error messages saying that it had been disabled by group policy. I then proceeded to search the internet for a solution. As my version of Vista is home edition, it did not have a group policy editor, so I had to use the Registry... Read more

A:After being infected w/ Trojan.Bamital + others explorer.exe is not running, can't browse files, can't system restore,...

Hello,let's try getting some logs in safe mode.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkil... Read more

16 more replies
Answer Match 76.86%

My sister told me her computer got infected with a virus this morning. I checked recent downloads and found 3 entries for this morning:

Install-d2c795_02018-6.exe 7/25/09 8:43 AM (pacific time)
Install-9dc04_02018-6.exe 7/25/09 8:45 AM
Install-5920_02018-6.exe 7/25/09 8:56 AM

Getting a bubble popup from the icon tray in the bottom right. The icon is for a program called "Personal Antivirus"

"Critical system warning! Your computer is infected with version of Trojan.Win32.Agent.Azsy..."

There are other popups coming up randomly from the icon tray for other infections as well.

--------------------------------
DDS (Ver_09-06-26.01) - NTFSx86
Run by Sandy at 12:52:03.25 on Sat 07/25/2009
Internet Explorer: 7.0.6000.16851
Microsoft? Windows Vista? Home Basic 6.0.6000.0.1252.1.1033.18.2037.1016 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SL... Read more

A:Critical system warning (trojan / pw steal)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 76.86%

Have "Critical System Errors! pop up message in my Task Bar system tray(next to clock) according to forum this is "VirusBurst Fake alert". I tried the Automated Removal Instructions to remove, but did not work. I have also completed "Preparation Guide for use before posting a HijackThis Log" and HijackThis log follows. Thank You Logfile of HijackThis v1.99.1Scan saved at 8:04:25 PM, on 10/31/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Sony\Giga Pocket\shwserv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeac... Read more

A:Infected W/ -critical System Errors!- Pop Up In Task Bar Next To Clock

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download SmitfraudFix (by S!Ri) to your Desktop.Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.=======================Please download AVG Anti-Spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do not run a scan yet!========================Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is... Read more

10 more replies
Answer Match 76.86%

My PC was infected w/ VirusBurst or VirusBursters... fake "Critical System Errors" alert pops up from lower right side of taskbar; program took over IE home page & directed browser to "Internet Security" page. Apparently also caused infection with Trojan.Emcodec, perhaps others.I've run Norton Antivirus, Trend Micro Anti-Spyware, Ad-Aware SE, SpyBot Search & Destroy, Trend Micro HouseCall, and Bit Defender. (I ran each twice, except Bit Defender only once.) I ran McAfee Stinger. Installed Zone Alarm firewall. Win XP SP2 has had autoupdate activated for some time, and is up-to-date. IE now starts up at my default home page (i.e., it does not go to the phony site). All the various scans are now clean. I think the viruses and spyware are gone, EXCEPT that the icon in the right hand side of taskbar is still present. This icon switches between a yellow "X" and a yellow "?". Periodically, a warning alert pops up with title "Critical System Errors" and message "System detected virus activities. They may cause critical system failure..." If you click on this Alert message balloon it opens IE browser to web page for "Internet Security" which purports to sell antimalware software.I don't know how to remove the task tray icon and its alerts, and I don't know if there is any spyware or malware still present (altho scans seem to indicate they're gone).Following is my HijackThis log.Thank you for your hel... Read more

A:Virusbursters? Infected With Fake "critical System Errors"

Hello PTGuy,Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

12 more replies
Answer Match 76.02%

Greetings.

I am experiencing constant pop-ups in IE and in my lower bar. pop-ups are telling me to download software from links in the pop-ups.
pop-up states the following message: "Critical System Warning! or System Alert: Trojan-Spy.win32.mx"

I have followed your "5 Steps".

Active Scan log:

Incident Status Location

Virus:W32/P2PSimple.C.worm Disinfected Operating system
Virus:Trj/Agent.HBA Disinfected Operating system
Potentially unwanted tool:Application/Processor ... Read more

A:Constant Pop-ups: critical system warning, [email protected]

here is the rest of the log information:

Here is the DSS main.txt log:
[/B]
Deckard's System Scanner v20071014.68
Run by SaraVC on 2007-11-16 12:27:35
Computer is in Normal Mode.
------------------------------------
-- System Restore ---------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
5: 2007-11-16 20:27:38 UTC - RP234 - Deckard's System Scanner Restore Point
4: 2007-11-15 22:32:37 UTC - RP233 - Removed Maya 7.0
3: 2007-11-15 22:30:37 UTC - RP232 - Removed Google Toolbar for Internet Explorer
2: 2007-11-15 01:48:28 UTC - RP231 - Software Distribution Service 3.0
1: 2007-11-14 21:49:48 UTC - RP230 - Restore Operation

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-16 12:28:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\C... Read more

19 more replies
Answer Match 76.02%

Just found this on my dad's pc and it's been giving me a real headache. I've googled about and tried all of the stuff i found, to no avail, norton's not detecting anything and i've deleted the directory it had installed itself under Program Files\Files-Secure but it's still popping up on outlook, IE, or explorer.exe

thanks for help in advance
Anyway, here's a hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:32, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Sha... Read more

A:Solved: unknown trojan - “Your computer was infected by unknown trojan”

here's a screenshot of it
 

3 more replies
Answer Match 75.6%

Hello! Earlier today, my AVG resident shield began detecting viruses in my critical system files. What will happen, is I will get a popup, when I open anything, such as firefox, msn, a desktop folder, etc. I will get a lot of notices for winlogon.exe, services.exe, explorer.exe and so on. It says that I have a "Trojan horse Win32/PEPatch.AO" and the result is "Object is white-listed (critical/system file that should not be removed)

As of right now, nothing seems to be acting any differently, minus the ANNOYING virus popups. I did check msconfig though and noticed a new rundll file that loads at startup and is called "ivabaliko" It also shows up in the task manager as rundll32.exe

My computer is running with Windows XP.

Ran a HJT scan and this is what showed up:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:41 PM, on 4/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile De... Read more

A:AVG detecting multiple threats on critical system files.

12 more replies
Answer Match 75.6%

I am using Windows 7 Home Premium 64 Bit

I have custom Libraries, and back them all up to a 500GB external hard drive. I use the built in Windows Backup and Restore Utility. All of a sudden when I try to perform a backup, I get this error -

A:[SOLVED] Critical BitLocker System Files Missing

Bump, anything?

I have a Windows 7 Home Premium OEM disk. Can't I copy the file from the disk to my hard drive?

13 more replies
Answer Match 75.18%

Can anyone help me solve the problem.Here is my hijeckthis log Logfile of HijackThis v1.99.1Scan saved at 7:36:15 PM, on 10/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeC:\Program Files\Photodex\CompuPicPro\ScsiAccess.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\svchost.exec:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXEC:\Program Files\MMediaCodec\isamonitor.exeC:\Program Files\MMediaCodec\pmsngr.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\MMediaCodec\pmmon.exeC:\Program Files\ScanSoft\OmniPag... Read more

A:Critical System Error!

Hi Abba Cohen and Welcome to the Bleeping Computer!Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

6 more replies
Answer Match 75.18%

This one?s lengthy and I hope not challenging for you guys. I am indebted for you previously getting me out of a fix with another computer of mine and am hoping you can help me with this problem.I have and have run repeatedly Norton, AVG super anti spyware free edition, Ad Aware 2007, Ad Aware SE Personal, CW Shreder and Spybot S&D to no effect.Here are, in great detail, the error messages I have been receiving:A balloon pops up from the tray attached to the yellow emblem w/the exclamation point advising: Your computer might be at risk*Latest software updates not installed*Incorrect files association*System appears to hang*Firewall has errorsClick balloon to fix the problemThen another balloon from the tray attached to the red emblem with the x on it will pop up advising:Tracking process is activated**ADDRESS: 0x10A3007BCan?t deactivate spyware program.Click baloon to fix the problemAnd finally the third balloon from the tray emblem with the four colors (red, green, blue, yellow) advising:Explicit content is detected:Further, I receive grey window pop ups :Your system is unstable.A problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer, Kernel32x.SYS ? Address 0xA73C20AE, error code Co2100, DateStamp 56b836A3, Kernel Debugger on port: COM3 (Port 0x19f, Baud rate 9201) If I click on any of the emblems, a web browser attempts to open and when I close it, the emblems disappear. I also receive this windows prompt:You h... Read more

A:Critical System Error

Yes, crj17.... you are infected with a variant of 'fake alert'/Zlob, also known as Smitfraud.Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php(If running Vista: Right click on it and choose "Run as Administrator") Click 'Do a System Scan and Save logfile'.The HJT log will open in notepad. Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

3 more replies
Answer Match 75.18%

So my computer was attacked by virus or trojan. It always pop up the windows that say your computer was infected by Hijacker, and those kind of stuffs. I download the Hijackthis and romove all of those virus, but still on my taskbar still have the Critical System Error flashing )near by the clock) and say click here to download the available software to protect your computer and something like that. When I click it, the VirusBurst pop out on the webpage. So I wanna know if you guys can help me to make that website or to remove this Critical System Error... I really thank for your help.And this is the Logfile that I coppy from the notepad that appeared after using Hijackthis.Logfile of HijackThis v1.99.1Scan saved at 4:17:17 PM, on 9/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ACS.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Sha... Read more

A:Help Plz! Critical System Error

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.You are using the LimeWire and BearShare p2p file sharing program.This is not technically malware by itself, but it installs malware in order to run properly.It also opens the door for every other nasty program you can think of. I strongly recommend that you remove it from your computer.Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/I suggest you remove the program now. Of course if you decide to keep it, it's not a problem.Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:LimeWireBearShareThis is another article you can read:http://www.cexx.org/adware.htmRun HijackThis.On the first menu, click... Read more

10 more replies
Answer Match 75.18%

I recently got a message stating "Critical System Error! System detected virus activities. They may cause critical system failure. Please use a malware software to clean and protect your system from parasite programs. Click here to get all avialable software." This is in a red border box with a question mark symbol/do not enter symbol flashing. Also, a pop up stating "System integrity scan wizard" needed.

I had an outdated verison of McAfee and click on update which led me to WinAntirusPro 2006, which was added to my system. I also have PestTrap, which I think is worthless and wish to uninstall. WinAntivirisPro 2006 may not be very good either.

I want to get rid of the blinking "Critical System Error" indicator. My system is running slower than usual (virtual memory) too. I have Mediacom broadband.

Thanks for information and time given to my situation.
 

A:Critical System Error!

16 more replies
Answer Match 75.18%

My computer seems to have been infected by some kind of nasty. I have used Trend Micro - Housecall and cleared some infections but still keep getting a Critical System Error notice in my taskbar which reads,

"System detected virus activities. They may cause critical system failure, Please use antimalware software to clean and protect your system from parasite programs. Click this balloon to get available software."

When clicking for more information I am taken to the website for "Virusburst" I know nothing of this site and suspect that this may be the very spyware/adware/malware that I am trying to rid myself of. Any advise appreciated.

Using XP home SP2

Should I run and submit a HijackThis Log?
 

A:Critical System Error

pilotbob said:

My computer seems to have been infected by some kind of nasty. I have used Trend Micro - Housecall and cleared some infections but still keep getting a Critical System Error notice in my taskbar which reads,

"System detected virus activities. They may cause critical system failure, Please use antimalware software to clean and protect your system from parasite programs. Click this balloon to get available software."

When clicking for more information I am taken to the website for "Virusburst" I know nothing of this site and suspect that this may be the very spyware/adware/malware that I am trying to rid myself of. Any advise appreciated.

Using XP home SP2

Should I run and submit a HijackThis Log?Click to expand...
Yes by all means...
 

2 more replies
Answer Match 75.18%

Here's my HJT log, I have got the Critical System Icon in bottom right....... Can anyone help.Logfile of HijackThis v1.99.1Scan saved at 20:23:37, on 17/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\MMediaCodec\isamonitor.exeC:\Program Files\MMediaCodec\pmsngr.exeC:\Program Files\MMediaCodec\pmmon.exeC:\Program Files\MMediaCodec\isamini.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\SOUNDMAN.EXEC:\Apps\Powercinema\PCMService.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Adobe\P... Read more

A:Hjt Log - Critical System Error

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups.If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder.How do you make a permanent folder:Click "My Computer", then "C:\" and then on "Program Files".In the menu bar, "File"->"New"->"Folder".That will create a folder named "New Folder", whic... Read more

5 more replies
Answer Match 75.18%

Hello administrator, I was wondering if i could receive a little bit of help in eradicating a pesty problem that I have.i have an alternating blink between a green (wheelchair picture found in control panel) and a red (it looks like a stop smoking circle with a line drawn through it) icon. whenever my computer starts up, it is the first item to load into my lower right hand corner taskbar where the clock is. and a message pops up right above the clock area stating exactly: critical system error!system detected virus activities. they may cause critical system failure. please, use antimalware software to clean and protect your system from parasite programs. click here to get all available software.Logfile of HijackThis v1.99.1Scan saved at 9:16:11 PM, on 5/17/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\... Read more

A:Critical System Error!

Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

5 more replies
Answer Match 75.18%

Hey guys, I did a logfile of my computer and now I'm trying to fix my friends. He has a "Critical System Error" encouraging him to buy software.. hmm.. never any anti-virus I have ever heard of. I ran spybot but that didnt do anything. He is running some downloaders so he might have gotten it from that.. little bit of help please?

Logfile of HijackThis v1.99.1
Scan saved at 3:01:48 PM, on 5/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\pudge\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software... Read more

A:Critical System Error...except its not...?

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

A. Please download the trial version of Ewido anti-malware from here:
http://www.ewido.net/en/download/Install Ewido anti-malware.
When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
The program will prompt you to update. Click the Ok button.
The program will now go to the main screen.
You will need to update Ewido to the latest definition files.On the left-hand side of the main screen click the Update Button.
Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.


B. Reboot your computer in Safe Mode.If the computer is running... Read more

1 more replies
Answer Match 75.18%

I've some sort of a virus on my computer and i cant run any antivirus softwares nor spyware.. whenever i run those softwares, the computer shutsoff automatically. please help :s

Logfile of HijackThis v1.99.1
Scan saved at 12:32:22 AM, on 30/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Real\Update_... Read more

A:Critical System Error!

7 more replies
Answer Match 75.18%

Logfile of HijackThis v1.99.1Scan saved at 1:50:44 PM, on 10/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\Creative\Shared Files\CAMTRAY.EXEC:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\i... Read more

A:Critical System Error

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download SmitfraudFix (by S!Ri) to your Desktop.Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.=======================Please download AVG Anti-Spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do not run a scan yet!========================Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is... Read more

2 more replies
Answer Match 75.18%

I have either a virus or malware attached to my system. There is a Question Mark and "X" that keeps flashing on the bottom right task "start up" bar. I completed the hijackthis steps and have run hijackthis for your review. Thank youLogfile of HijackThis v1.99.1Scan saved at 10:14:06 PM, on 10/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:&... Read more

A:Critical System Error!

What is disabled in msconfig - startupYou should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results fro... Read more

6 more replies
Answer Match 75.18%

Hallo,
I have icon on my main toolbar which is still shows balloon with text, that my computer is infected and it offers me programs for remove it.

Here is my Hijackthis, thanks:

Logfile of HijackThis v1.99.1
Scan saved at 11:49:07, on 20.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Max PC Secure\MaxSpyDetector\SDSystemTray.exe
C:\WINDOWS\system32\MaxSecureTray.exe
C:\Program Files\Max PC Secure\MaxSecure... Read more

A:critical system error

Hi vakoveverka

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd


Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.


Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to f... Read more

3 more replies
Answer Match 75.18%

Hi, I am getting a flashing icon saying i have critical system errors. I have done scans with zone alarm, ewido, spybot but nothing comes up. I tried virus bursters and got Money Tree - Win 32.TrojanClick.Spywad.b - SPY.Html.Smitfraud.c - Smitfraud.g

I have run in safe mode using all the scans i can send a hijack this log if it will help but not sure where to send it.
 

A:critical system error help

14 more replies
Answer Match 75.18%

Hi there, I`ve read your post zhen you helped the guy zith this spyware. It is just i have(had perhaps) it to and I follozed every step of this post http://forums.techguy.org/security/518452-solved-help-critical-system-error.html
I've installed the java update after I fully deleted the old one. I used smitfraud to search and in safe mode clean the registry. I ran a hijack scan and this is the output:

Logfile of HijackThis v1.99.1
Scan saved at 20:31:55, on 23-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Ima... Read more

A:Critical system Error

9 more replies
Answer Match 75.18%

Hello people I have a virus can someone please help.here is my hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 7:52:25 PM, on 11/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\iVideoCodec\isamonitor.exeC:\Program Files\iVideoCodec\pmsngr.exeC:\Program Files\J... Read more

A:Critical System Error!

Please download SmitfraudFix (by S!Ri) to the Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zipExtract the files to the Desktop A folder named SmitfraudFix is created. We?ll use this program shortly.~~~~Start the computer in Safe Mode :-When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. -Select the option for Safe Mode using the arrow keys.-Press Enter to boot into Safe Mode. ~~~~Open SmitfraudFix Double-click smitfraudfix.cmd Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. The tool also checks if a relevant file, wininet.dll, is infected. You may be prompted to replace the infected file (if found).Replace infected file? Answer Y (yes) and hit Enter to restore a clean file. ~~~~Restart the computer to complete the removal process.~~~~Please post the SmitFraudFix report located at C:\rapport.txt , and a new HijackThis log.

1 more replies
Answer Match 75.18%

Hello everyone, I keep getting a pop up that says i have been infected with the Trojan.win32.Agent.akk virus and must download a spyware program. Can anyone help me remove this trojan? thanx a lot.

A:Critical System Error

Use the Smitfraudfix tool in the link below.http://siri.urz.free.fr/Fix/SmitfraudFix_En.phpImportant==Follow up with SAS. Download and Install Super Antispyware free. Reboot and run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/How to Start Windows in Safe Mode:http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/ Post back with results of scans and for further instruction.

10 more replies
Answer Match 75.18%

Logfile of HijackThis v1.99.1Scan saved at 11:26:55 a.m., on 07/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Archivos de programa\LANDesk\Shared Files\residentagent.exeC:\Software\System Manager\BIN\ssm.exeC:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Software\System Manager\BIN\modemview.exeC:\Archivos de programa\Norton AntiVirus\navapsvc.exeC:\Archivos de programa\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\RTHDCPL.EXEC:\... Read more

A:Critical System Error!

Searching in this forum, i find the solution. Plese read this post:http://www.bleepingcomputer.com/forums/ind...al+System+Error!

3 more replies
Answer Match 75.18%

Hello

My system was attacked with some virus and currently the message critical system error pops up often.My OS is Windows XP.And I think I got this problem while trying to download some software.When ever I try to click the CRITICAL Error it takes me to VIRUSBLAST softwares and asks me to buy them.Trying to search in the forums for similar problems,I found to use SmitFraudFix and here is the text I got from that.Can anybody help me before my system crashes..and Thank you.

SmitFraudFix v2.110

Scan done at 19:53:38.78, 10/16/2006
Run from C:\Documents and Settings\Subash Chandra Bose\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dpfwu.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Subash Chandra Bose
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Subash Chandra Bose\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM... Read more

A:Critical System Error !!

14 more replies
Answer Match 75.18%

Logfile of HijackThis v1.99.1Scan saved at 10:11:07 PM, on 10/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exec:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1135570678\ee\services\safetyCore\ver2_5_4_1\aolavupd.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\mcafee.com\personal firewall\MPFService.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Panda Software&#... Read more

A:Critical System Error Pop Ups

Help!!!! I HAVE RUN ANTI VIRUS AND ANTI SPYWARE AND I AM STILL INFECTED. DON'T KNOW WHAT ELSE TO DO!!!! I HAVE 2 ICONS BY THE TIME THAT SAY THAT I HAVE SOME TYPE OF CRITICAL SYSTEM FAILURE WHEN I CLICK ON THE BALLOON IT TAKES ME TAKES ME TO SOME WEBSITE TELLING ME TO BUY THIER SOFTWARE I HAVE RAN ALL KINDS OF SCANS AND HAVE DELETED THE SPYWARE AND IT KEEPS SHOWING UP!!!!Logfile of HijackThis v1.99.1Scan saved at 9:29:01 AM, on 10/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exec:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0&... Read more

6 more replies
Answer Match 75.18%

Hello! I'm new to this forum and I'm having the same problem as gratenana did regarding Critical System error! Warning!!! The system is restored after critical error. Error code is 0x01FFEFAC. System Safety critically lowered now. Install System Error Fixer and Trusted Antivirus now? It then has a yes and no button. I hit no and my desktop (everything except the background) disappears.

I have downloaded HiJackThis and below is the log file. What should I do next? Please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:40 PM, on 10/18/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.000\shell.exe
C:\WINDOWS.000\System32\atiptaxx.exe
C:\WINDOWS.000\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\sj655\hpupdate.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS.000\System32\WinAvXX.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\G... Read more

More replies
Answer Match 75.18%

my windows management instrumentation is damaged.i know this because when i go to the network connection advance tab,it says"Windows cannot display the Properties of this connection. The Windows Management Instrumentation (WMI) information might be corrupted.

To correct this, use System Restore to restore Windows to an earlier time (called a restore point). System Restore is located in the System Tools folder in Accessories."but when i click the system restore,is starts but the page is just white.i discovered this happen also to the search utility,system information(dont start not even once when i click it),and the help and support(also dont show any response after clicking it).any response is greatly appreciated.
 

A:critical system error

16 more replies
Answer Match 75.18%

Hi,

I often leave my computer on all the time. Last night, i ran some spyware checkers and found nothing... and went to bed, today i wake up and the monitor is black... great, now what happened. i hit the reset switch....boots up all the way past the user name entry and then bang....

blue screen telling me- Stop: c000021a {fatal system error} The windows logon process system terminated unexpectedly with a status of (0x00000000 0x00000000). The system has shut down.

Ok, thats really nice, anyone know what i can do to save my system? I can boot into safe mode just fine. Loaded up into windows the normal way, and worked but then about 5 mins later, crashed right to that blue screen again...
 

A:critical system error

Have a look at: http://support.microsoft.com/search...L&maxResults=25&Titles=false&numDays=&InCC=on and see if any of these apply to you.
 

7 more replies
Answer Match 75.18%

Hijack Log on Win 2000 laptop Help me, I am at a horrible crawl
Logfile of HijackThis v1.99.1
Scan saved at 2:12:23 PM, on 10/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\... Read more

A:Critical System Error

Hijack Log on Win 2000 laptop Help me, I am at a horrible crawl
Logfile of HijackThis v1.99.1
Scan saved at 2:12:23 PM, on 10/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\... Read more

2 more replies
Answer Match 75.18%

i was on my friend's comp when he keeps getting the critical system error. And when you click no the icon on the system tray it brings you up to a virusburst main website :T Maybe you guys can help him with the virus. Here is the HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 10:16:48 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\progra~1\valve\steam\steam.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cho\Desktop\hijackthis... Read more

A:Critical System Error

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

1 more replies
Answer Match 75.18%

please help tried everything i know!Logfile of HijackThis v1.99.1Scan saved at 6:51:21 PM, on 10/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeD:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeD:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Boingo\WENGINE\wmonitor.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeD:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXED:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exeC:\WIND... Read more

A:Critical System Error

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

3 more replies
Answer Match 75.18%

for some reason i have this pop up saying that i have a critical system error...can someone please help.. it would be greatly appreciated:this is my hijack this logLogfile of HijackThis v1.99.1Scan saved at 4:42:59 PM, on 11/09/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\iCodecPack\isamonitor.exeC:\Program Files\iCodecPack\pmsngr.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\iCodecPack\pmmon.exeC:\WINDOWS\System32\RunDll32.exeC:\Program Files\iCodecPack\isamini.exeC:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exeC:\Program Files\ThinkPad\ConnectUtilities\... Read more

A:Critical System Error

this is a newer log:please help!Logfile of HijackThis v1.99.1Scan saved at 11:24:36 PM, on 11/09/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\System32\QCONSVC.EXEC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\WINDOWS\System32\RunDll32.exeC:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXEC:\Program Files\ThinkPad\Utilities\TpKmapMn.exeC:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Support.com ... Read more

11 more replies
Answer Match 75.18%

Here's my Hijackthis log file, please help...Logfile of HijackThis v1.99.1Scan saved at 11:14:37 PM, on 9/8/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NP... Read more

A:Critical System Error

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download SmitfraudFix (by S!Ri) to your Desktop.Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.=======================Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close ewido anti-spyware. Do not run a scan yet!========================Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When... Read more

8 more replies
Answer Match 75.18%

Hi ! recently my computer have been alerting me about viruses on my computer and there is always this pop up ( not from websites, rather from my taskbar, next to my internet icon) that says

YOUR COMPUTER IS INFECTED !

Critical System Error !
System detected virus activitis. They may cause critical system failure. please use antimalware software to clean and protect your system from parastie programs.

i've tried using free scan and it was dected that i have over 900 spyware ?! this is totally barbaric ! I've download so many addware,spyware, spyware terminator and they never work ! please help me ! Thanks in advance !

A:Critical System Error !

Does your popup look like any of the examples here? If so and your running Win XP or 2000, try the following:You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download, install and update Ewido Anti-Spyware v4.0. DO NOT perform a scan yet..Print out the Ewido Install and Scan Instructions. Go here and follow the instructions for using SmitfraudFix. Read "How to create/extract a ZIP File in Win ME/XP/2003" or "How to create/extract a ZIP File in Win 9x/2000" if your not sure how to do this.After using the tool reboot again in "SAFE MODE" and Clean out your Temporary Internet files as follows:Quit Internet Explorer and quit any instances of Windows Explorer.Click Start, click Control Panel, and then double-click Internet Options.On the General tab, click "Delete Files" under Temporary Internet Files.In the Delete Files dialog box, tick the "Delete all offline content check box", and then click "OK".On the General tab, click "Delete Cookies" under Temporary Internet Files, and then click "OK".Click on the Programs tab then click the Reset Web Settings button. Click "Apply" then "OK".Click "OK".Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. C... Read more

3 more replies
Answer Match 75.18%

i keep gettin this aswell, and sumthing else cums up saying i have need antimalware software:
SmitFraudFix v2.83

Scan done at 19:09:44.65, 06/09/2006
Run from C:\Documents and Settings\Jayesh\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jayesh\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jayesh\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\PCODEC\ FOUND !
C:\Program Files\VirusBurst\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"F... Read more

A:Critical system error

7 more replies
Answer Match 75.18%

Hi, Ive got a Trojan horse Dropper.Generic_c.MMI in a system critical/white listed file according to AVG, and it can't to anything about it. Can I please get some help in removing it

I was also wondering whether it was advisable to use a USB flash drive to back up any data and whether its advisable to use sites with logins?

I hae also attatched the file

Thanks very much
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:08, on 15/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\mohammed\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Users\mohammed\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14... Read more

A:Have got Trojan horse Dropper.Generic_c.MMI in a system critical file, please help

16 more replies
Answer Match 75.18%

Hello, i am infected with a virus and it has taken control of my browser and computer. I have popups all over the place from virus remover 2008 and windows security center and antispyware pro xp. they have hijacked my browser and i cannot go anywhere without getting redirected.

Please help as my computer has become useless.

I have attatched the appropriate requested logs:

thanx

A:[SOLVED] critical system warning, virus remover 2008 infected

Hi and welcome to the TSF Security Forum

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When com... Read more

7 more replies
Answer Match 74.76%

Hi Bleepingcomputer. this is my first post.

So, my laptop was working perfectly fine on Sunday, until about 1:50 am when I was loading a webpage. A few minutes later, my anti-virus (AVG [yeah]) alerted me about two threats. I did not know what to do so I let AVG deal with them, and they subsequently were dealt with. After AVG deleted the risks, I tried to reload Mozilla Firefox 4.0 Beta, but a window pops up saying to open Firefox with another program. So I then knew that my .exe files were not working.

I later on search for questions relating to my issue and found a couple of them. One of the answers to the questions said to try and run System Restore. So I did just that in F8 before load up screen loaded. Everything was fine until I get a pop up saying

"An unspecified error occurred during System Restore. (080070002)"

So I later on tried System Restore in safe mode via F8 again. Safe mode loaded, but System Restore did not load at all. It had the same message as Firefox asking me if I want to open it with a program.

-That is my question for now. Thank you in advance.

Information:
Windows 7

A:No .exe files work after trojan virus; Error 0x80070002 during System Restore.

Hello.Go to File association fixes for Windows Vista It works for Win7.Click the exe boxInstructions:To fix the association for a particular file type, download the corresponding fix from the above links table (Use Right-click - Save as option in your browser to download the fixes). Unzip the fix and extract the .REG file to the Desktop. Right-click the REG file and choose Merge. Note that you need to be an administrator to apply these fixes. Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe Mode>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again.... Read more

13 more replies
Answer Match 74.34%

Hi,

I think I'm n the right section. Brand new Lenovo G570. Using Kaspersky Internet Security 2012 and I keep getting viruses. Restored to factory settings and I think the virus is still here. For Windows 7 update preference I chose to notify me before installing updates and let me choose which updates I want to install, computer keeps changing to update automatically @ 3am everyday. Desktop colors have change.

Each time I perform a full scan with Kaspersky and Malwarebytes, scan reports no viruses found. Internet explorer won't connect at all. I am using Safari as my default browser. The computer also randomly freezes.
Please help me.

Thanks.

A:System infected after removing trojan. System changes on its own.

A Clean Install may be the quickest & easiest way to go.

Clean Install Windows 7

5 more replies
Answer Match 74.34%

Hi all,
Good old PCODEC got me. I found the advice on other pages and folloed that (Safe mode, run smitRem.exe, Ewido etc) But to no avail. That damn message still pops up.

Here is my latest logs:
Logfile of HijackThis v1.99.1
Scan saved at 22:18:21, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mic... Read more

A:Still Can't clear Critical System Error!

12 more replies
Answer Match 74.34%

hi ...
for me the malware,viruses etc is a dreadful thing....
i have this stupid critical system error problem which pops up in a blue baloon and an alternating prohibited sign.. also there is a yellow triangle with an exclammation mark.
I really have no clue how to go about fixing this... and in my home page there is some 403 forbidden error displayed.... can bleeping computer user /administraotrs help me with this... i would be grateful.

chitwan

A:Critical system error problem

Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

1 more replies
Answer Match 74.34%

Please Help...I have an icon that showed up in my tool bar that keeps saying "Critical System Error". I am new to all this, so please have patience with me. I have run SmitFraudFix and this is what it says...I would appreciate the help.

SmitFraudFix v2.122

Scan done at 21:27:51.10, Wed 11/15/2006
Run from C:\Documents and Settings\Jason\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

???????????????????????? C:\
???????????????????????? C:\WINDOWS
???????????????????????? C:\WINDOWS\system
???????????????????????? C:\WINDOWS\Web
???????????????????????? C:\WINDOWS\system32

C:\WINDOWS\system32\jbtazy.dll FOUND !
C:\WINDOWS\system32\1024\ FOUND !

???????????????????????? C:\WINDOWS\system32\LogFiles
???????????????????????? C:\Documents and Settings\Jason
???????????????????????? C:\Documents and Settings\Jason\Application Data
???????????????????????? Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

???????????????????????? C:\DOCUME~1\JASON\FAVORI~1
???????????????????????? Desktop

C:\DOCUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUS... Read more

A:Please Help..critical System Error Icon

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. You are on the right track with Smitfraudfix, because it is definitely present. But we also need to see a hijackthis log in order to determine if there are other infections present also.Click here to download HJTsetup.exeSave HJTsetup.exe to your desktop.Doubleclick on the HJTsetup.exe icon on your desktop.By default it will install to C:\Program Files\Hijack This.Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.Put a check by Create a desktop icon then click Next again.Continue to follow the rest of the prompts from there.At the final dialogue box click Finish and it will launch Hijack This.Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

2 more replies
Answer Match 74.34%

logo on the right side of my toolbar. i have gone through all the steps on the link below and am still getting the problem.http://www.bleepingcomputer.com/forums/t/63896/how-to-remove-virusburst-removal-instructions/my C:\Program Files\RoguesScanFix\task.txt file is:Export SharedTaskScheduler key ------------------------------ REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon""{168cf174-6dab-461c-a761-a7adfa5a5719}"="campy"sharedtaskkey: 168cf174-6dab-461c-a761-a7adfa5a5719 ---------------------------------------------------REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{168cf174-6dab-461c-a761-a7adfa5a5719}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{168cf174-6dab-461c-a761-a7adfa5a5719}\InProcServer32]@="C:\\WINDOWS\\system32\\wuwbxp.dll""ThreadingModel"="Apartment"

A:Critical System Error Flashing

this is my hijack this log:Logfile of HijackThis v1.99.1Scan saved at 2:31:55 AM, on 9/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Eset\nod32krn.exeC:\Program Files\Eset\nod32kui.exeC:\PROGRA~1\PESTPA~1\PPControl.exeC:\PROGRA~1\PESTPA~1\PPMemCheck.exeC:\PROGRA~1\PESTPA~1\CookiePatrol.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\TrojanHunter 4.6\THGuard.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AOLMediaPlaybackControl.exeC:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AOLMediaPlaybackControl.exeC:\Documents and Settings\Tim\Desktop\Fix it programs\HijackThis.exeR0 - HK... Read more

7 more replies