Tech Problem Aggregator

System Integrity Scan Wizard, Security System Protection Control Panel

Q: System Integrity Scan Wizard, Security System Protection Control Panel

I've had the System Integrity Scan Wizard, PC-Antispyware, and Security System Protection Control Panel popups. They've been very stubborn but after reading some of the posts here and running Spybot, Adaware, SmitfraudFix, Panda Activescan, Housecall, Stinger Avert, Windows Defender, and SDFix, I am now getting only one popup, which shows up as a blank white rectangle in the center of the screen (and now I can't click "Close" to get it off the screen, since the "Close" option is missing). From the size & shape, I believe it's the Security System Protection Control Panel. Would you please review my HijackThis log? Also, in some of the posts I've noticed recommendations to update Java. Is that needed in my case? Thanks very much for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:55:55 PM, on 3/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exeC:\Program Files\Seagate\Sync\SeaSyncServices.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Creative\VoiceCenter\AndreaVC.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\DOCUME~1\Koehlers\LOCALS~1\Temp\clclean.0001C:\Program Files\Norton Ghost\Agent\GhostTray.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\AOL\1142728786\ee\AOLSoftware.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Visioneer OneTouch\OneTouchMon.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\sttray.exeC:\Program Files\Seagate\SystemTray\StxMenuMgr.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exeC:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Roxio\CinePlayer\DMXLauncher.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\system32\yzqrqzkp.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\FinePixViewer\QuickDCF2.exeC:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exeC:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeC:\Documents and Settings\Koehlers\Start Menu\Programs\Startup\printnow.exeC:\Program Files\Microsoft Office\Office10\msoffice.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dllO2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMonO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /trayO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142728786\ee\AOLSoftware.exeO4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exeO4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exeO4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exeO4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exeO4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exeO4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /RO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [thbesugp] C:\WINDOWS\system32\yzqrqzkp.exeO4 - Startup: printnow.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Event Reminder.lnk = ?O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exeO4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeO8 - Extra context menu item: &Search - ?p=ZNxmk762INUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (HKCU)O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144411931765O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel? Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exeO23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exeO23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exeO23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exeO23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exeO23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exeO23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exeO23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exeO23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exeO23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exeO23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exeO23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Koehlers\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 17869 bytes

A: System Integrity Scan Wizard, Security System Protection Control Panel

The blank popup appeared to be repopulated with information over time...apparently the spyware refreshed itself. I also learned from Task Manager that all of my popups were from the System Integrity Scan Wizard. After some more searching, I found the name (in my case, yzqrqzkp.exe) and told Norton Firewall to block it from accessing the internet. I used HijackThis to fix it and then deleted it and a namesake (YZQRQZKP.EXE-1253B76A.pf) from Windows\Prefetch (not sure that was necessary but deleted it anyway). My only concern is that from what I read, there should have been another copy in \Local Settings\Application Data, which I didn't find. I updated Java per instructions in another post, also turned System Restore off and on. I think the PC is now clean, but would you review my latest HijackThis log to be sure? Thanks very much.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:05:26 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exeC:\Program Files\Seagate\Sync\SeaSyncServices.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Creative\VoiceCenter\AndreaVC.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Norton Ghost\Agent\GhostTray.exeC:\DOCUME~1\Koehlers\LOCALS~1\Temp\clclean.0001C:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\Program Files\Common Files\AOL\1142728786\ee\AOLSoftware.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Visioneer OneTouch\OneTouchMon.exeC:\WINDOWS\sttray.exeC:\Program Files\Seagate\SystemTray\StxMenuMgr.exeC:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exeC:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Roxio\CinePlayer\DMXLauncher.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeC:\Documents and Settings\Koehlers\Start Menu\Programs\Startup\printnow.exeC:\Program Files\Microsoft Office\Office10\msoffice.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dllO2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMonO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /trayO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142728786\ee\AOLSoftware.exeO4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exeO4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exeO4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exeO4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exeO4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exeO4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /RO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - Startup: printnow.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Event Reminder.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeO8 - Extra context menu item: &Search - ?p=ZNxmk762INUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (file missing) (HKCU)O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144411931765O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel? Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exeO23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exeO23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exeO23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exeO23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exeO23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exeO23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exeO23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exeO23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exeO23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exeO23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exeO23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Koehlers\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 17480 bytes

14 more replies
Answer Match 150.9%

I've had the System Integrity Scan Wizard, PC-Antispyware, and Security System Protection Control Panel popups and my backround change to a blue colour. After reading some of the posts here and running Spybot Search and Destroy, Ad-Aware 2007, RegCure and Malwarebytes Anti-Malware it seems as if that problem was solved, but now everytime I put my pc on I get these messages:The first one says "rundll32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\qpfrsnow.dll is not a valid Windows image. Please check this against your installation diskette" and the second one says "RUNDLL -Error loading C:\WINDOWS\system32\qpfrsnow.dll%1 is not a valid Win32 application".The disk that I got when I bought my pc was Windows XP Home Edition SP1. I downloaded SP2 from the internet.I'm attaching all of the logs you need to assist me, because I don't know if and how badly my pc is still infected.I attached 4 log files: 1. DSS Main.txt 2. DSS Extra.txt 3. Kaspersky 4. DSS Main.txt - after the Kaspersky reportThank you for taking the time to look into my problem.DSS MAIN.TXTDeckard's System Scanner v20071014.68Run by Parratjie on 2008-04-17 09:29:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------... Read more

A:System Integrity Scan Wizard, Security System Protection Control Panel

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O4 - HKLM\..\Run: [e43075dd] rundll32.exe "C:\WINDOWS\system32\qpfrsnow.dll",b================Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:J2SE Runtime Environment 5.0 Update 11 Java? 6 Update 2 Java? 6 Update 3 Java? SE Runtime Environment 6 Update 1Reboot and post a new hijackthis log.

37 more replies
Answer Match 150.6%

My PC is infected with 3 malware popups named Security System Proctection Control Panel, System Integrity Scan Wizard and Security System Warning (the last one telling me I have Abebot). I have tried to get rid of them with Kaspersky Antit-Virus, Adaware, spyware sweeper, and SpybotSD, but they are still running. I didn't run the online scan by Kaspersky because I have the most recent version installed and running on my PC. When I ran a rootkit scan with KAV, it took just over four hours and reported my PC was clean. So for whatever reason Kaspersky is not picking up these three forms of malware. Following all other directions on your preliminary instruction list I used Deckard's System Scanner to make two Hijack This files. They are pasted in below. Please take a look and tell me what I should do to get rid of this malware. Thank you very much for this valuable service you are providing.-- Dark EagleDeckard's System Scanner v20071014.68Run by Perry H. Chesnut on 2008-04-18 23:11:18Computer is in Normal Mode.--------------------------------------------------------------------------------Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Perry H. Chesnut.exe) ------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:47:35 PM, on 4/18/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:F:\WINNT\System32\smss.exeF:\WIN... Read more

A:Security System Protection Control Panel & System Integrity Scan Wizard Popups

Hello Dark Eagle. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.See you soon,Billy3

2 more replies
Answer Match 103.2%

Hi All,I got the System Integrity Scan Wizard and Security System Warning popups the last few days. I've done the Safeboot and scan with Norton with no viruses so it's clearly the nuisance thing that many others have been plagued with.I run both the SmitfraudFix.exe and ComboFix.exe programs. Here are the resulting log files.Any ideas of how to remove these popups is welcome.Thanks,DannySmitfraudFix.exe----------------------SmitFraudFix v2.309Scan done at 13:55:45.03, Mon 03/31/2008Run from C:\temp\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in normal mode???????????????????????? ProcessC:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\crypserv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\Googl... Read more

A:System Integrity Scan Wizard And Security System Warning Malware Problems

Hello and welcome to the forumsMy name is Katana and I will be helping you to remove any infection(s) that you may have.Please observe these rules while we work:1. If you don't know, stop and ask! Don't keep going on.2. Please reply to this thread. Do not start a new topic.3. Please continue to respond until I give you the "All Clear" (Just because you can't see a problem doesn't mean it isn't there)If you can do those three things, everything should go smoothly :D I apologize for the delay in responding, but as you can probably see the forums are quite busyUnfortunately there are far more people needing help than there are helpers.If you still require help, please can you do the followingClick here to download HJTinstall.exeSave HJTinstall.exe to your desktop.Double click on the HJTinstall.exe icon on your desktop.By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.Click I acceptClick on the Do a system scan and save a log file button. It will scan and then ask you to save the log.Click Save to save the log file and then the log will open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.Installed ProgramsPlease could you give me a list of the programs that are in... Read more

1 more replies
Answer Match 88.2%

Hey been plagued by pop ups for days now, tried almost everything to get rid of them, seem to be 3 different pop ups saying I'm infected & should download their anti spyware programs, one is a yellow trangle with exclamation mark which appears in my taskbar at the bottom right, another looks like a Nod32 warning but it in' (I use nod32) another loos lk a windows XP warning,here is my hijack this log:Deckard's System Scanner v20071014.68Run by husk on 2008-04-09 20:51:33Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as husk.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:51:55, on 2008-04-09Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe... Read more

A:System Integrity Scan Wizard Help!

HIDownload Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.Then run & post a new hijackthis log ...steam

2 more replies
Answer Match 88.2%

I've been getting this system integrity scan wizard pop every once in a while and i've tried to remove it using Spybot S&D but it didnt do thing.HJT log file is attachedLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:10:58 PM, on 5/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\WINDOWS\System32\svchost.exeC:\Documents and Settings\All Users\Application Data\dslcdipk\tchcvihi.exeC:\WINDOWS\system32\igfxtray.exeC:\WIN... Read more

A:System Integrity Scan Wizard Pop Up Please Help

HiPlease run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When... Read more

2 more replies
Answer Match 88.2%

Hi Hope you can help meGot hit with a lot of spyware recently, adaware and spybot got most of them but I'm stuck with a System Integrity Scan Wizard pop up. It comes in 3 styles every 20mins or so. 2 are popup windows telling me to click here to update my antispyware (i can close these from task manager), the third form is a taskbar alert (yellow triangle style) which appears occasionally with a similar theme.MANY THANKS Deckard's System Scanner v20071014.68Run by paul on 2008-04-17 04:56:50Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --28: 2008-04-17 03:57:16 UTC - RP194 - Deckard's System Scanner Restore Point27: 2008-04-17 01:25:34 UTC - RP193 - Windows Defender Checkpoint26: 2008-04-17 01:12:38 UTC - RP192 - Made by Registry Mechanic 25: 2008-04-17 00:56:07 UTC - RP191 - Software Distribution Service 3.024: 2008-04-17 00:52:20 UTC - RP190 - Installed Windows Defender-- First Restore Point -- 1: 2008-01-22 09:44:04 UTC - RP167 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as paul.exe) ------------------------------------------------logfile has no content; running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of ... Read more

A:System Integrity Scan Wizard

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

10 more replies
Answer Match 88.2%

Hello,I have a persistent pop-up of System Integrity Scan Wizard. I also had ultimate cleaner pop up but I think I got rid of it. I believe they are connected. I have run multiple spyware removal programs and trend virus scan with no help. Any help you can provide would be much appreciated. Here is the logfile. Thanks-Logfile of HijackThis v1.99.1Scan saved at 8:05:57 AM, on 11/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\mjcjh.BHC-NA\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pharmatoday.us.bayer.cnb/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://business.dellnet.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion... Read more

A:System Integrity Scan Wizard Pop Up

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

7 more replies
Answer Match 88.2%

I followed instructions in forums for people that have had this same problem. System Integrity Scan Wizard-it still pops up when I open IE (thank God, I use Firefox primarily.)I know at this point I should be looking for a sequence of random letters and numbers-one of them running in your system32 folder, and the other running in your Application Data folder but I can't find something like that in my HJ this log.This is the logLogfile of HijackThis v1.99.1Scan saved at 8:33:23 AM, on 12/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates�... Read more

A:System Integrity Scan Wizard

I think it is fixed.

I believe this way the line causing the problems

O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe

I had HJ this delete it on reboot, and everything seems to be working fine.

2 more replies
Answer Match 88.2%

Hey, so im getting popups from system integrity scan wizard, and ive tried all sorts of different removers, and nothing finds it, panda, ad ware 2007, superantispyware, plus othersso i wanted to try manual deletion, but i dont know enough to know what the actual files are so here is my hijackthis logthese are what i thought the problem might be, but i dont want to risk itthnx if u help meO4 - HKCU\..\Run: [wrvvxmmn] C:\WINDOWS\system32\erinwjct.exeO4 - HKCU\..\Run: [ypoghmim] C:\WINDOWS\system32\hghcrwxw.exeLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:51:02 AM, on 3/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bra... Read more

A:System Integrity Scan Wizard

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

10 more replies
Answer Match 88.2%

This thing came along with the red screen with the skull and crossbones that was removed with smit fraud fix. These two things were left. It is a screen that pops up and says System Integrity Scan Wizard. There is also another screen that pops up saying there is a trojan virus...And then sometimes while i am working on the internet, my entire desktop disappears and goes blue, leaving only the window I was working in.Here is the hijack thing:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:37:41 PM, on 4/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\WINDOWS\Explorer.EXEc:\PROGRA~1\mcafee.com\agent\mcagent.exec:\PROGRA~1\mcafee\msc\mcuimgr.exeC:\Documents and Settings\Vicki\Desktop\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirect...c02&lc=0409R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon O... Read more

A:System Integrity Scan Wizard

HiDownload Deckard's System Scanner (formerly Comboscan) to your Desktop. 1. Close all applications and windows. 2. Double-click on comboscan.exe to run it, and follow the prompts. 3. When the scan is complete, a text file will open - ComboScan.txt 4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next reply. 5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt. 6. Please copy and paste the contents of Supplementary.txt to your post.Please remember to post both txt files ...Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.THEN ...Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepa... Read more

2 more replies
Answer Match 88.2%

The Pop up "system integrity scan wizard keeps popping up". I dont really know much about computers and I would really appreciate if you can help me. Another popup is there as well, which i guess will tell you guys too since Im here. Its red and says "Security System Warning.. Alert details: File: C:/Windows/wml.exe Threat:AbebotDeckard's System Scanner v20071014.68Run by Cole on 2008-04-30 21:32:04Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --12: 2008-05-01 00:44:38 UTC - RP314 - Windows Update11: 2008-04-28 17:12:50 UTC - RP313 - Scheduled Checkpoint10: 2008-04-28 00:48:47 UTC - RP312 - Scheduled Checkpoint9: 2008-04-25 22:38:48 UTC - RP311 - Scheduled Checkpoint8: 2008-04-24 19:36:45 UTC - RP310 - Windows Update-- First Restore Point -- 1: 2008-04-10 07:00:43 UTC - RP303 - Windows UpdateBacked up registry hives.Performed disk cleanup.Total Physical Memory: 895 MiB (1024 MiB recommended).-- HijackThis (run as Cole.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:41:06 PM, on 4/30/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\hp\support\hpsysdrv.exeC:\Windows�... Read more

A:Keep Getting System Integrity Scan Wizard Pop Up

Hi Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-O4 - HKCU\..\Run: [hykzakjc] C:\ProgramData\hykzakjc\sbwfujgf.exeO4 - HKCU\..\Run: [MYOmq5kORU] C:\ProgramData\ahqxefmh\avcjmbmp.exeO4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Cole\AppData\Local\Temp\ssqOEUlj.dll,#1O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Cole\AppData\Local\Temp\ljJYSijK.dll,cO4 - HKCU\..\Run: [eaac03bc] rundll32.exe "C:\Users\Cole\AppData\Local\Temp\xicxllsu.dll",bReboot ... then find & delete :-C:\ProgramData\hykzakjc ... folderC:\ProgramData\ahqxefmh ... folderC:\Users\All Users\ahqxefmh ... folderC:\Users\All Users\hykzakjc ... folderThen please run these scans ...Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the fo... Read more

8 more replies
Answer Match 88.2%

Can anyone assist in identifying what changes I need to make to remedy this issue?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:30 PM, on 4/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\ProgramData\gcymwqha\cjglulqh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h... Read more

A:System Integrity Scan Wizard

Hi Welcome to TSG!!
Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy the entire report and paste it in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
 

1 more replies
Answer Match 88.2%

I keep getting pop ups for System Integrity Scan Wizard and Your Computer May Be Infected. I have used PC Pitstops Exterminator, but can't get rid them still. Any help would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:56:04 PM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\dlcqcoms.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\Documents and Settings... Read more

A:System Integrity Scan Wizard Pop Up

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Thank you for your patience.

1 more replies
Answer Match 88.2%

Hi,
My system OS is Windows Vista, and recently i encountered this spyware "System Integrity Scan Wizard"

I followed the steps to remove it....as explained, in few forums on the net.

And after checking the Hijackthis log, i cudnt recognize the files to delete or to fix the problem.

hoping for help....here are the log files.
_______________________________________
Panda Activescan Log

;****************************************************** ******************************************************* ******************************************************* ***************
ANALYSIS: 2008-02-06 01:27:46
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 0
;****************************************************** ******************************************************* ******************************************************* ***************
PROTECTIONS
Description Version Active Updated
;====================================================== ======================================================= ======================================================= ===============
Kaspersky Anti-Virus 7.0.1.321 Yes Yes
;====================================================== ======================================================= ======================================================= ===============
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;====================================================== ======================================================= ==================... Read more

A:System Integrity Scan Wizard

After long hours of scanning and getting log files....
i cudnt figure out.

but now its solved..
i did a System Restore to a previous point- before the spyware attack.

Now my compter is working fine!!!

thank you anyways.
 

1 more replies
Answer Match 88.2%

A friends computer was infected with lots of spyware. I have run smitfraud as well as combofix. Most of the spyware seems to be gone now except for this window that keeps popping up that says "System Integrity Scan Wizard".Can anyone help me remove this? Any help would be greatly appreciated.Here is the Hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:27:31 AM, on 3/25/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\All Users\Application Data\azulwtyp\odozulwj.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\System32\ezSP_Px.exeC:\program files\support.com\client\bin\tgcmd.exeC:\WINDOW... Read more

A:System Integrity Scan Wizard

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

6 more replies
Answer Match 88.2%

I need to remove an annoying pop-up called System Integrity Scan Wizard. Please help. I posted my HijackThis list.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:42:09 PM, on 3/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\QuickTime\bak\qttask.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Microsoft ActiveSync&#... Read more

A:System Integrity Scan Wizard

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

7 more replies
Answer Match 88.2%

Hi there,
I am getting a pop up window titled "System Integrity Scan Wizard" along with other random popups for PC Cleaner and PC-Antispyware. I have scanned with a whole variety of adware tools but still have the problem. I have attached HijackThis logs below, really hope you can help, thanks,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:40, on 23/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG... Read more

A:System Integrity Scan Wizard

Looks like I may have found the offending entries. I "Fixed" the following lines:

O4 - HKCU\..\Run: [zlennwrc] C:\ProgramData\zlennwrc\hcvmnghk.exe
O4 - HKCU\..\Run: [AP3O6XuXoI] C:\ProgramData\darcrwlm\zwpmxsdm.exe
O4 - HKCU\..\Run: [ifxrjfpm] C:\ProgramData\ifxrjfpm\cvezsnix.exe

I have isolated some suspect files in my user profile directory and no popups for the last hour and half so hoping I have fixed it.

Will repost if problem reoccurs.
 

1 more replies
Answer Match 88.2%

Hi:
I'm getting a "system integrity scan wizard" popup pretty consistently along with an exclamation mark in my task bar that says "click here to fix problem..." I have run ewido malware searches, spybot, and ad-aware. Here is my hijack this log. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:21 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\pkjmrwvy\nefgpmfq.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program... Read more

More replies
Answer Match 88.2%

Hi,
I need help removing this and other similar spyware/malware pop ups, such as System Security Warning and PC-Antispyware. As far as i can tell, my problem is essentially the same as this guy's: http://forums.techguy.org/malware-r...0384-solved-system-integrity-scan-wizard.html
I've tried everything I can think of in terms of spyware removal programs etc, but am basically clueless about how to properly deal with this problem. I've also downloaded HiJack This. Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 16:31:39, on 8/09/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\ProgramData\qkpnvill\wpcfilir.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\helppane.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\i... Read more

More replies
Answer Match 88.2%

Been working on this one for a couple days. Originally came up with worm.win32.netbooster and was able to successfully remove infected files. However now that that has been taken care of I'm getting a "System Integrity Scan Wizard." Hopefully you guys can help! Here's my HJT log.Deckard's System Scanner v20071014.68Run by rg5098 on 2008-04-15 14:23:57Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-04-15 18:24:07 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 504 MiB (512 MiB recommended).-- HijackThis (run as rg5098.exe) ----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:27:07 PM, on 4/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\... Read more

A:Cant Seem To Get Rid Of "system Integrity Scan Wizard"

HIYou have a LOT of malware ...Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so pl... Read more

2 more replies
Answer Match 88.2%

trying to get rid of this popuplet me know what a I'm missingLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57, on 2008-03-28Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaseya\Agent\AgentMon.exeC:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exeC:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exeC:\WINDOWS\TEMP\RJDCB5.EXEC:\temp\KRlyCLis.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\All Users\Application Data\jaxobudy\turstelq.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Scansoft\PaperPort\pptd40nt.exeC:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exeC:\Program Files\Trend Micro\C... Read more

A:System Integrity Scan Wizard

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2 more replies
Answer Match 88.2%

This seems to have associations with a yellow hazard button in the system tray as well... re. Ultimate Cleaner.Cleaned up what I could, please help. Cheers,GwenLogfile of HijackThis v1.99.1Scan saved at 12:36:38 AM, on 1/31/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINNT\system32\nvsvc32.exeC:\WINNT\system32\HPZipm12.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\PROGRA~1\PESTPA~1\PPControl.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exec:\program files\mcafee.com\agent\mcagent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\PROGRA~1\PESTPA~1�... Read more

A:System Integrity Scan Wizard - Pop Up

Hello,* Download Killbox.Click killbox.exe.Select the option "Delete on reboot".Click the button: All Files (!important!)Now it should flash green.Now copy the next bold part:C:\WINNT\system32\cnwduril.exeC:\WINNT\system32\atjkurd.dllOpen 'file' in the killboxmenu on top and choose Paste from clipboardThen press the button that looks like a red circle with a white X in it.Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YESIf you don't get that message, reboot manually.Your computer should reboot now.Don't worry about the errors you'll receive after reboot.Then,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O4 - HKLM\..\Run: [cnwduril.exe] C:\WINNT\system32\cnwduril.exeO4 - HKLM\..\Run: [atjkurd.dll] "C:\WINNT\system32\rundll32.exe" C:\WINNT\system32\atjkurd.dll,iwvppseI see you most probably created next startups yourself to let your Firefox and Internet Explorer startup with Windows. This is not a good idea, especially when you are infected, because that keeps the infection alive.That's why I also recommend you check next entries:O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exeO4... Read more

10 more replies
Answer Match 88.2%

My problem is with System Integrity Scan WizardI've been through the procedures outlined in the intro page for submitting a HijackThis log for analysis but, while I am now able to post the log, I thought you might also be interested in my experiences while working through those procedures to get this far.Run cleanmgr. No problemsAd-Aware Scan, Spybot scan: No problemsRun Housecall: Gave up after 30 minutes waiting, on 2 occasions, for the program to "update malware" (Found exactly the same problem on another computer-might it be an ISP problem, or another virus somewhere?)Run Panda Activescan: Reported 20 tracking cookies and their location/filenames, but I could not find any such files, nor the sub-directoryin which they were supposedly located.Run "Stinger": Nothing reportedupdate Windows: OKWindows Firewall: activeSystem in brief: Win XP SP2, IE7, Avast A/V, Ad-Aware, Spybot.Here is the HijackThis log and I would greatly appreciate your advice. The pop-ups are driving me nuts :-Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:16:52, on 31/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WI... Read more

A:System Integrity Scan Wizard

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Thank you for your patience.

13 more replies
Answer Match 88.2%

I've ran Spybot and Ad-Aware and these programs are not solving the problem. I keep on getting this pop-up "System Integrity Scan Wizard". It wants me to go into a setup which I do not do. For some reason it keeps on getting worse. I've read others posts but I do not understand HIJACKTHIS. Below I have posted what the log says for my computer. Will someone help me out with this please, this is driving me insane?

Logfile of HijackThis v1.99.1
Scan saved at 11:21:57 PM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program... Read more

A:System Integrity Scan Wizard

I saw another thread posted and noticed someone recommended to use SmitFraudFix for a similar problem. I ran the program and here is what I got.

SmitFraudFix v2.113

Scan done at 1:30:51.25, Thu 10/26/2006
Run from C:\Documents and Settings\Ethaesean\Desktop\Smrt\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ethaesean
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ethaesean\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

\.protected FOUND !
\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=&qu... Read more

1 more replies
Answer Match 88.2%

Hello I am sick and tried of this pop u....Please help me here is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:38:13 PM, on 4/14/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\crypserv.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXEC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Commo... Read more

A:System Integrity Scan Wizard

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

2 more replies
Answer Match 87.3%

Recently I picked up a "Privacy Danger" infection which I thought I solved by following directions here. However it seems like sometihng else is still there - a popup called 'system integrity scan wizard' which tries to show me crappy software. I'm running win 2k, and here is HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:55, on 5/28/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\pgrodmfm\vovczezo.exe
C:\WINNT\system32\wltray.exe
C:\WINNT\system32\vcdqbela.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.ex... Read more

A:Solved: 'system integrity scan wizard'

9 more replies
Answer Match 87.3%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:51:32 PM, on 3/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScr... Read more

A:System Integrity Scan Wizard Keeps Popping Up

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

2 more replies
Answer Match 87.3%

My machine was infected a few days ago with several trojan horses and Malware. I've removed about 80% of it using Nortaon Antivirus. I can't get rid of the remaining 20% which is constant advertisements for spyware removal programs popping up and attaches itself to every browser session that I launch. The machine is very slow and I'm frustrated. My machine is almost unuseable. Belowis my HijackThis log. Can you help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:46 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared... Read more

A:Solved: System Integrity Scan Wizard

16 more replies
Answer Match 87.3%

For 5 hours I have been trying to get rid of the System Integrity Scan Wizard. I have norton and I scanned my computer with it and no luck I also tried the smitrem application and thought that worked for a while but when I restarted my computer it came back! I attached my hijackthis file. I'm sorry I don't speak english all that well. Thank you for your time!

A:System Integrity Scan Wizard Popup

I deleted all the temporary internet files after I posted this and then I turned off my computer hoping by some miracle that it wouldn't occur again.
GUESS WHAT?
it hasn't happened!
thanks you all for your time!
I hope it stays okay

4 more replies
Answer Match 87.3%

Hey guys, I've become infected with the "System integrity scan wizard" malware today. Yay....I tried several anti virus and spyware programs, I even went and checked the other threads to try and solve my problem, but they didn't seem to apply! i noticed my SISW process is linked to snivgbmj.exe (according to the task manager), and obviously I can't remove that. Any help would be great!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:54:42 AM, on 5/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Documents and Settings\All Users.WINDOWS\Application Data\argrgtsj\efslkpkz.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\sys... Read more

A:System Integrity Scan Wizard Strikes Again....

HiPlease run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When... Read more

2 more replies
Answer Match 87.3%

HiEvery 30mins or so I am greeted by a window that is asking me to run a System Integrity Scan Wizard - it tells me that my computer may have critical errors in the windows registry and file system. I am guessing that this is malware/spyware. I also get a window popping up with a red border and title bar calling itself a Security System Warning - it tells me to visit PC-antispyware site so I can remove the 'abebot' virus it has allegedly detected.There is also a yellow warning triangle next to the clock on my taskbar, when i hover the cursor over it the comment 'click here to fix problem...' appears.I have ran Adaware, CCleaner, Spybot, Smitfraud fix, Mcafee Stinger and my Norton hasn't picked it up either.Any help will be most welcome!Hijack log this below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:59:13, on 01/04/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\... Read more

A:System Integrity Scan Wizard Removal

Hi bluenose_1,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of the SmitfraudFix report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm ***********************Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you ... Read more

10 more replies
Answer Match 87.3%

Popups appear stating the computer is infected with a virus or has critical errors in the Windows registry and file system. I've been unable to find the source of the problem, but apparently others have had a similar problem. I used Ad-Aware, AVG antivirus, XoftspySE and found and deleted a couple of trojans. The computer now runs faster but the virus warnings keep popping up.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:01:32 AM, on 3/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exec:\Program Files\Microsoft LifeCam\MSCa... Read more

A:System Integrity Scan Wizard Popup

Hi Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKCU\..\Run: [grrgvsjt] C:\WINDOWS\system32\wlmvqzkx.exeReboot then find & delete :-C:\WINDOWS\system32\wlmvqzkx.exe ... fileThen I suggest you ...Please make sure you have read this :-http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Then come back here & post the requested updated logs...I have subscribed to this thread so I will know if you reply, & I will then endeavour to reply to you within 24 hours ...cheerssteam

2 more replies
Answer Match 87.3%

System Integrity Scan Wizard pops up at regular intervals. Also, a yellow triangle with a black exclamation point inside appears in my system tray. It links to anti-spywareremoval.biz.Have tried Spybot and Ad-Aware SE (also Norman AV) without luck.Any help is appreciated.Deckard's System Scanner v20071014.68Run by Thomasv on 2008-04-17 14:45:02Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --43: 2008-04-17 12:45:12 UTC - RP43 - Deckard's System Scanner Restore Point42: 2008-04-17 09:40:00 UTC - RP42 - Kontrollpunkt for system41: 2008-04-16 09:02:08 UTC - RP41 - Installed Windows Media Player Firefox Plugin40: 2008-04-16 08:01:54 UTC - RP40 - Installed Microsoft Office Professional Edition 200339: 2008-04-15 09:04:35 UTC - RP39 - Kontrollpunkt for system-- First Restore Point -- 1: 2008-04-11 08:17:04 UTC - RP1 - Kontrollpunkt for systemBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Thomasv.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:46:23, on 17.04.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\... Read more

A:Can't Remove System Integrity Scan Wizard

Hi, Wellcome to Bleeping Computer Forums!You might want to save this page on your favorites, so you can find it again when you return.Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.

9 more replies
Answer Match 87.3%

hi,... have the "system integrity scan wizard" virus or trojan or whatever it is and trying to solve the problem for a whole day.

i hope you can help me... before i have to setup my entire laptop new....
here is the hijackthislog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:40, on 25.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\defarkzy\nungfmrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\images\DAEMON Tools\daemon.exe
C:\Windows\System32\qxstkjmr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 -... Read more

More replies
Answer Match 87.3%

Please help if you can. HijackThis Log below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:05:45 PM, on 03/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dantz\Retrospect\retrorun.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Citrix\GoToMyPC\g2pre.exeC:\WINDOWS\system32\CAPM1RSK.EXEC:\Program Files\Citrix\GoToMyPC\g2tray.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre... Read more

A:Need Help With "system Integrity Scan Wizard" Removal

Hello LINDA1938, Sorry for the delay. We have many, many logs backed up. Download CCleaner and install it. (default location is best). Do not run it yet! Beginner?s Guide to CCleaner*******************************************I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any promptsYou can reenable TeaTimer once your system is clean.We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender.After all of the fixes are complete it is very important that you enable Real-time Protection again.Select the following with HijackThis. With all windows (including this one!) closed (close browser/explorer windows), please select "fix checked" O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O4 - HKCU\..\Run: [afrkpqvj] C:\WINDOWS\system32\mvsfkjyh.exeO4 - HKCU\..\Run: [ogpokuje] C:\WINDOWS\... Read more

2 more replies
Answer Match 87.3%

Hi,

My computer has gone nuts. I've read a few threads but don't really know how to fix my computer, please help. I'm running vista. When I booted up this morning had a bunch of programs on my desktop, one of which was called "blackbird". I've also got pop-ups about "system integrity scan wizard" along with a number of popups. Plus my windows is not working well (that is my desktop is blank and the toolbar at the bottom of the screen is gone. I managed to download and run the HJT program - this is the first time i use it, the log is below

Thanks Nancy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:39 PM, on 06/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program F... Read more

More replies
Answer Match 87.3%

Hi, I'm hoping to find some assistance of ridding my PC of this malware which tells me I have spyware/adware and opens pop-ups to register for anti-virus software etc.

I've read other threads on this topic and removal but I can't even run and save a HijackThis logfile because i get a program error:
"HijackThis.exe has generated errors and will be closed by Windows. You will need to restar the program.
An error log is being created"

Any and all assistance is greatly appreciated.
Thanks
Phil
 

A:System Integrity Scan Wizard problems

8 more replies
Answer Match 87.3%

Hi to all, I seem to have picked up a trojan whilst downloading free spyware.
I cannot locate the files and the pop ups are becoming a real pain, I have read similar posts and have perfomed a HijackThis scan after KillBox has been installed, the log file is as below.
I would jump the gun and simply copy the instructions about deleting these hidden files on previous posts, but fearing making a hash of it and deleting 'needed' files, I thought I'd run it past you guys first!
If you could be of assistance, you would make my ...and then some!

Not sure how you know which files would be 'unwanted' and therefore warrant deleting. Can you share your knowledge on how to spot this and enlighten an interested newbie?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:46:28, on 25/03/2008
Platform: Windows Vista SP1, v.668 (WinNT 6.00.1905)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\ProgramData\ibcpkzsf\yvefazmh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterH... Read more

More replies
Answer Match 87.3%

hi,... have the "system integrity scan wizard" virus or trojan or whatever it is and trying to solve the problem for a whole day.i hope you can help me... before i have to setup my entire laptop new....here is the hijackthislog:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:51:40, on 25.03.2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\ProgramData\defarkzy\nungfmrk.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\Windows\system32\taskeng.exeC:\Program Files\Compal\Wireless Select Switch\WLSS.exeC:\Program Files\Compal\Wow Video&Audio\WVAMain.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Windows\System32\rundll32.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\images\DAEMON Tools\daemon.ex... Read more

A:System Integrity Scan Wizard ....... I Dont Get It Done....

Hi mappel,I'm sorry we couldn't help you sooner but as you can see the forums are extremely busy and our helpers are volunteers. I'm subscribed to this topic now and will help you with any malware issues you may have.Since it has been a while since you posted last and changes may have been made to your system please run HijackThis and post a new log in your next reply.

2 more replies
Answer Match 87.3%

Been trying to remove this for days, please help. Here is my hijack log file:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:28:38 PM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Dimdim\StreamingServer\dssWrapper.exeC:\Program Files\OpenOffice.org 2.3\program\python-core-2.3.4\lib\site-packages\win32\PythonService.exeC:\Program Files\Dimdim\StreamingServer\dssServer.exeC:\Program Files\Dimdim\MeetingServer\Conference Server\Tomcat 5.5\bin\wrapper.exeC:\WINDOWS\SYSTEM32\GEARSEC.EXEC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files ... Read more

A:Help! Remove System Integrity Scan Wizard

Hi Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-O4 - HKCU\..\Run: [cbindmlr] C:\WINDOWS\system32\nmbijazo.exeO4 - HKLM\..\Policies\Explorer\Run: [5IuNZE0DA6] C:\Documents and Settings\All Users\Application Data\jclwruzu\dmxarwly.exeO4 - HKCU\..\Policies\Explorer\Run: [{2577548B-03E5-1033-0621-050503030001}] "C:\Program Files\Common Files\{2577548B-03E5-1033-0621-050503030001}\Update.exe" mc-110-12-0000137Reboot then find & delete :-C:\WINDOWS\system32\nmbijazo.exe ... fileC:\Documents and Settings\All Users\Application Data\jclwruzu ... folderC:\Program Files\Common Files\{2577548B-03E5-1033-0621-050503030001} ... folderThen I suggest you ...Please make sure you have read this :-http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Then come back here & post the requested updated logs...I have subscribed to this thread so I will know if you reply, & I will then endeavour to reply to you within 24 hours ...cheerssteam

2 more replies
Answer Match 87.3%

I seem to be getting this pop-up along with two or three others running along the same line. I've done a ton of searches to try and rid myself of these files and it seems like a complicated process but, here goes nothing. I am basically in the dark about this stuff so please bare with me. I've downloaded a zillion spyware programs but nothing seems to get rid of it, even AOL's security center. I've seen other posts on these types of pop-ups and members have been posting their Hijackthis logs. So I downloaded that program, put it in a folder and ran a scan. Here's my log. Hope it helps.

---------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:24:26 PM, on 10/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMA... Read more

A:Solved: System Integrity Scan Wizard

9 more replies
Answer Match 87.3%

Can someone help me remove this pop up please.
Logfile of HijackThis v1.99.1
Scan saved at 9:51:42 PM, on 4/20/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\lmvmxuru\fqzupeli.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\pdotqmii\toncngfw.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVIL... Read more

A:Solved: System Integrity Scan Wizard?

14 more replies
Answer Match 87%

Hi I have had the Security System Protection Control Panel popup where it prompts me to go download an anti-spyware program come up a few times. Also my computer starts running at 100% randomly and I get random popups. Here is my HijackThis log. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:05:25 PM, on 4/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\Documents and Settings\All Users\Application Data\uhenotij\urubulmh.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system... Read more

A:Infected With Security System Protection Control Panel, Among Other Things

this is kaspersky
KASPERSKY ONLINE SCANNER REPORT
Monday, April 28, 2008 8:05:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 729653
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\WEICHE~1\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 12558
Number of viruses found 12
Number of infected objects 15
Number of suspicious objects 0
Duration of the scan process 00:14:23

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{cde98ea8-b2f8-45e1-8fb5-ef3f345d6f40}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\npqtsrak.exe Infected: Trojan.Win32.Vapsup.eet skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\AWTTUUSP.DLL.del Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb... Read more

19 more replies
Answer Match 86.1%

Well I am trying to fix my dads computer he had his desktop wallpaper taken over by some "Anti Spyware" I fixed that with SmitFraud...But there are still pop ups for another one..."System Integrity Scan Wizard wanting me to scan my Windows registry saying that it has critical errors.It is not a major problem not just yet though....So if anyone has anytime to look over it I would greatly appreciate it. I could start doing somethings but I just want to make sure before i play with it..with someone how really knows more than I.ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:49:40 PM, on 3/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\vidylslc.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh... Read more

A:"system Integrity Scan Wizard" Popups---hijack This Log

Hello and welcome to BleepingComputer. 1) I noticed you posted your log here aswell. Please let them know you are being helped elsewhere.--2) Please rerun a scan with HijackThis and check the following objects for removal:O4 - HKLM\..\Run: [lwkmyeim] C:\WINDOWS\system32\lwkmyeim.exeO4 - HKLM\..\Run: [kqgkeccx] C:\WINDOWS\system32\kqgkeccx.exeO4 - HKLM\..\Policies\Explorer\Run: [OAQvA4FLDx] C:\WINDOWS\vidylslc.exeNow close ALL other open windows and hit FIX CHECKED. Exit HijackThis. Reboot.----3) Please copy the following text in the quotebox below to a blank notepad file. Make sure the filetype is set to "All Files" and save it as remove.bat on your [email protected] offattrib -r -h C:\WINDOWS\system32\lwkmyeim.exeattrib -r -h C:\WINDOWS\system32\kqgkeccx.exeattrib -r -h C:\WINDOWS\vidylslc.exedel /a /f /q C:\WINDOWS\system32\lwkmyeim.exedel /a /f /q C:\WINDOWS\system32\kqgkeccx.exedel /a /f /q C:\WINDOWS\vidylslc.exesc stop "Symantec Core LC"sc delete "Symantec Core LC"RD /s /q "C:\Program Files\Common Files\Symantec Shared"del remove.batexitNow double-click on the remove.bat on your desktop -- a window will popup and close, this is normal. ----4) Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest versio... Read more

2 more replies
Answer Match 86.1%

Facing a problem with a couple of nasty pop-ups :-1. System Integrity Scan Wizard pop-up2. Invisible Campaign pop-upI have the Spybot, AVG Anti-Virus, AVG Anti-Spyware solutions installed on my machine, and have run full scans using these applications. However, the problem with the pop-ups persist.I believe this is some kind of a trojan. Much appreciate any assistance in enabling me to get rid of this !!The HJT Log file is attached.Logfile of HijackThis v1.99.1Scan saved at 8:43:39 PM, on 10/21/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\TOSHIBA\E-KEY\CeEKey.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\TOSHIBA\TouchPad\TPTray.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\WINDOWS\system32\ZoomingHook.exeC: ... Read more

A:System Integrity Scan Wizard & Invisible Campaign Pop-ups

Hello 18thcamel, Please close the thread you opened here: http://www.lavasoftsupport.com/index.php?showtopic=4234No sense in wasting Hijackthis Helpers at Lavasoftsupport with this. Download CCleaner and install it. (default location is best). Do not run it yet! CCleaner Tutorial*******************************************How to Reboot into Safe Mode tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/ Please boot into Safe Mode and select the following with HijackThis. With all windows (including this one!) closed (close browser/explorer windows), please select "fix.? O2 - BHO: (no name) - {1F3E3626-F5DF-DF5D-8635-042D9551CB54} - C:\WINDOWS\system32\epooxgi.dllO4 - HKLM\..\Run: [qupikqb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\qupikqb.dll,zlviacg*******************************************Go to My Computer and double-click C. Go to the Tools menu and select 'Folder Options'. On the 'View' tab select 'show hidden files and folders', deselect (uncheck) 'hide protected operating system files (recommended)', and deselect (uncheck) "Hide extensions for known file types.'Don't use the windows start\search featureUsing Windows Explorer, find and delete each o... Read more

6 more replies
Answer Match 86.1%

Hello Tech Support Guys,

I keep getting popups from no program I have on my computer warning me that i have spyware and directing me to a site where i should buy software to remove it.
There are two pop-ups the first is titles 'system integrity scan wizard'
the second is titled 'security system' and says 'Possible spyware infection detected TrojanDownloader.XS to remove detected threat please click here'

Spyware doctor and Ad-aware wont remove the malware. Please help!

Here is my Hi-jack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:00 AM, on 29/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Program Files\Common Files\Symante... Read more

A:Solved: system integrity scan wizard popups

Hi, Welcome to TSG!!
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [gecjpzwe] C:\ProgramData\gecjpzwe\fszgvehc.exe
O4 - HKCU\..\Run: [4RQo0zRwZe] C:\ProgramData\jojsdyjy\hmxyhwne.exe

Close all applications and browser windows before you click "fix checked".

Please download the OTMoveIt2 by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
[b]C:\ProgramData\gecjpzwe
C:\ProgramData\jojsdyjy[/b]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkma... Read more

3 more replies
Answer Match 86.1%

I have been having problems with my computer that involve frequent pop-ups for the "System Integrity Scan Wizard" as well as a screen that pops up saying I have an infection with a worm, the specific name of which i forget. A security systems window will open displaying a warning aobut spyware involving "C:\Windows\wml.exe" file with an "Abebot" problem. Also, periodically when I have an internet explorer window open that I am working in, the window will become deselected of its own accord without me clicking on it or anything else.I have tried spybot search and destroy, registry repair, and webroot's spysweeper, but am still having the problems. Spysweeper located virtumonde and has apparently deleted it along with several cookies.Any help that could be provided through the forum would be greatly appreciated.Deckard's System Scanner v20071014.68Run by Jaime on 2008-04-13 21:39:08Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --92: 2008-04-14 01:39:17 UTC - RP1099 - Deckard's System Scanner Restore Point91: 2008-04-13 18:40:06 UTC - RP1098 - System Checkpoint90: 2008-04-10 02:36:52 UTC - RP1097 - Software Distribution Service 3.089: 2008-04-09 23:38:54 UTC - RP1096 - Removed Get High Speed Internet!88: 20... Read more

A:Problems With System Integrity Scan Wizard, Virtumonde, And Possible Others

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 6 Update 4 and save it to your desktop.Scroll down to where it says "JJava Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications".Click the "Download" button to the right.Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.Click on the link to download Windows Offline Installation and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

16 more replies
Answer Match 86.1%

Help please. This is my first time on this site. I keep getting pop-ups that say system integrity scan wizard or other security system warnings, and I am also frequently redirected from web pages that I am attempting to access. Spybot and Avast! have not helped. Here is my HijackThis log, thanks for your help:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:04:03 AM, on 4/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrob... Read more

A:System Integrity Scan Wizard And Web Page Redirects

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

2 more replies
Answer Match 86.1%

I was trying to download a trial version of a game and next thing I know, I keep getting a pop-up that my pc is infected AND my desktop has been replaced with a message and an awful blue screen. Also, the icons tray has the yellow alert that keeps popping up as "System Integrity Scan Wizard".
Screenshot

I am try to get rid of whatever files I have in the Recycle Bin and I've scanned with my Spybot but the problem still exists after 3 restarts.

I've read through this thread and downloaded HJT as stated.
I truly hope to get this problem solved asap because I have a test the day after tomorrow (Wednesday) that would require me to use my laptop.

Thanks in advance!

-------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:02 PM, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\jidezizw\rslwraxm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe... Read more

A:System Integrity Scan Wizard / antispyware-reviews.biz

I have already solved my problem. Thanks anyway Mod, pls close thread.
 

1 more replies
Answer Match 85.2%

Hey

I am running XP with a AMD turion 64 processor and Norman suite installed (but no help there after a deep scan) on a Amilo laptop . The bold one er the ones, I suspect.

here is my log:
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelp... Read more

A:Solved: System Integrity Scan Wizard infected. Hijachthis log

I fixed it myself. The culpert was
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) and
O4 - HKLM\..\Run: [yjkuxbrn] C:\WINDOWS\system32\yjkuxbrn.exe

The message has disappeared
 

1 more replies
Answer Match 85.2%

Hello I just recently found myself bombarded by various popups and I believe I have the source as a rogues email attachment. The main problem I notice is that when I launch IE 7 the System Integrity Scan Wizard usually pops up and I decline by clicking Cancel. I have ran spysweeper, Spybot S&D and AdAware SE all in safe mode to try and eliminate the problem, but no luck I have also tried the Vundo removal tool and it did removed found infected files but did not cure my current problem. I am also having trouble with a Trojan found by BitDefender 8..The file is listed as C:\Windows\System32\IFWPRJE.dll (Infected Trojan.Obfus.Gen) Bitdefender was unable to move it into Quarantine. I will post my Hijack log in hopes someone can please analyze it and let me know if any corrections or modifications need to be made I appreciate such help very much...and if someone can also elaborate on the Trojan problem it would also be greatly appreciated! Thanks,ShaunLogfile of HijackThis v1.99.1Scan saved at 10:23:56 AM, on 13/02/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS&#... Read more

A:Ie 7 System Integrity Scan Wizard Popup And Trojan Problem

Welcome to Bleepingcomputer Chnauz091382 Please make sure all hidden files are showing: * Click 'Start'. * Open 'My Computer'. * Select the 'Tools' menu and click 'Folder Options'. * Select the 'View' tab. * Under the 'Hidden files and folders' heading select 'Show hidden files and folders'. * Uncheck the 'Hide file extensions for known types' option. * Uncheck the 'Hide protected operating system files (recommended)' option. * Click Yes to confirm. * Click OK.****************************Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.****************************Please download/install AVG Anti-Spyware 7.5.Please follow these instructions carefully.Launch/start up AVG Anti-Spyware.On the main page click the 'Update' tab,and then 'Start Update'.Once the updates have been installed,do the following:Select t... Read more

12 more replies
Answer Match 85.2%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:30:20 AM, on 31/03/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\ProgramData\qvmtwjwb\olmxkvkf.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\ESET\Eset Smart Security\egui.exeC:\Windows\System32\rundll32.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Windows\ehome\ehtray.exeC:\Program Files\DVD Region+CSS Free\DVDRegionFree.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Windows\System32\mfmxkjej.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exeC:\Program Files\MicroStar\WLANUtility\WlanUtility.exeC:\Program Files\GetRight\GetRight.exeC:\Windows\system32\taskeng.exeC:\Windows\System32\rundll32.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\MicroStar\WLANUtility\WLAN_Service.exeC:\Windows\System32\mfmxkjej.exeC:\Program Files\Internet Explo... Read more

A:Random Popups Incl System Integrity Scan Wizard

Hi Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-O4 - HKCU\..\Run: [duscyogi] C:\Windows\system32\mfmxkjej.exeO4 - HKCU\..\Run: [rmvdmfeh] C:\ProgramData\rmvdmfeh\lknqnghc.exeO4 - HKCU\..\Run: [fupystzh] C:\ProgramData\fupystzh\opkfqzmp.exeO4 - HKLM\..\Policies\Explorer\Run: [MjjY63ZrkY] C:\ProgramData\qvmtwjwb\olmxkvkf.exeO23 - Service: Window Domain Services (windowndns) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exeReboot then find & delete :-C:\WINDOWS\system32\mfmxkjej.exe ... fileC:\ProgramData\rmvdmfeh\lknqnghc.exe ... fileC:\ProgramData\fupystzh\opkfqzmp.exe ... fileC:\Program Files\Internet Explorer\svchost.exe ... fileTHEN ...1. Download SDFix and save it to your Desktop.http://downloads.andymanchesta.com/RemovalTools/SDFix.exe2. Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)3. Reboot into Safe Mode`:-4. Once in safemode - 5. Open the extracted SDFix folder and double click RunThis.bat to start the script.Type Y to begin the cleanup process.It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.Press any Key and it will restart the PC.When the PC restarts the Fixtool will run again and complete the removal pr... Read more

2 more replies
Answer Match 85.2%

I have the same virus another member had recently. I ran Hijackthis and this is my log. Any help would be greatly appreciated! Thank You

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:45 PM, on 5/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\ico.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CTxfispi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files... Read more

A:Infection: TrojanDownloader.XS, PC-Antispyware, System Integrity Scan Wizard

7 more replies
Answer Match 85.2%

I had the same symptoms as posted in this thread, so I followed the steps to clean it. Malware bytes Anti-malware worked really well, the issue has been cleared. I've opened a new thread to say Thanks! because the new security forum rules prevented me from posting a reply.
Great site!
 

More replies
Answer Match 84.3%

My computer is infect this virus or spyware. I have tried several spycleaners from spydoctor, Spyware detective and Spyzooka. Norton's could not even clean it or quaritine it. can someone please give me some advice or help? Thank you
 

More replies
Answer Match 84.3%

1st of all I would like to say thanks in advance for you help.

My computer got infected after I clicked on a pop up message asking me to install some codec in order to view a video. Now from time to time, like every 15-30 minutes or so, I'll have a pop-up screen or a notification at the system tray.
So far I've been seeing 4 different symptoms. I'm still getting them even after I've cleaned my sysem with at least 5 to 6 antispyware/antivirus software including spybot, ad-aware, mcafee, panda, super-antispyware, etc. The symptoms are as below:

1. Pop-up messeage (in blue frame) as below
Security System Protection Control Panel
Possible spyware infection detected. You need to update PC-Antispyware protection to remove detected spyware from your computer. Click here for details....
THREAT NAMEL TrojanDownloader.XS
To remove detected threat please click here

2. Pop-up messeage (in red frame) as below
File:
C:\WINDOWS\wml.exe
Threat
Abebot
Possible Spyware infection has been detected on your computer by "Security System"
To remove detected threat you need to update your PC-Antispyware protection.
Click here to visit PC-Antispyware web site
Update PC-Antispyware protection and remove detected threats.

3. Pop-up messeage (in blue frame) as below
System Integrity Scan Wizard
Warning: Your computer may have critical errors in Windows registry and file system!
The registry and file system errors lead to computer freezes, system crashes and slowdowns, ... Read more

A:Solved: Infection: TrojanDownloader.XS, PC-Antispyware, System Integrity Scan Wizard

9 more replies
Answer Match 84%

I'm pulling out my hair please help. Here's my HJT logfile.

Logfile of HijackThis v1.99.1
Scan saved at 7:16:48 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
f:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\sobrado.AOA1\My Documents\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Soft... Read more

A:Malicious Software Removal Wizard, Spyware Removal Wizard, System Integrity Scan Wiz

Please do not start more than one thread for the same problem.

Closing duplicate.

Please continue here:

http://forums.techguy.org/security/488003-hjt-logfile.html
 

1 more replies
Answer Match 83.4%

Trying to clean up someone's Vista laptop (no sp1). It has Mcafee installed and I ran several spyware removal tools, but it still seems to be infected. Looks like it may have several infections - possibly the pc anti-spyware scam, abebot popup, and system integrity scan wizard popups. Logs below. Any advice on how to fix ? Thanks.Deckard's System Scanner v20071014.68Run by Diane on 2008-04-17 12:45:04Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --10: 2008-04-17 14:30:24 UTC - RP148 - Installed Ad-Aware 20079: 2008-04-17 14:00:47 UTC - RP147 - Windows Update8: 2008-04-12 13:15:41 UTC - RP146 - Scheduled Checkpoint7: 2008-04-11 21:20:24 UTC - RP145 - Windows Update6: 2008-04-11 17:02:56 UTC - RP144 - Windows Update-- First Restore Point -- 1: 2008-03-25 17:16:05 UTC - RP139 - Scheduled CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 77% (more than 75%).Total Physical Memory: 894 MiB (1024 MiB recommended).-- HijackThis (run as Diane.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:53:52 PM, on 4/17/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics&... Read more

A:Anti-spyware Scam, Abebot Popup, System Integrity Scan Wizard

Hi andymc

If you still need help, please post a fresh dss main.txt

1 more replies
Answer Match 82.2%

I've run SuperAntiSpyware, Ad-Aware, SpyBot and Norton which removed some trojan files and registry items but I'm still getting pop-ups ("Security System Warning" and "System Integrity Scan Wizard"). Below is my HiJackThis log. Thanks in advance!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:21 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WIND... Read more

A:"Sys Integrity Scan Wizard" & "Security System Warning" Pop-ups

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

1 more replies
Answer Match 80.1%

I've tried to open System Protection in System in the Control Panel but it will not work. It gives an error of 0x81000203. I've rebooted and attempted but get the same thing each time.

A:System Protection not working in System Control Panel

Follow instructions on this page error code 0x81000203__ - Microsoft Community

Scroll to the 2nd answer by Meghmala

6 more replies
Answer Match 108.78%

I'd just like to say that this site is great - really seems like a great bunch that help out each other.

Anyways ... I keep getting a system integrity wizard spyware popup thing, except the pop up window isnt always the same (seems to vary). I too have read the advice u gave to others but i dont see any files that look like what u described in the hijackthis log (i.e. two O4 entries vs. O2 & O4 entry). I've also run like 5 different virus and spyware programs, and all of them pick something up the first time they run them, but none of them seem to have gotten rid of this pop-up. I have tried everything (AdWare, SpyBot, Spyware Doctor, ComboFix) .. no success ... I still continue to get the exact same pop-ups as Lightning1985 (several unwanted pop-ups through internet explorer about how my computer is infected with a back door Trojan. The pop-ups also lead me to a site that tries to download their software. I have the blinking yellow triangle with an exclamation point in the bottom right hand side of the screen that warms me that I have been infected).

I've read other "fixes" that have been posted about using SmitfraudFix, but I understand that this doesn't work for Vista. I am completely lost at this point, as I cannot get these pop-ups to stop.

Can you please look at my HiJack report and tell me if something stands out and what I can do about this. Is there an easy answer to this problem? I don't understand why this stupid pop-up is... Read more

More replies
Answer Match 107.1%

Since I have a clean installation of Windows 7, it no longer shows me my Acer specs in Control Panel\System and Security\System, can I get it back some how? Something to do with my drivers not being signed? Or something?

A:Control Panel\System and Security\System BIOS Version\Model?

A clean install wipes out any manufacturer installed software that contains your computer information. (The same thing happened when I did a clean install on my Sony Vaio.) Unless you still have a hidden recovery partition on the hard drive (or recovery disks) that can return your Acer to original factory specs, I'm not aware of anything that can get that data to show up on the System dialog box. However, there are free 3rd party utilities like Speccy that can provide all the Acer data and then some, like real time monitoring of temperatures, hardware serial numbers, etc.

Speccy - System Information - Free Download

9 more replies
Answer Match 104.58%

Alright, here's the symptoms as I remember them.
*System Security Scan Wizard popup
*Security System Protection Control Panel popup
*System Security Warning (red window with the eye) popup
*Antispywareexpert popup
*Safely Remove Hardware icon is always on the toolbar
*when using Media Player, random odd commercials (constipation seems to be a popular one) will play through my computer along with any music or video that's playing
*the Window™ I'm using will constantly "unselect" itself while my hard drive momentarily activates (making typing this a pain in the a#%)
*computer running SLOW (Facebook in particular takes around 5 mins. to load although everything else isn't even close to being that slow)

Well that's all of them I can think of right now. And here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:53 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ar... Read more

A:system security scan wizard & more

11 more replies
Answer Match 103.32%

I have read your instructions to other users on how to deal with this problem and have downloaded SDfix, However! when I boot my computer in "safe mode" the SDfix short cut is gone from my desk top, I've searched my programmes, but cannot find it, It only seems to be there when I boot up in normal mode, is it safe to run the scan other than in safe mode with my Avast Ant ivirus disabled? My system is windows xp.
 

More replies
Answer Match 99.12%

I think I got this virus, here is my hijackthis log:
*****************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:52 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\wbmnsrqf\mxshohot.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ovmlglgr.exe
C:\Program Files\Quick View Plus\Program\QVP32.EXE
C:\WINDOWS\system32\ovmlglgr.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,De... Read more

More replies
Answer Match 99.12%

HI,

I'm getting this stupid error when trying to view: Control Panel\System and Security\System

"The page failed to load"

Don't know if you need it but I added a HJT log...

Thanks!
 

A:"The page failed to load" Control Panel\System and Security\System

16 more replies
Answer Match 95.34%

control panel > system and security > power options, {change when computer sleeps option is missing}. I have tried to dig into the related tutorials and forums for this problem. This is a desktop PC. Win 7 Pro 64 bit. 8 gb memory and a Seagate barracuda 2TB Hdd. The problem is The radio button to [choose when the computer sleeps] is missing that normally resides just below The radio button titled {choose when to turn off the display} I would really like to get this restored. Please see the attached file for a visual reference. win 7 pro 64 bit was just installed 2 days ago on a new Hard drive. Your help is needed .

A:control panel>system and security>power options, change when computer

What about if you click "change plan settings" next to the high performance plan?
Also what about in the "Change advanced power settings"

3 more replies
Answer Match 94.5%

I think I'm Infected and dont' know how to remove it. I have installed and ran Spybot twice.
Once while the system was running and once during start up, but i'm still infected. Please help me if you can. Thanks. Here is my Hijack log file....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:56 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users\Application Data\nivyvefc\lsxslmds.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program... Read more

More replies
Answer Match 94.5%

Here is my HIjack this log...... - Help!!!!!!Logfile of HijackThis v1.99.1Scan saved at 12:55:13 PM, on 11/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\cox\applications\app\CurtainsSysSvcNt.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Cox\Applications\app\Prism.exeC:\WINDOWS\Explorer.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\... Read more

A:System Integrity Scan - Bug

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

10 more replies
Answer Match 94.5%

Hi, for the past few days or so I get a window pop up asking me to run a System Integrity Scan Wizard. I also get another window a few minutes later with a red border and title bar, Security System Warning - it tells me to visit PC-antispyware site.There is also a yellow warning triangle next to the clock on my task bar, stating that my computer has spyware or a virus.Below i have posted the DSS reports.Thanks in advance for the help.Deckard's System Scanner v20071014.68Run by Denise on 2008-04-19 14:54:40Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 1 Restore Point(s) --1: 2008-04-17 01:05:32 UTC - RP108 - Last known good configurationBacked up registry hives.Performed disk cleanup.Total Physical Memory: 958 MiB (1024 MiB recommended).-- HijackThis (run as Denise.exe) ----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:56:03 PM, on 4/19/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\ProgramData\arknabsf\ahybwfmt.exeC:\Program Files\BigFix\bigfix.exeC:\Program Files\McAfee\MSK\mskagent.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows ... Read more

A:System Integrity Scan Pop Ups

Hello Denise87,Welcome to Bleeping Computer I see you've already run SmitfraudFix.....do still have the report? I'd really like to see it if you do, please. This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

16 more replies
Answer Match 94.5%

Here is my logLogfile of HijackThis v1.99.1Scan saved at 12:55:13 PM, on 11/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\cox\applications\app\CurtainsSysSvcNt.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Cox\Applications\app\Prism.exeC:\WINDOWS\Explorer.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Messenger\msmsgs.exeC:\Pr... Read more

A:System Integrity Scan - Bug

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

3 more replies
Answer Match 94.08%

Hello! After over a year virus free I now have a great big one and I need a little help getting rid of it please...

When I start my computer my wallpaper was hijacked with a screen which says "Warning: Spyware threat has been detected by your PC" with another couple of lines and a blue screen. I have also been having a problem opening programs (they just don't open) and when I CTRL+ALT+DEL it says "task manager has been disabled by your administrator" - I am the administrator. In fact, I am the only user on this computer. I have also been getting stupid anti-virus-like popups for example the "scan integrity scan wizard" and "system security warning". Thank god I have a laptop to help me...

Below I included the hijack log from after my PCCillian virus scan. If you would like the one from before my scan I have that as well.

Logfile of HijackThis v1.99.1
Scan saved at 10:38:43 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\rubojyjg\nkzwxelq.exe
C:\Program ... Read more

A:Scan integrity scan wizard and other popup virus'

16 more replies
Answer Match 93.24%

Hello,I am new at this so please bear with me. After clicking on a bad link I am now getting pop ups for things like System Integrity Scan Wizard. Cookingluck, and other sorts of popups prompting me to dowload their software. My current protection software is doing nothing. Help!!!----------------Sorry,Here is the Hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 19:16, on 2008-03-29Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:Program FilesWindows DefenderMsMpEng.exeC:WINDOWSSystem32svchost.exeC:Program FilesCommon FilesSymantec SharedccSetMgr.exeC:Program FilesCommon FilesSymantec SharedccEvtMgr.exeC:WINDOWSSystem32WLTRYSVC.EXEC:WINDOWSSystem32bcmwltry.exeC:Program FilesLavasoftAd-Aware 2007aawservice.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesBroadcomASFIPMonAsfIpMon.exeC:PROGRA~1GrisoftAVG7avgamsvr.exeC:PROGRA~1GrisoftAVG7avgupsvc.exeC:PROGRA~1GrisoftAVG7avgemc.exeC:Program FilesSymantec AntiVirusDefWatch.exeC:Program FilesFirebirdFirebird_1_5binfbguard.exeC:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exeC:Program FilesDellQuickSetNICCONFIGSVC.exeC:WINDOWSsystem32StacSV.exeC:Program FilesSymantec AntiVirusRtvscan.exeC:WINDOWSsystem32dllhost.exeC:Program FilesFirebirdFirebird_1_5binfbserver.exeC:WINDOWSsystem32d... Read more

A:Help! System Integrity Scan Wizars And Other Pop Ups

I now have a yellow triangle in my taskbar and am getting security pop ups to download software. The most recent one stated that I had a trojandownloader and abebot was the cause???Here is my hijack fileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:04, on 2008-03-30Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exeC:\Progra... Read more

3 more replies
Answer Match 93.24%

Hi,
I have been getting these pop ups on my computer, one called the System Integrity Scan Wizard and another telling me I have some virus on my computer. I also have been getting a system tray icon that keeps warning me that I have malicious spyware on my computer. I have looked at other posts regarding this matter and at what they were recommended to do. However, I ran the HijackThis scan and cannot find the exact same files to delete. I already checked my registry and found some files that other users were recommended to delete and I deleted those but still no change. Below is a copy of my log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:49 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\... Read more

More replies
Answer Match 93.24%

Please assist,I have a PC which keeps coming up with a system integrity scan. Attached please find the Hijack log.Thanksst2996929Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:51:21, on 05/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\PDF Complete\pdfsvc.exeC:\WINDO... Read more

A:System Integrity Scan Popup

HiPlease run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When... Read more

2 more replies
Answer Match 87.78%

Hey everyone, I'm having problems with a System Security Center control panel that ended up on my computer. Ive run CCleaner, AdAware, Spybot, norton antivirus and windows defender and all show no problems. Any help would be appreciated, here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:53:11 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symant... Read more

A:Can not remove "System Security Center" Control Panel

Hi coupon,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, let?s do this first.

Go to the Start menu, and click on Control Panel. Choose Add/Remove Programs and remove any of the following that are listed:

NetMeter


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\psc_mon.exe
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\HooNetMeter.exe


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please go to: VirusTotalAt the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to next file:

C:\WINDOWS\system32\psc_mon.exe

Click "Open".
Then click the "Send" button at the top of the VirusTotal page.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply together with a new HijackThis log.


NEXT:

Using Windows Explorer, please navigate to and delete the following FILES (if they exist):

C:\WINDOWS\system32\psc_mon.exe



Using Windows Explorer, please navigate to and delete the fol... Read more

10 more replies
Answer Match 87.78%

Hi I've got that annoying pop up warning that comes up every so often and I can't get rid of it even though i've run a full anti-virus scan, ad-aware scan and ccleaner. It also blocks my task manager. I've run HiJackThis and here's the log. Any help would be much appreciated!! Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:30:33 AM, on 2/04/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exeC:\Program Fil... Read more

A:Integrity Security Wizard

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

8 more replies
Answer Match 84.84%

hey guys i hope someone can help as all other sites have left me lost!!
I had a lot a spyware and virus' which iv managed to shift but this one doesnt want to budge!! the main pop up i keep getting is system intrgrity scan wizard which is every half hour there are others also including a yellow warning triangle in the system tray telling me my pc is at risk... of courses it all fake 'window' stuff!! Also keep gettin 'invisable' pop ups... seems something is coming, IE switches but nothin is there... and finally my cookie settings keep resetting to allow all when it should be on medium/high!!

OK so i d/l hijackthis as it seems everyone uses it and now im stuck lol heres my log file
I really hope someone can help!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:16, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\qrmnireb\alqhcrst.e... Read more

More replies
Answer Match 80.64%

I have a Dell Windows XP Home laptop that is experiencing problems. Control Panel does not appear to exist, I cannot access display properties it tells me that due to restrictions on my computer it is not allowed and to contact my system administrator. My logon is the only one setup on this computer and has full administrative priveledges. I have run several spyware utilities on the computer to try to remove whatever is effecting it, but I have had no luck so I come to you with much hope. I have run Norton Internet Security, SpyBot - Search & Destroy 1.5.1.15, AVG AntiSpyware 7.5.0.50, Ad Aware 2007, Spyware Guard, CCleaner, Smitfraud Fix, and Hijackthis so here is the hijackthis log file. Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:27 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUScheduler... Read more

A:No Control Panel, System Restricted

It has been three days and still no reply, I am disapointed. I noticed that the next thread he had posted the log files from Dekards System Scanner (dss) as well so I thought I would post that as well maybe it will help you. Please look into this for me and get bak to me. I really need to get this problem resolved and I've already been chasing it for close to a week and I don't want to reformat if I don't have to. Thank you in advance for your reply.

Deckard's System Scanner v20070826.66
Run by Farnsworth on 2007-11-12 07:47:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Farnsworth.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:27 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
... Read more

13 more replies
Answer Match 80.64%

All of a sudden, I can't access the SYSTEM window under control panel or from anywhere else, and anything within system I cannot access either, when I click on SYSTEM in control panel, nothing happens. Everything else in control panel works as it should. For example, if I click on "Change name of computer" directly from control panel, it also doesn't work, because it would open the SYSTEM window which does not want to open.

This is weird indeed, please help if you can, I really don't want to reformat yet, I got everything working as I want. I tried system restore, accessed that through RUN command (rstrui) but when I try to go to one a week ago, it says I have errors on C and won't go, even tho there are definitely no errors (checked with many programs, including chkdsk /f and sector check at bootup).

A:can't access SYSTEM in control panel

Have you tried this?
SFC /SCANNOW Command - System File Checker

9 more replies
Answer Match 80.64%

This is what the init. file looks like in my Windows XP

[[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

After Home Edition, I changed the text to read /fastdetect

I want to put it back to what was there before,
but I can't remember what.
Please help..
 

A:System settings in Control Panel

Anything wrong with the way the PC runs??

That is the same as my BOOT.INI file.
 

2 more replies
Answer Match 80.64%

Hey guys I have been trying to get this virus or whatever off my computer.

For some reason I can't access System in the control panel or right click on My Computer and goto properties. I'm using NOD32 Virus Protection and the virus definitions are all up to date and I did a scan and it did find viruses, but it deleted them all successfully. I then rebooted my system. I also ran Spybot Search and Destroy and Ad-Aware and deleted some spyware. I also ran CCLeaner. I am out of ideas...does anyone have any ideas? Thanks.
 

A:Cannot access System in the Control Panel?

u can try to:

a. Disable System Restore first and then restart the scanning process. Any virus found, u can remove them from your machine. Reboot and go to online website like Trend Micro Housecall and rescan again. Once confirm no more viruses, enable System Restore and check if the icon is now available.

b. If the above does not help, I am afraid u may need to reformat your machine

Hope the above helps.
 

2 more replies
Answer Match 80.64%

Like some other posts I see here, I'm getting error messages saying to contact the system administrator and I can't access my Control Panel. Windows XP Home edition. HP Media Center 3 years old. Please help.
 

A:Loss of System Adm and Control Panel

16 more replies
Answer Match 80.64%

When I click Start Button, Control Panel, System I get
An exception occurred while trying to run "C:\WINDOWS\system32\shell32.dll,Control_RunDLL"C:\WINDOWS\system32\sysdm.cpl",System"

I have ran adaware SE, and Hijach this.
Here is my log file

Logfile of HijackThis v1.99.1
Scan saved at 11:00:46 PM, on 5/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Downloads\AD Aware SE\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cyberscrub.com/esellerate/cavinfo.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe ... Read more

A:Can't display System From Control Panel

Welcome to TSF.

Your log here is clean. This seems to be more of a Windows issue, so I will move it there instead.

Have you taken a look at this thread? Scroll down a little until you see instructions on what to do. Try those suggestions out.

1 more replies
Answer Match 80.64%

does anyone know how to open the system control panel on a Toshiba M640. I need to change the settings
 

A:Toshibe system control panel

Are you referring to the Windows Control Panel or something else? What setting do you need to change? What version of Windows is on the laptop?
 

1 more replies
Answer Match 79.8%

Acquired a virus whereby my wall paper turned white, lost the C: drive in "My Computer," lost the Control Panel, lost desktop shortcuts, lost Microsoft Word (the entire application,) and can't select any of the highlighted restore points in System Restore. Ran McAffee and AVG. McAfee did not find a virus. AVG found the virus but couldn't remove it. I deleted the infected files, but the problem persists. Any ideas??

Thanks in advance for any help you can provide.
 

A:No C: drive or control panel/can't system restore

Oh yeah...I'm running Windows XP Professional, SP3
 

1 more replies
Answer Match 79.8%

It appears to be working after running the combofix. YEAH!
 

More replies
Answer Match 79.8%

I have been dealing with this problem for sometime now. My control panel will not open up whatsoever, i have tried to use win+r and various shortcuts and not one will open, the drop down folder on the start menu causes a system hang where i need to restart or close explorer process, everything else will work but the start menu stays open and i cannot interact at all with it. Clicking on icons through windows explorer causes the either the same result or just does nothing, clicking through from personalization on desktop into the power settings will sometimes work but i have had no access to system properties, add remove, networking, etc. in some time. And as time has progressed so has the inability to access different things, it started with just the shortcuts for control panel on the top of my windows and then progressed on to system, than add/remove, followed by the control panel.
 
http://speccy.piriform.com/results/uPbEZpMDiSyR7WhpLZbnoTk
 
sfc /scannow outputs 
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\Windows\system32>sfc /scannow
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
Verification 100% complete.
 
Windows Resource Protection did not find any integrity violations.
 
C:\Windows\system32>
 
Also clicking on the bubble for windows updates causing a hang/crash and nothing will come... Read more

A:Control Panel and system tools will not open

Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 
Louis

7 more replies
Answer Match 79.8%

Hi here are some of my issues:

My control panel is gone
My PC reboots by itself
I keep getting Runtime error 5A003CD1 while running the windows system update. Windows could not install all the updates.

DSS log

Deckard's System Scanner v20071014.68
Run by Czenobia on 2008-05-17 11:16:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2008-05-17 09:20:10 UTC - RP1137 - Deckard's System Scanner Restore Point
19: 2008-05-17 09:14:17 UTC - RP1136 - Windows XP KB917422 is ge?nstalleerd.
18: 2008-05-17 09:10:37 UTC - RP1135 - Deckard's System Scanner Restore Point
17: 2008-05-17 09:08:11 UTC - RP1134 - Windows XP KB918899 is ge?nstalleerd.
16: 2008-05-17 09:07:14 UTC - RP1133 - Windows XP KB920683 is ge?nstalleerd.


-- First Restore Point --
1: 2008-02-06 21:39:00 UTC - RP1118 - Controlepunt van systeem


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 89% (more than 75%).


-- HijackThis (run as Czenobia.exe) --------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-17 11:22:05
Platfo... Read more

A:Control panel is gone + Automatic system reboot

Bumping (Past 72 hours).

19 more replies
Answer Match 79.8%

Hi,

I have xp home sp3 and I have ran into a problem where my system will not let me restore. When I click on an available restore point it does its thing and then on reboot I get a message stating that it could not be restored to this point plz select a different time. However no matter what point you select you get the same message.

Also in my control panel add/remove software I have 3 programs adobe premiere pro cs3, adobe flash cs3 and adobe after effects cs3. the premiere and after effects show on my control panel but with no file size after the init they stopped installing i ended up installing earlier versions of these but can not delete the cs3 version from my control panel. the adobe flash was installed and working then i got message that it stopped and to uninstall and reinstall to fix it. however when it went to uninstall it it just sits there same as the other cs3's and will not uninstall. I have previously uninstall and re installed it. but my system isnt letting me now.

Any help would be greatly appreciated.
 

A:system restore and control panel issues

For System Restore:

System Restore Troubleshooter
Read these two articles from Microsoft:

Solution #1​
Solution #2​

How to start System Restore by using the Command prompt:​
To start System Restore using the Command prompt, follow these steps: ​

Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
Use the arrow keys to select the Safe mode with a Command prompt option.
If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER.
Log on as an administrator or with an account that has administrator credentials.
At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
Follow the instructions that appear on the screen to restore your computer to a functional state.
Norton can also prevent System Restore from working properly:

Read this.​
If still no luck, try the following article.​
If still no joy, try reinstalling System Restore.​

You should now have just about every possible solution out there. Please be sure to try everything in the articles before concluding that nothing works.

To uninstall difficult of corrupted programs, try the free Revo Uninstaller.​

 

1 more replies