Tech Problem Aggregator

Annoying Safety Alert - Sends Me To Spycrush.com (spyware Scanner)

Q: Annoying Safety Alert - Sends Me To Spycrush.com (spyware Scanner)

A: Annoying Safety Alert - Sends Me To Spycrush.com (spyware Scanner)

2 more replies

well as described in my title, at start up on my XP SP2 the ultimatefixer2007 and spyware detection alert (taskbar red circle with exclamation mark in it) will always come up. well here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:30, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\CTHELPER.EXE

A:Spyware Detection Alert + UltimateFixer2007. VERY ANNOYING!

Hello and welcome to TSF.

From Geekstogo
From Zebulon

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Please allow it.

========================================

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. ... Read more

1 more replies

A:Spyware Alert! on toolbar and annoying popups! HELP!!!

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

1 more replies

Hello.

I recently kept getting a very annoying popup saying i need to download Spycrush Antispyware. I'm sure you know the problem i describe. Anyway i followed the instructions that were posted in an earlier thread, and this is what i got. I'm using Windows XP Media Centre Edition.

I ran SuperAntiSpyware as suggested, and this is what i got:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/25/2007 at 02:07 PM

Application Version : 3.8.1002

Core Rules Database Version : 3260
Trace Rules Database Version: 1271

Scan type : Quick Scan
Total Scan Time : 00:24:08

Memory items scanned : 898
Memory threats detected : 0
Registry items scanned : 1038
Registry threats detected : 9
File items scanned : 24388
File threats detected : 34

Trojan.Smitfraud Variant-Gen
HKCR\CLSID\{33B8D257-07F6-4C06-8605-94BC21728635}
HKCR\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32
C:\WINDOWS\SYSTEM32\XEDASN.DLL

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video ActiveX Access\imsmain.exe ]

Malware.SpyLocked

A:Annoying Spycrush and a Trojan Horse!

6 more replies

Good Day To All

I need your kind assistance and expert advice. My PC has been bogged down with a spyware, Spycrush Spyware. Every time I boot up my PC there is a icon located on the extreme right of my taskbar that pops up a balloon directing me to the Spycrush Spyware URL.

I downloaded the WinPFind3 program and ran a scan. Attached herein are the scan results.

I do not know what to paste in the Fix It box of the WinPFind3 program.

Sincerely
Yogen

A:Spycrush Spyware

9 more replies

My daughter has been infected by spycrush. I have read the other posts, but I don't think we should attempt to get rid of it without help. It was annoying her with popups to "click here to rid your computer of spyware" but it isn't really doing anything right now. I'd also like to check for other spyware and adware that may be there.

A:Need to remove spycrush spyware

16 more replies

Earlier today when AVG ran it's scan it detected knlwrap.exe as an Trojan horse Dropper.Agent.JOC and it healed it.
I did a search and it is a key logger. It was in my C:\Program Files\Common Files\InstallShield\engine\6\Intel 32 folder - I checked and now it isn't there.
During my search I came across a CNET forum where a lot of people got this same result.

About an hour later there was a pop-up warning alert from AVG (long after the scan had finished) saying that it detected something else but I wasn't right at the computer and by the time I got there the pop-up was gone.

If I didn't get to choose the action, will AVG remove the detected item? Or do I need to tell it to do something?

Just in case I updated my AVG and it's running now to see if it detects that or anything else.

A:When AVG sends a pop-up warning alert

10 more replies

It said it removed viruses "partially". So what am I to do now if I can't get all the infections removed?

A:MS Safety Scanner

Hello and welcome -
You leave very little detail on the type(s) of infection found by Microsoft Safety Scanner
Please list the name(s) of the program(s) that M/soft Scanner finds, but has problems removing.

More so, you leave no detail on your Operating System and your currently Installed Security programs.

NOW -
Please run this small program so we can see what security you have installed, and if your computer is safe.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please Copy and Paste the contents of that document.Note:: If any security program requests permission to access the Internet, allow it to do

1 more replies

Help.....I have a program that has attached itself to myu computer that is spyware and is called "SPYCRUSH". I have tried to delete the program but it keeps coming back. I use Windows XP Pro and have Hijack This, SmitFraud and Superantispyware Pro for programs. To date using them has not rmoved this program. Can you hellp me please.

Attached below is the HiJack This Log as well as the SuperSpyWare Pro log. Thanks !!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:19:23 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe

A:Solved: HELP ..Spycrush spyware...HiJack This Log Attached

12 more replies

I'm a long time ICQ user, I'm used to Enter(Return) doing it's correct job of making a new line in a piece of text.
Like it does in this text box I'm using to type this post!
Look at it go!
Woo!

Anyway, jokes aside, is there any way to stop it from sending the message everytime I press Enter. Forgetting the various pros/cons of each system, I'm fluent with Alt+S to send and used to it. Just wondered if this was editable in MSN anyhow? I can't find an option for it.

If you're wondering it's just that some real life mates are now using MSN, wheras my online people mostly use ICQ, hence why I'm now using both. Oh and I'm not installing Trillian, I've had bad issues with it before plus the owner of this computer doesn't want it installed .

Tunga

A:MSN - Enter Sends Message Is Annoying

6 more replies

A:Microsoft Safety Scanner

Microsoft Safety Scanner should not take too long to complete scanning for malware infection you should ask for malware infection checkup assistant at Am I infected? What do I do? forum.

0 more replies

Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner
MSN's scanner does not get alot of publicity. Interested to know of others' experience, pro or con. Probably the same as Windows Defender ?

(I had used it once/twice before. Had trouble installing an update and this was one of the recommended corrective actions, which led me to this question)

A:Microsoft Safety Scanner

Hello Torre,

It's not the same as Windows Defender. The Microsoft Safety Scanner is a free portable downloadable standalone EXE security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

4 more replies

Quote:
Microsoft Safety Scanner

Do you think your PC has a virus?
The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.

Is there a difference in scanning heuristics and virus definitions between MSFT Safety Scanner and Windows Defender?

A:Has Anyone Used MSFT Safety Scanner?

Hello Buddahfan,

It more like a real basic Microsoft Security Essentials instead. In the tutorial below, you can see what it looks like when you run it.

Microsoft Safety Scanner

Hope this helps,
Shawn

9 more replies

hi,

few time ago you can find Microsoft Safety Scanner : http://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/112842.html

"Microsoft Safety Scanner offers Windows users an antivirus tool to remove viruses detected on demand. The application uses an ad hoc basis, ie it does not protect the system permanently. You can use Microsoft Safety Scanner when a virus is suspected to be present on the job, but the resident protection does not detect or has been disabled by malware. The software can be downloaded with the latest virus definitions to date, the same as Microsoft Security Essentials. Finally, Microsoft Safety Scanner allows for three types of analysis: fast (system files), complete (all files), custom (only selected files)."

A:Microsoft Safety Scanner

This has been around for a few years now, and can be download via the following link:
http://www.microsoft.com/security/scanner/en-us/default.aspx

There is also Windows Defender Offline which scans outside of Windows.
"The Microsoft Safety Scanner is designed for scanning your system for malicious programs without having to reboot it. While more difficult strains of malware may require reboot your computer with Windows Defender Offline (via CD or Flash drive) to scan and remove that malicious software."​http://www.jasonsavitt.info/article...osoft-safety-scanner-which-one-should-you-use

How to use either Microsoft Safety Scanner or Windows Defender Offline.
http://www.microsoft.com/security/portal/mmpc/help/remediation.aspx

2 more replies

What is this and how is it any different then just running MSE ?

http://www.microsoft.com/security/sc...s/default.aspx

A:Microsoft Safety Scanner

Hi,

The scanner isn't memory resident and doesn't update automatically.

Quote:
The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.

Microsoft Safety Scanner - Free online tool for PC health and safety

Regards,
Golden

5 more replies

Has anyone here ever used Microsoft Safety Scanner?

After using several virus removal tools, I don't remember hearing the name before.

Maybe I will download it when I get time, it would be nice if it runs from a boot disc.

You can download it here Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free both 32 and 64 bit versions are available.

A:Microsoft Safety Scanner?

Hello Drew,

It's not a bad portable AV scanner. Microsoft Safety Scanner
For a portable bootable AV scanner, you might take a look at Windows Defender Offline below a try.Windows Defender Offline

3 more replies

I downloaded Microsoft Safety Scanner and when I click on it this is what I get: Not a valid 32 bit app. I am running Windows 7 Pro. Does anyone have an answer for this?

A:Microsoft Safety Scanner

dakota37,

Also, try running in Safe Mode and see how it goes.

3 more replies

More replies

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by 17r at 2015-07-13 21:49:59
Running from C:\Users\17r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6T8642V
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
17r (S-1-5-21-2758016368-3510985515-234349725-1000 - Administrator - Enabled) => C:\Users\17r
Guest (S-1-5-21-2758016368-3510985515-234349725-501 - Limited - Disabled)
HomeGroupUser\$ (S-1-5-21-2758016368-3510985515-234349725-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
AMD Catalyst Install Manage... Read more

A:napstat.exe is annoying, sends me back in desktop when im doing something else

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Remove this program in bold using the Add/Remove program list.RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.16.0 - ParetoLogic, Inc.) <==== ATTENTION!===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Run: [NAPSTAT] => C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\RunOnce: [NAPSTAT] => C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Policies\Explorer: [Run] "C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE"

2 more replies

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista™ Home Premium , Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2037 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb
Hard Drives: C: Total - 108968 MB, Free - 32921 MB; E: Total - 1397 MB, Free - 1053 MB;
Motherboard: Intel Corporation, SANTA ROSA CRB, Not Applicable, Not Applicable
Antivirus: avast! antivirus 4.8.1229 [VPS 081124-0], Updated: Yes, On-Demand Scanner: Enabled

details The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log for more

Error 5/1/2011 5:54:26 PM SideBySide 59 None

Log Name: Application
Source: SideBySide
Date: 5/1/2011 5:54:26 PM
Event ID: 59
Level: Error
Keywords: Classic
User: N/A
Computer: dave-PC
Description:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">59</EventID>
<Level>2</Level>
<Keywords>0x80000000000000</Keywords>

A:Cannot run windows safety scanner msert.exe

16 more replies

windows onecare safety scanner is not working im on a dial-up connection with xp home sp2 i got the tune up and clean up scans to work but the protection scan says 5 out of 8 tool at 51% done and thats as far as it gose i waited like 1 hour yesterday and it did not move 1 %

More replies

Hi this is first time i used this online scan, it seems to sit at downloading scanning tools? 66% do i leave it or ? thanks

A:Onecare Safety Scanner Online

No stop it and try again.Or try these online scansESET Online ScannerPanda ActiveScan?

1 more replies

hello i have windows xp home edition . i recently " system restored " my computer to a earlier date . after that i tried to use the "windows onecare safety scanner " . i installed it and ran it . when it got to the section to put a check in "disk cleanup" & disk defragmenter ,i put a check in there and pushed o.k or continue . a error came up called " out of memory at line :178 " and the scanner could go no further . i also noticed that ,microsoft has two updates for my computer .(1) net framework 1.1 kb928366 & (2) net framework 2.0 kb110806 . the first update finally went through after about 3 or 4 tries . i don't know if this has anything to do with the safety scanner not working fully . if there's anybody out there that can help me i would really appreciate it , thank you and god bless !!!

More replies

i have a little shield that gives me a system alert message about spywear in my computer and it directs me to a website called virprotect.com

i already followed the steps prior completely here are my logs. i appreciate all your help in advance.

******MAIN***********

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2007-12-27 17:58:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
89: 2007-12-27 22:58:26 UTC - RP512 - Deckard's System Scanner Restore Point
88: 2007-12-27 16:39:57 UTC - RP511 - Removed MSXML 4.0 SP2 (KB936181)
87: 2007-12-27 16:39:10 UTC - RP510 - Removed MSXML 4.0 SP2 (KB927978)
86: 2007-12-27 16:37:55 UTC - RP509 - Removed Rhapsody Player Engine
85: 2007-12-27 16:17:10 UTC - RP508 - Configured Bonjour

-- First Restore Point --
1: 2007-09-29 22:41:23 UTC - RP424 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-27 18:00:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe

A:system alert balloon that sends meto virprotect.com

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

* IMPORTANT !!! Place combofix.exe on your Desktop

Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall

Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is no... Read more

19 more replies

hey,
i just bought a new computer, and assembled it.
everything works great, except that whenever i unplug the computer and then plug it back, i cant turn it back on again for a while.
No lights, no response, like its not in the socket at all. only after a few minutes of being unplugged it lets me turn it on again.
It was very anooying when i assembled the system, and had to wait for a while between adding stuff.
It really pissed me off when i had a power failure in my house for a second, and couldn't use my computer for about 20 minutes later.
Is this a safety thing from enermax? if it is, is there a way i can get around it? or atleast minimize the wait time?
my system, if u think that it might be somthing else:
Processor: Intel core 2 duo E6400
Motherboard: Asus P5B
Mem: DDR2 512Mb 533MHz CL2 Kingston
Graphics: Sapphire Radeon X1950PRO 256MB PCIe
PSU: Enermax Noisetaker 420W

A:Enermax annoying safety mechanism?

I've got the 475W Noisetaker and a 480W Noisetaker II, never had this problem with either of them. I did static discharge on the case of the comp that had the Noisetaker in it once and it wouldn't power on for a few minutes, but I've never had a problem like you are discribing.

I may be off on those wattages, I can't be arsed to check for sure right now. But I'm not off by more than 15, and its not even relavent to your case.

1 more replies

The set of online system tools, featuring a virus scan and Microsft's own registry cleaner, now works for Windows 7 too!

Take it for a spin at What's new - Windows Live OneCare safety scanner for Windows Vista and Windows 7

A:Live Safety Scanner is now Windows 7 compatible

And I still get an error when trying to run it!

1 more replies

Hi my name is seany15 and i would like some help with these trojans/viruses/things i deleted via MSSS, more details below.

CHAPTER 1, THE SPAMS
My old email address was sending spam to people in my relatively short contact list, something about vlagra (i had to replace the i with an L, the word is blocked for some reason ?_?)
My step dad came in around a day or so ago and said "You have a trojan, you have a trojan your old email has been sending me spam for the last 3 or 4 days"
SOOO... i changed my old email's password but im not sure it stopped yet...

CHAPTER 2, THE SCANS
Anyways, i ran a scan with malwarebytes (a full scan) and came up empty handed, But while it was running i decided to intall MSSS (microsoft safety scanner)
When malwarebytes was done scanningi ran a full scan with msss and after a couple of hours i noticed that it said it detected 14 infections near the end.

CHAPTER 3, THE PICS
When msss was done scanning i took some pictures of the path and everything else on there, here is the collection, First time using this imageshack thing so im not sure if im doing it right

ImageShack Album - 6 images

As you can see (i hope) in the images. i deleted them via msss. What i want to know follows

CHAPTER 4, THE S.O.S
I want to know what these things may have planted on my computer (rootkits, backdoors etc.) or if they've stolen anything (debit card info, passwords etc.) or if hackers can get into my computer now and if i should mayb... Read more

A:Deleted trojan with Microsoft safety scanner

---------------------------------------------------------------------------
.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by Sean at 13:13:51 on 2011-06-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.266 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
C:\Windows\system32\svchost.exe -k imgsvc

19 more replies

I'm presently running a weekly scan with Defenders from Windows, Windows OneCare Safety Scanner and then I run Avira AntiVir Personal.

I've also enabled Windows Firewall but wonder if its sufficient.

Am I duplicating my efforts between the three and is Win Firewall enough?

A:Solved: Defenders vs OneCare Safety Scanner

First off, you should never one more than one AV program on your computer. My personal experinece with OneCare is it does not work very well. Can't comment on Defender...never used it. Avira is ALL I use. Works quite well and low resource user.

Windows Firewall is junk!!! Turn it off and get either Outpost or Online Armor. Both are free downloads and rated at or near the top of the list of effective firewalls. Click here for a comparison chart.

Raybro

3 more replies

Where in my Hard disk are 'MicrosoftFixit' and 'Microsoft Safety Scanner' located? Thank you

A:Where in my hard disk are 'Microsoftfixit' and their 'Safety scanner'?

The Mocrosoft Fixit is a webpage:

Microsoft Fix it Solution Center: troubleshooting software issues

I am not exactly sure what you mean by the Safety Scanner. That is usually done with your AV program (e.g. MSE) or an independent scanner like Malwarebytes

9 more replies

Here is the Hijack This Scanner Results - Run as Admin

Dell Inspiron i7 Win7 Ultimate 64 bit

The box was slow and lagging then BSOD. Internet now has limited (no) access and MS Safety Scanner found a bunch of stuff on a usb drive but then quit. AVG and MalwareBytes with manual updates found nothing. Maybe somebody could give me hand here?? I have been able to successfully rid machines of viruses in the past but this one is stumping me?? I can use a restore point but would like to get rid of the virus first.

Any help would be great.....

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:41:37 AM, on 11/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16514)

FIREFOX: 25.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Derich\AppData\Local\Akamai\netsession_win.exe
C:\Users\Derich\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

A:No Internet -AVG Finds Nothing - MS Safety Scanner Quit

11 more replies

Greetings, everyone.I have a problem about Windows Live. For some reason, when I access this site - Tune Up Center - and clicked the "Tune Up Scan" button, this webpage shows up - We're Sorry.Here is the screenshot:I have all the requirements, my OS is Windows Seven Ultimate and Internet Explorer 8.Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

A:Windows Live OneCare Safety Scanner

Is Windows Live OneCare still alive?

http://onecare.live.com/standard/en-us/support/ocfaq.htm
http://onecare.live.com/standard/en-us/default.htm

I thought, it was discontinued...

4 more replies

Hello!!Not sure where to post this, but it can be moved if it needs to be.I discovered this by accident, and I haven't seen any thing about this on this or other forums. I ran this software on my XP3 PC. My C Drive showed 15 GB of used space before I ran this, and 9.6 after. I can't believe that much crap was removed because I thought I keep a clean PC. My PC seems to be a little faster and every thing is working just fine with 6 GB less crap.I'm trying to find out if this is new or has it been around, and is it still being supported by Microsoft.. I'm wondering why I haven't heard of this before.I have used ESET and other scanners ,but I never got these kind of results.I would really appreciate any feed back I can get about this software!!Thank you!! Garyhttp://onecare.live.com/site/en-us/default.htmEdit: Moved topic from General Chat to the more appropriate forum. ~ Animal

A:Windows Live Onecare Safety Scanner!!

Here's some information I found on the web.
It seems to me Microsoft still supports this software.
I used it and I'm very satisfied with the program.
My C Drive has 6GB less crap on it and my PC is faster!

however, Windows Live OneCare Safety Scanner, under the same branding as Windows Live OneCare, has not been discontinued.
Contents

* 1 Overview
* 2 Limits
* 3 Vista beta problems
* 5 References

 Overview

Windows Live OneCare Safety Scanner offers a free online scanning and protection from threats. The Windows Live OneCare Safety Scanner must be downloaded and installed to your computer to scan your computer. The "Full Service Scan" looks for common PC health issues such as viruses, temporary files, and open network ports. It searches and removes viruses, improves a computer's performance, and removes unnecessary clutter on the PC's hard disk. The user can choose between a "Full Scan" (which can be customized) or a "Quick Scan".

The "Full Scan" scans for viruses (comprehensive scan or quick scan), hard disk performance (Disk fragmentation scan and/or Desk cleanup scan) and network safety (open port scan). The "Quick Scan" only scans for viruses, only on specific areas on the computer. The quick scan is faster than the full scan, hence that appellation.[2]

The service also provides a virus database, information about online threats, and gen... Read more

8 more replies

My friend is having this problem, and she has no idea what to do. The message "is that you on this photo (live link removed) randomly send to people on her contact list. Any idea's on what to do to get rid of it?(Moderator edit: Live link removed. jgweed)

A:Annoying Message Pops Up And Sends Messages Randomly On Msn Messenger

1 more replies

I have been having some trouble with my laptop. Whenever I start my browser, it bypasses my homepage and goes to http://asecurityupdate.com/ and gives an error message about some virus. See attatchment. If I click OK it goes to a site to buy software to remove the problem. Now, I was born at night, but not last night. I am not falling for that. I also notice a "Protection Toolbar" on my browser that will not close. I looked through "Add & Remove Programs" and I found Windows safety Alert in the program list. This program is growing everyday. I noticed it the other day and it was 1,100MB, today it is 1,280MB. When I trid to remove it, my antivirus goes nuts stopping what is spewed. I also attached a screen shot after I tried to remove. I also tried to restore to a time before I had this issue, but it wont work. I tried 3 different restore point and nothing. I do a lot of business on my laptop and I am kind of scared to even do work on it let alone send files. And I really dont want to have to try and save all the stuff on here and reformat. Can anyone help? I ran Hijack This this morning and am putting the log below. Any help from anyone would be greatly appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 8:54:06 AM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe

Hi and welcome to TSG.
Click the Red triangle above your join date..and ask the Moderators to move your post to the Security forum.
That's where the Hjt log experts can be found.
You may have to wait for a reply they are always busy...so hang in there.

3 more replies

Earlier tonight I was online and my internet explorer crashed suddenly and then a program claiming to be Safety Center popped up and warned me that my computer is infected with viruses and urged me to purchase the program. I shut my computer (currently running Windows XP) down to prevent further damage, but it was too late. The entire system has been locked by the virus(es). I am unable to edit the registry, connect to the internet, start task manager, run in safe mode, or access my USB drives. Furthermore, the viruses have disabled access to Malwarebytes and my Antivirus software (Zone Labs).

In addition to having "Safety Center" running out of control on my computer, I also have popup alerts from some program calling its self "Antivirus System Pro alert" which I also cannot get rid of. I have tried starting the computer in safemode, but the computer flashes a blue screen for less than a second and reboots. I have also tried to edit the registry to remove the corrupted keys, but when I typed regedit into the run field the computer came up with an error message that said "registry edit disabled by the administrator". I attempted to run a Malwarebytes scan but the file path "could not be found" and redownloading the program is out of the question because as soon as the internet explorer is opened it disapears. I am also unable to disable the processes running with the taskmanager because the program has blocked access saying th... Read more

A:Safety Center and Antivirus system pro alert virus

6 more replies

Hi to all

I have developed some problems after shredding office 2007 through Mcafee shredder. I usually use Liveonecare to scan my computer and clear up junk but for some unknown reason IE 7 has blocked my access to the onecare scanner with the bar across the Top of the page with the message:

Internet Explorer has blocked this site from using an ActiveX Control in an unsafe Manner as a result this page may not display correctly

I have never received this before I have always been able to use the onecare scanner without any activeX bar appearing. My settings seem to be okay in Internet Options but I am not experienced enough to really know what to change and check, most of them are prompt or enable when it comes to ActiveX controls. Usually if I experience any web sites that want to run an activeX control I get an option to allow or not allow an control to run but for some reason this is not happening.

I'd appreciate some help

Thanks

More replies

Thanks to help on this forum (thanks, ThrashZone!), I have several powerful new freeware tools. After running several others and deleting anything questionable, ran Microsoft Safety Scanner. It finds over 300 infected files. But in repeated attempts, right near the end of 8-hour scans, it stalls on this file:

Windows\system32\drivers\tcpip.sys

From various forums, I get the idea that it would be dangerous to remove or rename this file. Have scanned it with Norton 360, which shows clean.

Can anyone here please suggest a way to complete the MSERT scan and disinfect?

A:Microsoft Safety Scanner hangs on system file

Quote: Originally Posted by cteno

......It finds over 300 infected files....

It is time to start over and do a clean install with windows 7. That is way too high.

With that many infections, I doubt your system will ever be clean. Better to erase and start all over.

Clean Install Windows 7

2 more replies

Microsoft Safety Scanner has been running more than   47:14:36 hours.  It has scanned more than 1,265,500 files and has found more than 771 infected files.  It is only partially complete, I would say less than 1/3 complete.  Why is this taking so long.  Also, the number of threats appears to  be very high.
Any help would be appreciated.

A:Microsoft Safety Scanner is Taking Days to Complete

Stop the scan, then complete these....

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

JRT Scan.

Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.

Hit Ok.

Hit next make sure to leave all items checked, for removal.

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK... Read more

0 more replies

For the past few days I've been unable to load Microsoft Safety Scanner web page.
At first it was only Internet Explorer and edge with the issue.
Now Chrome and Firefox are unable to load the page.

Anyone else having this issue??
James

A:Unable to Load Microsoft Safety Scanner Web Page

Hi, Which specific URL are you having problems with?

Does this help?
https://support.microsoft.com/en-us/kb/2916641
"If a malware infection is preventing you from downloading the Microsoft Safety Scanner to your computer, use one of the following methods to download and run the tool.Method 1: Run the Microsoft Safety Scanner from removable media

Save the Microsoft Safety Scanner to removable media on an uninfected computer, and then run the tool on the infected computer. To do this, follow these steps:........................................"

You can also get the scanner here e.g.

0 more replies

For the past few days I've been unable to load Microsoft Safety Scanner web page.
At first it was only Internet Explorer and edge with the issue.
Now Chrome and Firefox are unable to load the page.

Anyone else having this issue??
James

A:Unable to Load Microsoft Safety Scanner Web Page

Hi, Which specific URL are you having problems with?

Does this help?
https://support.microsoft.com/en-us/kb/2916641
"If a malware infection is preventing you from downloading the Microsoft Safety Scanner to your computer, use one of the following methods to download and run the tool.Method 1: Run the Microsoft Safety Scanner from removable media

Save the Microsoft Safety Scanner to removable media on an uninfected computer, and then run the tool on the infected computer. To do this, follow these steps:........................................"

You can also get the scanner here e.g.

more replies

Hi,

I have been trying to run Windows Live One Care Safety Scanner (beta for vista) I can successfully install and run it but when it performs the scan and it reaches 97% completion the program hangs. I have tried uninstalling and reinstalling the software. I thought the problem might have arisen due to vista's securitythen reinstall th features so I first made sure to run internet explorer browser when I re-downloaded the scanner files. However, this has made no difference... the scanner still installs and runs but again upon reaching 97% completion hangs.

I am interested to know if anyone else has encountered this problem and better still if anyone knows how to resolve it.

Any input much appreciated.

A:Windows Live One Care Safety Scanner Hanging

Hi jonin and welcome to Vista Forums

As you have stated in your post, this is a Beta program and, as such, might still have the odd bug in the code that prevents the program from working as it should. Have a look at the following: Windows Live OneCare Help Center. In particular, take a look at the 'Connect with the Community' section. Here you can send feedback to Microsoft about the issues that you are having, and you can also check the relevant forum to see if other people have similar issues and, if so, what they did to resolve them.

13 more replies

Im very inexperienced with malware/spyware etc. I've tried many programmes including malwarebytes, spybot, spyware doctor, microsoft safety scanner.
On spybots first ever scan it detected Interent security 2011 as malware but failed to delete it.
now microsoft safety scanner has detected ramnit.b and only partially removed it. My computer seems to be running better but im cautious that its still there. One common problem among many others is that my browser page jumps back to a previous page I was on 5 minutes ago (although not sure if this is caused by virus or not).
Combofix is my next option however there's several warnings that its extremely powerful, and shouldnt be done without assistance.
Any help at all with this problem would be hugely appreciated, its taken up a lot of my time.
thanks

Mel

A:Microsoft Safety scanner only partially removed Ramnit.B, what do I do now?

Hi there

You should definitely not run combofix unless it's under instruction from a trained user, as it is a powerful tool as you say. Ramnit is an injector worm, which basically means that it injects iself into files and multiplies. Html files seem to be particularly susceptible, but it also infects exec files. The bad news is that it's an extremely serious infection which can spread really quickly, and also creates a backdoor allowing remote access. It's very difficult to clean off and sadly I'm speaking from experience as we got it earlier this year. We managed to save our documentation but only with an IT friend of ours spending 4 days on it, backing up our data and then reinstalling windows. It spreads quite happily on usb stick to so be carefull about back ups.

Someone far more qualified than I will no doubt be along to give you proper advice but it's a serious infection (esp due to the remote access issue) so you'll definitely need specialist help to get it dealt with so you might want to consider posting in the 'malware removal logs' forum. If the guys on this forum can't help, they'll transfer you over there anyway, with guidance on what to do next

1 more replies

Im very inexperienced with malware/spyware etc. I've tried many programmes including malwarebytes, spybot, spyware doctor, microsoft safety scanner.
On spybots first ever scan it detected Interent security 2011 as malware but failed to delete it.
now microsoft safety scanner has detected ramnit.b and only partially removed it. My computer seems to be running better but im cautious that its still there. One common problem among many others is that my browser page jumps back to a previous page I was on 5 minutes ago (although not sure if this is caused by virus or not).
Combofix is my next option however there's several warnings that its extremely powerful, and shouldnt be done without assistance.
Any help at all with this problem would be hugely appreciated, its taken up a lot of my time.
thanks

Mel

More replies

First, thanks for taking a look at my problem.  Your attention and time are appreciated!

The machine in question is a Dell Precision M6600 running Windows 7 Pro.  A scan with Vipre from ThreatTrack Security discovered a file it called Lookslike.swf.malware.h which it quarantined and eventually deleted.  Subsequent deep scans with Vipre came up clean.  However, Microsoft Safety Scanner came back with 12 files infected, calling the malware Exploit.Java/Obfuscator.w.  The MS scanner said it could not do anything about the matter.

All updates to Windows, Vipre, Java and Adobe products have been made and the machine is currently not displaying any strange behavior.  However, since it is a machine that gets heavy use on very important, time-sensitive projects, I would like to get ahead of the issue and do anything I can to remove the threat entirely.  Normally I would just back up the data and do a clean reinstall of Windows but this particular machine is chock full of difficult to reinstall software that I would much rather leave in place.

Any assistance is very much appreciated.

-Scott

A:Exploit:Java/Obfuscator.w found by MS Safety Scanner - Help Removing, Please

Hello mudhustler and welcome to BleepingComputer!

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

If I don't reply after 3 days, feel free to PM me.
==========================================================================Some points for you to keep in mind:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I wi... Read more

15 more replies

Post title: Malware missed by yesterday's Windows Defender and today's MS Safety Scanner
Support Case 1343834339
Running Win10 with latest hotfixes on a Lenovo desktop with the HDD
swapped out for an SSD. I almost always disable Flash by running
"C:\Program Files\Internet Explorer\iexplore.exe"  -extoff from a desktop
shortcut.
I'm getting an Internet Explorer window locked open saying it's missing a
file, and to call a tollfree helpline at 1-844-354-5841; and the window
will not dismiss. This was when I went to SHOPRITE dot com, though I may
have mis-typed the URL. [NOTE: I don't visit porno sites; and I have a
number of news & other websites  in the Restricted zone to swat pop-ups &
other garbage. I also run the latest version of Brave browser, which
essentially does the same thing.].
Since I keep Windows Defender open, and update and scan at least once per
day, at that point I went to update and it said it could not connect.  At
that point, I launched a quick scan anyway with yesterday's definitions
and also checked the HOSTS file for any rogue entries (there were none). I
then launched a full scan, and I went to another PC, downloaded MS Safety
Scanner 1.0.3001.0, ran it and it came up clear (the full Windows Defender
scan is still running.
I have my old HDD installed in a disconnected USB
drive case, so as a worst case scenario I can install it, patch it to
everything, load any AV on it, then plug the SSD in for an o... Read more

More replies

http://onecare.live.com/site/en-us/default.htm?s_cid=sah

Between time to time I scan my laptop online to check if it has been infected by viruses or spyware.

Today I have used the link above to check my laptop (periodically normal check) , when it finished, I realized many files (word, power points, pdf,,,,etc) and folder disappeared from the desktop ?????

Have these files and folders been deleted or been archived some where ?

Yes physical files (more than one files and more than one files types), not a shotcut were deleted.

More replies

Hi White Knights, Good Guys and Gals,

My PC was attacked, likely through Internet Explorer today, since I haven't downloaded anything. The following are is the list of Malware that XP Security Center has notified:

=email-worm.win32.netsky.q
=rootkit.win32.agent.pp
=backdoor.win32.kbot.al
=net-worm.win32.mytob.t
=net-worm.win32.dipnet.d
=virus.win32.hala.a
=virus.win32.gpcode.ak

and Trojan Remover has identified
c:\windows\system32\vacinit.dll

and Mcafee
NTROSKRN... (rootkit trojan)

The program "Protection Systems" continues to pop up prompting me to buy along with random IExplorer bombs despite having removed it from programs. The system regularly freezes when I employ anti-malware programs.

I have attempted to use in normal and safe operating mode (Mcafee from safe command prompt)
=Mcafee VirusScan Enterprise (halts early in operation, Identifies NTROSKRN and 11 cookies)
=Stopzilla (Halts early in operation)
=Malwarebytes(fails to open even with changed name)
=Rooter Malware Finder (Eric_71) (operates results indeterminant)
=Trojan Remover (Runs. results indeterminant)

I am not in a good position to format the PC (in the wilderness).

Any advice what is preventing these malware programs from operating?

Thanks, and happy to repay the favor particularly if you like homebrew since PC wars arent my specialty!

Lookingtree

DDS (Ver_09-06-26.01) - NTFSx86
Run by Iamcomputer at 20:41:08.59 on Wed 07/15/2009... Read more

A:Unknown Attack Disables Malware Scanner/Antivirus/Spyware Scanner

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease d... Read more

2 more replies

Pop-ups on desk top: remotely accessing wed sites eg Porno.com, ******.com ect.;Windows Secerty center opens;Antivirus Live- showing a open scan box;regsvr32.exe - Application Error box; Security Warning- (application cannot be executed) Spyware Alert ! Velnerabilities found 34 seriousthreats ect. box; Antivirus sostware alert-attack from,Attacked port,Threat, box. I cannot open any files (programs) or access the internet.

Is there anyone that could help eradicate this virus from my computer.

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

---------------------------------------------------------------------------------------------

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies

I've been getting the following balloon messages on my taskbar:

Along with these many balloon messages, I've been getting random pop-ups for spyware & virus programs, as well as the occasional other site. I ran Spybot, Spyware Terminator, Ad-Aware, and AVG Anti-Spyware 7.5.

After reading through the forums, I also ran them all in safe mode, and ran SDFix in safe mode as well.

I don't seem to be getting the pop-ups anymore, but the shield on my taskbar (in pic 1) is still there and the balloon message still comes up every few minutes.

This is my latest HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:43:19 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe

9 more replies

I have a new Gateway PC running Windows XP that I just got in December 2006. The McAfee software it came with expired after 3 months, so I installed the AOL Safety & Security Center. I can't get the status better than "Fair" on this computer. It shows a message that it needs to update the Spyware definitions, but when I try it says no updates are available (should state that either it is up-to-date or that new definitions need to be downloaded). If I try running a Spyware check it stops after a few seconds stating that the operation was cancelled by the user, which I did not do. I tried uninstalling the software, rebooting as instructed & then reinstalled the software from a fresh download, but still keep getting the same exact problem. I don't think it is completely uninstalling the software & that some file that is bad remains with the typical uninstall, but don't know what to do at this point. AOL does not offer technical support for non-paying AOL members. I recently changed from being a paid AOL member to their free service. Please help!

A:AOL Safety & Security Center won't update Spyware definitions

7 more replies

Each time I power up the following alert appears:
Quickdrop.exe failed to start because mpgaout.dll could not be found.
What is quickdrop.exe and how do I get rid of both?
Thanks

Are you an Ebayer? Do you have MainConcept encoder installed?

Get this and see if quickdrop shows up in any Startup tab and disable it to see if the pop up disappears.

http://www.mlin.net/StartupCPL.shtml

3 more replies

hey guys theres this stupid error coming up once the installation comes to 2% and it stops.
"there was an error creating a file on the destination drive"plllzzzzz help man!!its driving me nutzzz!!!

9 more replies

i keep getting a message that pops up on my screen for no apparent reason at all. i think it is mostly harmless, in that my computer still runs fine, etc. but, it should not be popping up and is extremely annoying. is always says something about cleaning my registry at some website, but there are variations of it......sometimes it will say a different website and be a different sized window box, for example. (i think a couple of the websites are registrycleanerpro.com or fix32.com or cleanreg.com) when i come home from work and have had my computer on all day, i will have to close out several (maybe like 50) of these messages, since they have continued to pop up on my screen throughout the day. however, at other times, they dont seem to pop up as often. for instance, i have been using the computer for the past hour or so, and it has only popped up once, if at all. again, i dont think it is really disabling any programs or capabilities of my computer, but i know it should not be there, and i can't get rid of it. i have avg, spybot search and destroy, and ad-aware......all of which i have used to scan my computer.....they haven't stopped it yet though.
any ideas????

Sounds like you may have WIN32.agent,I believe it's malware.Its really annoying.Look that up on google and see if thats what it is...hope this helps.

3 more replies

"The connection to the server was reset while the page was loading."

This Alert pops up, sometimes three times in quick succession, when FireFox starts loading a Web page. Clicking OK sends it away, usually. But occasionally, the page stops loading, the status line says Done and I have a blank page.

I have checked with my ISP, they say they have never seen it.

I think that was a bug in Firefox...I haven't seen it in a while. What version are you running? The latest is 1.5.0.7 or 8.

1 more replies

I am getting a bunch of fake warning pop-ups and websites are popping up. I ran a norton scan and ad-aware and am still having the problem. I ran hijack this and here is the log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:26:46 PM, on 2/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYSC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Hewlett-Packa... Read more

Hello rocket152,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies

i was playing a game and suddenly a person trying to portscan me but my antivirus stopped it but it is continuious keeps trying every five minutes the IP is 213.233.103.28 how do i get rid of them its really annoying

More replies

When I get e-mails the person sending it to me immediately gets an e-mail saying it's from me but they know it isn't as it contains many spelling and grammer errors. This also happens with e-mails that I get from commercial entities and then I get an e-mail that says that I can't reply to that address. I have virus protection but this is continuing. It seems it only does it once per sender as far as I can tell. Plus my "sent folder" shows a couple e-mails (in the last 2 months) that I did not send and shows them coming from me and going to email addresses that I don't recognize.

A:Help - my computer sends emails not from me to whoever sends me an email

I realized I omitted helpful info - I an using Window Vista and use MSN Mail for my e-mail. I'm new to this, please bear with. Any ideas appreciated!

1 more replies

I hope someone can help.
How do I remove these annoying popup's???
Every few minutes I receive popup's from a balloon that pops open from a constantly blinking yellow triangle with a black exclamation point on the menu bar at the bottom of the page. I also noticed a toolbar that has installed itself into Internet Explorer called Security Toolbar 7.1.
If that wasn't bad enough, I'm getting IE page alerts directing me to the following sites:

http://www.savetheinformation.com

http://www.protectroom.com

http://securityonpage.com

I'm also receiving the following error messages.

The messages that appear are as follows:

Type: Virus/Network Worm
Damage Level: High
Description: Virus that infects executable files.
Recommendation: Delete/quarantine immediately

System performance monitor: Warning

Summary:
System performance slowed down by: 47%
Internet connection speed decreased by: 39%
Probable reason:
Spyware applications / Adware popup windows

Your computer is infected with last versions of PSW.x-Vir trojan. PSW trojan steals your privat information such as:
Click this balloon to remove PSW.x-Vir spyware.

More replies

Hi. A window pops up and the bottom right corner and says several different alerts. When I click it a window opens so I can download software. Please help... and I'm new so if there is anything else I need to post or read please let me know.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:43:05 PM, on 11/9/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\qiawpbjj.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Sony\VAIO Camera Utility\VCUServe.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Mozilla Firefox\firefo... Read more

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. You are using peer-to-peer programs, specifically BitTorrent.These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/Scan again with HijackThis and put a checkmark next to each of the following entries (if present): R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =F2 - REG:system.ini: UserInit=C:\Windows\system32\qiawpbjj.exe,C:\Windows\system32\userinit.exeO2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)O2 - BHO: (no name)... Read more

13 more replies

I have been having this little bubble thing pop-up for a while, and I finally have had it! I know that it's not one a huge problem or anything, but it's not any less annoying than a popup window. My best description would be that it's part of the windows security alerts, it's a red shield with an X in the middle of it and it's located in the tray on the lower right side (right next to the time). Everytime I start some new activity, or restart/log on to my computer, it pops up a message saying that I don't have any sort of virus protection. I have Ad-Aware and Spybot, so I should be covered (stressing the should). How can I get this annoying little message to go away?

12 more replies

i need a real time spyware scanner for free. I also need a virus scanner (realtime) avast, avg, or antivir? Does anybody have suggestions?

A:real time spyware spyware scanner? (free)

16 more replies

Logfile of HijackThis v1.99.1
Scan saved at 8:41:59 PM, on 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\oracle\ora90\bin\agntsrvc.exe
D:\oracle\ora90\Apache\Apache\Apache.exe
C:\WINDOWS\system32\cmd.exe
D:\oracle\ora90\BIN\TNSLSNR.exe
D:\oracle\ora90\bin\dbsnmp.exe
d:\oracle\ora90\bin\ORACLE.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
D:\oracle\ora90\Apache\jdk\bin\java.exe
D:\oracle\ora90\Apache\Apache\Apache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page... Read more

A:start up slow and anti spy alert annoying

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

c:\WINDOWS\system32\svcroot.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Post a new hjt log when done.

3 more replies

I keep getting a popup in the program tray that says there is a spyware alert, followed by a popup on the right above the clock saying there is an infiltration alert. it gives a different detail each time ranging from virus to worm to malware. Popups every minute! please help. Here is the Hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:35 AM, on 9/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe

More replies

Hi, I have a blue circle with a ? in it that alternates to a red circle with a slash in it in my icon tray on the bottom right of my screen. Also, my homepage has been changed to //www.syssecuritysite.com/
on top of that, I have three new shortcut icons on my desktop, which I have already deleted.
ewido didn't find anything, and I don't see anything new in my startup menu through msconfig.
I did remove the program with the same icon through the controll panel, but it is still there.
The circle in the icon tray occasionally comes up with a red and gray screen that says "your computer is infected... click here.."

What is this, and how do I get rid of it, and why didn't ewido see it?

//Mod edit to modify URL above to protect others

A:Annoying Virus Alert Icon In Toolbar

1 more replies

A:Annoying Alert Bubbles, Constantly From My System Tray

8 more replies

First I'd like to thank everyone that helps the people that come here-you folks are great!

I continue to get this from McAfee 8.5. It tells me it's deleted anywhere from 2-6 infections and it's fake alert spyware but when I reboot it pops up again and wants me to buy the service and indicates it's running a scan. Plus a screen comes up saying there is a possible trojan trying to get into my pc and should I let it or buy the protection.

My browser is Flock.

Any help would be much appreciated,Thank you.

17 more replies

I am running Windows 2000 Pro and Any time I send an e-mail using Outlook Express with a wmv video attachment at the end of the transmission, I receive an Oulook error window which states "Some errors occurred while processing the requested tasks. Please review the list of errors below for more details." When you look below there are no errors listed in the box. Now during this transmission, the e-mail was passed to the outbox folder and transmitted from there but when the transmission is completed it is not removed, just stays there. If I leave it there and send another e-mail the same process takes place as when I sent the first e-mail but this time both e-mails are transmitted, sending the first e-mail a second time, and if I do not remove these e-mails from the folder they are sent again every time I send an additional email. I can remove the email with the attachment and it will send the others and the outbook will be empty, but I have to manually remove the email with the attachment. Now today it started doing the same thing with a txt return receipt.
I have scanned with Norton's, AVG, and Trend Micro in safe mode and nothing. I have run Spybot & Ad aware nothing. I have reinstall both Internet Explore and Outlook Express, did not fix. I disabled norton's firewall. I disabled norton's virus scan of outgoing mail. I have called the ISP and they checked the settings and everything looks fine.
Any help would greatly be appreciated by me and al... Read more

A:Outlook Express sends and sends

13 more replies

8 more replies

I keep getting fake spyware alerts, internet explorer pop ups and fake anti virus installers. first it tried to install avspyware and i got rid of that now its pushing best seller anti virus

Ive tried many different anti virus as well as smitfraudfix

thanks
oh NOTE: it still able to start it self in safe mode

and i have a external hardrive

---------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:05 AM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe

Bumpitty

1 more replies

Getting all kinds of popups on my pc. "Security warning Worm.Win32.NetBooster detected on your machine......."

Here is my HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:26 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Aliant\Aliant Security Services\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\klutizkr\szoxelmf.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Aliant\Aliant Servicepoint Agent\ASA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe

16 more replies

need help from all the expert here...
suddenly i got this problem when trying to install new av for my pc...

the screen suddenly appear spyware alert...
and window notify that a worm.win32.net booster had been detected in my system...

all of this symtom follow:
* cannot find my hdd ( C and D )
* my wallpaper suddenlt change to a red white like biohazard sign written 'ur privacy ib danger'
* all the window antivirus alert appear

really blur now...
what possibilities that i can do???
now i juz shut down my pc n d/c the lan cable...
thanksss all for help

1 more replies

I don't know anything about computers really but I read to run hijack this and now i don't know where to go from here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:21 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1133665986\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe

Hi and welcome to TSG!

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Select the first option, to run Windows in Safe Mode, then press "Enter".

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.

3 more replies

I broke my rules and ended up infecting my system. I keep seeing the mesaage about "spyware alert" and am directed to various websites to download various antivirus/antispyware etc items. I have the latest versions of McAfee, AdAware (full version) and Spyhunter (full Version) but none are successful in cleaning up this mess. Here is the log file from HijackThis. Any help would be greatly appreciated. I have run at least three full scans of each of the above programs and all have been clean.ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:40:41 PM, on 12/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exeC:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exeC:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exeC:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatc... Read more

Hello pwhite52,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

1 more replies

(win xp)
I'm looking for a spyware scanner similar to the OLD ad-aware, that just scans and does NOT keep running.
Which programs could I use?

with these properties:
-light program
-scan only
-free to use

A:spyware scanner?

6 more replies

Hi, first time here,

I am running Windows 7 Home Premium. 32 and 64 bit. I have Norton security suite that comes with my Comcast subscription. I scan pretty frequently and I also use CCleaner which works great. I am not having any problems with my computer right now but I have in the past. Something not only got past Norton it also was able to disable Norton. I got it going again fairly quickly but my computer wasn't the same. I did a complete restore and it has been fine. For some reason I still feel like there is something going on in my computer which there may not be. I've noticed some files that looked suspiscious but I can never know for sure so I won't change anything. One time I noticed 3 extra users and I was sure I was infected until I found out Nvidia adds these for updating.
My question is that when I was looking at the files in my registry, I clicked on internet settings then zone and the list expanded to about a page and a half of files with names having to do with sex and porn. They all had the arrow to open a sub folder with on every one was www. I ran Norton and superspyware and a search. Nothing is detecting these files. Any suggestions?

Thanks,
Ron

A:spyware scanner

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Butt... Read more

28 more replies

How can i remove spyware that keeps coming back after i have used various spyware removers?

A:annoying spyware

Ask the folks at this Forum Here.

2 more replies

Hey guys, for a couple of days there has been these pop up windows coming up on Internet Explorer even though I haven't used IE. Also sometimes music starts playing out of the blue, I guess it's a commercial or something.

I've seen some strange processes in the task manager: a.exe, b.exe, c.exe, msb.exe, 648.tmp.exe... btw I'm running XP sp3. Thanks for your help

Here's DDS:

DDS (Ver_09-05-14.01) - NTFSx86
Run by gurlie at 20:44:09,95 on 2009-06-22
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1015.445 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\Program\EeePC\ACPI\AsTray.exe
C:\Program\EeePC\ACPI\AsAcpiSvr.exe
C:\Program\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Elantech\ETDCtrl.exe
C:\Program\Elantech\ETDDect.exe
C:\WINDOWS\system32\ctfmon.exe

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

=========

* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware... Read more

2 more replies

My computer recently got infested with spyware. I managed to get rid of most of it with adaware and spybot but one remains. Spybot recognised it as 'command service' but will not delete it due to it being used by memory. All this thing does is slow down my computer when connected to the internet by opening heaps of Norton Anti virus email scans. How on earth do I get rid of this?

A:Really annoying spyware

16 more replies

Hi,I have annoying pop ups every time I use my Internet Explorer.... I have ran Spybot and AdAware and Windows Defender as well and apparently it has not corrected the problem. I have included a HighJackThis log file for your review...Can anyone tell me how to remove this pesky spyware??Thank you!Logfile of HijackThis v1.99.1Scan saved at 8:30:02 AM, on 6/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Wi... Read more

A:Spyware/ Annoying Pop Ups

Hello Raines,

I am currently analysing your log and post back a fix ASAP. Thanks

6 more replies

Basically, there's some stuff that got on to my computer that i need to get rid of, because it's causing annoying pup-ups. Here is my HJT log so you can help me quickly:Logfile of HijackThis v1.99.0Scan saved at 9:59:25 AM, on 5/1/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\svchost.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\mcshield.exeC:\Program Files\Network Associates\VirusScan\vstskmgr.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\Explorer.EXEC:\WINNT\popuper.exeC:\WINNT\system32\msole32.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Network Associates\VirusScan\SHSTA... Read more

A:OMG, annoying spyware on my PC!

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exeO3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: Virtual Maid... Read more

8 more replies

hey

Ive been recently getting alot of popups from the url-
ive run a number of virus chekers and spyware blokers who have claimed to of found nothing and yet the popups still appear. in the time i have written this email 6 popups have continued to show.

how do i get rid of this crap ?

thanks

A:annoying spyware........

make a new permanent folder, name it hijack, click on the above link to download hijackthis to that folder. after unzip the file, run it, and make a hijack scan and save it, copy the log and post it.

3 more replies

having problems with annoying spyware alert, will not close or delete any suggestions??

A:Annoying Spyware

1 more replies

I am very cautious about spyware, and I usually have none, but lately spybot always finds "Avanue A, INC", "Double CLick", and "Hit Box"

I never had theese before and i dont understand why they are there everytime I run a check.

Any ideas?
Thanks.

A:annoying spyware

7 more replies

hey, I'm new to this game

I seem to have been hijacked by the 4bf65.ilxt hijacker and get bombarded with popups

hijack this file follows

Logfile of HijackThis v1.98.2
Scan saved at 21:55:31, on 11/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\Grisoft2\AVG6\avgserv.exe
C:\Program Files\BT Digital Access USB\vstartx.exe
C:\Program Files\BT Digital Access USB\gisdnlog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BT Digital Access USB\gsyno.exe
C:\PROGRA~1\Grisoft2\AVG6\avgcc32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe

A:Annoying spyware

8 more replies

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe

http://forums.techguy.org/security/487179-annoying-spyware-keeps-coming-back.html

1 more replies

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe

More replies

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:04:08 PM, on 6/2/2009Platform: Unknown Windows (WinNT 6.01.3004)MSIE: Internet Explorer v8.00 (8.00.7100.0000)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Logitech\SetPoint\LBTWiz.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\Hp\HP Software Update\hpwuSchd2.exeC:\Users\charles\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Opera\Opera.exeC:\Program Files\Digsby\lib\digsby-app.exeC:\Program Files\Digsby\lib\aspell\bin\aspell.exeC:\Windows&#... Read more

A:annoying pop up spyware

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

2 more replies

I seem to be infected by some annoying spyware/malware that produces pop-up ads and short audio clips with or without a browser open. With the ethernet cable disconnected, every few minutes I can hear the Windows "open program click" like a program is trying to open. Not to mention it has slowed the computer way down. I am running Windows XP. Here is the HijackThis log. Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:27 AM, on 8/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ControlSS\ControlSS.exe
C:\WINDOWS\system32\ctfmon.exe

A:Annoying Spyware Plz Help!

Hello and welcome to Tech Support Guy.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:

Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like ... Read more

3 more replies

I've got a laptop that is up to date with all the current MSFT security patches and my spyware and virus removal software is up to date. However I still have spyware that I cant detect and remove. I just ran Spybot and it said my system is clean. This is not the case. I ran HijackThis and this is the log file. Any help you can give me would be wonderful:
Logfile of HijackThis v1.99.1
Scan saved at 8:12:46 AM, on 11/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

A:Annoying Spyware

16 more replies

Hi all,

I never had a chance to get rid of the last spyware because i've been busy with school, but it hadn't caused too much problems - today though I found some more new programs that keep opening up pop-up windows anytime I log into the Internet. Here is the Hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 9:08:19 PM, on 3/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe