Tech Problem Aggregator

Annoying Safety Alert - Sends Me To Spycrush.com (spyware Scanner)

Q: Annoying Safety Alert - Sends Me To Spycrush.com (spyware Scanner)

Have tried to delete this but have been unable to. Tried to delete with change or remove programs, and through searching files. have run many spyware scanners, have got norton antivirus, adaware, spy doctor, run house call and a few others. none have got rid of it.Popup message coming up at bottom right hand side of screen, blinks between a cross and question mark when the message is not there. Message reads 'System Alert - System has detected a number of active spyware applications that may impact on the performance of your computer . Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution.'Logfile of HijackThis v1.99.1Scan saved at 8:02:58 PM, on 6/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\PMJ151LA.BINC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\sdpasvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exeC:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\WINDOWS\system32\TDispVol.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\Synaptics\SynTP\Toshiba.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\TOSHIBA\ConfigFree\CFSServ.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Sierra Wireless\AirCard 580\Generic\Watcher.exeC:\WINDOWS\vsnpstd2.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXEC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Documents and Settings\Matt\My Documents\My Received Files\hijackthis_sfx.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.workboot.co.nz/main.aspxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exeO4 - HKLM\..\Run: [TDispVol] TDispVol.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"O4 - HKLM\..\Run: [AirCardEnabler] "C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClientO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exeO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: Picture Package Menu.lnk = ?O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O15 - Trusted Zone: http://*.acc.co.nzO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{50694C45-2930-4A76-86DC-CBC1344FD200}: NameServer = 202.27.184.3 202.27.184.5O17 - HKLM\System\CCS\Services\Tcpip\..\{626C269C-37D3-4909-8B82-103CA1F0B047}: NameServer = 202.27.158.40,202.27.156.72O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exeO23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: Persits Software EmailAgent - Unknown owner - C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe" /run (file missing)O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsubleepa Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BINO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

A: Annoying Safety Alert - Sends Me To Spycrush.com (spyware Scanner)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum adar Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option 1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply.*IMPORTANT* Do NOT run any other options until you are asked to do so!***************************Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

2 more replies
Answer Match 71.4%

well as described in my title, at start up on my XP SP2 the ultimatefixer2007 and spyware detection alert (taskbar red circle with exclamation mark in it) will always come up. well here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:30, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\C... Read more

A:Spyware Detection Alert + UltimateFixer2007. VERY ANNOYING!

Hello and welcome to TSF.

Please download SmitfraudFix (by S!Ri) to your Desktop.

If you can't download it, please download it from these alternative sites:

From Geekstogo
From Security Cadets
From Zebulon

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Please allow it.

========================================

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. ... Read more

1 more replies
Answer Match 71.4%

I am at my wit's end.When I start up my computer, there is a red shield saying "Spyware Alert!" and it tells me to register for a copy of SaveKeep (which I can't find anywhere on my system or on the web. There are also floating red boxes that say I have a virus ("Infiltration Alert!") of some sort and to buy the SaveKeep software. Lastly, whenever I'm online it says I'm not protected (even though my McAfee is on) and it says I need to buy SaveKeep. PLEASE PLEASE PLEASE HELP!!!! This is so annoying!Here's my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:31:32 PM, on 8/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32csrss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32svchost.exeC:Program FilesIntelWirelessBinEvtEng.exeC:Program FilesIntelWirelessBinS24EvMon.exeC:Program FilesIntelWirelessBinWLKeeper.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32svchost.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32svchost.exeC:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exeC:Program FilesBonjourmDNSResponder.exeC:Program FilesCommon FilesAuthentiumAntiVirusdvpapi.exeC:Program FilesJavajre6binjqs.exe... Read more

A:Spyware Alert! on toolbar and annoying popups! HELP!!!

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

1 more replies
Answer Match 69.72%

Hello.

I recently kept getting a very annoying popup saying i need to download Spycrush Antispyware. I'm sure you know the problem i describe. Anyway i followed the instructions that were posted in an earlier thread, and this is what i got. I'm using Windows XP Media Centre Edition.

I ran SuperAntiSpyware as suggested, and this is what i got:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/25/2007 at 02:07 PM

Application Version : 3.8.1002

Core Rules Database Version : 3260
Trace Rules Database Version: 1271

Scan type : Quick Scan
Total Scan Time : 00:24:08

Memory items scanned : 898
Memory threats detected : 0
Registry items scanned : 1038
Registry threats detected : 9
File items scanned : 24388
File threats detected : 34

Trojan.Smitfraud Variant-Gen
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{33b8d257-07f6-4c06-8605-94bc21728635}
HKCR\CLSID\{33B8D257-07F6-4C06-8605-94BC21728635}
HKCR\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32
HKCR\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\XEDASN.DLL

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video ActiveX Access\imsmain.exe ]

Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windo... Read more

A:Annoying Spycrush and a Trojan Horse!

6 more replies
Answer Match 65.1%

Good Day To All

I need your kind assistance and expert advice. My PC has been bogged down with a spyware, Spycrush Spyware. Every time I boot up my PC there is a icon located on the extreme right of my taskbar that pops up a balloon directing me to the Spycrush Spyware URL.

I downloaded the WinPFind3 program and ran a scan. Attached herein are the scan results.

I do not know what to paste in the Fix It box of the WinPFind3 program.

Please kindly advise.

Sincerely
Yogen
 

A:Spycrush Spyware

9 more replies
Answer Match 64.26%

My daughter has been infected by spycrush. I have read the other posts, but I don't think we should attempt to get rid of it without help. It was annoying her with popups to "click here to rid your computer of spyware" but it isn't really doing anything right now. I'd also like to check for other spyware and adware that may be there.
 

A:Need to remove spycrush spyware

16 more replies
Answer Match 63.42%

Earlier today when AVG ran it's scan it detected knlwrap.exe as an Trojan horse Dropper.Agent.JOC and it healed it.
I did a search and it is a key logger. It was in my C:\Program Files\Common Files\InstallShield\engine\6\Intel 32 folder - I checked and now it isn't there.
During my search I came across a CNET forum where a lot of people got this same result.

About an hour later there was a pop-up warning alert from AVG (long after the scan had finished) saying that it detected something else but I wasn't right at the computer and by the time I got there the pop-up was gone.

If I didn't get to choose the action, will AVG remove the detected item? Or do I need to tell it to do something?

Just in case I updated my AVG and it's running now to see if it detects that or anything else.
 

A:When AVG sends a pop-up warning alert

10 more replies
Answer Match 63%

It said it removed viruses "partially". So what am I to do now if I can't get all the infections removed?

A:MS Safety Scanner

Hello and welcome -
You leave very little detail on the type(s) of infection found by Microsoft Safety Scanner
Please list the name(s) of the program(s) that M/soft Scanner finds, but has problems removing.
 
More so, you leave no detail on your Operating System and your currently Installed Security programs.
 
NOW -
Please run this small program so we can see what security you have installed, and if your computer is safe.
 
Download Screen317 Security Check and Save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please Copy and Paste the contents of that document.Note:: If any security program requests permission to access the Internet, allow it to do

1 more replies
Answer Match 63%

Help.....I have a program that has attached itself to myu computer that is spyware and is called "SPYCRUSH". I have tried to delete the program but it keeps coming back. I use Windows XP Pro and have Hijack This, SmitFraud and Superantispyware Pro for programs. To date using them has not rmoved this program. Can you hellp me please.

Attached below is the HiJack This Log as well as the SuperSpyWare Pro log. Thanks !!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:19:23 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Pro... Read more

A:Solved: HELP ..Spycrush spyware...HiJack This Log Attached

12 more replies
Answer Match 62.58%

I'm a long time ICQ user, I'm used to Enter(Return) doing it's correct job of making a new line in a piece of text.
Like it does in this text box I'm using to type this post!
Look at it go!
Woo!

Anyway, jokes aside, is there any way to stop it from sending the message everytime I press Enter. Forgetting the various pros/cons of each system, I'm fluent with Alt+S to send and used to it. Just wondered if this was editable in MSN anyhow? I can't find an option for it.

If you're wondering it's just that some real life mates are now using MSN, wheras my online people mostly use ICQ, hence why I'm now using both. Oh and I'm not installing Trillian, I've had bad issues with it before plus the owner of this computer doesn't want it installed .

Any help greatfully received .

Tunga
 

A:MSN - Enter Sends Message Is Annoying

6 more replies
Answer Match 62.16%

Mod edit, Moved from Win 8 to Am I Infected ~~ boopmeI have a computer that is just tooooooooo slow to be a computer. Almost all programs hang and stop responding.  At first the task manager was disabled.  Well, I ran combofix about 3 or 4 times and now the task manager is accessible.  I know that this hard drive has  one damaged sector, but I do not think that it should cause the computer to almost not respond or respond so slowly that it almost negates having a computer.As we speak, I am running Microsoft Safety Scanner, it has been running about 27 hours and it is showing almost 250 infected files and it is a long way from finishing.  I guess that I might take 2. 3, or more days for this scan to complete.  I am wondering if this is just a hoax.  I know some programs show hundreds of errors in order to try to get you to purchase a rogue program.  But, I have not had that experience with a Microsoft product.I  think this computer is infected.  However, I downloaded and ran TrendMicro's House call anti-virus scanner and it did not find any malware.  I tried to run BSOD inspector as instructed in another thread, but the program would fail and not complete.  But it is worthy top note that the CPU light flickers continuously.  So something is being processed that uses up 100% of the CPU capacity.Any help you provide will be helpful.Estelle

A:Microsoft Safety Scanner

Microsoft Safety Scanner should not take too long to complete scanning for malware infection you should ask for malware infection checkup assistant at Am I infected? What do I do? forum.

0 more replies
Answer Match 62.16%

Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner
MSN's scanner does not get alot of publicity. Interested to know of others' experience, pro or con. Probably the same as Windows Defender ?

(I had used it once/twice before. Had trouble installing an update and this was one of the recommended corrective actions, which led me to this question)

A:Microsoft Safety Scanner

Hello Torre,

It's not the same as Windows Defender. The Microsoft Safety Scanner is a free portable downloadable standalone EXE security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

See also: Microsoft Safety Scanner - Windows 7 Help Forums

4 more replies
Answer Match 62.16%

Quote:
Microsoft Safety Scanner

Do you think your PC has a virus?
The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.


Is there a difference in scanning heuristics and virus definitions between MSFT Safety Scanner and Windows Defender?

A:Has Anyone Used MSFT Safety Scanner?

Hello Buddahfan,

It more like a real basic Microsoft Security Essentials instead. In the tutorial below, you can see what it looks like when you run it.

Microsoft Safety Scanner

Hope this helps,
Shawn

9 more replies
Answer Match 62.16%

hi,

few time ago you can find Microsoft Safety Scanner : http://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/112842.html

"Microsoft Safety Scanner offers Windows users an antivirus tool to remove viruses detected on demand. The application uses an ad hoc basis, ie it does not protect the system permanently. You can use Microsoft Safety Scanner when a virus is suspected to be present on the job, but the resident protection does not detect or has been disabled by malware. The software can be downloaded with the latest virus definitions to date, the same as Microsoft Security Essentials. Finally, Microsoft Safety Scanner allows for three types of analysis: fast (system files), complete (all files), custom (only selected files)."
 

A:Microsoft Safety Scanner

This has been around for a few years now, and can be download via the following link:
http://www.microsoft.com/security/scanner/en-us/default.aspx

There is also Windows Defender Offline which scans outside of Windows.
"The Microsoft Safety Scanner is designed for scanning your system for malicious programs without having to reboot it. While more difficult strains of malware may require reboot your computer with Windows Defender Offline (via CD or Flash drive) to scan and remove that malicious software."​http://www.jasonsavitt.info/article...osoft-safety-scanner-which-one-should-you-use

How to use either Microsoft Safety Scanner or Windows Defender Offline.
http://www.microsoft.com/security/portal/mmpc/help/remediation.aspx
 

2 more replies
Answer Match 62.16%

What is this and how is it any different then just running MSE ?

http://www.microsoft.com/security/sc...s/default.aspx

A:Microsoft Safety Scanner

Hi,

The scanner isn't memory resident and doesn't update automatically.






Quote:
The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.


Microsoft Safety Scanner - Free online tool for PC health and safety

Regards,
Golden

5 more replies
Answer Match 62.16%

Has anyone here ever used Microsoft Safety Scanner?

After using several virus removal tools, I don't remember hearing the name before.

Maybe I will download it when I get time, it would be nice if it runs from a boot disc.

You can download it here Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free both 32 and 64 bit versions are available.

A:Microsoft Safety Scanner?

Hello Drew,

It's not a bad portable AV scanner. Microsoft Safety Scanner
For a portable bootable AV scanner, you might take a look at Windows Defender Offline below a try.Windows Defender Offline

3 more replies
Answer Match 62.16%

I downloaded Microsoft Safety Scanner and when I click on it this is what I get: Not a valid 32 bit app. I am running Windows 7 Pro. Does anyone have an answer for this?

A:Microsoft Safety Scanner

dakota37,

Have you tried renaming the program while you download it?

Also, try running in Safe Mode and see how it goes.

3 more replies
Answer Match 62.16%

Large download though and it expires after 10 days.Link

More replies
Answer Match 61.74%

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by 17r at 2015-07-13 21:49:59
Running from C:\Users\17r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6T8642V
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
17r (S-1-5-21-2758016368-3510985515-234349725-1000 - Administrator - Enabled) => C:\Users\17r
Administrator (S-1-5-21-2758016368-3510985515-234349725-500 - Administrator - Disabled)
Guest (S-1-5-21-2758016368-3510985515-234349725-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2758016368-3510985515-234349725-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manage... Read more

A:napstat.exe is annoying, sends me back in desktop when im doing something else

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Remove this program in bold using the Add/Remove program list.RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.16.0 - ParetoLogic, Inc.) <==== ATTENTION!===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(©Wyebugur) C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Run: [NAPSTAT] => C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\RunOnce: [NAPSTAT] => C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Policies\Explorer: [Run] "C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE"
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Command Processor: C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur) <===== ATTENT... Read more

2 more replies
Answer Match 61.32%

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista™ Home Premium , Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2037 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb
Hard Drives: C: Total - 108968 MB, Free - 32921 MB; E: Total - 1397 MB, Free - 1053 MB;
Motherboard: Intel Corporation, SANTA ROSA CRB, Not Applicable, Not Applicable
Antivirus: avast! antivirus 4.8.1229 [VPS 081124-0], Updated: Yes, On-Demand Scanner: Enabled

details The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log for more

Error 5/1/2011 5:54:26 PM SideBySide 59 None

Log Name: Application
Source: SideBySide
Date: 5/1/2011 5:54:26 PM
Event ID: 59
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: dave-PC
Description:
Activation context generation failed for "C:\Downloads\Software\msert.exe".Error in manifest or policy file "C:\Downloads\Software\msert.exe" on line 0. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">59</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="... Read more

A:Cannot run windows safety scanner msert.exe

16 more replies
Answer Match 61.32%

windows onecare safety scanner is not working im on a dial-up connection with xp home sp2 i got the tune up and clean up scans to work but the protection scan says 5 out of 8 tool at 51% done and thats as far as it gose i waited like 1 hour yesterday and it did not move 1 %
 

More replies
Answer Match 61.32%

Hi this is first time i used this online scan, it seems to sit at downloading scanning tools? 66% do i leave it or ? thanks

A:Onecare Safety Scanner Online

No stop it and try again.Or try these online scansESET Online ScannerPanda ActiveScan?

1 more replies
Answer Match 61.32%

hello i have windows xp home edition . i recently " system restored " my computer to a earlier date . after that i tried to use the "windows onecare safety scanner " . i installed it and ran it . when it got to the section to put a check in "disk cleanup" & disk defragmenter ,i put a check in there and pushed o.k or continue . a error came up called " out of memory at line :178 " and the scanner could go no further . i also noticed that ,microsoft has two updates for my computer .(1) net framework 1.1 kb928366 & (2) net framework 2.0 kb110806 . the first update finally went through after about 3 or 4 tries . i don't know if this has anything to do with the safety scanner not working fully . if there's anybody out there that can help me i would really appreciate it , thank you and god bless !!!
 

More replies
Answer Match 61.32%

i have a little shield that gives me a system alert message about spywear in my computer and it directs me to a website called virprotect.com

i already followed the steps prior completely here are my logs. i appreciate all your help in advance.

******MAIN***********


Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2007-12-27 17:58:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
89: 2007-12-27 22:58:26 UTC - RP512 - Deckard's System Scanner Restore Point
88: 2007-12-27 16:39:57 UTC - RP511 - Removed MSXML 4.0 SP2 (KB936181)
87: 2007-12-27 16:39:10 UTC - RP510 - Removed MSXML 4.0 SP2 (KB927978)
86: 2007-12-27 16:37:55 UTC - RP509 - Removed Rhapsody Player Engine
85: 2007-12-27 16:17:10 UTC - RP508 - Configured Bonjour


-- First Restore Point --
1: 2007-09-29 22:41:23 UTC - RP424 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-27 18:00:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\... Read more

A:system alert balloon that sends meto virprotect.com

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is no... Read more

19 more replies
Answer Match 61.32%

hey,
i just bought a new computer, and assembled it.
everything works great, except that whenever i unplug the computer and then plug it back, i cant turn it back on again for a while.
No lights, no response, like its not in the socket at all. only after a few minutes of being unplugged it lets me turn it on again.
It was very anooying when i assembled the system, and had to wait for a while between adding stuff.
It really pissed me off when i had a power failure in my house for a second, and couldn't use my computer for about 20 minutes later.
Is this a safety thing from enermax? if it is, is there a way i can get around it? or atleast minimize the wait time?
my system, if u think that it might be somthing else:
Processor: Intel core 2 duo E6400
Motherboard: Asus P5B
Mem: DDR2 512Mb 533MHz CL2 Kingston
Graphics: Sapphire Radeon X1950PRO 256MB PCIe
PSU: Enermax Noisetaker 420W

thanx ahead for any help.
 

A:Enermax annoying safety mechanism?

I've got the 475W Noisetaker and a 480W Noisetaker II, never had this problem with either of them. I did static discharge on the case of the comp that had the Noisetaker in it once and it wouldn't power on for a few minutes, but I've never had a problem like you are discribing.

I may be off on those wattages, I can't be arsed to check for sure right now. But I'm not off by more than 15, and its not even relavent to your case.
 

1 more replies
Answer Match 60.9%

The set of online system tools, featuring a virus scan and Microsft's own registry cleaner, now works for Windows 7 too!

Take it for a spin at What's new - Windows Live OneCare safety scanner for Windows Vista and Windows 7

A:Live Safety Scanner is now Windows 7 compatible

And I still get an error when trying to run it!

1 more replies
Answer Match 60.9%

Hi my name is seany15 and i would like some help with these trojans/viruses/things i deleted via MSSS, more details below.

CHAPTER 1, THE SPAMS
My old email address was sending spam to people in my relatively short contact list, something about vlagra (i had to replace the i with an L, the word is blocked for some reason ?_?)
My step dad came in around a day or so ago and said "You have a trojan, you have a trojan your old email has been sending me spam for the last 3 or 4 days"
SOOO... i changed my old email's password but im not sure it stopped yet...

CHAPTER 2, THE SCANS
Anyways, i ran a scan with malwarebytes (a full scan) and came up empty handed, But while it was running i decided to intall MSSS (microsoft safety scanner)
When malwarebytes was done scanningi ran a full scan with msss and after a couple of hours i noticed that it said it detected 14 infections near the end.

CHAPTER 3, THE PICS
When msss was done scanning i took some pictures of the path and everything else on there, here is the collection, First time using this imageshack thing so im not sure if im doing it right

ImageShack Album - 6 images

As you can see (i hope) in the images. i deleted them via msss. What i want to know follows

CHAPTER 4, THE S.O.S
I want to know what these things may have planted on my computer (rootkits, backdoors etc.) or if they've stolen anything (debit card info, passwords etc.) or if hackers can get into my computer now and if i should mayb... Read more

A:Deleted trojan with Microsoft safety scanner

I didnt read the instructions, oops sorry, here are those logs and some more info
---------------------------------------------------------------------------
.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by Sean at 13:13:51 on 2011-06-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.266 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\... Read more

19 more replies
Answer Match 60.9%

I'm presently running a weekly scan with Defenders from Windows, Windows OneCare Safety Scanner and then I run Avira AntiVir Personal.

I've also enabled Windows Firewall but wonder if its sufficient.

Am I duplicating my efforts between the three and is Win Firewall enough?
 

A:Solved: Defenders vs OneCare Safety Scanner

First off, you should never one more than one AV program on your computer. My personal experinece with OneCare is it does not work very well. Can't comment on Defender...never used it. Avira is ALL I use. Works quite well and low resource user.

Windows Firewall is junk!!! Turn it off and get either Outpost or Online Armor. Both are free downloads and rated at or near the top of the list of effective firewalls. Click here for a comparison chart.

Raybro
 

3 more replies
Answer Match 60.9%

Where in my Hard disk are 'MicrosoftFixit' and 'Microsoft Safety Scanner' located? Thank you

A:Where in my hard disk are 'Microsoftfixit' and their 'Safety scanner'?

The Mocrosoft Fixit is a webpage:

Microsoft Fix it Solution Center: troubleshooting software issues

I am not exactly sure what you mean by the Safety Scanner. That is usually done with your AV program (e.g. MSE) or an independent scanner like Malwarebytes

9 more replies
Answer Match 60.9%

Here is the Hijack This Scanner Results - Run as Admin
 
Dell Inspiron i7 Win7 Ultimate 64 bit
 
The box was slow and lagging then BSOD. Internet now has limited (no) access and MS Safety Scanner found a bunch of stuff on a usb drive but then quit. AVG and MalwareBytes with manual updates found nothing. Maybe somebody could give me hand here?? I have been able to successfully rid machines of viruses in the past but this one is stumping me?? I can use a restore point but would like to get rid of the virus first.
 
Any help would be great.....
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:41:37 AM, on 11/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16514)
 
FIREFOX: 25.0 (en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe
C:\Users\Derich\AppData\Local\Akamai\netsession_win.exe
C:\Users\Derich\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\AddinForUNCFAT\UNCFATDMS.exe
... Read more

A:No Internet -AVG Finds Nothing - MS Safety Scanner Quit

Hello Dliv I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", th... Read more

11 more replies
Answer Match 60.9%

Greetings, everyone.I have a problem about Windows Live. For some reason, when I access this site - Tune Up Center - and clicked the "Tune Up Scan" button, this webpage shows up - We're Sorry.Here is the screenshot:I have all the requirements, my OS is Windows Seven Ultimate and Internet Explorer 8.Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

A:Windows Live OneCare Safety Scanner

Is Windows Live OneCare still alive?

http://onecare.live.com/standard/en-us/support/ocfaq.htm
http://onecare.live.com/standard/en-us/default.htm

I thought, it was discontinued...

4 more replies
Answer Match 60.9%

Hello!!Not sure where to post this, but it can be moved if it needs to be.I discovered this by accident, and I haven't seen any thing about this on this or other forums. I ran this software on my XP3 PC. My C Drive showed 15 GB of used space before I ran this, and 9.6 after. I can't believe that much crap was removed because I thought I keep a clean PC. My PC seems to be a little faster and every thing is working just fine with 6 GB less crap.I'm trying to find out if this is new or has it been around, and is it still being supported by Microsoft.. I'm wondering why I haven't heard of this before.I have used ESET and other scanners ,but I never got these kind of results.I would really appreciate any feed back I can get about this software!!Thank you!! Garyhttp://onecare.live.com/site/en-us/default.htmEdit: Moved topic from General Chat to the more appropriate forum. ~ Animal

A:Windows Live Onecare Safety Scanner!!

Here's some information I found on the web.
It seems to me Microsoft still supports this software.
I used it and I'm very satisfied with the program.
My C Drive has 6GB less crap on it and my PC is faster!

however, Windows Live OneCare Safety Scanner, under the same branding as Windows Live OneCare, has not been discontinued.
Contents

* 1 Overview
* 2 Limits
* 3 Vista beta problems
* 4 See also
* 5 References
* 6 External links

[edit] Overview

Windows Live OneCare Safety Scanner offers a free online scanning and protection from threats. The Windows Live OneCare Safety Scanner must be downloaded and installed to your computer to scan your computer. The "Full Service Scan" looks for common PC health issues such as viruses, temporary files, and open network ports. It searches and removes viruses, improves a computer's performance, and removes unnecessary clutter on the PC's hard disk. The user can choose between a "Full Scan" (which can be customized) or a "Quick Scan".

The "Full Scan" scans for viruses (comprehensive scan or quick scan), hard disk performance (Disk fragmentation scan and/or Desk cleanup scan) and network safety (open port scan). The "Quick Scan" only scans for viruses, only on specific areas on the computer. The quick scan is faster than the full scan, hence that appellation.[2]

The service also provides a virus database, information about online threats, and gen... Read more

8 more replies
Answer Match 60.48%

My friend is having this problem, and she has no idea what to do. The message "is that you on this photo (live link removed) randomly send to people on her contact list. Any idea's on what to do to get rid of it?(Moderator edit: Live link removed. jgweed)

A:Annoying Message Pops Up And Sends Messages Randomly On Msn Messenger

Have her update, and run her Antivirus.Also run these online virus scanners:BitDefenderhttp://housecall.trendmicro.com/Also this online Trojan scanner:TrojanScanAlso try AVG Anti-Spyware - Windows 2000 and XP, only.If that doesn't help, I suggest you post a HijackThis log for examination.A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it more difficult to properly clean your system.Read Preparation Guide for use before posting a HijackThis Log. Please read, and follow, all directions carefully!!!If the steps, prior to the posting of a HijackThis log don't eliminate the problem:Then, run a log, and post it in the HijackThis forum, >at this link<. Do not, post it in this topic.Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response from the HJT Team, because they are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, ... Read more

1 more replies
Answer Match 60.06%

I have been having some trouble with my laptop. Whenever I start my browser, it bypasses my homepage and goes to http://asecurityupdate.com/ and gives an error message about some virus. See attatchment. If I click OK it goes to a site to buy software to remove the problem. Now, I was born at night, but not last night. I am not falling for that. I also notice a "Protection Toolbar" on my browser that will not close. I looked through "Add & Remove Programs" and I found Windows safety Alert in the program list. This program is growing everyday. I noticed it the other day and it was 1,100MB, today it is 1,280MB. When I trid to remove it, my antivirus goes nuts stopping what is spewed. I also attached a screen shot after I tried to remove. I also tried to restore to a time before I had this issue, but it wont work. I tried 3 different restore point and nothing. I do a lot of business on my laptop and I am kind of scared to even do work on it let alone send files. And I really dont want to have to try and save all the stuff on here and reformat. Can anyone help? I ran Hijack This this morning and am putting the log below. Any help from anyone would be greatly appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 8:54:06 AM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\sy... Read more

A:Windows Safety Alert???Win32/Spax!generic

Hi and welcome to TSG.
Click the Red triangle above your join date..and ask the Moderators to move your post to the Security forum.
That's where the Hjt log experts can be found.
You may have to wait for a reply they are always busy...so hang in there.
 

3 more replies
Answer Match 60.06%

Earlier tonight I was online and my internet explorer crashed suddenly and then a program claiming to be Safety Center popped up and warned me that my computer is infected with viruses and urged me to purchase the program. I shut my computer (currently running Windows XP) down to prevent further damage, but it was too late. The entire system has been locked by the virus(es). I am unable to edit the registry, connect to the internet, start task manager, run in safe mode, or access my USB drives. Furthermore, the viruses have disabled access to Malwarebytes and my Antivirus software (Zone Labs).

In addition to having "Safety Center" running out of control on my computer, I also have popup alerts from some program calling its self "Antivirus System Pro alert" which I also cannot get rid of. I have tried starting the computer in safemode, but the computer flashes a blue screen for less than a second and reboots. I have also tried to edit the registry to remove the corrupted keys, but when I typed regedit into the run field the computer came up with an error message that said "registry edit disabled by the administrator". I attempted to run a Malwarebytes scan but the file path "could not be found" and redownloading the program is out of the question because as soon as the internet explorer is opened it disapears. I am also unable to disable the processes running with the taskmanager because the program has blocked access saying th... Read more

A:Safety Center and Antivirus system pro alert virus

You need to somehow get this on your computer and run itAfterwards immediately run mbamPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

6 more replies
Answer Match 60.06%

Hi to all

I have developed some problems after shredding office 2007 through Mcafee shredder. I usually use Liveonecare to scan my computer and clear up junk but for some unknown reason IE 7 has blocked my access to the onecare scanner with the bar across the Top of the page with the message:

Internet Explorer has blocked this site from using an ActiveX Control in an unsafe Manner as a result this page may not display correctly

I have never received this before I have always been able to use the onecare scanner without any activeX bar appearing. My settings seem to be okay in Internet Options but I am not experienced enough to really know what to change and check, most of them are prompt or enable when it comes to ActiveX controls. Usually if I experience any web sites that want to run an activeX control I get an option to allow or not allow an control to run but for some reason this is not happening.

I'd appreciate some help

Thanks
 

More replies
Answer Match 60.06%

Thanks to help on this forum (thanks, ThrashZone!), I have several powerful new freeware tools. After running several others and deleting anything questionable, ran Microsoft Safety Scanner. It finds over 300 infected files. But in repeated attempts, right near the end of 8-hour scans, it stalls on this file:

Windows\system32\drivers\tcpip.sys

From various forums, I get the idea that it would be dangerous to remove or rename this file. Have scanned it with Norton 360, which shows clean.

Can anyone here please suggest a way to complete the MSERT scan and disinfect?

Thanks in advance.

A:Microsoft Safety Scanner hangs on system file

  
Quote: Originally Posted by cteno


......It finds over 300 infected files....



It is time to start over and do a clean install with windows 7. That is way too high.

With that many infections, I doubt your system will ever be clean. Better to erase and start all over.

Clean Install Windows 7

2 more replies
Answer Match 60.06%

Microsoft Safety Scanner has been running more than   47:14:36 hours.  It has scanned more than 1,265,500 files and has found more than 771 infected files.  It is only partially complete, I would say less than 1/3 complete.  Why is this taking so long.  Also, the number of threats appears to  be very high.
Any help would be appreciated.

A:Microsoft Safety Scanner is Taking Days to Complete

Stop the scan, then complete these....
 
 
Adware Cleaner Scan.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
 
Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.
 
Adware Removal Tool Scan.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
 
 

 
Hit Ok.
 

 
Hit next make sure to leave all items checked, for removal.
 

 
 
The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK... Read more

0 more replies
Answer Match 60.06%

For the past few days I've been unable to load Microsoft Safety Scanner web page.
At first it was only Internet Explorer and edge with the issue.
Now Chrome and Firefox are unable to load the page.

Anyone else having this issue??
James

A:Unable to Load Microsoft Safety Scanner Web Page

Hi, Which specific URL are you having problems with?

Does this help?
https://support.microsoft.com/en-us/kb/2916641
"If a malware infection is preventing you from downloading the Microsoft Safety Scanner to your computer, use one of the following methods to download and run the tool.Method 1: Run the Microsoft Safety Scanner from removable media

Save the Microsoft Safety Scanner to removable media on an uninfected computer, and then run the tool on the infected computer. To do this, follow these steps:........................................"

You can also get the scanner here e.g.
Microsoft Safety Scanner Download

0 more replies
Answer Match 60.06%

For the past few days I've been unable to load Microsoft Safety Scanner web page.
At first it was only Internet Explorer and edge with the issue.
Now Chrome and Firefox are unable to load the page.

Anyone else having this issue??
James

A:Unable to Load Microsoft Safety Scanner Web Page

Hi, Which specific URL are you having problems with?

Does this help?
https://support.microsoft.com/en-us/kb/2916641
"If a malware infection is preventing you from downloading the Microsoft Safety Scanner to your computer, use one of the following methods to download and run the tool.Method 1: Run the Microsoft Safety Scanner from removable media

Save the Microsoft Safety Scanner to removable media on an uninfected computer, and then run the tool on the infected computer. To do this, follow these steps:........................................"

You can also get the scanner here e.g.
Microsoft Safety Scanner Download

more replies
Answer Match 60.06%

Hi,

I have been trying to run Windows Live One Care Safety Scanner (beta for vista) I can successfully install and run it but when it performs the scan and it reaches 97% completion the program hangs. I have tried uninstalling and reinstalling the software. I thought the problem might have arisen due to vista's securitythen reinstall th features so I first made sure to run internet explorer browser when I re-downloaded the scanner files. However, this has made no difference... the scanner still installs and runs but again upon reaching 97% completion hangs.

I am interested to know if anyone else has encountered this problem and better still if anyone knows how to resolve it.

Any input much appreciated.

A:Windows Live One Care Safety Scanner Hanging

Hi jonin and welcome to Vista Forums

As you have stated in your post, this is a Beta program and, as such, might still have the odd bug in the code that prevents the program from working as it should. Have a look at the following: Windows Live OneCare Help Center. In particular, take a look at the 'Connect with the Community' section. Here you can send feedback to Microsoft about the issues that you are having, and you can also check the relevant forum to see if other people have similar issues and, if so, what they did to resolve them.

13 more replies
Answer Match 60.06%

Im very inexperienced with malware/spyware etc. I've tried many programmes including malwarebytes, spybot, spyware doctor, microsoft safety scanner.
On spybots first ever scan it detected Interent security 2011 as malware but failed to delete it.
now microsoft safety scanner has detected ramnit.b and only partially removed it. My computer seems to be running better but im cautious that its still there. One common problem among many others is that my browser page jumps back to a previous page I was on 5 minutes ago (although not sure if this is caused by virus or not).
Combofix is my next option however there's several warnings that its extremely powerful, and shouldnt be done without assistance.
Any help at all with this problem would be hugely appreciated, its taken up a lot of my time.
thanks

Mel

A:Microsoft Safety scanner only partially removed Ramnit.B, what do I do now?

Hi there

You should definitely not run combofix unless it's under instruction from a trained user, as it is a powerful tool as you say. Ramnit is an injector worm, which basically means that it injects iself into files and multiplies. Html files seem to be particularly susceptible, but it also infects exec files. The bad news is that it's an extremely serious infection which can spread really quickly, and also creates a backdoor allowing remote access. It's very difficult to clean off and sadly I'm speaking from experience as we got it earlier this year. We managed to save our documentation but only with an IT friend of ours spending 4 days on it, backing up our data and then reinstalling windows. It spreads quite happily on usb stick to so be carefull about back ups.

Someone far more qualified than I will no doubt be along to give you proper advice but it's a serious infection (esp due to the remote access issue) so you'll definitely need specialist help to get it dealt with so you might want to consider posting in the 'malware removal logs' forum. If the guys on this forum can't help, they'll transfer you over there anyway, with guidance on what to do next

1 more replies
Answer Match 60.06%

Im very inexperienced with malware/spyware etc. I've tried many programmes including malwarebytes, spybot, spyware doctor, microsoft safety scanner.
On spybots first ever scan it detected Interent security 2011 as malware but failed to delete it.
now microsoft safety scanner has detected ramnit.b and only partially removed it. My computer seems to be running better but im cautious that its still there. One common problem among many others is that my browser page jumps back to a previous page I was on 5 minutes ago (although not sure if this is caused by virus or not).
Combofix is my next option however there's several warnings that its extremely powerful, and shouldnt be done without assistance.
Any help at all with this problem would be hugely appreciated, its taken up a lot of my time.
thanks

Mel

More replies
Answer Match 59.64%

First, thanks for taking a look at my problem.  Your attention and time are appreciated!
 
The machine in question is a Dell Precision M6600 running Windows 7 Pro.  A scan with Vipre from ThreatTrack Security discovered a file it called Lookslike.swf.malware.h which it quarantined and eventually deleted.  Subsequent deep scans with Vipre came up clean.  However, Microsoft Safety Scanner came back with 12 files infected, calling the malware Exploit.Java/Obfuscator.w.  The MS scanner said it could not do anything about the matter.
 
All updates to Windows, Vipre, Java and Adobe products have been made and the machine is currently not displaying any strange behavior.  However, since it is a machine that gets heavy use on very important, time-sensitive projects, I would like to get ahead of the issue and do anything I can to remove the threat entirely.  Normally I would just back up the data and do a clean reinstall of Windows but this particular machine is chock full of difficult to reinstall software that I would much rather leave in place.
 
Any assistance is very much appreciated.
 
-Scott

A:Exploit:Java/Obfuscator.w found by MS Safety Scanner - Help Removing, Please

Hello mudhustler and welcome to BleepingComputer!       
 
My name is Sirawit and I'm here to help you.
 
Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.
 
If I don't reply after 3 days, feel free to PM me.        
==========================================================================Some points for you to keep in mind:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I wi... Read more

15 more replies
Answer Match 58.8%

Post title: Malware missed by yesterday's Windows Defender and today's MS Safety Scanner
Support Case 1343834339
Running Win10 with latest hotfixes on a Lenovo desktop with the HDD
swapped out for an SSD. I almost always disable Flash by running
"C:\Program Files\Internet Explorer\iexplore.exe"  -extoff from a desktop
shortcut.
I'm getting an Internet Explorer window locked open saying it's missing a
file, and to call a tollfree helpline at 1-844-354-5841; and the window
will not dismiss. This was when I went to SHOPRITE dot com, though I may
have mis-typed the URL. [NOTE: I don't visit porno sites; and I have a
number of news & other websites  in the Restricted zone to swat pop-ups &
other garbage. I also run the latest version of Brave browser, which
essentially does the same thing.].
Since I keep Windows Defender open, and update and scan at least once per
day, at that point I went to update and it said it could not connect.  At
that point, I launched a quick scan anyway with yesterday's definitions
and also checked the HOSTS file for any rogue entries (there were none). I
then launched a full scan, and I went to another PC, downloaded MS Safety
Scanner 1.0.3001.0, ran it and it came up clear (the full Windows Defender
scan is still running.
I have my old HDD installed in a disconnected USB
drive case, so as a worst case scenario I can install it, patch it to
everything, load any AV on it, then plug the SSD in for an o... Read more

More replies
Answer Match 58.8%

http://onecare.live.com/site/en-us/default.htm?s_cid=sah

Between time to time I scan my laptop online to check if it has been infected by viruses or spyware.

Today I have used the link above to check my laptop (periodically normal check) , when it finished, I realized many files (word, power points, pdf,,,,etc) and folder disappeared from the desktop ?????

Have these files and folders been deleted or been archived some where ?

Yes physical files (more than one files and more than one files types), not a shotcut were deleted.
 

More replies
Answer Match 56.7%

Hi White Knights, Good Guys and Gals,

My PC was attacked, likely through Internet Explorer today, since I haven't downloaded anything. The following are is the list of Malware that XP Security Center has notified:

=email-worm.win32.netsky.q
=rootkit.win32.agent.pp
=backdoor.win32.kbot.al
=net-worm.win32.mytob.t
=net-worm.win32.dipnet.d
=virus.win32.hala.a
=trojan.downloader.js.multi.ca
=virus.win32.gpcode.ak

and Trojan Remover has identified
c:\windows\system32\vacinit.dll

and Mcafee
NTROSKRN... (rootkit trojan)

The program "Protection Systems" continues to pop up prompting me to buy along with random IExplorer bombs despite having removed it from programs. The system regularly freezes when I employ anti-malware programs.

I have attempted to use in normal and safe operating mode (Mcafee from safe command prompt)
=Mcafee VirusScan Enterprise (halts early in operation, Identifies NTROSKRN and 11 cookies)
=Stopzilla (Halts early in operation)
=Malwarebytes(fails to open even with changed name)
=Rooter Malware Finder (Eric_71) (operates results indeterminant)
=Trojan Remover (Runs. results indeterminant)

I am not in a good position to format the PC (in the wilderness).

Any advice what is preventing these malware programs from operating?

Thanks, and happy to repay the favor particularly if you like homebrew since PC wars arent my specialty!

Lookingtree

DDS (Ver_09-06-26.01) - NTFSx86
Run by Iamcomputer at 20:41:08.59 on Wed 07/15/2009... Read more

A:Unknown Attack Disables Malware Scanner/Antivirus/Spyware Scanner

Hi, lookingtree Welcome.Please read and follow all these instructions very carefully.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease d... Read more

2 more replies
Answer Match 56.7%

Pop-ups on desk top: remotely accessing wed sites eg Porno.com, ******.com ect.;Windows Secerty center opens;Antivirus Live- showing a open scan box;regsvr32.exe - Application Error box; Security Warning- (application cannot be executed) Spyware Alert ! Velnerabilities found 34 seriousthreats ect. box; Antivirus sostware alert-attack from,Attacked port,Threat, box. I cannot open any files (programs) or access the internet.

Is there anyone that could help eradicate this virus from my computer.

A:Spyware Alert! Antivirus software alert Threat: Bankerfox,A

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 55.86%

I've been getting the following balloon messages on my taskbar:

pic link 1

pic link 2

Along with these many balloon messages, I've been getting random pop-ups for spyware & virus programs, as well as the occasional other site. I ran Spybot, Spyware Terminator, Ad-Aware, and AVG Anti-Spyware 7.5.

After reading through the forums, I also ran them all in safe mode, and ran SDFix in safe mode as well.

I don't seem to be getting the pop-ups anymore, but the shield on my taskbar (in pic 1) is still there and the balloon message still comes up every few minutes.

This is my latest HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:43:19 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsv... Read more

A:Solved: System Alert & Security Alert Spyware

9 more replies
Answer Match 53.76%

I have a new Gateway PC running Windows XP that I just got in December 2006. The McAfee software it came with expired after 3 months, so I installed the AOL Safety & Security Center. I can't get the status better than "Fair" on this computer. It shows a message that it needs to update the Spyware definitions, but when I try it says no updates are available (should state that either it is up-to-date or that new definitions need to be downloaded). If I try running a Spyware check it stops after a few seconds stating that the operation was cancelled by the user, which I did not do. I tried uninstalling the software, rebooting as instructed & then reinstalled the software from a fresh download, but still keep getting the same exact problem. I don't think it is completely uninstalling the software & that some file that is bad remains with the typical uninstall, but don't know what to do at this point. AOL does not offer technical support for non-paying AOL members. I recently changed from being a paid AOL member to their free service. Please help!
 

A:AOL Safety & Security Center won't update Spyware definitions

7 more replies
Answer Match 53.76%

Each time I power up the following alert appears:
Quickdrop.exe failed to start because mpgaout.dll could not be found.
What is quickdrop.exe and how do I get rid of both?
Thanks
 

A:Annoying Alert

Are you an Ebayer? Do you have MainConcept encoder installed?

Get this and see if quickdrop shows up in any Startup tab and disable it to see if the pop up disappears.

http://www.mlin.net/StartupCPL.shtml
 

3 more replies
Answer Match 53.76%

hey guys there`s this stupid error coming up once the installation comes to 2% and it stops.
"there was an error creating a file on the destination drive"plllzzzzz help man!!its driving me nutzzz!!!
 

A:red alert 2 very annoying

9 more replies
Answer Match 53.76%

i keep getting a message that pops up on my screen for no apparent reason at all. i think it is mostly harmless, in that my computer still runs fine, etc. but, it should not be popping up and is extremely annoying. is always says something about cleaning my registry at some website, but there are variations of it......sometimes it will say a different website and be a different sized window box, for example. (i think a couple of the websites are registrycleanerpro.com or fix32.com or cleanreg.com) when i come home from work and have had my computer on all day, i will have to close out several (maybe like 50) of these messages, since they have continued to pop up on my screen throughout the day. however, at other times, they dont seem to pop up as often. for instance, i have been using the computer for the past hour or so, and it has only popped up once, if at all. again, i dont think it is really disabling any programs or capabilities of my computer, but i know it should not be there, and i can't get rid of it. i have avg, spybot search and destroy, and ad-aware......all of which i have used to scan my computer.....they haven't stopped it yet though.
any ideas????
 

A:annoying alert

Sounds like you may have WIN32.agent,I believe it's malware.Its really annoying.Look that up on google and see if thats what it is...hope this helps.
 

3 more replies
Answer Match 53.76%

"The connection to the server was reset while the page was loading."

This Alert pops up, sometimes three times in quick succession, when FireFox starts loading a Web page. Clicking OK sends it away, usually. But occasionally, the page stops loading, the status line says Done and I have a blank page.

I have checked with my ISP, they say they have never seen it.
 

A:An Annoying Alert

I think that was a bug in Firefox...I haven't seen it in a while. What version are you running? The latest is 1.5.0.7 or 8.
 

1 more replies
Answer Match 52.92%

I am getting a bunch of fake warning pop-ups and websites are popping up. I ran a norton scan and ad-aware and am still having the problem. I ran hijack this and here is the log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:26:46 PM, on 2/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYSC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Hewlett-Packa... Read more

A:Spyware Alert, Security Alert Pop-ups

Hello rocket152,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 52.92%

i was playing a game and suddenly a person trying to portscan me but my antivirus stopped it but it is continuious keeps trying every five minutes the IP is 213.233.103.28 how do i get rid of them its really annoying

More replies
Answer Match 52.5%

When I get e-mails the person sending it to me immediately gets an e-mail saying it's from me but they know it isn't as it contains many spelling and grammer errors. This also happens with e-mails that I get from commercial entities and then I get an e-mail that says that I can't reply to that address. I have virus protection but this is continuing. It seems it only does it once per sender as far as I can tell. Plus my "sent folder" shows a couple e-mails (in the last 2 months) that I did not send and shows them coming from me and going to email addresses that I don't recognize.
 

A:Help - my computer sends emails not from me to whoever sends me an email

I realized I omitted helpful info - I an using Window Vista and use MSN Mail for my e-mail. I'm new to this, please bear with. Any ideas appreciated!
 

1 more replies
Answer Match 52.5%

I hope someone can help.
How do I remove these annoying popup's???
Every few minutes I receive popup's from a balloon that pops open from a constantly blinking yellow triangle with a black exclamation point on the menu bar at the bottom of the page. I also noticed a toolbar that has installed itself into Internet Explorer called Security Toolbar 7.1.
If that wasn't bad enough, I'm getting IE page alerts directing me to the following sites:

http://www.savetheinformation.com

http://www.protectroom.com

http://securityonpage.com

I'm also receiving the following error messages.

The messages that appear are as follows:

Security Alert: [email protected]

Type: Virus/Network Worm
Damage Level: High
Description: Virus that infects executable files.
Recommendation: Delete/quarantine immediately
Protection: Click this balloon to download certified Anti virus software

System performance monitor: Warning

Summary:
System performance slowed down by: 47%
Internet connection speed decreased by: 39%
Probable reason:
Spyware applications / Adware popup windows
Click this balloon to download spyware scan tool to remove spyware/adware applications.

Security Alert: Spyware found

Your computer is infected with last versions of PSW.x-Vir trojan. PSW trojan steals your privat information such as:
passwords, IP-addresses, credit card information, registration details, documents, etc.
Click this balloon to remove PSW.x-Vir spyware.

System Alert: [email pr... Read more

More replies
Answer Match 52.5%

Hi. A window pops up and the bottom right corner and says several different alerts. When I click it a window opens so I can download software. Please help... and I'm new so if there is anything else I need to post or read please let me know.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:43:05 PM, on 11/9/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\qiawpbjj.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Sony\VAIO Camera Utility\VCUServe.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Mozilla Firefox\firefo... Read more

A:Annoying Yellow Triangle Alert

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. You are using peer-to-peer programs, specifically BitTorrent.These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/Scan again with HijackThis and put a checkmark next to each of the following entries (if present): R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =F2 - REG:system.ini: UserInit=C:\Windows\system32\qiawpbjj.exe,C:\Windows\system32\userinit.exeO2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)O2 - BHO: (no name)... Read more

13 more replies
Answer Match 52.5%

I have been having this little bubble thing pop-up for a while, and I finally have had it! I know that it's not one a huge problem or anything, but it's not any less annoying than a popup window. My best description would be that it's part of the windows security alerts, it's a red shield with an X in the middle of it and it's located in the tray on the lower right side (right next to the time). Everytime I start some new activity, or restart/log on to my computer, it pops up a message saying that I don't have any sort of virus protection. I have Ad-Aware and Spybot, so I should be covered (stressing the should). How can I get this annoying little message to go away?
 

A:Windows Security Alert...Annoying!!

12 more replies
Answer Match 52.08%

i need a real time spyware scanner for free. I also need a virus scanner (realtime) avast, avg, or antivir? Does anybody have suggestions?
 

A:real time spyware spyware scanner? (free)

16 more replies
Answer Match 51.66%

Logfile of HijackThis v1.99.1
Scan saved at 8:41:59 PM, on 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\oracle\ora90\bin\agntsrvc.exe
D:\oracle\ora90\Apache\Apache\Apache.exe
C:\WINDOWS\system32\cmd.exe
D:\oracle\ora90\BIN\TNSLSNR.exe
D:\oracle\ora90\bin\dbsnmp.exe
d:\oracle\ora90\bin\ORACLE.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
D:\oracle\ora90\Apache\jdk\bin\java.exe
D:\oracle\ora90\Apache\Apache\Apache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page... Read more

A:start up slow and anti spy alert annoying

Please download the OTMoveIt by OldTimer

Save it to your desktop.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


c:\WINDOWS\system32\svcroot.exe



Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Post a new hjt log when done.

3 more replies
Answer Match 51.66%

I keep getting a popup in the program tray that says there is a spyware alert, followed by a popup on the right above the clock saying there is an infiltration alert. it gives a different detail each time ranging from virus to worm to malware. Popups every minute! please help. Here is the Hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:35 AM, on 9/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Seagate\Basics\Basics Status\Ma... Read more

More replies
Answer Match 51.66%

Hi, I have a blue circle with a ? in it that alternates to a red circle with a slash in it in my icon tray on the bottom right of my screen. Also, my homepage has been changed to //www.syssecuritysite.com/
on top of that, I have three new shortcut icons on my desktop, which I have already deleted.
ewido didn't find anything, and I don't see anything new in my startup menu through msconfig.
I did remove the program with the same icon through the controll panel, but it is still there.
The circle in the icon tray occasionally comes up with a red and gray screen that says "your computer is infected... click here.."

What is this, and how do I get rid of it, and why didn't ewido see it?

//Mod edit to modify URL above to protect others

A:Annoying Virus Alert Icon In Toolbar

Hello cplkittleLets try this. You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download, install and update Ewido Anti-Spyware v4.0 if your using version 3.5. If you already have version 4.0, then just update the definitions for now. DO NOT perform a scan yet..Print out the Ewido Install and Scan Instructions. Go here and follow the instructions for using SmitfraudFix. Read "How to create/extract a ZIP File in Win ME/XP/2003" or "How to create/extract a ZIP File in Win 9x/2000" if your not sure how to do this.After using the tool reboot again in "SAFE MODE" and Clean out your Temporary Internet files as follows:Quit Internet Explorer and quit any instances of Windows Explorer.Click Start, click Control Panel, and then double-click Internet Options.On the General tab, click "Delete Files" under Temporary Internet Files.In the Delete Files dialog box, tick the "Delete all offline content check box", and then click "OK".On the General tab, click "Delete Cookies" under Temporary Internet Files, and then click "OK".Click on the Programs tab then click the Reset Web Settings button. Click "Apply" then "OK".Click "OK".Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Custo... Read more

1 more replies
Answer Match 51.24%

Okay, I went to download some missing 'activeX slot' to view a movie online. I was decieved and ended up downloading something else. Now, a new icon has appeared on my system tray. It poses as an alert and says something along the lines of, "warning backdoor trojan has infected your pc click here for help with removal." however even if I click on the 'X' in the pop-up bubble or try to right click on the icon itself to try to close it out, a website loads in a new browser. The site is called 'spylocked' at url, http://www.spylocked.com/?aff=334. It is a pretty elaborate fake company that offers anti-virus protection programs for various styles of the windows os. the average preson thinks "ok free I'll click." If you do it downloads a executable file to your desktop that is a setup for another program. If you try to install this program some sort of infection is unleashed on your system. Luckily my norton protection caught this and stopped it before it was too late. This systray icon is accompanied by other ones that pop up a little more periodically but display similar alert messages, "system alert, malware threats", and take you to other elaborately fake 'help' websites. These sites download infections as well. Finally, I get pop-ups now saying, "get the latest virus protection here" while I never got a single pop-up before this whole thing started. If you follow the pop-ups you get yet more fake help sites with free software available.... Read more

A:Annoying Alert Bubbles, Constantly From My System Tray

Hello antles,Welcome to Bleeping Computer. The codec you downloaded is a trojan. Do this.You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Download SmitfraudFixExtract the content (a folder named SmitfraudFix) to your Desktop.Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run Ewido and update the definition files. On the main screen select the icon Update then select the Update now link. Next select the Start Update button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab. Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this Under Reports Select Automatically generate report after every scan Un-Select Only if threats were found Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet. Boot your computer into Safemode Go to Start> Shut Off your Computer> Restart As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly. This will bring up a menu. Use the Up and Down Arrow Keys to scroll up to SAFEMODE Then press the Enter on you... Read more

8 more replies
Answer Match 51.24%

First I'd like to thank everyone that helps the people that come here-you folks are great!

I continue to get this from McAfee 8.5. It tells me it's deleted anywhere from 2-6 infections and it's fake alert spyware but when I reboot it pops up again and wants me to buy the service and indicates it's running a scan. Plus a screen comes up saying there is a possible trojan trying to get into my pc and should I let it or buy the protection.

My browser is Flock.

Any help would be much appreciated,Thank you.

A:Spyware Protect-fake alert spyware.

We call these infection rogues, they have gotten very nasty and complicated as it's a big money maker for malware writters. Often times the name of the protection or removal they are trying to sell you is an important clue in removing the installed malware.People that fall for their scam and pay them money just keeps the viscous circle going, please save your money for the guys who wear the white hats.Please download Malwarebytes Anti-Malware (v1.35) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settin... Read more

17 more replies
Answer Match 50.4%

I am running Windows 2000 Pro and Any time I send an e-mail using Outlook Express with a wmv video attachment at the end of the transmission, I receive an Oulook error window which states "Some errors occurred while processing the requested tasks. Please review the list of errors below for more details." When you look below there are no errors listed in the box. Now during this transmission, the e-mail was passed to the outbox folder and transmitted from there but when the transmission is completed it is not removed, just stays there. If I leave it there and send another e-mail the same process takes place as when I sent the first e-mail but this time both e-mails are transmitted, sending the first e-mail a second time, and if I do not remove these e-mails from the folder they are sent again every time I send an additional email. I can remove the email with the attachment and it will send the others and the outbook will be empty, but I have to manually remove the email with the attachment. Now today it started doing the same thing with a txt return receipt.
I have scanned with Norton's, AVG, and Trend Micro in safe mode and nothing. I have run Spybot & Ad aware nothing. I have reinstall both Internet Explore and Outlook Express, did not fix. I disabled norton's firewall. I disabled norton's virus scan of outgoing mail. I have called the ISP and they checked the settings and everything looks fine.
Any help would greatly be appreciated by me and al... Read more

A:Outlook Express sends and sends

13 more replies
Answer Match 48.72%

What ever I have started out by changing my Explorer home page and making it go to www.securityuptoday.com (After running the programs suggested---my home page now always changes to "about: blank") I also have a fake balloon pop-up on the lower right of my screen that reads "System Alert: Adware & Spyware Your computer iperformance slowed down. Your Internet connection connection speed has decreased. You receive more spand emails than ever. Use Spyware scan to find out the reason." I also have random pop-up ads for either adult entertainment or some sort of spyware/malware/adware programs.Any help you can provide is MUCH appreciated! Thank you! Steve Logfile of HijackThis v1.99.1Scan saved at 3:28:03 PM, on 5/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\system32\HPConfig.exeC:\Program Files\HPQ\Notebook Utilities\HPWi... Read more

A:Fake Balloon Tries To Sell Me Adware/malware/spyware : "system Alert: Adware & Spyware"

Hello Steve, I am SifuMike and I will be helping you. Download SmitfraudFix (by S!Ri) to your Desktop. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. ______________________________ Please download the trial version of Ewido anti-malware 3.5 from here: http://www.ewido.net/en/download/ Install Ewido anti-malware. When installing, under Additional Options uncheck Install background guard and Install scan via context menu. When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok. The program will prompt you to update. Click the Ok button. The program will now go to the main screen.You will need to update Ewido to the latest definition files. On the left-hand side of the main screen click the Update Button. Click on Start.The update will start and a progress bar will show the updates being installed. Once finished updating, close Ewido. Do not run it yet!If you are having problems with the updater, you can use this link to manually update ewido. Ewido manual updates. Make sure to close Ewido before installing the update. ______________________________ Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results ... Read more

8 more replies
Answer Match 48.3%

HELP[ PLEASE

I keep getting fake spyware alerts, internet explorer pop ups and fake anti virus installers. first it tried to install avspyware and i got rid of that now its pushing best seller anti virus

Ive tried many different anti virus as well as smitfraudfix

thanks
oh NOTE: it still able to start it self in safe mode

and i have a external hardrive



---------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:05 AM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\W... Read more

A:"Security Alert: Spyware Found" (Fake spyware alerts)

Bumpitty
 

1 more replies
Answer Match 47.04%

Getting all kinds of popups on my pc. "Security warning Worm.Win32.NetBooster detected on your machine......."

Here is my HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:26 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Aliant\Aliant Security Services\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\klutizkr\szoxelmf.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Aliant\Aliant Servicepoint Agent\ASA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\HP\Dig... Read more

A:Spyware alert

16 more replies
Answer Match 47.04%

need help from all the expert here...
suddenly i got this problem when trying to install new av for my pc...

the screen suddenly appear spyware alert...
and window notify that a worm.win32.net booster had been detected in my system...

all of this symtom follow:
* a 'virus alert' sign on my taskbar
* cannot find my hdd ( C and D )
* my wallpaper suddenlt change to a red white like biohazard sign written 'ur privacy ib danger'
* all the window antivirus alert appear

please, anyone help me...
really blur now...
what possibilities that i can do???
now i juz shut down my pc n d/c the lan cable...
thanksss all for help

A:Spyware Alert

Hello jeff_v2 and welcome to BC I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/156057/spyware-alert-wormwin32netbooster/ Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not... Read more

1 more replies
Answer Match 47.04%

I don't know anything about computers really but I read to run hijack this and now i don't know where to go from here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:21 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1133665986\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symant... Read more

A:Spyware Alert Pop-ups

Hi and welcome to TSG!

Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtoo... Read more

3 more replies
Answer Match 47.04%

I broke my rules and ended up infecting my system. I keep seeing the mesaage about "spyware alert" and am directed to various websites to download various antivirus/antispyware etc items. I have the latest versions of McAfee, AdAware (full version) and Spyhunter (full Version) but none are successful in cleaning up this mess. Here is the log file from HijackThis. Any help would be greatly appreciated. I have run at least three full scans of each of the above programs and all have been clean.ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:40:41 PM, on 12/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exeC:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exeC:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exeC:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatc... Read more

A:Spyware Alert

Hello pwhite52,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

1 more replies
Answer Match 47.04%

(win xp)
I'm looking for a spyware scanner similar to the OLD ad-aware, that just scans and does NOT keep running.
Which programs could I use?

with these properties:
-light program
-scan only
-free to use
 

A:spyware scanner?

6 more replies
Answer Match 47.04%

Hi, first time here,

I am running Windows 7 Home Premium. 32 and 64 bit. I have Norton security suite that comes with my Comcast subscription. I scan pretty frequently and I also use CCleaner which works great. I am not having any problems with my computer right now but I have in the past. Something not only got past Norton it also was able to disable Norton. I got it going again fairly quickly but my computer wasn't the same. I did a complete restore and it has been fine. For some reason I still feel like there is something going on in my computer which there may not be. I've noticed some files that looked suspiscious but I can never know for sure so I won't change anything. One time I noticed 3 extra users and I was sure I was infected until I found out Nvidia adds these for updating.
My question is that when I was looking at the files in my registry, I clicked on internet settings then zone and the list expanded to about a page and a half of files with names having to do with sex and porn. They all had the arrow to open a sub folder with on every one was www. I ran Norton and superspyware and a search. Nothing is detecting these files. Any suggestions?

Thanks,
Ron

A:spyware scanner

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Butt... Read more

28 more replies
Answer Match 47.04%

How can i remove spyware that keeps coming back after i have used various spyware removers?

A:annoying spyware

Ask the folks at this Forum Here.

2 more replies
Answer Match 47.04%

Hey guys, for a couple of days there has been these pop up windows coming up on Internet Explorer even though I haven't used IE. Also sometimes music starts playing out of the blue, I guess it's a commercial or something.

I've seen some strange processes in the task manager: a.exe, b.exe, c.exe, msb.exe, 648.tmp.exe... btw I'm running XP sp3. Thanks for your help

Here's DDS:


DDS (Ver_09-05-14.01) - NTFSx86
Run by gurlie at 20:44:09,95 on 2009-06-22
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1015.445 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\Program\EeePC\ACPI\AsTray.exe
C:\Program\EeePC\ACPI\AsAcpiSvr.exe
C:\Program\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Elantech\ETDCtrl.exe
C:\Program\Elantech\ETDDect.exe
C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsg... Read more

A:Annoying Spyware, Help please

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware... Read more

2 more replies
Answer Match 47.04%

My computer recently got infested with spyware. I managed to get rid of most of it with adaware and spybot but one remains. Spybot recognised it as 'command service' but will not delete it due to it being used by memory. All this thing does is slow down my computer when connected to the internet by opening heaps of Norton Anti virus email scans. How on earth do I get rid of this?
 

A:Really annoying spyware

16 more replies
Answer Match 47.04%

Hi,I have annoying pop ups every time I use my Internet Explorer.... I have ran Spybot and AdAware and Windows Defender as well and apparently it has not corrected the problem. I have included a HighJackThis log file for your review...Can anyone tell me how to remove this pesky spyware??Thank you!Logfile of HijackThis v1.99.1Scan saved at 8:30:02 AM, on 6/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Wi... Read more

A:Spyware/ Annoying Pop Ups

Hello Raines,

I am currently analysing your log and post back a fix ASAP. Thanks

6 more replies
Answer Match 47.04%

Basically, there's some stuff that got on to my computer that i need to get rid of, because it's causing annoying pup-ups. Here is my HJT log so you can help me quickly:Logfile of HijackThis v1.99.0Scan saved at 9:59:25 AM, on 5/1/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\svchost.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\mcshield.exeC:\Program Files\Network Associates\VirusScan\vstskmgr.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\Explorer.EXEC:\WINNT\popuper.exeC:\WINNT\system32\msole32.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Network Associates\VirusScan\SHSTA... Read more

A:OMG, annoying spyware on my PC!

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exeO3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: Virtual Maid... Read more

8 more replies
Answer Match 47.04%

hey

Ive been recently getting alot of popups from the url-
http://empnads.com/servlet/ajrotator/117283/0/viewHTML?zone=enternet
ive run a number of virus chekers and spyware blokers who have claimed to of found nothing and yet the popups still appear. in the time i have written this email 6 popups have continued to show.

how do i get rid of this crap ?

please help
thanks
 

A:annoying spyware........

make a new permanent folder, name it hijack, click on the above link to download hijackthis to that folder. after unzip the file, run it, and make a hijack scan and save it, copy the log and post it.

http://www.majorgeeks.com/download3155.html
 

3 more replies
Answer Match 47.04%

having problems with annoying spyware alert, will not close or delete any suggestions??

A:Annoying Spyware

Based on your very short description, it is hard to tell exactly what problem you are having, but let's give this a try:Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. Download SmitfraudFix (by S!Ri)Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.Reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support.Once in Safe Mode, open the SmitfraudFix folder again. Double-click smitfraudfix.cmd.Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the c... Read more

1 more replies
Answer Match 47.04%

I am very cautious about spyware, and I usually have none, but lately spybot always finds "Avanue A, INC", "Double CLick", and "Hit Box"

I never had theese before and i dont understand why they are there everytime I run a check.

Any ideas?
Thanks.
 

A:annoying spyware

7 more replies
Answer Match 47.04%

hey, I'm new to this game

I seem to have been hijacked by the 4bf65.ilxt hijacker and get bombarded with popups

can any one help please

hijack this file follows

Logfile of HijackThis v1.98.2
Scan saved at 21:55:31, on 11/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\Grisoft2\AVG6\avgserv.exe
C:\Program Files\BT Digital Access USB\vstartx.exe
C:\Program Files\BT Digital Access USB\gisdnlog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Digital Access USB\gsyno.exe
C:\PROGRA~1\Grisoft2\AVG6\avgcc32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.... Read more

A:Annoying spyware

8 more replies
Answer Match 47.04%

Ive always liked cleaning my computer with programs and have never gotten problems removing spyware because I search at google, search at forums and have also have the programs Ewido, SpywareGaurd, CounterSpy, Ad-Aware, SpyBot SD and Spyware Blaster but I dont know why some spyware keep coming back called Trojan.Pakes, Downloader.Small, and a file that adds a BHO called vtsqo.dll which is at the system32 folder. I use Windows XP which is up-to-date and have all my programs updated and I scan at Safe Mode but after a while a popup comes up from Ewido saying im infected with Trojan.Pakes/Downloader.Small and/or Spyware Gaurd comes up saying vtsqo.dll is trying to add a BHO and when I click "Remove the BHO" it just keeps coming back to the same window again so I cant take it off. I even went to Safe Mode, scanned with Ewido and then used a program to remove all my temp files but it keeps coming back. Please Help, I will do anything to take those things off. Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreat... Read more

A:Please Help With Annoying Spyware

http://forums.techguy.org/security/487179-annoying-spyware-keeps-coming-back.html
 

1 more replies
Answer Match 47.04%

Ive always liked cleaning my computer with programs and have never gotten problems removing spyware because I search at google, search at forums and have also have the programs Ewido, SpywareGaurd, CounterSpy, Ad-Aware, SpyBot SD and Spyware Blaster but I dont know why some spyware keep coming back called Trojan.Pakes, Downloader.Small, and a file that adds a BHO called vtsqo.dll which is at the system32 folder. I use Windows XP which is up-to-date and have all my programs updated and I scan at Safe Mode but after a while a popup comes up from Ewido saying im infected with Trojan.Pakes/Downloader.Small and/or Spyware Gaurd comes up saying vtsqo.dll is trying to add a BHO and when I click "Remove the BHO" it just keeps coming back to the same window again so I cant take it off. I even went to Safe Mode, scanned with Ewido and then used a program to remove all my temp files but it keeps coming back. Please Help, I will do anything to take those things off. Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreat... Read more

More replies
Answer Match 47.04%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:04:08 PM, on 6/2/2009Platform: Unknown Windows (WinNT 6.01.3004)MSIE: Internet Explorer v8.00 (8.00.7100.0000)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Logitech\SetPoint\LBTWiz.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\Hp\HP Software Update\hpwuSchd2.exeC:\Users\charles\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Opera\Opera.exeC:\Program Files\Digsby\lib\digsby-app.exeC:\Program Files\Digsby\lib\aspell\bin\aspell.exeC:\Windows&#... Read more

A:annoying pop up spyware

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

2 more replies
Answer Match 47.04%

I seem to be infected by some annoying spyware/malware that produces pop-up ads and short audio clips with or without a browser open. With the ethernet cable disconnected, every few minutes I can hear the Windows "open program click" like a program is trying to open. Not to mention it has slowed the computer way down. I am running Windows XP. Here is the HijackThis log. Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:27 AM, on 8/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ControlSS\ControlSS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\An... Read more

A:Annoying Spyware Plz Help!

Hello and welcome to Tech Support Guy.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:
Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like ... Read more

3 more replies
Answer Match 47.04%

I've got a laptop that is up to date with all the current MSFT security patches and my spyware and virus removal software is up to date. However I still have spyware that I cant detect and remove. I just ran Spybot and it said my system is clean. This is not the case. I ran HijackThis and this is the log file. Any help you can give me would be wonderful:
Logfile of HijackThis v1.99.1
Scan saved at 8:12:46 AM, on 11/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wir... Read more

A:Annoying Spyware

16 more replies
Answer Match 47.04%

Hi all,

I never had a chance to get rid of the last spyware because i've been busy with school, but it hadn't caused too much problems - today though I found some more new programs that keep opening up pop-up windows anytime I log into the Internet. Here is the Hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 9:08:19 PM, on 3/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program File... Read more

A:Some more annoying spyware

7 more replies
Answer Match 47.04%

uhhmmmm....yeah...srry about the double post on another forum topic...didnt read correctly...anywaysi would like some help removing suspected spyware from my computer. i already downloaded and used spybot search and destroy and windows defender, but advertisements still keep showing up. on bottom bar of my desktop, there will sometimes be a flashing yellow triangle with a ! on it, and sometimes another shield looking icon the switches between the color blue with a ? and the color red showing X.whenever i click on the icon or the bubble coming from it, it guides me to a site selling malware removal. sometimes ill receive a pop up advertising for more malware removal programs. right now, the browser i use is called safari, which i got from apple. heres the log i got from hijackthis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 下午 03:17:01, on 2008/2/24Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\eTrust EZ Ar... Read more

A:Annoying Spyware Ads

Hello,* Please download SmitfraudFix (by S!Ri)* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Doubleclick SmitFraudFix to start the tool.Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.(Warning : running option #2 will set your desktop background blank again. But you can reapply your desktop background again afterwardsYou will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process.Post the log from smitfraudfix in your next reply together with a new hijackthislog.The report can also be found at the root of the system drive, usually at C:\rapport.txt

19 more replies