Tech Problem Aggregator

Smitrem And Rogue Scan Completed... Still Need Help.

Q: Smitrem And Rogue Scan Completed... Still Need Help.

------------------------------
REGEDIT4

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

A: Smitrem And Rogue Scan Completed... Still Need Help.

1 more replies

Wish I could post logs but I can't even run anything at the moment. Please advise if this is in the wrong section.

I was in the process of helping a friend with his badly infected Dell Inspiron 700m notebook but I think I just made it worst. :/

I ran multiple scans with various softwares and got rid of a lot of the infections on the laptop. Just when I thought I was close to finish and had the computer running smoothly, Norton found a virus call Trojan.Alemod but couldn't get rid of it.

I did a search and found that the trojan infects the wininet.dll file and someone was able to get rid of it by manually replacing the infected file with a new one. I tried it by renaming the existing file and moving it to the desktop and putting a new wininet.dll file into the system32 folder.

That just ended up causing a worst problem. Windows wouldn't work properly anymore. It kept stalling or would reload to desktop when I try to open just about anything by mouse clicking.

In regular safe mode, it's even worst -- will just keep continually reloading the desktop screen so that I can't access any files.

The command prompt still worked though so I tried to fix it by running smitrem through the command prompt in safe mode. It was running ok for a while but then the screen reloaded and caused smitrem to close unexpectedly. That has lead to my current problem.

Windows will now boot up to the screen with the options for safe boot, safe boot with networking, safe boot w... Read more

More replies

I am running windows vista and a couple months back I got the Antivirus Action and used the guides here to rid the problem successfully. Twice. Thanks for the guides.

I got Antivirus Scan now and I went through the steps in the guide for this issue. Unfortunately I am still infected. I have tried the process again, however RKill and MBAM find nothing. I am able to run in Safe Mode (which I am doing now). When I first start safe mode Firefox does not attempt to use the proxy (and does not need the setting changed) IE does still require the proxy fix.

I'm hoping to avoid completely restoring the system...any advice? Thank you.

More replies

This a Tiny URL of the 2 mile long link by Symantec and my problem:
http://tinyurl.com/arngx
For some strange reason my NIS 2003--the NAV part of it--is giving me a warning that a complete scan of my hard drive was not completed. I have had WinXP Pro set for automatic scan each Friday since I installed NIS last November on WinXP. Would a System Restore be in order? And if so, how would I do that? I was out of town each of the past 2 Fridays and those scans were not done. A scan would be done tomorrow night but now, of course, that will not be done because of my problem. I have the NIS installation CD but I do not want to have go through that "**((#" uninstall/reinstall routine again. (I had to do that with NIS 2002 just a few days ago for some other reason. Not resolved either so I switched to AVG.)
In addition to this scan problem, my virus definitions were not updated even though automatic updates are set to be done so I went to the Symantec site and downloaded/installed the latest updates so I am not worried about that.
Does anyone have a work around the problem I have posted? And I hope I have described the problem well enough for someone to help me. As usual, TIA.
BTW, I have been using NIS/NAV for several years and all of a sudden I begin having problems. Puzzled!!
EDIT: I have just run Panda and Trend Micro Housecall and both gave me a clean bill of health

A:Hard Drive Scan not completed per message

6 more replies

Appreciate any help!  FBI virus has PC locked.  Only can run in Safe Mode/prompt.  Download/scan w/ FarBar Recovery Tool. Scan is completed and FRST txt posted below.  What to do next?  Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2013Ran by SYSTEM on 07-05-2013 10:12:43Running from F:\Windows 7 Ultimate (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet002ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2839840 2010-03-24] (ESET)HKLM-x32\...\RunOnce: [*EvtMgr32] C:\Users\Brian\AppData\Roaming\{34184A35-0401-272E-2D21-1D000D07C131}.exe [326656 2013-05-06] (exono GmbH)HKLM\...\Winlogon: [Shell] C:\Users\Brian\AppData\Roaming\{34184A35-0401-272E-2D21-1D000D07C131}.exe [x ] ()HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$01d4dcc8a2b2cdd91d89f3f95b21d31c\n. ATTENTION! ====> ZeroAccessHKLM-x32\...\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry [x]HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Re... Read more

A:FBI - Virus - Already have FRST scan completed and posted

20 more replies

Due to innactivity - as I have been out of town - my last thread in the Hijackthis forum was closed. My previous thread is located at:

http://www.techsupportforum.com/secu...nctioning.html

Chemist told me that I should clear up unused programs, pictures, and music, and I am going to begin doing this as soon as I finish this post.The last thing that I was told to do was to download and run combofix. I followed all of the instructions and this the log that was displayed following the ComboFix scan:

ComboFix 08-12-23.01 - Owner 2008-12-23 13:53:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.619 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\ComboFix.exe c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\windows\TWF0dCBIdWJlcnR5\asappsrv.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Rabio
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\LocalService\cftmon.exe

A:Continuing my last thread. Completed Combofix scan...

Hello again, Tommy1073.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall HijackThis 1.99.1 in the Add or Remove Programs section of your Control Panel and delete your current version.

2 more replies

hello

after scanning, Shields up reported port 443 is open.
I'm hoping to stealth my system.

my system-
xp home sp3
kaspersky kis 2010 459.0.0.0 trial edition
wifi internet

let me know if any further info is needed

thanx

A:port 443 reported open-after grc shields up scan completed

Do you not want to connect over SSL?

2 more replies

Ok guys bare with me, Im going to try to give you as much info as possible.

I got the fake "windows-ish" pop-up in the bottom corner of my screen I ended the process and it was titled something like "qc_____.exe" It ended and I went looking for it. I couldn't find it so I tried to run ad-aware to get rid of it. Ad-aware popped up with a new version that I had to restart my computer, so sadly I did. When I got the comp. back on I was locked out of everything admin. Went on a website or two and tried to go to MS config, couldn't do it. Anything I install or try to get into pops up on the screen and then goes away before I can even read anything. Then a big red, again "windows-ish" box pops up asking if I want to continue unprotected... YES I do!

I called my tech buddy and he told me to come on here and follow the directions. I tried to enable the firewall, the Defogger, the GMER and got into nothing. I think I disabled the CD emulation software before it vanished but not sure. I tried to run dds but the black dos screen popped up and vanished before I could read it and never came back with any scan results.

Whenever my new sweet software runs its "scan" it then directs me to this site hxxp://programmci.com/shop?abc=cGdpZD04JnI9OC4x and wants me to buy some fake BS program!

A:Rogue "Anitivirus Scan"

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This mea... Read more

9 more replies

Hi

My laptop is running Vista Home Premium, Service Pack 1, 32-bit. It got infected when I was browsing the net, suddenly a window popped up and the next thing I know there was a program called "AntiVirus Scan" running and started giving me warnings about threats and trojans.

I didnt take a screen snapshot when it was infected, but now the pop ups do not appear after I ran DDS and GMER. The quoted messages are only based on my memory and not exactly accurate, but the warnings were along those lines.

The program gave a balloon pop up from desktop tray, saying "Windows Security Warning - Virus detected, please activate your Antivirus now"

Then there were pop-up windows everytime I started up a new program "Application (skype2.exe) (or any other app.exe) is infected and failed to start. ..."

These pop-ups annoyed the heck out of me. After a while, there was also another warning, something along the lines of Trojan Alert, please activate your Antivirus now. Options: Activate Now and Continue Unprotected. (looks like one when your AV program detects a virus/malware): "

Before getting into techsupportforum.com, I read up a few posts from different websites and I went on to Safe Mode and disabled a funny-named program at Start-up. To be honest, I cannot quite remember what I did.
But this didn't help, the pop-ups were still there.

What I have done after that:

1. Register to techsupportforum

A:AntiVirus Scan rogue AV program

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

It appears that you have two antivirus programs installed and running, avast! and Norton(Symantec). While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please uninstall the following via the Programs and Features section of your Control Panel if they still exist:

ccCommon
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component

14 more replies

I got all of these viruses and i can't work properly because of these.

Zlob.Trojan, Rogue.VirusTrigger, Rogue.Errorsmart, Rogue.System Antivirus 2008

I think i got more malware on. I believe it started when my sister inserted her flash disk on my pc.

What do i do?

A:Zlob.Trojan, Rogue.VirusTrigger, Rogue.Errorsmart, Rogue.System Antivirus 2008

12 more replies

sorry if this is nothing in advance. i been browsing the darknet and a bit paranoid at these stuff popping up all the sudden

RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
Mode : Scan -- Date : 08/31/2013 05:50:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤... Read more

A:ROGUE KILLER SCAN, SOME STUFF POPPED UP?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506227 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies

Hello there.

My laptop is running Win 7 with SP1. I have Eset AV installed and running, so are Malwarebytes Protection, Win Patrol. I do practise usually safe habits and safety precautions.

Recently I began to use Dropbox, mBox. And it seems only after these when I routinely scan my laptop using Rogue Killer that I noticed many entries in the RKiller drivers tab.

I did Eset scans, Malwarebyte scans, Rkill scans, ADW Cleaner scans all on my own but found nothing, except R Killer driver tabs contained many entries. Each time I deleted, but invariably all these returned after each and every internet session.

Grateful and appreciate.

Terence.

A:Many entires in Drivers Tab after Rogue Killer Scan

I did Eset scans, Malwarebyte scans, Rkill scans, ADW Cleaner scans all on my own but found nothing

Hello -
You have done all of the basic scans we do in Am I Infected, so your best advice is to post to the Experts.

As you seem infected, please Fully read and follow the instructions in the Preparation Guide starting at Step #6.

Note :If you are unable to complete any step, please post the topic and leave a full description of your problems

When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

If Help Bot responds to your topic, please follow his Step #1 so the team will be notified.

3 more replies

Routinely and regularly I carried out some security scans on my laptop. The usual set of scans are my Eset, Malwarebytes, OTL, TFC, Rogue Killer 64 bit (donate) version. At times, I also scanned with Mbam Anti rookit and TDSS Killers - both of these scan results turned out negative infection.
Recently, on a routine scan using Rogue Killer (which auto update) scanning a few times, there were many entires on the Driver's Tab after each scan. Naturally I clicked on delete to remove. They were removed because when I repeat a scan, the entries were gone.
But after another internet surfing session, and completing another Rogue Killer scan, the Driver tab entries returned.

Attached are the reports of the just completed DDS scans:

Thank you.
attach.txt   17.94KB

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Terence CKW at 22:07:08 on 2014-04-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.3894.1211 [GMT 8:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe

A:Many entires in Drivers Tab after Rogue Killer Scan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530810 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

23 more replies

Good Afternoon, thanks in advance for the help here.

I have been following threads here on how to clean viruses and have ran MBAM which did not find anything. I also ran rkill which did not seem to find anything.  Rogue Killer found it and ended the process, causing windows to close and reoot.  Also I ran esef online scanner which found it, deleted it and then I had to do a system restore to an earlier date, therefore I may need some new updates from Microsoft.
I have attached the logs from Farbar.

Any help would be greatly appreciated.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by jeremy (administrator) on DARRYLS on 18-06-2014 06:45:36
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================

A:ZEKOS found during Rogue Killer scan in system32

20 more replies

A:Rogue.multiple H,Rogue. pc Doc pro,Rogue.Security.T

2 more replies
Q: Smitrem

Hi,

I just took a look at your forum for the threat of I worm_attck_V122.02A and I noticed that I would need SmitRem to get the job done, but the server to smitrem is down.
I can't find it anywhere on the net, cause it's all the same link.
What now ?

Greetz

A:Smitrem

1 more replies
Q: Smitrem

recently, a browser hijacker (Spyware.Known_bad_sites) (shame I can't figure out which bad site this came from so history doesn't repeat itself) showed up when I ran my Spyware Doctor program. It showed up in the file... documents and settings\administrator\desktop\smitRem\eTrustWhen I went looking around and found the smitRem folder, it appeared to be blocked on my computer. From things I've read on the net it appears that smitRem is a good thing? Yes? No? If it is a good thing, do I unblock it? And yes, I know...people like me are lethal to the good health of our pc's! That's why we have people like you. I so need to marry a hi-techie who cuts hair, too...haaaThanks, in advance, for your help with this.Moved from the XP Forum. ~acklan~

A:Smitrem

SmitRem is used to remove Smitfraud-type infections from your computer. Since you posted in the XP forum, I am going to assume that you are running Windows XP. There is an alternative program called SmitfraudFix which I believe is much more effective to use on newer operating systems, so it would be better to use that instead. Having said that, there is little point in having any of these specific removal tools on your computer if you are not infected with the malware that they target; they are worthless. So you can safely delete it from your computer, it is just wasting some space on your hard drive at the moment.EDIT: Typos

1 more replies

Hi, I am having some problems with getting smitRem.exe. Won't load the page at all. Found one of the people that has the same problem getting the file as well, but no help was there. Is there another way around the "SmitFraud-C" spybot picked up?

Here is HijackThis report:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:20 AM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe

A:Issues getting smitRem.exe

9 more replies

Following your advice I have run the SpyAxeFix.exe, then rebooted in safe mode.

when I run the RunThis.bat file in my smitRem folder, the keyboard will not activate the program. I have made sure that the window is active, yet still I cannot start the tool.. It remains showing the press any key---- message

Below is the Hijack this scan log, followed by the Spyaxe log.

Logfile of HijackThis v1.99.1
Scan saved at 18:13:16, on 08/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelME... Read more

A:smitRem problem

Hi SpeedyUK

Welcome to TSG!

Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

1 more replies

I downloaded smitrem but everytime i try to run the program it says "handle invalid" What does this mean?

A:Smitrem.exe version 3.2

6 more replies

I've just opend and ran smitrem.exe ... now is the problem that all my icons are disappeard from my desktop... all the programs are still available but i think i can't use them anymore when i close the windows that are still open now...

A:smitrem.exe problem

10 more replies

Although I have Spy Axe listed in my Norton 2005 Personal Firewall as a program to "Block All", itstill downloaded onto my computer. I searched the MS support website and came across your information. I was able to eradicate (hopefully) the malware with smitRem software quickly, but was hoping you could tell me if there is anything else lurking on my computer.Thanks for the great information and hopefully I'm bug free:)Sincerely,JeffLogfile of HijackThis v1.99.1Scan saved at 9:36:58 AM, on 12/30/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC... Read more

A:Spy Axe - Ran Smitrem And It Worked

Hi,

Then I'll take a look.

2 more replies

Problem started as Win86 a month ago of which seemed to be taken care of by Malwarebytes, yesterday the computer came back with the same blue screen background a green center stating that your computer is at risk and has been infected by malware. Since then all sorts of pops ups have been occurring and everytime I try to open a program a dialog box appears which states "Security Warning! The application cannot be executed. The file -whatever file/program you clicked on-is infected. Do you want to activate your antivirus software now? Yes/No."The internet has been hijacked by a very official looking page that states "Internet Explorer warning. Visiting this website may harm your computer" It gives me several options to click on including "purchase for secure surfing"Ark and Attach files attached.Here is the DDS Log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Integrity at 15:52:52.31 on Tue 12/08/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.32 [GMT -6:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}FW: Norton Internet Security *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\Program Files\Common Files\Symantec Shared\ccSe... Read more

A:Infected with Antivirus Pro, Rogue security Tool, Rogue Multiple

17 more replies

Hello,Yesterday I seem to have picked up Rogue.AntivirusSuite, Trojan.Fraudpack, Rogue.AntiSpywareSoft and possibly others. I had a false antivirus program which popped up, and was unable to run any programs, getting a message that whatever I tried to run was infected. Without clicking anything suspicious, I immediately shut down the machine, booted into safe mode, and ran Malwarebytes' Anti-Malware. The log is below:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4069Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187025/5/2010 12:00:13 PMmbam-log-2010-05-05 (12-00-13).txtScan type: Quick scanObjects scanned: 112966Time elapsed: 9 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 4Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER ... Read more

A:Rogue.AntivirusSuite, Trojan.Fraudpack, Rogue.AntiSpywareSoft and possibly others

2 more replies

Hi,

My wife got the smitrem virus while browsing. It turned the desktop blue, put wierd icons in system tray, the works.

I was able to remove the smitrem by following the procedures provided to someone else in this forum. I followed the directions in this thread: http://www.short-media.com/forum/showtread.php?t=44211

Anyhow, I got rid of the smitrem, but now my wireless connection won't work. It won't even detect wireless networks that I know are there. I know this is related to the smitrem or what I did to fix it.

Here is my hijack this thread. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 6:32:08 PM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe

A:Problem w/ SmitRem - help appreciated

Hello salscamperini,

The link you provided is not working, and I'd really like to be able to see what has been done so far. Can you provide the correct link?

In the meantime, you are currently running 2 Anti Virus programs. While it may seem to be added protection for you, more than 1 Anti Virus can cause conflicts and confusion between the AV programs as well as system instability. Please choose and run only 1 and uninstall the other via the Add/Remove Programs in the Control Panel.

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Begin the scan by selecting My Computer If it finds any malware, it will offer you a report.
Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
Click on see report. Then click Save report

Panda results
New HijackThis log

6 more replies

Hello Tech guy,

I am having the same problems as everybody else....SpyFalcon is on my computer and I have tried to get rid of it to no avail. Most solutions involve downloading smitrem.exe but when I try to download it says:

You are not permitted to download the file "smitRem.exe" because it is infected with the virus "Process".

URL = http://noahdfear.geekstogo.com/smitRem.exe

File quarantined as: .
http://www.fortinet.com/VirusEncycl...?method=quickSearchDirectly&virusName=Process

I thought that this may have been just my computer, so I tried other computers on campus and got the same message. I am lost as what to do but did follow instructinos to download the Hijack this........this is what I got:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:18 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel... Read more

A:having troubles with spyfalcon2 and smitrem.exe

10 more replies

hello,
I downloaded smitrem from geekstogo to get rid of zlob/virusburst and followed the instructions on the site but when i restart in safe mode and run the .bat file it doesn't work, a command prompt screen just flashes briefly. If i drag the .bat into command prompt it says that " 'find' is not recognized as an internal or external command, operable program or batch file." The same thing happens if i try to run smitrem in normal mode as well. I don't know what's wrong at all , can anyone help? Pleasee! Thanks

A:Smitrem Doesn't Work. Help!

Please start over and follow the instructions in BC's self-help tutorial How to remove VirusBurst.

1 more replies

This is my first foray into the forum world, I apologize if I'm using the wrong topic or forum...

Our PC is infected with Spy Axe...tried downloading SmitRem.exe from BleepingComputer--followed all instructions (start up in safe mode etc.) and everything worked beautifully until it was time to actually run the program.

I open SmitRem folder in Safe Mode, click on RunThis.bat file, follow promt to "push any key to start"....and nothing happens.

I have Windows XP Home edition--I am personally a Mac user so please take pity, I've never dealt with these types of problems and I'm in unchartered territory trying to fix this PC for my mother...

Thank you SO MUCH in advance for any help or advice you can offer...

More replies

Hi

I have windows xp service pack 3. My computer is infected and can not access the web. I have tried researching anything that might have come on the computer and have several files under a smitRem. One says replace Windows NT COmmand Script. When I open it I get a message Bloodhound W32/wininet.dll fix has been infected and it asks me to look for another copy in another location. Is this legit? what is smitRem?

More replies

My norton just flagged smitrem.exe as a trojan.startpage virus? Is this a false hit or is it possible someone has disguised smit as virus???

Thx.

A:Smitrem.exe A Trojan.startpage?

This topic has been moved to a more appropriate forum.

1 more replies

I cleared this Dell Inspiron/Vista SP2 (It had no sp when infected) ref this thread http://www.bleepingcomputer.com/forums/t/314085/cwindowssystem32rundll32exe/I would like to make sure there are no hidden rootkits or anything else.Thank You!Here are the DDS and ark.txt files.I had problems running GMER so I hope it is complete.Also have attach.txt if needed.DDS (Ver_10-03-17.01) - NTFSx86 Run by Amigo at 20:54:25.77 on Tue 05/04/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.992 [GMT -5:00]SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spo... Read more

13 more replies

G'day I'm pretty bad with computers but I've done some research and now know enough that I have smitfraud or whatever it's called, and I've downloaded and installed all the programs that are s'posed to clean it.

I've got

Smitrem
SmitFraudFix
Rogue Remover
CCleaner

Anyway when I run SmitFraudFix in safe mode, I get a message saying "Cannot import C:/smitfrau.reg: Error accessing the registry" and a similar message when I try to run smitrem.

I'd really appreciate some help, I tried to look up what I should do when I get this "Error accessing registry" message but I can not understand it at all!

Cheers

Logfile of HijackThis v1.99.1
Scan saved at 10:46:07 PM, on 7/5/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\LTSMMSG.exe
C:\WINNT\system32\PRISMSTA.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\khooker.exe
C:\PROGRA~1\LAUNCH~1\CPLBY25.EXE
C:\WINNT\system32\PRPCUI.exe

A:Smitfraud - try to run smitrem and smitfraudfix but not working

hi there.

Make sure you have the most up to date version!

Try running smitfruad in normal mode if you can't in safe mode!
SmitfraudFix
(by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Also run these scans and past the logs along with the smitfraud log!

http://www.majorgeeks.com/Pocket_KillBox_d4709.html

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition
files.
* On the main screen select the icon "Update" then select the "Update now"
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the
screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select
"Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that
later in safe mode.

desktop.

1 more replies

Well there it goes. I've recently been infected by SpyQuake2 and SmitRem. I googled for "SpyQuake2 removal" and fell upon this forum thread:
http://www.bleepingcomputer.com/forums/topic47826.html

I went and read about the procedures, and since it all seemed like it was the same problem as me, i used went through the Automatic removal procedures.

Unfortunately, it didn't seem to fix much. Now i'm getting browser pop-ups, heavy CPU load when some processes are running, and activity on my connection while i ain't even using it. So i just made a couple logs here, namely (and in the order i used the programs/utilities):

-- Activescan log -- (sorry if it's kind of a messy page setup, but it came out like that)
Incident Statut Analyse

Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Owner\Desktop\smitRem\Process.exe
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Owner\Desktop\smitRem.exe[smitRem/Process.exe]

13 more replies

Hello,

I'm trying to get ride of SpywareStrike - I've downloaded smitRem.exe, extracted the files & run run the RunTHis.bat file to start the tool. It runs through all it's checks & then say to allow the cleanup tool to run which could take up to 3 hours. WHen I click OK, I'm taken back to the Desktop message that tells me Windows in running in safe mode and asks if I want to proceed in safe mode of use System Restore. I suppose I'm supposed to choose Yes, but when I do, nothing appears to be happening. Am I doing something wrong?

I'm running Windows XP Pro.
On a side note, this SpywareStrike thing should be criminal, how can a company get away with doing this to my computer?

A:Smitrem - Next Steps Ins Safe Mode

Bump

Sorry to bump my own thread, but I really need help!

8 more replies

Hi there,

As the title indicates, I can't get rid of that damned spyaxe (which now seems to be calling itself spyware- strike as well) even when I follow the Smitrem.exe procedure. Everything goes well, up until the moment when the Smitrem programme tells be that it will clean up my system and that this may take several hours. After that a box appears saying that it is "searching for space on my C drive". Then suddenly, when the search is complete, nothing else happens. The programme seems to come to a dead end.

Please can someone help me! I?ve tried everything: adaware, spyware doctor, xoftware ? you name it, I?ve tried it!

It might also be worth pointing out that when I open the Smitrem folder in the safe mode spyaxe?s characteristic toolbar message still pops up.

Anyway, has anyone got any ideas?

Thank you very much,

Leif

A:Smitrem.exe Won't Get Rid Of Spyaxe/spyware Strike

2 more replies

Win2000 with problems founr Smitrem on startup
Ran smitrem fix utility, Ran ewido, Unable to connect to internet from reg mode.
Have not been unable to get to control panel to uninstall some programs (very slow)

Saved hjt this log for review - see below
There is a bunch of crap in there which I haven't been able to deal with yet.

I've just been able access the internet via safe with networking.
Next step.. going to run Housecall and download Kaspersky to see what they catch
then take a better look at the hjt log.

Directions appreciate... (Nothing to do on this saturday but fix pc's)

Original Log (Ooops...Thanks MFDnSC for the catch)

Logfile of HijackThis v1.99.1
Scan saved at 11:43:51 AM, on 2/18/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe

A:Solved: w2000 hjt for checkup - smitrem and other

12 more replies

I followed instructions and downloaded Hyjackthis into a file on my desktop. Here is the log: HELP!!!

Logfile of HijackThis v1.99.1
Scan saved at 5:08:49 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\174b9eda.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

A:Spybot, Smitrem, and a pain in the butt HYIP.com

9 more replies

Hi, I'm new here, but I found the excellent Spyaxe remover smitRem on this site, which successfully removed that nightmare. But now I can't scan (with my Dell A940) though I can print. I think maybe either the virus, the remedy, or something else I did (I was trying to muck around the registry using Hijack this, and might have overdone it) created an orphan. Can anyone give me any suggestions (more like step by step hand holding assistance, I am a true amateur) other than "re-instal your OS," which is what Dell tech support suggested? Thanks.

A:Post-spyaxe Smitrem Scanner Malfunction

To make sure you could run an online scan at: Windows Live Safety Center.By "scan" you mean scanning with your scanner; not just a virus scan? Can you uninstall and reinstall the scanner software?

5 more replies

Hello, I was wanting to know if I should be alarmed that Panda ActiveScan found "Processor" which they list as a hacking tool. I did have the smit virus (some time ago) and used a tool to remove it that the bleepingcomputers group told me about. I am not sure if this "Processor" is left from the removal tool or the virus itself. What was found is "RecoveryBin\Volume-99130aa1-...\Documents and settings\Owner\My Documents\SmitRem\Processor(01C7415E2263331D).exe" and "RecoveryBin\Volume-99130aa1-...\Documents and settings\Owner\My Documents\SmitRem(01C7415E82743370).exe[SmitRem/Processor.exe]" None of my other spyware/virus programs see any issues. Any idea if I have a problem or not? Thanks

A:Panda Activescan, Smitrem, Processor Issue

Welcome to BC

No its related to smitrem!!! Safe... When did you run smitrem????

1 more replies

Logfile of HijackThis v1.99.1Scan saved at 1:07:29 PM, on 7/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unfinishedtale.com/O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {54CD2BC5-F16F-4CB3-BA1C-62D0880723BE} - (no file)O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt1.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllO2 - BHO: (no name) - {C8E8F1C2-1EEA-47B1-81DB-C26B66E65AE0} - C:\WINDOWS\system32\sstqr.dll (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\pro... Read more

A:Infected With Unknown Virus (not Being Removed By Smitrem)

Hello.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

1 more replies

I was wondering do you run these programs before or after you check your items to fix on the HJT log..Ive seen some people on forums do this before and some do this after..any info is appreciated

I think everyone here has their own method.

But I think majority runs these program before doing the Hijack fixes.

1 more replies

I have an hp pavilion ze5500 running Windows XP version 5.1 sp 3. When I open Internet Explorer (version 7) to access any website, instead of going to the web page, I immediately get a File Download dialogue with the question "Do you want to open or save this file?" (for example, name: m.www.yahoo.htm Type: HTML Document, From: m.www.yahoo.com). Selecting either Open, Save, or Cancel option results in a blank internet explorer window with no activity.

I ran Malwarebytes Anti-Malware (which I had to download and transfer from my other laptop since I am unable to access the internet on the infected one). Two infections, Rogue.Installer and Rogue.winAntivirus, were detected, quanrantined and deleted according to the Malwarebytes log (attached). Also posting output of DDS.txt below, and attaching Attach.zip and ark.txt files as directed by the preparation guide.

DDS.txt:
DDS (Ver_09-12-01.01) - NTFSx86
Run by user at 15:27:46.05 on Thu 12/31/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.139 [GMT -8:00]

AV: avast! antivirus 4.8.1335 [VPS 091231-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe

A:Infected w/ Rogue.Installer and Rogue.winAntivirus

4 more replies

Hello, yesterday the dreaded blue desktop saying that i have spyware appeared, i tried using the self help on this site to no avail.

Here is the log Panda gave me (it wouldnt let me click the disinfect button)

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-21 12:22:29
PROTECTIONS: 2
MALWARE: 32
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location

72 hour bump.

My restore points, task manager, and desktop hijack are also gone, if i delete the current user restrictions in the registry they just come back after restart. Please help. If you need anymore logs let me know. Thanks!

19 more replies

Thanks in advance for any help provided. I developed problems yesterday when searching with Google. Symptoms include: unable to start windows firewall and related windows security services, unable to navigate to windows update web site (refers to pseudo Google english web site even though correct web address appears in search bar), blocked from performing system restore, blocked from performing Malwarebytes and other spyware tool updates, slow or unresponsive system and applications.I have recieved several error messages, the most problematic is:svchost.exe - Application ErrorThe instruction at "0x75606eb5" referenced memory at "0x00000008".The memory could not be "read".Click OK to terminate programThis error appears at startup and keeps popping up especially while browsing the internet.History:Windows Defender came up with nothing. I removed Windows Defender after suspecting it's service may have been corrupted and was causing the issues.Malwarebytes found Rogue.XPAntivirus & Rogue.DriveCleaner. It seems to have removed these OK but with lingering effects and bad settings.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:29:55 PM, on 3/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDO... Read more

A:Rogue.DriveCleaner & Rogue.XPAntivirus

3 more replies

Greetings,

My McAfee Real-Time Scan will not remain enabled. When I try to run either Quick Scan or Full Scan, an error message comes up, telling me to return to the McAfee Internet Security Home and to try to run the scan again.

I have followed their instructions for re-enabling the Real-Time Scan to the best of my abilities, by trying to restart the McShield Service, and by running the oas-disabled-fix.cmd utility that they instructed me to download. The oas-disabled-fix.cmd utility will not run.

I have contacted McAfee and they have told me that it is a problem with Windows Update. I have contacted Microsoft and told them that as well, but they seem to be trying to rule out any other possible cause, than what McAfee says is the actual cause of the problem, thereby dragging this out even longer.

Microsoft is supposed to be getting back to me again tomorrow, but any other help would be appreciated.

More replies

Almost every time I do quick scan and got nothing and I think it is good. However, I just read online, it says that when quick scan does not find anything then you do deep scan. It confuses me, since it means I should do deep scan all the time. ?

A:quick scan vs deep scan/full scan ( antivirus )

the 1000\$ question is
which anti-virus
ON windows defender and malwarebytes and many others only a quick scan is necessary
The converse of what you have read is usually the case eg. You do a quick scan and only if that finds something should you then need to follow it with a full scan
For instance a threat scan on Malwarebytes paid for edition or the scan on the free version will scan up to 99% of the system
A full scan also scans the system restore points and other unusual places to detect, or at least try to detect, all possible traces of infection.
As I said it depends on the AV and to some extent the OS which I presume is not Windows 2000 as indeed commented on by my colleague Cookiegal in another of your topics
Also, it appears you're running Windows 7 and if you don't still have your Windows 2000 computer you should visit your profile and change that information so that it's current which makes it easier to help you in some casesClick to expand...

13 more replies

i tried to do the on-line Panda scan a few times, once my dial-up connection disconnected it, and i couldnt get it back, and I tried it 2 more times and it stalled about 3/4 of the way thru, even tho i was still connected. When i do Spybot S&D scan it stalls midway too, several times, i have to keep moving my mouse around for a while to get it to start again. Why do u think this keeps happening on my computer?( Virus scan was negative, and i deleted some adware with a scan i did a day before.) I know the Panda scan used Actixe X which i had to download to do the scan. Should i delete it now? What would it look like and where would it be on the computer.?
I have an old Dell OptiPlex GX1 Pentium 2 with 350 MHZ, with 256 RAM and WIN ME O.S. with 10 G. storage with a slow dial-up connection. Thank in advance. ZUZU2

A:Panda scan and Spybot-S&D scan stalls mid-scan

This is my HJT log after running (sluggishly) Sbybot-S&D and finding no problem:
Logfile of HijackThis v1.99.1
Scan saved at 9:56:31 PM, on 2/2/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\DIALER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\NETSCAPE WEB ACCELERATOR\NSACCEL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\CSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: I... Read more

1 more replies

Below are Bazooka scanner, dds and gmer scan results. Exe files are not working properly. Any executable I open immediately asks for a file to open the program. I can run some programs by browsing for the executable again but does not work for everything. Some programs won't work or install. here is my latest scan results using bazooka / dds / and gmer.BAZOOKA SCAN--------------------------------------------------------------------------------------------------------------------------------********************************************************************************************************************************************Result when scanning:SystemDir.explorer 545.505.000 %SystemDir%\explorer.exeC:\Windows\system32\\explorer.exehttp://www.kephyr.com/spywarescanner/library/systemdir.explorer/index.phtmlSystemDir.regedit 544.500.000 %SystemDir%\regedit.exeC:\Windows\system32\\regedit.exehttp://www.kephyr.com/spywarescanner/library/systemdir.regedit/index.phtml********************************************************************************************************************************************DDS SCAN------------------------------------------------------------------------------------------------------------------------------------********************************************************************************************************************************************.DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Ex... Read more

A:Virus - Bazooka Scan / DDS scan / GMER scan - %#^#%^#

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds logs, please.

2 more replies

I have a couple of Word 7 files which can't be moved, deleted or renamed. Any attempt results in a message: This action cannot be completed as it is in use by another program. It is not in use by any program I am aware of. When I open the file, it says (Read Only) in the title bar but the properties dialogue boxes are not checked as read only. Of course, I can't save any changes to the file unless I go to 'save as' but that still leaves me with an undeletable/uneditable file. I am using Vista Ultimate. Any help would be greatly appreciated.
Joan

A:This action cannot be completed...

Unless you're particularly interested in the mechanics of why this might be happening, I'd suggest booting to safe mode (press the F8 key early during Windows startup) and moving or deleting the files from there. You probably won't have trouble deleting the files that way.

37 more replies

Hi everyone!

Ive just completed my upgrade from an MSI 745 Ulta mobo and ATI Radeon 7000 series 64meg AGP x4 graphics card to an Abit NF7-S mobo and ATI Radeon 9550 AGP x8 256meg graphics card and I gotta say, boy what a difference.

Now I have to save up my pennies to get myself a better processor, I have an AMD Athlon XP Pro 2000 and was wondering what i should replace it with?

There's a fair ammount of choice out there so i was wondering if anyone has any recomendations?

Nice speed jump!
Upgrading always starts with budjet. If you are going to keep your Mb , then simply buy the best (fastest) CPU you can afford at the time.If you are saving pennies you will probably be able to get the quickest cpu your mb can handle.

5 more replies

Hi,

Having successfully performed a 3 hour chkdsk by means of a downloaded microsoft program which did this automatically, the screen is left hanging and there is no option available to exit from it. I tried switching off and then on again but this just puts me back to the start of the chdsk routine which then completes again. So I'm stuck in a loop from which I can't escape !! What do you recommend ?

A:After chkdsk has completed

Hello ,

here is a shot in the dark

turn your system on & then back off

them push your power button as if you wanted to start it and hold it for a count of 10

this will clear the compleat system of power and maybe reset way your system starts / you may want to reset the bios also by crossing the bios jumpers or just pulling the litheum battery from your mother board for at least 3 minutes

you may be looking at wipeing the driver & reinstalling

have you tried to get into the recovery console useing the Windows XP cd ?

3 more replies

Deckard's System Scanner v20070804.61
Run by HP_Owner on 2007-08-05 at 16:46:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:16 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

A:Completed the 5 Steps

Please stay with this thread, and only post here for this problem. Do not start a new thread, otherwise it is too confusing...

Use Post Reply - left bottom corner. Thanks!!

Save it to the Desktop

Double-click combofix.exe to run the program
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~

19 more replies

hey im having problems with installing windows xp SP3 i boot to cd do the whole installation thing for step 1 and then it restarts and then im waiting for the continuation of the installation but it doesnt happen it boots to cd again without me pushing anything

A:Installation not completed

6 more replies

Finally got my gaming rig built and in perfect working order. Took me a while figure out how to put my two HDD into raid 0. One of the tech support guys at EVGA helped me out and said that HDDs have a hard time going into raid array if they have never been used, which was the case. I just installed some stuff on my two HDDs and reformatted the partition and BOOM it stopped giving me errors, LOL. Anywho here is the finished build:

Cooler Master Cosmos 1000 Silent Gaming Tower
EVGA 750i FTW Motherboard
Intel E8400 Wolfdale Processor
Xigmatek HDT-D1284 120mm Rifle CPU Cooler
MX-2 Thermal Compound
2x2GB OCZ DDR2 1066 5-5-5 18
2xEVGA 8800GTS in SLI
3xSeagate 7200.11 (2 in Raid 0, 1 backup)
Corsair 750TX Power Supply
Samsung DVD-RW w/ Lightscribe SATA
Liteon DVD-RW IDE
4 Scythe KAZE 120mm case fans (1 intake, 3 exhaust)
1 Stock Exaust Fan on HDDs

When I looked at the Case for the first time I couldn't believe how big it was, plenty of room to work in. The Scythe fans sound like a tornado when I first turn on the computer but it gets quite once the bios and PSU start regulating them and you can't notice it when playing games or listening to music. I bought a generic filter for the intake fan and realized that it wasn't needed because the case already comes with filters that you just slide off and wash.

This was my first build ever and I must say I'm quite pleased with the results. The bios defaulted the memory at 800mhz 1.9v so I bump... Read more

A:First Gaming Rig Completed

Cool. Looks like a good build.

7 more replies

Keep getting the same error over and over, tried many things (inclduing scf /scannow) but to no avail.

Here is the bit from the log:

Code:
1348769 (3424) - winsat\logging.cpp:0815: --- START 2011\10\30 17:15:04 ---
1348769 (3424) - winsat\main.cpp:4301: Command Line = "C:\Windows\system32\winsat.exe" formal -restart clean -cancelevent 8e00fb41-d1d6-4e88-8347-83b99be94b73
1348769 (3424) - winsat\processwinsaterror.cpp:0095: ERROR: tried to read resource strings, unknown exception occured
1348784 (3424) - winsat\main.cpp:4474: > IsFormal=TRUE IsMoobe=FALSE.
1348815 (3424) - winsat\main.cpp:4585: Watch dog system enabled
1348815 (3424) - winsat\main.cpp:4600: Main watch dog timer set to 600.0 seconds
1348878 (3424) - winsat\main.cpp:2505: > DWM not running.
1348878 (3424) - winsat\main.cpp:2470: > EMD service will be restored on exit.
1348893 (3424) - winsat\syspowertools.cpp:0983: > Read the active power scheme as '8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348893 (3424) - winsat\main.cpp:2793: > power policy saved.
1348909 (3424) - winsat\syspowertools.cpp:1015: > Set the active power scheme to 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348909 (3424) - winsat\main.cpp:2814: > power policy set to maximum.
1349736 (3424) - winsat\logging.cpp:1763: ERROR: pahse enter/leave imballance
1349736 (3424) - winsat\main.cpp:0948: > IsOfficial=TRUE IsFormal=TRUE IsMoobe=FALSE RanOverTs=FALSE RanOnbatteries=FALSE
1349736 (3424) - winsat\main.cpp:1775: ... Read more

A:WEI test cannot be completed

What language is your OS currently using, and what was originally installed on it? Is one of the two English?

4 more replies

Good evening..i have just completed the combofix scan on my Openlabs Neko TSE. Which is my music workstation with a built in computer. Please can you review my log for further advice.? I really appreciate you for this. This workstation is the key to all my productions. I have been freaking out all night. Aloha!

A:completed combofix run

Hello,That request about NOT posting CF logs is primarily to keep people from running the program unsupervised.Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which explains that reasoning further.Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

1 more replies

Avast seems to find a new malware every 20 min. I could not complete a panda activescan because the update would stall and hang at 19 %

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-30 21:04:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
102: 2008-05-31 01:04:12 UTC - RP583 - Deckard's System Scanner Restore Point
101: 2008-05-30 21:19:31 UTC - RP582 - Restore Operation
100: 2008-05-30 21:12:31 UTC - RP581 - Restore Operation
99: 2008-05-30 21:09:59 UTC - RP580 - Restore Operation
98: 2008-05-30 21:07:03 UTC - RP579 - Restore Operation

-- First Restore Point --
1: 2008-03-02 21:51:33 UTC - RP482 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-30 2111
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe

A:I have completed the 5 steps!

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
Do not do anything with this yet!

Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Use the arrow key to highlight Safe Mode and press Enter.

SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the ... Read more

7 more replies

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:14 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

A:Completed 2/5 steps - please look over this and tell me what to do

Hello

I needed you to go all the way through the steps. We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and

19 more replies

Desktop machine.
Windows Vista Home Prem. 32b.

The computer shut itself down a few days ago while it was copying for files.
Then, it behaved abnormally after restart.
A back to the factory status recovery was performed, but it did not complete the task.
The last part of the recovery did not run.
The recovery disks, burned right after the purchase of the machine and used before, were used and they ended the same way.
The last part of the recovery did not run.

There are 3 partitions on the HDD.
Partition 0, 20GB. hidden, keeping the recovery OS.
Partition 1. 223GB. partition C.
Partition 2. 220GB. partition D.

Question:
If partition C is formatted, can recovery OS be installed on partition C ?

Thanks.

A:Recovery can not be completed.

What's the brand name and model name and model number of that desktop?

What's the part/product number and/or service tag number and/or serial number on it?

Which country do you live in?

--------------------------------------------------------

3 more replies

I accidentally infected my computer with security toolbar 7.1. I have done the 5 steps and i did not get a log from that first scan but here is the log it gave me on the last one.

Deckard's System Scanner v20071014.68
Run by Alan Hickman on 2007-10-21 13:33:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
98: 2007-10-21 18:33:54 UTC - RP572 - Deckard's System Scanner Restore Point
97: 2007-10-21 10:02:26 UTC - RP571 - Software Distribution Service 3.0
96: 2007-10-21 09:56:58 UTC - RP570 - Installed Windows Defender
95: 2007-10-21 09:24:44 UTC - RP569 - Restore Operation
94: 2007-10-20 09:03:00 UTC - RP568 - System Checkpoint

-- First Restore Point --
1: 2007-08-01 05:41:11 UTC - RP475 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-21 13:35:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe

A:Completed five steps...here is the log.

Bump!

3 more replies

Logfile of HijackThis v1.99.0
Scan saved at 16:26:28, on 08/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David.DAVID-91YJAB3H3\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

More replies

Model HP 15 notebook PCProduct no. J8B82PA#ACJRam 4gbHard disk 1tb HDDProcessor Intel core i3 1.70 GHzWin does 8.1 64 bit

More replies

I did not get any replies so will try this again with updated info. Downloaded Microsoft Pocket PC 2002 October 2002 Update(EUU3) to computer but when tried to sync it to handheld got message: "Synchronization Cannot be Completed Successfully" and have not been able to sync since then. Same message and then disconnects. Have reinstalled Activesync twice..even going to older version. Have done disc cleanup and defrag. Have deleted recent programs including the EUU3. Also soft resert on handheld although problem developed in computer before could sync to there. There is no problem in connection of handheld with computer..just will not sync. Any help much appreciated as cannot download or sync any material to handheld(iPAQ3835) at all.
Thanks!!! John

A:Synchronization Cannot be Completed..

6 more replies

Dear Broni and All,

I have completed all steps, and ran the security programmes recommended in this thread:

http://www.techspot.com/community/topics/keep-getting-stupid-shopping-malware-installed.208648/

However, I am still getting pop-ups and adware related problems, which means that the underlying problem has not been resolved.
These are the programmes that I have run (today, 18/05/2015):
-RogueKiller
-Mbar
-AdwCleaner (it removed NickelBlock, AllCheeiaPPPriCe, DowwnSaave, SaVieNeewaApupoz)
-Junkware Remover
-Farbar Recovery Tool
-Farbar Security Scanner
-Security Check
-Tempfile Cleaner

I am currently running Sophos.
My laptop runs Windows 8.1, and Combofix does not support it.
The antivirus that I have is Kaspersky (I previously had Microsoft Security Essential), and Windows Defender. The malware was not detected by a Kaspersky and Spybot full scan a few days ago. However, on the 26th of April, I manually uninstalled some adware, and then ran full scans, which showed nothing.

As you can imagine, I don't think I have many options left, and formatting my laptop is a dreadful prospect. I was wondering if you could give me some advice.
I have kept all logs of the security programmes that I've run.

Thank you in advance, and looking forward to hearing from you.

A:Completed all instructions, but still getting adware pop-ups

Welcome aboard

Never follow steps from other topics. Every computer is unique.

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

57 more replies

The action can?t be completed because the folder or a file in it is open in another program. I suspect that my anti virus, Norton 360, is stopping me from deleting a specific folder, it happens only in one specific folder.
When I restart my computer, it takes time to the regular background tasks to "wake up", so I can delete it once the computer turns on, but then something stops me from deleting the folder. I am not sure if it is Norton 360, or another problem.
Would it be a Malware?

A:The action can’t be completed because the folder or a f...

not positive what it could be ,anything knowing computers .
to see if its Norton 360. disconnect from intern ,disable Norton360 temporally ,how to do so will be in the settings of Norton , after its disable try deleting file.

just found this in google ,how to disable Norton temporally .

Try right clicking on the 360 icon in your notification area. You should be able to disable protection features for a specified time. Remember that you are unprotected while doing this, so you should disconnect from the Internet while doing this. Remember to reset the protection when you are finished.

6 more replies

log listed below : DO YOU WANT THE PANDA SCAN SCAN ALSO?

had constant pop ups- they have stopped- system very slow..avast found virus in operating system-win32:agent-PSG [drp] and vtutr.dll -
trojans

I just know how to computer surf- my son goes to online school- so we really need this computer
log listed below

Deckard's System Scanner v20071014.68
Run by wpccs on 2008-02-03 18:09:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-02-03 23:09:39 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-03 18:13:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe

A:hijackthis log- completed 5 steps

Hi dorimom, and welcome to TSF.

Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

--------------------------------------------------------------

Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Close HiJackThis

--------------------------------------------------------------

Since it has been awhile... Please run Deckard's System Scanner (dss.exe) again, and post the resulting log.

--------------------------------------------------------------

C:\Deckard\System Scanner\main.txt

5 more replies

I just started using Microsoft 2010 and in the Outlook tasks I have created recurring tasks. In the old XP version when I completed a recurring task, the completed task would move to the top of the list. Now, it just puts it below the original task. Is there a way to automatically move completed tasks to the top of the page?

More replies

Not sure if this is the correct forum to post this in but..

Have installed Windows 8 64bit on three computers, all similar spec (amd a8 processors and gigabyte f2 motherboards with 8gig ram.)

Windows seems to be ok in every other respect other than I am getting an error in the metro store. When trying to install any app I get the error:

I have searched the internet for this error, and although I can find similar errors, I can see no one else having the error code with the same scrambled type.

We got around the error by signing in to a microsoft account, but then we are unable to create a pin for said account (the cursor just spins).

This happens on all three computers.

Any help greatly appreciated.

Have you tried copying & pasting the error code in Google ?

I find that helps.

EDIT--

Perhaps this phone number will help.
I've used it & got good help from Microsoft.

Microsoft Product Support Customer Phone Number | Shortest Wait | Best Support | GetHuman.com

2 more replies

hi there,
plese consider that who's writing (me) is a sw/hw total illiterate..

- at every web connection (firefox), the start page is http://istart.webssearches.com + the last web page visited at previous connection (two windows). i set up new homepage but nothing changes.
- pop ups frequently open (then disabled via settings).
- mouse stops/blocks for a second while using it.

i downloaded combofix and let it run. everything seems worked correctly, but now i don't know how to proceed.
here below the log i got - integral copy&paste - now saved on desktop.
if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it..

i hope you can help me about how to proceed.

thanks++
iggy

ComboFix 14-05-19.01 - user 19/05/2014  19.13.03.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1919.1432 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Dati applicazioni\cacaoweb
c:\documents and settings\user\Dati applicazion... Read more

A:ComboFix ran&completed - don't know how to proceed

3 more replies

I am using SQL Server 7.0.
I have databases DB1 (only current values) and DB2 (both current and old - keeps history). When I update (or insert), on DB1, a copy of the row I am working on has to be sent to DB2 using a trigger. What gets completed first? The update process on DB1 or the action started by the trigger? I am asking this because of what I found at this site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/architec/8_ar_da_1tup.asp

…..
You can use the FOR clause to specify when a trigger is executed:
AFTER
The trigger executes after the statement that triggered it completes. If the statement fails with an error, such as a constraint violation or syntax error, the trigger is not executed. AFTER triggers cannot be specified for views, they can only be specified for tables. You can specify multiple AFTER triggers for each triggering action (INSERT, UPDATE, or DELETE). If you have multiple AFTER triggers for a table, you can use sp_settriggerorder to define which AFTER trigger fires first and which fires last. All other AFTER triggers besides the first and last fire in an undefined order which you cannot control.

AFTER is the default in SQL Server 2000. You could not specify AFTER or INSTEAD OF in SQL Server version 7.0 or earlier, all triggers in those versions operated as AFTER triggers.

…..

This statement sounds confusing?

A:Which is completed 1st? a transaction or a trigger?

Microsoft® SQL Server™ 2000 provides two primary mechanisms for enforcing business rules and data integrity: constraints and triggers. A trigger is a special type of stored procedure that automatically takes effect when the data in a specified table is modified. A trigger is invoked in response to an INSERT, UPDATE, or DELETE statement. A trigger can query other tables and can include complex Transact-SQL statements. The trigger and the statement that fires it are treated as a single transaction, which can be rolled back from within the trigger. If a severe error is detected (for example, insufficient disk space), the entire transaction automatically rolls back.
This means that the trigger completes before the transaction, you can rollback a transaction within a trigger as mentioned above so in your case the action started by the trigger completes before the update action.

2 more replies

I've run CHKDSK on a couple of laptops today, and in each case, after hanging for ages around 10-11%, the laptop rebooted while my back was turned. (The process was run at boot and the internet was not connected at the time.)

Is there a way to check if the process completed and what it did?

There is a CBS log with today's date, with entries that correspond time-wise to the CHKDSK activity, but I don't understand them. At the end there are several entries like this:

Can anyone explain what this means please, and if I have a problem?

Coincidentally (or not) There are similar 'Failed to internally open....' entries in the CBS log from when I turned the laptop back on later in the morning.

A:How do I know if CHKDSK completed successfully?

Hi, check this tutorials CHKDSK - Check a Drive for Errors in Windows 8 and Check Disk (chkdsk) - Read Event Viewer Log - Windows 7 Help Forums to see if they will help you.

Good luck, werty

3 more replies

I recently had a virus and used HP recovery and now I don't have any sound. I originally posted this in the sound card forum and was instructed by deejay100six to go through the five steps of identifying a virus. I completed those steps and below is my Panda Scan results. I have the hijackthis results when ever you need them. I originally went through all of the basic steps to fixing the sound problem but nothing worked. Thanks again in advance.

ANALYSIS: 2008-08-16 02:24:44
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080815-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location

A:No Sound/5 steps completed

I need some help here guys. Below is my hijackthis results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:50 AM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\gearsec.exe

4 more replies

I got my P50 a few weeks ago and yesterday its LCD went half black. OK, this happens.I turned it into authorized premium repair center and they got LCD replaced (as my P50 is under warranty). No big deal.However, they could not re-calibrate the new LCD screen because I do not run Windows on my P50 (running Kubuntu).It would not be a big deal either (the Panel Replacement Utility they have does not run on Linux, but I can live without that), however there is one worrying thing: by my request, they printed Lenove repair instructions for me where it is stated, that "Failing to run the Panel Replacement Utility program will require another LCD panel replacement". Please note "will require". My interpretation of this statement is that LCD will fail again unless I run this Panel Replacement Utility which requires Windows (not Linux version exists). Repair guys could not comment on that in either direction.REALLY????So, despite the fact that nor P50 user guide nor warranty description limit me from using non-Windows OS, the P50 cannot be repaired to be used in full capacity unless I use Windows.Do I miss anything? Is this an official position of Lenovo on non-Windows OS use on ThinkPad P50?

More replies

I'll give some background.

I have a tri-boot setup. Windows 8 one ssd, windows 7 pro on a second ssd and ubuntu 13.04 on a partition on a 2 gig raid 1. The boot partition is on the windows 7 ssd. All drives are on the same Intel controller. Prior to the 8.1 attempt it worked. I'd boot the w7 ssd and a black win7 style boot screen would appear with the 3 OS choices. I'd been using win 8 as primary since it's release with no real issues.

I updated through the store early today and the process had a hitch after the first reboot but I rebooted and it completed the install. Windows 8.1 started and walked me though an initial setup. Once in, all looked pretty much unchanged. The only issued was it asked me to reinstall some XLan software.

I rebooted to check my other OS's and the problems began. I boot up, it loaded the blue win8 boot screen with all 3 OS present when I attempted to boot ubuntu it went to a black screen with no possible input. Hard rebooting brought up the grub bootloader (not win8 bootscreen) and I was able to enter ubuntu. Same thing happened with win 7 pro. I soft rebooted and the win 8 bootscreen appeared. Choosing win 7 took me to a hung black screen - hard reboot directly started up win 7. Restarting to win 8 bootscreen again and choosing win8.1 took me to another black screen - Hard reboot from there started up a win 8 repair process.

This is always the case with each of the 3 OS's. I have found that I can get into win8 if I enter through safe mode ... Read more

A:8.1 update completed but problematic

I have the exact same problem. I even had the XLan error you described. Once I restarted the computer, it always go to a black screen. I do not have multiple OS's to boot into, but the black screen always comes up after the little blue windows 8 loading screen.

Update:

When I tried your suggestion of enabling Debugging, it loaded up. However, 1-2 minutes later it would freeze and I would have to push the reset button on the machine. In Safe Mode, I didn't have any of the freezing, but when I tried to uninstall Norton Internet Security, it would freeze. After a restart, I downloaded the Norton Removal Tool, and removed Norton. At this point, starting Windows 8.1 with Debugging allows me to stay freeze-free. However, trying to start up without Debugging gives me the same black screen.

Another thing to note is that when I have all non-Microsoft services stopped, I still get the black screen upon bootup. I'm not quite sure what Debugging mode does in terms of bootup, but its definitely a workaround for now. I used msconfig.exe to keep debugging turned on for now.

Again, if someone figures out the fix, report back.

2 more replies

I've ran Combofix, but need someone to look at my log file. I'm still having boxes pop up like my symantic anti-virus can't work because it is on a network resource that is unavailable. The log file is below. I would really appreciate any help I could get.Thanks,DonComboFix 10-12-09.04 - Todd 12/10/2010 16:39:31.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.70 [GMT -6:00]Running from: c:\documents and settings\Todd.PHILCON\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\FuhYQAtN.exec:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}c:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome.manifestc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\_cfg.jsc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\overlay.xulc:\documents and settings\Don\Local Settings\Applicat... Read more

A:Combofix completed - need help with log file

2 more replies

Hello,

Had the "Security Center" come up on this computer...got rid of it using the tutorials on this site, along with trying all the other suggestions for removing rootkits that may be causing the redirects. Some solutions seem to run their course, others don't. Still having issues: browser redirects, browsers stop working, MBAM errors, Start menu blank, "waiting for background programs to end" on shutdown.

So, not sure where to go from here. Help please.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Chance at 6:41:48 on 2012-01-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2379 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

A:Completed all self-help tutorials, still have rootkit

22 more replies

Hi

Looking for some help resolving this issue. Computer was acting strange. Scanned with Norton 360 and Malwarebytes and found nothing. Ran TDSSkiller, found and removed a rootkit. Now, when I try to  run Combofix, it stops at Stage 48. The hard drive light is solid, so I figured it would eventually complete, but it does not.

Can you help?

thanks

drobtoy

A:stuck on 'Completed Stage_48'

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

19 more replies

A neighbor brought over his computer since he knows I help folks with infections.  It appears he already ran and removed infections found with SAS Portable and MBAM.  I can include those logs if you like so let me know.

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by HP_Administrator at 12:32:46 on 2013-08-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.456 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService

A:Infected PC with some Removal Completed

Attached file ...

3 more replies

Hi I just completed my second homebuild, I installed windows 7 pro and have been running it for over two weeks now, (got it pre release from msdna for free, thats right free, gotta love being a student, as many copies of 7, vista, xp and visual studio, and tons of other cool software for nada.)

anyway:
asus m4a78-e mobo
8gb (4x2gb) ddr3 ram
amd phenom II 945 3.0ghz quad core processor.
xfx hd 4850 1gb gddr3 gpu 256 bit with 512mb onboard already
2 x 500gb hitachi deskstar hdd's
sunbeam acb9 acrylic green led pc case (12 green leds, with 5 80mm green led fans, and custom fan grills.)
19" tft
650tx corsair psu
onboard sound and networking

it works great, so far I haven't seen the cpu go over 8% you through stuff at it it gives you a blank look and shrugs, it took a virus scan, dreamweaver, word and a few web pages (chrome) at 8% for god's sake. Anyway i'm very pleased with it.

BUT it only lists one hdd in the my computer section and that is the drive that i installed windows on, I don't know if the other one is formatted or not, I would say not, the bios recognises both of them, but my computer displays only one, i have not used raid in any form. Whats the solution?

Thanks alot, bob.

A:New build completed, but second hdd not recognised by os?

you shoud try this :
On "My Computer" Icon right click it and click MANAGE, click on DIsk Management..you may find your C: drive as Disc 0. Then look if you find drives that is unallocated..if you find it, click on the on it, right click and format the drive and click ok..just wait to make a 100% and you should after that it is healthy and formatted and you should the other drives now..try this tnx

3 more replies

Trying to restart will not allow me to login, keeps telling me wrong pass word, (didn't think i had setone yet)think its microsoft thats causing the problem, it says i need a removeable media, what the hell is one ofthem. i'm already on line at home.     Can anyone help me please

A:New netbook setup not completed,

Hello, Thank you for posting in the HP Support forum. Is this re. Windows login ? You can't login to Windows? If yes, I have encounter such a problem once only but was with Win 8. Anyway - if this is a new computer you can revert the software back to factory default settings. Eventually you should create a local account (not login with Microsoft account). At the end, you can always migrate the local account to Microsoft account. If this is not re. Windows login, please provide back details.

1 more replies

Hello TSF -

Recently, i have had a problem with my system restore. After i attempt a restore, the computer reboots fine and acts as if it did the restore, but when i sign it, i get a messege saying system restore incomplete, or something along those lines. I decided to check the sr.inf file, right clicked and clicked install, but it said i need a windows XP sp3 cd, and i only have the original SP2 cd, not Sp3. Also i'm not sure if that will even fix the probem, has anyone else seen this problem? any help would be greatly appreciated!

-Thank you.

More replies

Computer has a very slow startup. I cannot get rid of this Kodak Easyshare. Internet response time a bit faster, page to page.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 05:44, on 2008-03-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1101823440\ee\services\safetyCore\ver210_5_2_1\aolavupd.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxczcoms.exeC:\WINDOWS\Explorer.EXEC:\Program Files\mcafee.com\personal firewall\MPFService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\MUSICMATCH\... Read more

A:All Steps Completed Up To Hijack

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies

Deckard's System Scanner v20070905.67
Run by Tom Roach on 2007-10-01 10:32:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
104: 2007-10-01 14:32:38 UTC - RP355 - Deckard's System Scanner Restore Point
103: 2007-10-01 14:17:25 UTC - RP354 - Installed WinZip 11.1
102: 2007-09-30 07:00:16 UTC - RP353 - Software Distribution Service 3.0
101: 2007-09-29 17:11:48 UTC - RP352 - Removed Adobe? Photoshop? Album Starter Edition 3.2
100: 2007-09-29 16:55:46 UTC - RP351 - Installed Windows Internet Explorer 7.

-- First Restore Point --
1: 2007-09-24 19:33:06 UTC - RP252 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Tom Roach.exe) -------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-01 10:39:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe

A:WinAntiVirusPro - 5 steps completed

2. Double click on combofix.exe & follow the prompts.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

13 more replies

Hello and thank you for any help you may be able to give. I've gone through the five required steps before posting my logs for help.

I've run Spybot, Adaware and SuperAntiSpyware and can't seem to clear up whatever the issue is.

Following are the required log files (as well as the "extra" text file attached):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:02 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vtsphlxp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe

A:HijackThis Log - completed 5 steps

bump

anyone?

19 more replies

hi guys,

every single time I try to rename a folder the boring message "The action can't be completed because the folder or the file is in use" appears even if apparently neither the folder or a file in it is in use.

What I have to do is: Task Manager > Explorer.exe > End Process > File > New Task > Explorer.exe and I am able to rename the folder.

It is a really boring process and I find this process really stupid. The folders I am trying to rename are full of pictures, I think it is something related to the Thumbs files.

Anybody of you have the same issue? Any possible solution?

Thanks

OpenedFilesView - View opened/locked files in your system (sharing violation issues)
What file is opened by explorer.exe in that folder?

9 more replies

Hello,

This is a follow-up to my original thread here -

http://www.sevenforums.com/crashes-d...ease-help.html

I completed 1 RMA with HP and the teleplan service center guys sent me the machine back with the note - no issues found, reloaded OS. This time they loaded the OS with SATA controller as IDE as opposed to the default RAID setting that had come when I had purchased the system.

I let it run overnight hoping for the best but see the BSOD error in morning - I would really appreciate if somebody can pin point the issue so in the next RMA I can advise HP Teleplan guys about it - they seem to not spend great deal of time researching the issue but try to do a quick fix that obviously didn't work.

PS - my System specs -

System Manufacturer/Model Number HP Pavilion Elite HPE-210F
OS Windows 7 Home Premium 64 Bit
CPU AMD Phenom(tm) II X4 945 Processor, 3000 Mhz, 4 Core
Motherboard H-RS880-uATX (Aloe)
Memory 8 GB PC3-10600 MB/sec (message as PC3-8500)
Graphics Card ATI Radeon HD 5450
Sound Card Integrated Realtec ALC888S Audio
Monitor(s) Displays Acer? H243H
Screen Resolution 1920 x 1080
Keyboard HP USB
Mouse Microsoft Compact Optical Mouse Model: 1016
PSU Bestec 300W
Case Mid-size ATX
Hard Drives Western Digital Caviar Green WD10EADS-65M28X
Internet Speed ATT DSL 6 MBPS

A:1st RMA completed - still random BSOD

Your dumps indicate conflicts and memory corruption. Uninstall Symantec using this removal tool: Tool. Many third party security programs create conflicts with Win 7 and Norton is no exception. Norton was involved in one of the crashes. Download and install Microsoft Security Essentials. It will not cause conflicts. Make sure Windows firewall is turned on.

Uninstall or upgrade CyberLink. Its driver, 000.fcl, Fri Sep 26 09:11:22 2008, is out of date. Outdated drivers can and do cause conflicts and BSOD's.

I find another slightly out of date driver loaded on your system. Update this driver from the link provided.

Quote:
usbfilter.sys Fri Apr 03 07:39:51 2009 - AMD USB Filter Driver (likely part of the chipset drivers). http://support.amd.com/us/Pages/AMDSupportHub.aspx. Update this driver.

Follow these suggestion, reboot and let's see if your system is more stable. Post back and let us know. If you get anohter BSOD, upload it and we will go from there.

Code:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff80002804000 PsLoadedModuleList = 0xfffff80002a41e50
Debug session time: Thu Dec 16 09:41:31.624 2010 (GMT-5)
System Uptime: 0 days 8:53:11.013
...............................................................

8 more replies

I had a problem with my yoga 700 11". The laptop freezes every so often (3-6 hours). At first I thought it's the drivers that need to be updated, then Windows 10 updates, then BIOS update.I tried all of that but the problem still persisted. I did the recovery reset but still the same... I created Linux system on USB flash drive and booted the laptop with it. Even under Linux the laptop was freezing.I contacted lenovo support team and they said the laptop needs to be repaired and they send me the return free postage vocher. I put my laptop in the original box and posted it as I was instructed (for some reason it was send to Germany). The company name that issued me with the postage slip was MEDION AG - A Lenovo CompanyAfter 13 days I got an email saying:"...After assessing your device, the repair center has deemed that a repair cannot be completed under the manufacturer?s warranty due the case of the device showing signs of inappropriate treatment. ..." There were two pdf documents attached to the email. one with the detailed photos of the damage ( see photo attached) and the other one, the cost estimate document. In the document I was given two options:1. accept the cost of repair (£54.65)2. not accept and the laptop would be return to me (I would be still charged fat price of £44.07)My reply was that I do not recall the laptop having this damage and I always looked after it. I was suprised when I saw the photo. I also added that my main concern was that th... Read more

More replies

Hi, I have already run Ad-aware using the required settings multiple times and removed everything I can on my own. Ad-aware could not remove iboboi.dll and I believe that is the root of my problem. But on startup that file is gone.

Here is my hijack this log, with the analyzer. Thank you in advance for the help!

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVir... Read more

A:Urllogic Pop-ups, completed all prereqs

Let's see if these logs will show us anything:

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Do not run it yet.

Before doing anything, MAKE SURE that you can keep your computer on (at least until we get it fixed). This infection requires us to detect and remove it without rebooting or restarting your computer (unless the instructions say so). If you can't keep your computer on today, then I suggest that you don't get the logs yet until you are ready. With that said (when ready):

Open up HijackThis and go to Config->Misc Tools and check the first two boxes there. Now click on the Generate StartupList log button. Post that log in your next post.

Right click on this link and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on Silent Runners to run it. This will take a few minutes. It will create a file called Startup Programs followed by your computer name and current date. Open up that file and post all the contents here in your next post.

Download Find-qoologic. Unzip the files to your Desktop. Open the qoologic folder and run the qoologic.bat file. Wait a few minutes for it to finish. When the dos window disappears, go to your C: drive and open up the log.txt file. Copy and p... Read more

7 more replies

I apologize if this forum is meant for tech people as I'm a novice computer user, but I really need help.  I have Windows 7 x64 and I used RoboCopy for the first time, and have messed up royally.  I was trying to copy folders and files from my
computer to an external hard drive.  My external hard drive had important files and folders on it already, and I thought that copying more data using RoboCopy would just add to it, but it deleted everything that was on the external hard drive when it
Can I undo what just happened?  Is there any way to revert?  Or maybe there's some way to recover that deleted data?
I used:  Robocopy C:\Users\Name\Documents F:/MIR /dcopy:T
I would be really grateful to be helped.  Thanks in advance.

More replies

Recently installed kaspersky pure 2. 0 .Getting error message that backup task has not been completed. I have read that this is a known issue. Is there a solution to correct this problem? Thanks.

A:backup task has not been completed

Welcome to Seven Forumsnancy159. As you say, this is a known issue

Quote:
5. Main known issues

The maximum size limit for Quarantine and Backup and Restore does not work.
Some application windows do not correspond to Microsoft computer management from keyboard standards.
Groups of windows cannot be closed through Windows 7 taskbar.
Application window cannot be closed through Windows 7 taskbar preview.
"A backup task has not been completed" status is displayed in the general protection status and in the Backup and Restore section when backup tasks are performed.
Protection parameters cannot be reverted to default values.
AVZ reports cannot be created under 64-bit operating systems.
In some cases, characters cannot be entered using the Virtual Keyboard in entry fields of web browsers or applications.
When in Safe Run mode, Microsoft Outlook Express (Windows Mail) email client may fail to display some email messages received from the standard Microsoft Windows environment.

Kaspersky PURE 2.0: commercial release (build 12.0.1.288)

Have you tried creating a backup task?

How to create a backup task in Kaspersky PURE 2.0?

A Guy

1 more replies