Tech Problem Aggregator

Spyware, Malware Scanner, Cleaner.

Q: Spyware, Malware Scanner, Cleaner.

Does anyone know of a good program, ( freeware ) for the above mentioned?
chuck

A: Spyware, Malware Scanner, Cleaner.

Hi chuck, there's a few choices to consider....

MalwareBytes https://www.malwarebytes.org/

SuperAntispyware: http://www.superantispyware.com/

AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/

2 more replies
Answer Match 77.7%

I am trying to remove these programs from a mates pc. Im not an expert at this stuff but have a bit of experence. have used a program called smit fix which i ran in safe mode, it told me it had deleted the bloody thing but on rebooting its still there.... HELP SOMEONE!!!!!!
 

A:Error cleaner/ privacr protector/ drive cleaner and spyware and malware protertor

The spyware removal thread is HERE
 

1 more replies
Answer Match 72.24%

Hi White Knights, Good Guys and Gals,

My PC was attacked, likely through Internet Explorer today, since I haven't downloaded anything. The following are is the list of Malware that XP Security Center has notified:

=email-worm.win32.netsky.q
=rootkit.win32.agent.pp
=backdoor.win32.kbot.al
=net-worm.win32.mytob.t
=net-worm.win32.dipnet.d
=virus.win32.hala.a
=trojan.downloader.js.multi.ca
=virus.win32.gpcode.ak

and Trojan Remover has identified
c:\windows\system32\vacinit.dll

and Mcafee
NTROSKRN... (rootkit trojan)

The program "Protection Systems" continues to pop up prompting me to buy along with random IExplorer bombs despite having removed it from programs. The system regularly freezes when I employ anti-malware programs.

I have attempted to use in normal and safe operating mode (Mcafee from safe command prompt)
=Mcafee VirusScan Enterprise (halts early in operation, Identifies NTROSKRN and 11 cookies)
=Stopzilla (Halts early in operation)
=Malwarebytes(fails to open even with changed name)
=Rooter Malware Finder (Eric_71) (operates results indeterminant)
=Trojan Remover (Runs. results indeterminant)

I am not in a good position to format the PC (in the wilderness).

Any advice what is preventing these malware programs from operating?

Thanks, and happy to repay the favor particularly if you like homebrew since PC wars arent my specialty!

Lookingtree

DDS (Ver_09-06-26.01) - NTFSx86
Run by Iamcomputer at 20:41:08.59 on Wed 07/15/2009... Read more

A:Unknown Attack Disables Malware Scanner/Antivirus/Spyware Scanner

Hi, lookingtree Welcome.Please read and follow all these instructions very carefully.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease d... Read more

2 more replies
Answer Match 70.56%

I have read several posts regarding Ucleaner and spyware. I am having similar problems:

-- There are three new icons on my desktop: (1) Error Cleaner (2) Privacy Protector (3) Spyware&Malware Protection. When mousing over these icons, the popup window indicates that they lead to "http://viruswebprotect.com/shandler/php?..."

-- I periodically get pop up icons that say "someone is trying to attack my computer" and there was a message that stated "Win32.netsky worm has infected my computer"

I have completed the five steps listed in the "before you post" thread. The only deviation from that is that I already have Windows XP SP2 installed. Any help would be much appreciated. Thanks.

A:uCleaner Malware / Error Cleaner, Privacy Protector, Spyware&Malware Icons

Bump Bump Bump

1 more replies
Answer Match 70.14%

Privacy Protector, Error Cleaner and Spyware&Malware protection, it pops up a message saying my computer is infected and keeps opening internet windows even when i change the homepage away from the site it wants to go to. it is really slowing my laptop down, and when u attemp to close the pop ups or delete the desktop icons, it frezzes the laptop and the only way to resolve it is to restart but it just comes back no matter what, norton will not pick it up either. it is causing my laptop start up and loading time to be epic and is making it unusable, this topic has been fixed before by RichieUK on: http://www.bleepingcomputer.com/forums/t/105116/privacy-protector-error-cleaner-spyware-malware-protection/ i have the exact same thing. should i just follow those steps or wait for specific advice for my system? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:00:05, on 03/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\S... Read more

A:Malware, Privacy Protector, Error Cleaner And Spyware&malware Protection

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

27 more replies
Answer Match 70.14%

This showed up when i started up my computer last night (I'm running XP). My desktop background changed to red with biohazard type logo, windows keep popping up trying to sell me protection, etc. when it first showed up some of my desktop icons dispeared and i couldn't get into my c drive, but that seems to have stopped for the moment.I've run my Kasperskys Antivirus, which says it can't delete it, disinfects it, but doesn't seem to change anything.I've also used System Mechanic 5, Spybot Search and Destroy, Smitfraudfix (i saw this suggested to someone else veiwing another forum- and it seems to work and everything looks good for 5 minutes, but then low and behold it comes right back) plus RegClean, RegistryFix, Tracks Eraser Pro, BugDoctor- to try and clean stuff out- some things seem to get rid of it, but then it returns. I've been looking it up on google to see what other people did, and trying these things, but obviously this strategy hasn't worked. its just given me a headache.I'm out of my depth. I really need help! Thankyou in advance for your wisdom.Here are my dss reports:Deckard's System Scanner v20071014.68Run by Aqua Dragon on 2008-06-08 11:54:45Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --5: 2008-06-08 15:54:53 UTC - RP230 - Deck... Read more

A:I Have An Error Cleaner, Privacy Protector, Spyware And Malware Protection Problem (virus? Malware? Trojan?)

Hi,Please uninstall the following programs since they are known to cause more damage than anything else:RegistryFix v6.2Bug Doctor 3.0.3.8Reboot afterwards.After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

2 more replies
Answer Match 65.94%

The titles listed in the subject line recently appeared on my desktop along with a VERY hijacked machine.

I get a common pop up that states "Warning! Potential Spyware Operation! Your computer is making unauthorised copies of your system and internet files. Run full scan now to prevent any unauthorised access to your files! Click here to download Spyware Remover..."

This is a personal home computer.

I tried the five step process and met with the following results:

1) Can not access addd/remove tab - following error message:
Restrictions
This operation has been cancelled due to restrictions in effect on this computer. PLease contact your system adminstrator.

2) Can not run Panda ActiveScan - get message "internet explorer cannot display the webpage" when scan window attempts to run, all pop-up blockers disabled

3) Successful instal of both Spyware Blaster and IE-Spyad

4) Could not use windows update - following error message:
Network policy prevents you from using this website to get updates for your computer

5) Deckard's maint.txt log:

Deckard's System Scanner v20071014.68
Run by Daddy on 2008-01-15 17:51:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-01-15 22:52:0... Read more

A:Bad Malware infection - Spy-rid, InfeStop, Easy Spyware Cleaner

SpyBot-SD Just caught a process identified as Virtumonde.crack. I told it to kill the process next time it is encountered.

19 more replies
Answer Match 65.94%

Below is my log file after running the hijackthis exe.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:26 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\SafeNe... Read more

A:NEED HELP REMOVING Error Cleaner, Spyware & malware icons

Hi Welcome to TSG!!
Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool ... Read more

3 more replies
Answer Match 65.94%

i cant get rid of these programs; Error Cleaner, Privacy Protector,and Spyware&Malware Protection. I also keep getting these messages. Can somebody please help me.
this is my hjt log file.
any help would be great

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:54, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Fi... Read more

A:Error Cleaner, Privacy Protector,and Spyware&Malware

Hi Welcome to TSG!!

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet after downloading the program and before scanning.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Download ComboFix and save it to your desktop.

**Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.

WARNING: IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts.
Please do not re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on combofix.exe and follow the prompts... Read more

3 more replies
Answer Match 65.94%

Hi Guys,In advance i would like to say thanks for your time with this little problem. A friends PC as been infacted with Malware viruses, Keyloggers and olther nasty bugs. I have managed to remove most of the affending items, less the Privacy Protector & error cleaner plus i'm sure there are a few more lurking on the system. They seem to hijack the active desktop, redirect his webpages and download and install system_defender installer which auto runs. There is also a VIRUS ALERT label in the Task Bar area, which also displayes it's shelf on all system mesg boxes.Below are the Kaspersky Log & DSS log.RegardsPaulKASPERSKY ONLINE SCANNER REPORT Tuesday, June 03, 2008 11:45:45 PMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 3/06/2008Kaspersky Anti-Virus database records: 826461 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\C:\D:\ Scan Statistics Total number of scanned objects 60330 Number of viruses found 8 Number of infected objects 35 Number of suspicious objects 0 Duration of the scan process 00:47:44 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All User... Read more

A:Privacy Protector?, Error Cleaner, Spyware&malware,

Hello chics and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
Reg - Software Policy Settings
Fi... Read more

8 more replies
Answer Match 65.52%

Okay I did something stupid by downloading & trying to run a program where I didn't know where it was comming from. My fault but now my computer is completely useless & I really need help fixing it. I don't have a bunch of money to take it in to get it repaired so I am hoping I can get some help here.

I mean useless in the fact I can not access Task Manager, I can not RUN anything, they all have disappeared from the menu. If I try to even run Internet Explorer it won't let me. Any program I try to use is immediatly shut down. It runs for like a few seconds then goes away. I am not a computer savy person when it comes to things like this. I really am begging for some help. I have no idea where to begin. I can't download any programs to help me. I can't even access the internet. I have it unplugged from the internet now & am using another computer to write this. Is it even possible to fix my problem now? I'm not sure but there is nothing I have tried that worked. I even had ComboFix on my computer & it wouldn't let me access it. I changed the name of the program & tried it again but then it disappeared from my desktop. I need help please!

More replies
Answer Match 65.52%

Deckard's System Scanner v20071014.68Run by Alex on 2007-10-22 22:12:30Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2007-10-23 02:15:13 UTC - RP2 - Deckard's System Scanner Restore Point1: 2007-10-22 23:55:44 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Alex.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:18:09 PM, on 10/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\... Read more

A:Error Cleaner, Privacy Protector, Spyware And Malware Protection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum tchopple11 My name is Richie and i'll be helping you to fix your problems.Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed in 2006,read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerGo to Start > Settings > Control Panel > Add/Remove Programs and remove the following program if present,then restart your pc:MyWaySADownload SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Troj... Read more

1 more replies
Answer Match 65.52%

ok, my cousin has gotten some type of virus/spyware that i can't remove. it has added error cleaner, privacy protector, spyware&malware proctection icons to the desktop that point to a website. here is the hjt log. please let know i need to add anything else. i have already ran avg, stinger, ad-aware, and spyboy s&d to clean up as much i could. i couldn't access the internet to run the online scans.thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:29:36 PM, on 3/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDO... Read more

A:Hjt Log For Error Cleaner, Privacy Protector, Spyware&malware Proctection

swebb32_99 Sorry for the delayRe Run HijackthisAt the Main window select "Open the misc tool section"Then select "Open uninstall manager"Then "save list" and save it to your desktopCopy and paste that list as a reply to this thread

27 more replies
Answer Match 65.52%

This program embedded itself into my system. It changes my desktop and keeps poping up with warnings and websites. It is called Privacy Protector, Error Cleaner and Spyware&Malware protection. I have tried to fix this but have had no luck. I have ran norton, stinger,AVG, spybot, etc. but nothing has worked. Please get this virus out of my computer. Any help you can give would be appreciated!! Below is my hiJack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:22:16 PM, on 8/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files&... Read more

A:Privacy Protector, Error Cleaner, Spyware&malware Protection

anyone can help...please!!

13 more replies
Answer Match 65.52%

I have picked up some sort of virus that keep bringing up pop-ups pretending to be windows that direct me to websites to buy anti-virus software. It has also changed 3 icons on my desktop to Error Cleaner, Privacy Protector and Spyware & Malware. It has changed my background to a big red picture with a hazard symbol that says "Your privacy is under threat" or something along those lines. I can no longer bring up task manager because it has changed my administrative authority. God knows what else it has changed. I have seen other people have also had this virus. I have followed the steps and got the 3 logs from Panda and DSS. I can post these when you need them. Please help! Thanks in advance. Adam

A:Virus (Error Cleaner, Privacy Protector, Spyware & Malware)

DSS log

Deckard's System Scanner v20071014.68
Run by Adam on 2008-04-15 12:53:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
88: 2008-04-15 11:53:12 UTC - RP191 - Deckard's System Scanner Restore Point
87: 2008-04-14 22:34:55 UTC - RP190 - Installed iTunes
86: 2008-04-14 19:42:46 UTC - RP189 - System Checkpoint
85: 2008-04-13 18:10:06 UTC - RP188 - System Checkpoint
84: 2008-04-12 16:28:17 UTC - RP187 - System Checkpoint


-- First Restore Point --
1: 2008-01-15 20:19:15 UTC - RP104 - Installed Sid Meier's Civilization 4


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-15 12:54:46
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Fil... Read more

2 more replies
Answer Match 65.52%

Hi,

Some malware is embedded in my computer. It has messed with my ability to access my drives and has put phony shortcuts on my desktop called "Privacy Protector", "Error Cleaner", and "Spyware&Malware Protection". I also keep getting false windows security alerts saying "Windows has detected an internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now . . ." and "Spyware Alert - Security Warning! Worm.Win32.NetBooster detected on your machine. This virus is distributed via the Internet through e-mail and Active-X objects. The worm has its own SMTP engine which means it gathers e-mails . . .". It has also taken over my Internet Explorer and keeps trying to open the site virus-webscanner.com/2008/2/freescan.php. I tried to perform the 5 Step Process recommended by your forum but Panda ActiveScan keeps giving me an error and saying try back later. I also cannot update Windows, as my Internet Explorer keeps giving false messages and errors when I try to download Windows updates.

Would greatly appreciate your help.

A:Privacy Protector, Error Cleaner, and Spyware&Malware Protection

BUMP, please

2 more replies
Answer Match 65.52%

Hello, i hope someone can help me. About a week ago i recieved these three icons on my desktop: error cleaner, privacy protector, spyware and malware protection. I also had links for each in my favorite places folder in internet explorer. My desktop background was hijacked by a red clickable screen with a warning saying "your privacy is in danger" and would sometimes turn to a completely white background. I recieved numerous pop-ups of fake virus/spyware programs at the same time of infection.

My main virus protection software is Norton, which found nothing. I googled the three viruses and saw numerous forum topics on this matter. I followed the directions most of the tech personnel instructed the poster however obviosly was not allowed to post my logs for review. I installed hijackthis and other programs as many of the users who experienced the problem where instructed to do. Since then error cleaner, privacy protector, spyware and malware protection have been fixed allong with the desktop background and desktop popups. I didn't touch the registry for anything. The problem that persists is now my computer (laptop HP dv2000) runs extremely slow, hotter than usual????, and internet explorer opens on it's own taking me to random websites.

I hope this information helps, could i still be infected? I would REALLY appreciate it if someone could help me, give me some instructions and look at my logs to see if they can find anything.

A:Had Error Cleaner, Privacy Protector, And Spyware/malware Proteciton

Hi mattv9284, Welcome. Is this an XP pc?IF Vista then Always Start an Application in Administrator Mode on Windows VistaPlease give this a scan and post the report,thanks.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to ... Read more

1 more replies
Answer Match 65.52%

I keep having the same problem as the person with this post http://www.bleepingcomputer.com/forums/t/105116/privacy-protector-error-cleaner-spyware-malware-protection/ I have run avast! Spybot Search and DEstroy PC Tools Antivirus, and adaware, but everytime I think I have it all gone, the icons for Privacy Protector, Error Cleaner, Spyware&malware Protection reappear on my desktop, and they are just links to dl some crappy wannabe stuff.. Right now in I have found Win32:Zlob-AJP in C:\System Volume Information\_restore{129201FH-B0AC-49B2-DEB8B913727B\RP1 in A0000033.dll Win32:Adpatrol in C:\System Volume Information\_restore{129201FH-B0AC-49B2-DEB8B913727B\RP2 in A0000294.dll and Win32:Agent-LTS in C:\System Volume Information\_restore{129201FH-B0AC-49B2-DEB8B913727B\RP2 in A0002469.dll and I found those in an avast! bootscan, I don't know what those .dll files are for, so I just put them in the avast! "Virus Chest" but every time something with a virus gets deleted, another one pops back up later and that's when those icons come and popups with virus warnings and and website. PLEASE PLEASE help me get rid of this... :thumbsup:









removedtype='text/javascript'>
ipb.global.registerReputation( 'rep_post_767125', { domLikeStripId: 'lik... Read more

A:Privacy Protector, Error Cleaner, Spyware&malware Protection.. Help Get It Off Please

How is you computer running now? Any more reports/signs of infection?

11 more replies
Answer Match 64.68%

I HAVE WINDOWS XP PRO
GETTING SEVERAL WARNINGS SAYING MY PC IS INFECTED
I CANNOT ACCESS ANY OF MY HARD DRIVES AND AVG IS NOT DETECTING IT!
PLEASE HELP!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40: VIRUS ALERT!, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www... Read more

A:Please Help!!! Error Cleaner, Privacy Protector, Spyware and Malware Protection virus

Hi Welcome to TSG!!
Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool ... Read more

1 more replies
Answer Match 64.68%

hi, this is my first time here:)looks like i have caught a virus..my computer constantly freezes and throws up pop-ups. My desktop background has changed by itself, with the words writing, OUR PRIVACY IS IN DANGER! DOWNLOAD PRIVACY PROTECTION SOFTWARE NOW. icons of programs Error Cleaner, Privacy Protector and Spyware & Malware Protection have also appeared on the desktop.Im also geeting a red circle flashing in the right bottom corner. i tried various adwares and spyware but non of them seemed to work. PLEASSEEEE HELP ME DELETE THIS MESS OF MY COMPUTER.here is my Hijackthis LogLogfile of HijackThis v1.99.1Scan saved at 16:32:25, on 28/08/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\1179502606\ee\AOLSoftware.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\vsnpstd3.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program... Read more

A:Helpp!error Cleaner, Privacy Protector And Spyware & Malware Protection.

Hello goran88, I am SifuMike and I will be helping you. Sorry for the delay. We have many logs backed up. NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Please download SmitfraudFix You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway... Read more

2 more replies
Answer Match 64.68%

Got zapped with the above mess the evening of 4/16 and became unbearble on 4/17. Had to do a System Restore back to 4/15 to get a usable system. Things appear to be okay, but want to make sure I get rid of any potential lingering threats. Icons for all 3 are still on the Desktop but appear to be disabled. Not sure if there are any threats that might be ready to blast me unexpectedly.

Ran through all 5 pre-post steps.

Main.txt
Deckard's System Scanner v20071014.68
Run by Larry Guy on 2008-04-18 23:54:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
64: 2008-04-19 04:54:55 UTC - RP738 - Deckard's System Scanner Restore Point
63: 2008-04-19 04:38:32 UTC - RP737 - Software Distribution Service 3.0
62: 2008-04-18 10:27:51 UTC - RP736 - Restore Operation
61: 2008-04-17 06:52:43 UTC - RP735 - System Checkpoint
60: 2008-04-16 02:28:34 UTC - RP734 - System Checkpoint


-- First Restore Point --
1: 2008-01-21 22:37:10 UTC - RP675 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 7.24 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-18... Read more

A:Cleanup of Error Cleaner, Privacy Protector, and Spyware&Malware Protection

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help, please post a fresh HijackThis log, as it has been a while since you posted.

1 more replies
Answer Match 64.68%

i have tried mcafee virus scan, smit fraud fix, avg spyware scanner, adware spyware scanner with no luck. I get error message that some one is trying to infect my pc with spyware and viruses. internet explorer is not working and has become unresponsive. I took all the steps advised here and now posting hjt log and combofix log here.

hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:48 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsof... Read more

A:can not remove error cleaner, privacy protector, spyware and malware protection

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:


Quote:





Killall::


File::
C:\WINDOWS\drnpfdxrqv.dll
C:\WINDOWS\altvxvm.dll
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\drnpfdxrqv.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\fmsxwqs.exe





Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

3 more replies
Answer Match 64.68%

hi

have got the following symptoms:

- desktop items appeared
-error cleaner
-spyware & malware protection
-privacy protector
-pop-up windows
-spyware alert - worm.win32.netbuster
-windows security alert
-red circle with white cross in system tray
-internet explorer pops up on site www.system-defender.com
-moves between windows as type (makes doing this a real pain!!)

here is the results from deckard system scanner, could not find an extra.txt file

Deckard's System Scanner v20071014.68
Run by Nathen on 2008-04-19 12:42:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 5.97 GiB (less than 15%) free.


-- HijackThis (run as Nathen.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-19 12:43:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\b... Read more

A:pop-ups+ error cleaner, privacy protector and spyware & malware protection on desktop

Download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply along with the following log.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on ... Read more

7 more replies
Answer Match 64.68%

hi, i have Error Cleaner, Privacy Protector, Spyware And Malware Protection icons on my desktop, and in my favorites under documents and settings. i get spammed with a bunch of fake anti-virus popups now, and i don't know how to get rid of them. system restore doesn't work, and my anti-virus/anti-spyware can't get rid of them. please help

A:Error Cleaner, Privacy Protector, Spyware And Malware Protection. Need Help Removing Please!

See info in link below for using Smitfraudfix unless you have Vista.http://www.bleepingcomputer.com/forums/t/98801/how-to-remove-privacy-protector-or-privacyprotector-removal-instructions/Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.htmlHow to Start Windows in Safe Mode:http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/ Post back for further instructions after doing the above.

2 more replies
Answer Match 64.68%

OK for starters i am working on my moms computer that had become severly infected with many virus and spyware. Anti-virus scanners found many of them and got rid of them but the one that put Error Cleaner and Privacy Protector and so on on the computer just will not go away. I am not computer stupid I can get around one ok and i have tried to get rid of this in many ways including searching for and quarantineing suspicious files created on the date the virus and spyware were first detected. Files i have deleted have come back as soon as i restart the machine. I also ran the virus scanners in safe mode to get rid of a few of the infected files that windows locks in normal mode. I do not have any more ideas Please help me

I have used ActiveScan and will include that log

I installed Spyware Blaster, ie-spyad, and Zoned Out to help prevent any further infection.

I have also updated windows

Please let me know of anything else i need to do to help you assist me i figuring out this issue.

Thanxs in advance.

Main log from Deckard's System Scanner will follow
and extra log is attached

Panda ActiveScan Log
Incident Status Location ... Read more

A:[SOLVED] Error Cleaner, Privacy Protector, and Spyware& Malware Protection Won't Go

Hello and Welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

15 more replies
Answer Match 64.68%

Hey I have tried all the steps and nothing...I have Error Cleaner, Privacy, and Spyware and malware protection my computer. I tried programs left and right and cant get it off. I usually can get them off but I am lost for words on this one. Ive Downloaded Spyblaster and ie-spyadzo and got nothing. I play Computer games and work on my computer...really tried my patience. I did the DSS.exe thing....


Deckard's System Scanner v20071014.68
Run by Polli on 2008-01-14 00:32:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-01-14 06:32:48 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-01-14 06:16:23 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-14 00:34:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EX... Read more

A:I have Privacy Protector,Error cleaner, and Spyware and malware protection and popups

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every inquiry.


Please download SmitfraudFix
Extract the files to the Desktop

~~~~
Start the computer in Safe Mode:When the machine reboots, tap the F8 key before Windows starts
You are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Press Enter to boot into Safe Mode.

~~~~
Open SmitfraudFix Double-click smitfraudfix.cmd
Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

~~~~
Restart the computer to complete the removal process.

~~~~
Now, download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post the SmitFraudFix report located at C:\rapport.txt , the ComboFix.txt, and a ne... Read more

1 more replies
Answer Match 64.68%

Smitfraudfix posted here worked temporarily, but my machine keeps getting taken over by this virus. If anyone can help interpret what i have here, I would appreciate it. Internet explorer changes my homepage without permission to this ucleaner website. This started from a fake myspace blog I opened. I get shortcuts to error cleaner, privacy protector, and spyware-malware protection urls.here is the smitfraud fix log:SmitFraudFix v2.274Scan done at 15:56:58.68, Thu 12/27/2007Run from C:\Documents and Settings\Administrator\Desktop\fixes\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode???????????????????????? SharedTaskScheduler Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll???????????????????????? Killing process???????????????????????? hosts127.0.0.1 localhost???????????????????????? Winsock2 FixS!Ri's WS2Fix: LSP not Found.???????????????????????? Generic Renos FixGenericRenosFix by S!Ri???????????????????????? Deleting infected filesC:\DOCUME~1\ADMINI~1\Desktop\Error Cleaner.url DeletedC:\DOCUME~1\ADMINI~1\Desktop\Privacy Protector.url DeletedC:\DOCUME~1\ADMINI~1\Desktop\Spyware?Malware Protection.url DeletedC:\DOCUME~1\ADMINI~1\FAVORI~1\Error Cleaner.url DeletedC:\DOCUME... Read more

A:Error Cleaner-privacy Protector-spyware Malware Urls Reoccurring

Hello juleeeaaa and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

2 more replies
Answer Match 64.68%

Please help!! This programs have embedded themselves somewhere in my computer! I was having endless pop-ups and could barely get on the internet, but I purchased the highest Norton Anti-virus available and have managed to clean some of it out, but not all. I still get a tool bar and a popup blocker from them. Also, instead of ads on the webpages, I end up with videos. Please help me clean my computer!!!! Thank you!!

A:Error Cleaner, Privacy Protector & Spyware/Malware hijacking my computer!!

Hello and welcome to TSF

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

===================
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<---Attached

3 more replies
Answer Match 64.68%

Hello folks! I don't mean to be a newb causing a stir, but I've contracted a virus that won't go away and a search led me to this forum as a likely source of a solution.What's wrong: I was prompted to download a video codec update and was fooled into accepting. Initially the virus presented itself as a desktop hijacker as well as installing Privacy Protector, Error Cleaner, and Spyware&malware Protection icons on my desktop, shooting up annoying pop-ups, and switching between programs at random when I have more than one window open. After I took measures against it, the desktop spread went away, but a new, unnerving symptom has arisen: the computer plays sound clips every so often, completely unprompted and unfamiliar prior to the infection. (The other symptoms, aside from the desktop spread, still remain.)What I've done so far: I've run SmitFraudFix and Eusing Registry Cleaner, in addition to a scan by my own Symantec AntiVirus Corporate Edition. I've also tightened up my Windows firewall settings to limit background access to the internet. Once I got here, I downloaded and ran HJT, and the log will be at the end of this post. Thanks in advance for helping me out!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:40:36 AM, on 2/25/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\W... Read more

A:Infected By: "privacy Protector, Error Cleaner, Spyware&malware Protection"

Hi, Wellcome to Bleeping Computer Forums!You might want to save this page on your favorites, so you can find it again when you return.Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.

10 more replies
Answer Match 64.68%

These are the log files in reference to this thread.

Rapport.txt = Smitfraudfix

I have followed all steps in my original thread. When installing spywareblaster i try to run it and get this error message: "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it." and get the same when reinstalling etc.

I have noticed some programs wont open, they give me a message saying file corruped, manipulated by a virus and may be infected, program will not work anymore.

The popups come every couple of hours. When they come up i restart in safe mode and run simtfraudfix, then restart in normal mode and everything is fine for 2/3 hours, then i have to do it again when the popups come.

A:Logs: Error cleaner, Privacy protector, Spyware/Malware protection

These was no minimized extra.txt???



Deckard's System Scanner v20071014.68
Run by LeeAndrew on 2008-01-29 15:38:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as LeeAndrew.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39, on 2008-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Common Files\LightScribe\LSS... Read more

19 more replies
Answer Match 64.68%

I get these error cleaner/privacy protector/spyware&malware protection icons whenever i reboot my computer..and if I delete them they just come back. I can't access my task manager either. It says "task manager has been disabled by administrator," but this is my computer at home.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:08:45 PM, on 5/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\savedump.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\... Read more

A:Error Cleaner/privacy Protector/spyware&malware Protection Icons

Hello Zachxy and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

9 more replies
Answer Match 64.68%

It showed up on my computer as 3 programs - Error Cleaner/Privacy Protector/Spyware & Malware Protection - which have caused a full screen program (as shown in picture - appears to turn my desktop red but is closable by finding the x in the corner) and popups warning me my computer is at risk and that I should download their antivirus/spyware/malware products. I have tried using BitDefender, AVG, Stinger, Ad-Aware, Norton, Spyware Doctor and Spybot Search & Destroy. At times a scan has seemingly gotten rid of the problem but on restart of the computer the problem returns (or sometimes on the second restart). Please help me get rid of this. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:54:59 PM, on 9/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program... Read more

A:Infected By Error Cleaner/privacy Protector/spyware & Malware Protection

Please. Anyone that can help me out on this?

29 more replies
Answer Match 64.68%

HELP! - error cleaner privacy protector/ spyware malware Security and the Web problem. could someone please help me sort this out please

More replies
Answer Match 64.68%

Hi,
my friend has this on his laptop. Security warning! Spyware alert, worm.win32.Netsky warning etc.
I have updated all antivirus, spyware and adware applications and run them with no luck.
I have followed the steps for 'if you think you are infected' to remove malware. Any advice would be appreciated.


Deckard's System Scanner v20071014.68
Run by PAUL ANDREWS on 2008-02-07 10:59:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2008-02-07 10:59:13 UTC - RP202 - Deckard's System Scanner Restore Point
27: 2008-02-07 10:39:02 UTC - RP201 - Spyware Begone! Spy Removal
26: 2008-01-21 23:16:31 UTC - RP200 - Spyware Begone! Spy Removal
25: 2008-01-13 03:57:58 UTC - RP199 - System Checkpoint
24: 2008-01-09 21:10:44 UTC - RP198 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-10-24 14:33:36 UTC - RP175 - Installed Windows XP KB915865.


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as PAUL ANDREWS.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:40, on 07/02/2008
Platform: Windows XP SP2 (WinNT ... Read more

A:[SOLVED] Privacy Protector, Error Cleaner and Spyware&amp;Malware protection

Hopefully problem solved. Thanks to anyone who has worked on this problem which seems to be popping up left right and centre.
Cheers
Mike

1 more replies
Answer Match 64.68%

Somehow i have error cleaner, privacy protector, spyware and malware protection on my desktop and it has also set my homepage as a fake spyware site. I have tried smitfraud and re-insalling windows but still no luck. I would appreciate any help!

A:Error Cleaner, Privacy Protector, Spyware And Malware Protection. Need Help Removing Please!

Hello there and welcome to BleepingComputer.Please follow our Preparation Guide For Use Before Posting a HijackThis Log; running all of the scans before posting your HijackThis log in your next reply.

16 more replies
Answer Match 63.84%

Alright, I posted earlier but now I found the real problem. I had malware installed on my computer and it was the Privacy Protector, Error Cleaner, Spyware&malware Protection problem.I just ran SD fix.exe and it found a lot but now that my computer is up, I am still getting the attack messages.I followed the instructions here:http://www.bleepingcomputer.com/forums/t/105116/privacy-protector-error-cleaner-spyware-malware-protection/These are the results of my fix:SDFix: Version 1.205 Run by Administrator on Tue 07/15/2008 at 06:26 AMMicrosoft Windows XP [Version 5.1.2600]Running From: C:\SDFixChecking Services :Restoring Default Security ValuesRestoring Default Hosts FileRestoring Windows ProductId To Remove Fake Virus AlertRebootingChecking Files : Trojan Files Found:C:\Documents and Settings\user\Desktop\Error Cleaner.url - DeletedC:\Documents and Settings\user\Favorites\Error Cleaner.url - DeletedC:\Documents and Settings\user\Desktop\Privacy Protector.url - DeletedC:\Documents and Settings\user\Favorites\Privacy Protector.url - DeletedC:\Documents and Settings\user\Desktop\Spyware&Malware Protection.url - DeletedC:\Documents and Settings\user\Favorites\Spyware&Malware Protection.url - DeletedC:\WINDOWS\system32\s.bat - DeletedC:\WINDOWS\EPEB.EXE - DeletedRemoving Temp FilesADS Check : Final Check :catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-15 06:39:03Windo... Read more

A:Privacy Protector, Error Cleaner, Spyware&malware Protection - Just Finished Using Sdfix.exe - Someone Let Me Know If I...

My ComboFix log:ComboFix 08-07-13.11 - user 2008-07-15 6:56:27.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.616 [GMT -4:00]Running from: C:\Documents and Settings\user\Desktop\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\user\Application Data\inst.exeC:\Documents and Settings\user\Desktop\Error Cleaner.urlC:\Documents and Settings\user\Desktop\Privacy Protector.urlC:\Documents and Settings\user\Desktop\Spyware&Malware Protection.urlC:\Documents and Settings\user\Favorites\Error Cleaner.urlC:\Documents and Settings\user\Favorites\Privacy Protector.urlC:\Documents and Settings\user\Favorites\Spyware&Malware Protection.urlC:\WINDOWS\system32\mcrh.tmp.((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))).2008-07-15 06:19 . 2008-07-15 06:20 <DIR> d-------- C:\WINDOWS\ERUNT2008-07-15 06:18 . 2004-04-08 01:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust2008-07-15 06:18 . 2008-07-15 06:18 <DIR> d-------- C:\Documents and Settings\Administrator2008-07-15 ... Read more

4 more replies
Answer Match 63.84%

Hi; I picked up this worm a couple of days ago. I get constant popups telling me how I'm infected etc, my pc has slowed and frequently freezes, outlook is a joke. In short it;s a mess. How can I get rid of this thing and where do I find the perpetrator so I can inflict serious damage on his juvenile, penis challenged body? I'm running Windows XP Professional 2002 on a Dell desktop[ pc.
 

A:win32 error cleaner/privacy protector/spyware and malware protection virus

9 more replies
Answer Match 63.84%

These programs embedded itself into my system. It changes my desktop and keeps poping up with warnings and websites. It is called Privacy Protector, Error Cleaner and Spyware&Malware protection. I also get security warnings saying 'spyware alert' asking me to click to remove.

More replies
Answer Match 63.42%

I got this a couple of days ago and noticed that a couple of people also had this problem and were able to resolve it with your help. These desktop icons keep appearing no matter how many times I delete them and there are several annoying pop ups that have just made my computer experience these past days dull. I got the same exact problem with these two threads http://www.bleepingcomputer.com/forums/t/106853/malware-privacy-protector-error-cleaner-and-spyware-malware-protection/ and http://www.bleepingcomputer.com/forums/t/105116/privacy-protector-error-cleaner-spyware-malware-protection/ and im wondering wether or not to risk following the steps written on those threads or not since I have completley diffrent Anti virus software from them. I got both Kaspersky Anti-Virus and Spyware doctor. Can Anyone help me with this problem? Id really appreciate anyone who is willing to lend a hand, but im not quiet the computer expert and dont have the software mentioned in the other two threads like HijackThis and the other stuff so if you would also link the site to download it that would be great thanks.

A:Maleware, Error Cleaner, Privacy Protector, Spyware&malware Protection Desktop Icons

Hello BaderThanBad and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note: If you don't have HijackThis installed on your computer, dss will prompt you to download and install it for you, please allow this to happen !Regards,

8 more replies
Answer Match 63.42%

Hi,Repeated popups and warnings led to a Google search on the Subject above and finding this forum.I initially attempted a "Restore Point" rollback but that would not complete successfully.I then completed the following -- Uninstall "XP Anti-Virus"- Ran SmitfraudFix- Ran SDFix- Ran ComboFix- Installed and Ran HijackThis(Attempted a "Fix Checked" without success of "O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\awtuvULB.dll")- Installed and Ran SUPERAntiSpyware(found 0 errors or problems in any category)HijackThis still displays "O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\awtuvULB.dll" which concerns me so I am posting so the guru's can check out the logs....As a newby to the forum I appreciate any help/advice :^) Thanks.Deckard's System Scanner v20071014.68Run by administrator on 2008-04-18 16:18:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --96: 2008-04-18 23:18:37 UTC - RP324 - Deckard's System Scanner Restore Point95: 2008-04-18 22:49:23 UTC - RP323 - Installed SUPERAntiSpyware Free Edition94: 2008-04-18 21:40:02 UTC - RP322 - Restore Operation93: 2008-04-18 21:27:20 UTC - RP321 - Restor... Read more

A:Removal Of Xp Anti-virus, Privacy Protector, Error Cleaner And Spyware&malware Protection

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\awtuvULB.dllO20 - Winlogon Notify: awtuvULB - C:\WINDOWS\SYSTEM32\awtuvULB.dllO21 - SSODL: DriveSys - {7dc6ff88-ddc9-4b18-a143-ef3f8f110be0} - C:\WINDOWS\Resources\DriveSys.dll (file missing)O21 - SSODL: SysBoot - {fd5ffa08-e23f-467f-867a-8a5770344bc3} - C:\WINDOWS\Resources\SysBoot.dll (file missing)Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Open hijackthis, click 'conf... Read more

1 more replies
Answer Match 63%

Hello,
I am having a problem within my Window7 OS. I removed a "Java solace k" virus in 06/2010 but am still having issues with redirects from my browser and fake security scanners telling me of a security breach within my system. Any assitance would be greatly appreciated.

buhdabless

A:malware/spyware and fake security scanner

Hello please try this approach.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware pro... Read more

5 more replies
Answer Match 61.32%

I have been battling trying to fix my computer for the past four days. It started with my computer just restarting and then a blue screen would come up and it would automatically restart. After I would re boot I started to get these things popping up at the bottom of the screen saying my computer was infected and total security was start running itself. I didn't buy it and quickly began to search the web and see what it actually was. Sure enough it was a virus so I came to this website to see what I needed to do. I downloaded that Malware thing and it would load. I tried to rename it didn't work. oh yeah I also tried to do a system restore and it will not let me it is locked saying call my administrator. When I am regular mode I try to press cont alt del and the task manager doesn't pop up. It only allows the task manager to come up on safe mode under administrator. I have downloaded plenty of antivirus scanners. My mcafee isn't working, tried norton not working, pc tools, spyhunter. Some will actually load and scan and when it is like 75% done scanning it just disappears. I've deleted some of those long numbers like 12141123(stuff like that) under system 32 and now I am not getting total security to pop up but antivirus pro 2010 and microsoft phising... I have tried manually deleting things but that is too confusing and quite frankly I don't want to delete something that doesn't need to be. I hope someone can help me. I tried to avoid doing this, but seems like this is my la... Read more

A:Malware/Spyware/ EVERYTHING Virus.. Scanner doesn't complete the scan... Just disappears

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

14 more replies
Answer Match 59.64%

These programs embedded itself into my system. It changes my desktop and keeps poping up with warnings and websites. It is called Privacy Protector, Error Cleaner and Spyware&Malware protection. I have tried to fix this but have had no luck. I have ran Kaspersky, Ad-aware, but nothing has worked. Please get this virus out of my computer. Any help you can give would be appreciated!!

A:Error Cleaner, Privacy Protector, & Spyware/Malware Protector hijacking my conputer

Hello and welcome to TSF

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

========================
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<---Attached

18 more replies
Answer Match 59.64%

These programs embedded itself into my system. It changes my desktop and keeps popping up with warnings and websites. It is called Privacy Protector, Error Cleaner and Spyware&Malware protection. I have tried to fix this but have had no luck. I have the Shield Anti-Virus and Uni-Blue Spy eraser but they didn't help. Please help me !!!

A:Error Cleaner, Privacy Protector, & Spyware/Malware Protector hijacking my conputer

PLease help soon!!!

8 more replies
Answer Match 59.64%

These programs embedded itself into my system. It changes my desktop and keeps poping up with warnings and websites. It is called Privacy Protector, Error Cleaner and Spyware&Malware protection. I have tried to fix this but have had no luck.

Thanks!
 

A:Error Cleaner, Privacy Protector, & Spyware/Malware Protector -hijackthis included

11 more replies
Answer Match 59.22%

The three spyware things I have listed above managed to attach them to my pc, getting past norton 2007. I tried everything to get rid without success. I downloaded spybot but that didnt get rid of it. Then this morning I decided to have another go. Spybot box came up saying important registry change had occurred and did I want to allow it. In desperation I agreed. The three spyware icons disappeared and pc seems to be working alright. Am I clear - how do I find out?

A:Error Cleaner Privacy Protector Spyware Malware Protector

Hello jimisis and welcome to the BleepingComputer forums.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

6 more replies
Answer Match 56.7%

Is there a decent registry tool (scan, clean, etc.) that's free?

pjblevin
 

A:registry scanner/cleaner

16 more replies
Answer Match 56.7%

Running Win7, plenty of RAM & CPU speed.
 
Today on the internet, "Turboyourpc" is touted as a trouble free registry cleaner. Suppose to speed up your computer by removing bits and pieces of uninstalled programs left behind  I've always been leary about messing with my registry. Does BC have a recommendation, either way, leave it alone or run this software "-------------------"?
 
Thanks for your expertise!!

A:Registry Cleaner/Scanner

Hi pinegum These programs are known to be harmful to the system and should not be used for any reason there is. It's a known fact that using Registry Cleaners can easily break a Windows installation, to the point where a complete reinstallation might be needed. Here's a few myths about using these programs, and why they are just plainly false."Using a Registry Cleaner will improve a system's performance" - False. The Windows Registry is a big database which contains information on everything present on the system, from the boot settings to how your programs looks when you open them. There's so many entries in it that cleaning even thousands of them isn't enough to boost a system performance. Also, there's no studies, tests, benchmarks, etc. which shows that using Registry Cleaners actually improve a system speed;"Using a Registry Cleaner will fix all your errors" - False. Using a Registry Cleaner won't fix any problems at all. In fact, it have more chances to create them if anything. There's no program that can fix every problems in a simple click, and there probably never will. If you have an error, it's better to troubleshoot that error in particuliar by finding what's causing it and fixing it than using a software that might give you more errors;"If you don't use a Registry Cleaner, you'll leave a door open for malware" - False. It is rare that malware will actually hijack orpheans keys and keypairs in the Registry to create persistence or install themself. They'll usually... Read more

3 more replies
Answer Match 56.7%

Hey all...I am used to using WinASO for cleaning my registry. Their latest version (3.2) is still not 64-bit capable. My guess is that I should use a 64-bit registry cleaner?? What do you guys use and recommend?

Same for virus scanning. I have a license for AVG Professional. No 64-bit one available, so I'm running a trial version of eset nod32, which has a 64-bit version, and works very well. Again, which one do you guys use/recommend? Should I buy a license for nod32, or can I use my paid-for AVG 32-bit one?

Finally, is it important to have an x64 virus scanner, as well as an x64 reg. cleaner, or would I be able to use 32-bit versions of each???

Thanks!

A:64-bit virus scanner, 64-bit reg. cleaner?

Avast is a good choice, it is free and does not hog recourses.

Free antivirus - avast! 4 Home Edition

1 more replies
Answer Match 55.44%

Recently from http://www.bleepingcomputer.com/forums/t/494727/superantispyware-or-malwarebytes/. Please take the poll and post suggestions for the poll here. 
 

A:Best Anti-Spyware/Anti-Malware/On-Demand Scanner

Hitman Pro to check scan, but needs paying for removal.   Comodo Cleaning Essentials which comes free with Comodo Internet Security for removal.

38 more replies
Answer Match 52.08%

i need a real time spyware scanner for free. I also need a virus scanner (realtime) avast, avg, or antivir? Does anybody have suggestions?
 

A:real time spyware spyware scanner? (free)

16 more replies
Answer Match 52.08%

I try to search for pro pc cleaner here or anywhere on the web and it switches the search to pc cleaner pro.
I believe the malware is made by Rainmaker.
Scan by AVG livecd shows folders named 'pro pc cleaner' in app data and elsewhere.
Anyone point me how to search for a solution?
Typed from my phone right now.
Problem is on WIN 7 laptop.
Thanks
 
Update: just found this youtube removal process of it, will try later. 

A:pro pc cleaner vs. pc cleaner pro malware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/549788 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 50.82%

I have a pop up for PC Cleaner and other stuff.Here are my logs Thanks for the HelpKaspersy------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, April 21, 2008 2:02:38 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 21/04/2008 Kaspersky Anti-Virus database records: 718029-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: A:\ C:\ D:\Scan Statistics: Total number of scanned objects: 40515 Number of viruses found: 6 Number of infected objects: 16 Number of suspicious objects: 0 Duration of the scan process: 01:12:36Infected Object Name / Virus Name / Last ActionC:\Deckard\System Scanner\backup\DOCUME~1\LISAPH~1\LOCALS~1\Temp\rsyncini.exe Infected: Trojan.Win32.Shutdowner.em skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skippedC:\Documents and Settings\Lisa Phillips\Application Data\Sun\Java\Deploym... Read more

A:Spyware Pc Cleaner Pop Up

Hello Greg Williams,Welcome back to Bleeping Computer This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.***If it gives you problems running, then go offline and disable your Avast! and try to run it.Thanks,tea

4 more replies
Answer Match 50.4%

what is the best spyware and adaware removers for Vista?? i have alot of spyware on my computer and cant seem to shake it
 

More replies
Answer Match 50.4%

Hey. Well, I just bought a new Dell computer and have started to get lots and lots of pop-ups for Ultimate Cleaner and Spyware saying that I am at high risk of having my passwords and other private information stolen and that I need to get Ultimate Cleaner to fix it. I've also had a big red pop-up come up and cover my entire desktop. I'd appreciate any type of help I can get because they are really bothersom and are making my computer really really slow. I saw a post from some time back about the Hijack This software so here is the code that I was told to copy. Thanks so much!!!

-Stephanie

----------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:50 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PR... Read more

A:Ultimate Cleaner/Spyware pop-ups

Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum
===========

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it ... Read more

1 more replies
Answer Match 50.4%

My computer was infected with the ultimate cleaner spyware. I used Smitfraudfix.exe to eliminate it. Can you please check my log, so I know I'm clear or is there anything else I need to do.

Aj


Logfile of HijackThis v1.99.1
Scan saved at 8:37:55 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.espn.com/
O2 - BHO: AcroIEHlprObj ... Read more

A:Ultimate Cleaner spyware

That looks ok....but let's use this tool for a more comprehensive set of logs.

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

17 more replies
Answer Match 50.4%

Fresh off the BugTraq mailing list.Our new survey is now up and ready for polling: click here to votehttp://castlecops.com/modules.php?name=Surveys&pollID=3019 of the most popular and known anti-spyware cleaners can be selected.Like all our previous surveys, this one too takes in unique votes, sochoose wisely! This survey looks at both free and pay-for anti-spywarecleaners.Also, take a moment to view what our readers had to say in their reviews on many anti-spyware products here. http://castlecops.com/compare-3You'll see what is hot and what is not in ratings from "Overall feeling","Customer Support", "Value for Money", "Ease of Use", "Install", "CompanyWebsite", and "Reliability". Both Spy Sweeper and Pest Patrol have themost reviews completed to date.Sincerely,Paul Laudanski .. Computer Cops, LLC.CastleCops(SM)... http://castlecops.com

More replies
Answer Match 50.4%

My computer has been turned upside down, i have weird anti-spyware things installed on my computer, a new red background and a new homepage that wont change.

heres this if it will help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:20 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: MSVPS System - {47C... Read more

A:HELP Ultimate Cleaner spyware?

Being helped here

http://forums.techguy.org/malware-removal-hijackthis-logs/610180-hijackthis-log.html
 

1 more replies
Answer Match 50.4%

Wondering if someone could take a look at this for me.
Thanks in advance (no pun intended)

Woke up this morning with a blank/locked up screen.

Rebooted and found AdvancedCleaner Free installed.
SpywareGuard keeps warning me of homepage and search page changes. It will not take stop.

Removed Advanced Cleaner with Add/Remove Programs

AVG finds nothing

Ran Spybot S&D Removed several malwares.
Ad-Aware removed several malwares.


Incident Status Location

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jax\Application Data\Mozilla\Firefox\Profiles\ui6iuxud.default\cookies.txt[.go.com/]
Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Jax\Application Data\Mozilla\Firefox\Profiles\ui6iuxud.default\cookies.txt[advancedcleaner.com/] ... Read more

A:Advanced Cleaner and other Spyware

This is a bump. Any help is appreciated.

17 more replies
Answer Match 49.56%

I have a Dell desktop running Windows XP. My daughter must have accidentally clicked yes on something and now the background is red and has a unusual symbol on it. There are 3 new shortcuts on the desktop. One for Error Cleaner, one for Spyware protection and one for virus web protector. Whenever I try to open IE, one of the sites comes up and tells me my computer is not protected and wants me to purchase something.

Where should I start to diagnose and fix this problem?
 

More replies
Answer Match 49.56%

Many virus's cleaned off this pc but still there is an icon flashing in the lower right hand side between a question mark and occasionally I will get a warning bubble telling me that I have spyware and need to get it cleaned and blah, blah, blah. No name associated with it. Clicking on it will open an IE window but it remains blank.I've been through all the usual suspects of cleaning and this remains. Here is the Hijack log. Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:08:51 PM, on 11/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files ... Read more

A:Unknown Fake Spyware Cleaner

Hi william schubertPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

1 more replies
Answer Match 49.56%

I'd usually use ad-aware, but that is only free from home/personal use. Is there a on-par spyware cleaner out there that is free for use by corporations?
 

A:Free spyware cleaner for corporations

Shameless bump =)
 

1 more replies
Answer Match 49.56%

Hello ! I have somehow gotten this spyware on my computer yesterday and can't find a way to remove it. I have ran many anti-spyware programs but they can't solve my problem. Here is my log report done by HijackThis v1.99.1Logfile of HijackThis v1.99.1Scan saved at 8:42:28 AM, on 7/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Microsoft LifeCam\MSCamSvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC: ... Read more

A:Ultimate Cleaner 2007 Spyware

Download SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.exeDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.Post back with the smitfraudfix log and a new HijackThis log

3 more replies
Answer Match 49.56%

Check out Microsofts new BETA 1 Spyware cleaner.
WORKS WELL!!

www.microsoft.com

Dale

 

A:Microsoft BETA Spyware cleaner

stocker340 said:

Check out Microsofts new BETA 1 Spyware cleaner.
WORKS WELL!!

www.microsoft.com

Dale
Click to expand...

Being talked about here
 

1 more replies
Answer Match 49.56%

hi guys,im newbee to this forum. kaaash i got this site address from my friend.my system got effected with the rogue spyware " trust cleaner".i went through the whole process wht u guys suggested in the forum http://www.bleepingcomputer.com/forums/t/54501/how-to-remove-trust-cleaner-removal-instructions/ but still hev the problem..i used spyware doctor, windows defender, panda live scan, norton anti spyware...i would appreciated if any one helps to sort it out..here im sending the log file... pls help meLogfile of HijackThis v1.99.1Scan saved at 12:48:14 AM, on 7/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5450.0004)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:... Read more

A:Pls Help Me To Get Rid Of This Rogue Spyware "trust Cleaner"

Im eagerly waitng for the help. thanks in advance

7 more replies
Answer Match 49.56%

i have just seen a post from "DR_COOL_J" to download and use X-Cleaner
http://forums.techguy.org/t228599.html

based on advice here I'm using - ad-aware, spy-bot + i have spywareblaster and spywareguard on my PC.

how good / better is x-cleaner ????

any views ???
 

A:free spyware scanners x-cleaner

x-cleaner is very similar to spybot and ad-aware

the reason why it so handy is..

1. Its 500k , and doesnt have to be installed
so its much easier and simple to run then the others
no updates its all in one .exe file
2. Removes almost as much as spybot & ad-aware

just like ad-aware
x-cleaner has a free and a paid verison
the one listed is the free version and it works great at removing
spyware

just to test i installed imesh and kazaa
man the computer was infected with spyware
i ran spybot, looked at the number of itmes found
then ad-aware
then ran x-cleaner it removed all most all of them
just a bit less than both spybot and ad-aware

that convinced me it was a great tool 2 use
but i will ususally recommend if x-cleaner finds any items
to run spybot & ad-aware for the final blow on spyware

I am always looking for the easiest way for ppl to remove spyware
 

3 more replies
Answer Match 49.14%

This is really annoying. I need to get rid of this programs that just suddenly appeared. They are called Error Cleaner, Privacy Protector, & Spyware

A:Error Cleaner, Privacy Protector, & Spyware need help getting rid of it

Deckard's System Scanner v20071014.68
Run by Owner on 2007-12-19 02:34:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 495 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-19 02:35:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program... Read more

2 more replies
Answer Match 49.14%

Maybe about a year ago, Tech Support Guy solved my trojan horse problem in about two days. At that time, it was recommended that I use Easy Cleaner (and Super Anti Spyware) to clear up my problem. I've been using them ever since. I was wondering if TSG still recommends these free programs. SAS continues to update their definitions, but I've never been able to update Easy Cleaner. Should I delete it?

Thanks...and TSG ROCKS!

wbirgen
 

A:Easy Cleaner and Super Anti Spyware?

Hi,
The current TSG suggested progs are here:
http://forums.techguy.org/general-security/603629-security-help-tools.html

I think both that you mention get regular good press here.

Hope this helps?

Richard
 

3 more replies
Answer Match 49.14%

I just bought a Dell computer for my son. He downloaded mine craft and some kind of mod and wam, not even a week old and I can't do a thing. There were tons of pop ups. I downloaded malwarebytes and ccleaner, it won't let me do jrt. Mal ware just keeps doing the prescan. It finally pope up a few things I was able to quarantine and delete but I am unable to get on the internet. I went to Uninstaller and Uninstalled a few but they are still there of course. I am trying a system restore and the first 3 attempts, it wouldn't work. It looks like it "might" work this time. I don't know what to do.
I took pics of the screen with my phone, but need to figure a way to put them on here. Please tell me even where to begin.
 
 
I am editing to add the system restore worked. I can get on the internet now. I do not see any pop ups at this time, but I would like you to tell me what scan to run to make sure the virus that was on here is gone.
 
Thank you

A:son's computer infected with spyware cleaner, taplika and others.

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

2 more replies
Answer Match 49.14%

Hi there i was experiencing the same problem as Faria_85
and iv'e been searching for a fix for a couple days now..
i came across this forum and followed the instructions by garmanma
after installing MBAM, i scanned my computer and it found a lot of trojans..
i cleaned it .. but 3 or 4 wouldnt go.. here is the log, ANY HELP IS APPRECIATED!

Malwarebytes' Anti-Malware 1.32
Database version: 1648
Windows 5.1.2600 Service Pack 3

1/13/2009 11:17:46 AM
mbam-log-2009-01-13 (11-17-46).txt

Scan type: Quick Scan
Objects scanned: 65381
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 20
Registry Values Infected: 3
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 24

Memory Processes Infected:
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\efcyyXRI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xmjxrqtw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hyhnklls.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rnovux.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7abb238-8cd3-4b60-b950-ffefbc03a654} (Trojan.Vundo.H) -> Dele... Read more

A:recommended to start spyware cleaner tool

Hi, I split your post to it's own topic. It is always better as things can get confusing to others in the thread,Ok , now you need to run a few more tools.First a full MBam scan.Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select FULL scan and scan.After scan click Remove Selected, Post new scan log and Reboot.NEXT:Run from your regular user account:Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected butt... Read more

1 more replies
Answer Match 49.14%

Hello,My first visit to this Forum, hopeing that someone can give me a helping hand I keep recieving annoying messages thats tells me to download and install Drive Cleaner and other antivirus program. The messages appears in my webbrowsers (Firefox and Explorer). When trying to click them away often a download popup appears, but of course I have not follwed any of the instructions and actually installed any of the program. However there must be something causes this popups to appear.I have virus defence from McAffe but now I can not get access to any of McAffes webpages from this computer (but VirusScan tells me the defitionsfiles are updated yesterday). On my other computers in the same network I can access the pages without problems. This makes me wonder if I also have some virus infection that keep blocking those pages for me.Fairly often when I restart my computer I also get a system message telling me that c:\windows\system32\services.exe has encountered a problem (statuscode -1073741819). This often causes the hole system to restart automatically. Does not feel right ;-)I have followed the "Preparation Guide for use before posting a HijackThis Log". Both AdAware and Spyboot found things that now has been removed. Stinger and McAffe did not find anything.The only thing in the list I have not done yet is to install an additional Firewall. I hope this can be solved, I dont want to reinstall my hole computer if I can avoid it. Please help This i... Read more

A:Drive Cleaner Ad Popup Etc - Infected With Spyware?!

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Tuliza Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.*******************Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is s... Read more

9 more replies
Answer Match 49.14%

I can't get rid of spyware in my computer. I've got trojan, drive clean, etc. After using adware, apy box it still remains.Don't know what to do. Hope you can help me.GemgLogfile of HijackThis v1.99.1Scan saved at 14:47:40, on 25-6-2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\SiteAdvisor\6066\SAService.exeC:\Program Files\Analog Device... Read more

A:Trojan.agent,drive-cleaner,spyware,

Welcome to the BleepingComputer HijackThis Logs and Analysis forum gemg Click on Start>Run and type Services.msc then hit Ok.Scroll down and find the service called:DomainServiceWhen you find it, double-click on it.In the next window that opens, click the 'Stop' button. Then change the 'Startup Type:' to 'Disabled'. Now press Apply and then Ok and close any open windows. Click on Start/Run,type CMD then press Ok.At the Command Prompt copy and paste the following command then press Enter:SC DELETE DomainServiceThen type EXIT then press Enter.Restart your pc.************************Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

15 more replies
Answer Match 48.72%

Does Anyone Know if Comodo BO Malware Cleaner conflicts with Avast? I read on the site that it does something different then anti virus by scanning memory but I thought Avast does that with its web shield mail shield file shield etc etc.
 

A:Bo Malware Cleaner

On the Frequent Questions tab on this page:

http://www.comodo.com/home/internet-security/anti-malware.php

It says it works alongside antivirus programs.
 

1 more replies
Answer Match 48.72%

Must block this site from install their software at our labtop because it is a malware or that we called a trojan.On january 2015 there was 3 times I found their yac at my labtop and it bring a problem to me.My ltop became low memory and always shutdown it self and then windows ask for start up repair launch and 2 times my labtop cant restart.I dont know what to do to block this company to install their malware at my ltop.Some one here.. pls help.Edit: Topic moved from Windows 10 to the more appropriate forum. ~ Animal

A:yac cleaner (malware)

Step 1: Minitoolbox. Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result. Step 2: Junkware Removal Tool. Please download Junkware Removal Tool and save it on your desktop.Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log is saved to your desktop and will automatically open.Please post the JRT log.Step 3: Adware Cleaner. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Scan button.When the scan has finished click on Clean button.Your computer will be rebooted automatically. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Step 4: Adware Removal Tool. Download Adware removal tool to y... Read more

3 more replies
Answer Match 48.72%

Im on XP, ive ran every spyware/adware remover under the sun but i get many many annoying pop ups and it causes my computer to slow down chronicly, please can someone advise. Thanks
 

A:Drive Cleaner / winantivirus adware or spyware infection, please help.

16 more replies
Answer Match 48.72%

Hi i need some help urgently,

my laptop has got a virus which keeps shutting down my laptop. Nortons cant pick it up and my wallpaper has changed to a blue screen with a yellow box containing the message 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'.

Please help!!

Thanks

Jaysica

A:Error cleaner, privacy detector and spyware on my laptop

Hello and welcome to TSF

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

=======
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached

1 more replies
Answer Match 48.3%

Hi guys I was wondering if anyone could offer me some advice on some malware removal.

My farther is a silver surfer and although i have warned him to never click on programs from the internet he did exactly that when using ms messenger. This has caused an infection of a malware desk top hijacker type program called ?driver cleaner".

My farther has turned to me for help in removing this however i am far from an expert but am a competent pc user.
What I have tried so far:

1 Ran a virus scan with Norton
2 Ran a virus scan with Norton when not connected to the internet
3 Ran a virus scan with Norton when not connected to the internet and in safe mode

Norton seems to fix the problem each time but when i restart the computer it gets re-infected as soon as you connect to the internet.

I would be very grateful if anyone can offer me some advice or help as this is a bit out of my league.

Thanks Leon

A:Driver Cleaner Malware

Try RogueRemover from MalwareBytes:Please download Rogue Remover Free from Malwarebytes.Please save the file to your normal saved file location or the desktopdouble click on rr-free-setup to run the installation programaccept the license agreement.follow all the steps and click finish to run the programClick the check for updates linkclick the scan link to start scanningwhen done, follow the onscreen directions to remove anything that it found.Let us know your results, please.

9 more replies
Answer Match 48.3%

I keep getting these annoying pop ups annd the yellow triangel in my tray can anyone help me fix?
Thank you, I WANT MY PC BACK!!!!
ROBERT

A:Abebot/malware, Pc Cleaner Pop Ups

Hi Robert and Welcome to BC,

In order for you to get the best answers to solve your issue you should post in the "Am I infected, What do I do now" in the Security section. There are experts there that can help you with your problem. Be prepared to download various anti-virus software tools.

You may even be further directed to post in the HJThis thread so be patient.

This section of the forum is primarily used to answer questions about the use of XP and problems with the O/S. We aren't specifically trained in the removal of maleware.

4 more replies
Answer Match 48.3%

Hello to everyone here at bleepingcomputer. I have been here many times before for help on removing and identifying malware from other's posts. This will be my first post and I want to say ahead of time that I appreciate your help.
 
I was recently visiting my parents and noticed that their home computer is "acting up". The computer is running slowly, there are pop ups when opening internet pages, and the home page keeps changing from the specified one. I also found a program called Smart PC Cleaner that keeps opening up with warnings about viruses and spyware. After some online search, I determined that this program is malware that must have been installed mistakenly by my parents at some point. I also found another program called "GamesXN GO" that appears to be causing some of the pop-ups. From what I found, this program is installed without permission when one installs Skype. I need help in removing both of these programs from my parent's computer and determining whether there may be other malware that I have not yet found. The computer is currently "protected" by Norton 360, but it does not appear to find any of these issues. I also downloaded and ran Norton Power Eraser, which found 2 issues and fixed them; however, they are not related to the ones above.
 
The computer is running:
Windows Vista Home Premium 64-bit Service Pack 2
Norton 360 Premier Edition
 
Please let me know if I need to provide any further information.
 
Thank you

A:Need help with Smart PC Cleaner and other malware

Hello and Welcome -
I hope that you currently have access to the computer.
 
Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.
 
 
Next -
Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
At worst the tool will run for about 2 minutes
 
Important: Do not reboot your computer until you complete the next step.
 
* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open for review.
* NOW - Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
** Note - Only post the AdwC... Read more

1 more replies
Answer Match 48.3%

Whilst browsing the net I received a system alert advising that my computer was infected and the only cure was to buy a programme - which was not available. Esential Cleaner (EC) slowed down all attempts to access my protection - Paretologic health advisor, XoftSpySE, then Spybot and refused access to malwarebytes. I attempted to access paretologic support on line but as soon as I hit the enter key it disconnected and switched off my internet connection. ( This is via an Orange Dongle) After many attempts I gained net access and found rkill which I downloaded and ran. I then updated malwarebytes and ran that. It found NO infections!I am concerned that when I reboot my computer it will find traces of EC which will then reinfect my system. How can I protect against this?Malwarebytes Log - Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6526Windows 5.1.2600 Service Pack 2Internet Explorer 7.0.5730.1307/05/2011 13:46:41mbam-log-2011-05-07 (13-46-40).txtScan type: Full scan (A:\|C:\|D:\|E:\|F:\|)Objects scanned: 182459Time elapsed: 35 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious... Read more

A:malware 'Essential Cleaner'

Here's the experience I had yesterday. I don't seem to have any lingering effects from this malware.

http://www.bleepingcomputer.com/forums/topic395949.html

1 more replies
Answer Match 48.3%

Hi -I have tried everything I can think of to get rid of this malware which has taken over my machine. I followed all the procedures recommended on this site before posting the HiJackThis log but nothing has helped. My browser keeps directing my home page to //www.ucleaner.com/freeware/2/?wmid=6010&mid=MjI6Og==&lndid=13&p=1.I am hoping someone can help me get rid of this.My hijackthis log is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:40, on 2007-07-18Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvt... Read more

A:Getting Rid Of Ultimate Cleaner Malware

Hi Rocket Ryan,
I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

11 more replies
Answer Match 48.3%

Hello, I am new to the forum and hoping to get some help. I run a Dell Inspiron 1200 laptop with Windows XP. I use Firefox (unfortunately had not installed the NoScript addon yet), and my wife used IE. Anyway, my wife installed Yahoo Instant Messenger (and who knows what else), I starting noticing substantial system slowness, but nothing compared to what happened next. I went to MySpace and apparently got hit with some malware from one of their advertisers. I started getting multiple popups telling me to go to scanner.malware-scan.com and my system became very slow, even locking up occasionally. I ran SpyBot a couple of times, but no real help.
From browsing this forum I see that you like to work from HJT logs, so I here is mine. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:19 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Q2hyaXMgSHVkc29u\command.exe
C:\Pro... Read more

A:MySpace malware: scanner.malware-scan (w/ HJT log)

Never mind, I just wiped the drive and installed Linux.
 

1 more replies
Answer Match 47.88%

Hi I an new to this site, and desperate for help.

I keep getting pop ups and sluggish performance, it happened overnight.

1) My desktop background changed says I am infected and vulnerable with hazord symbol.

2) i have three shortcut icons thatg i can't delete (they reappear after restart)

3) home intnet page automatically changes
4) new sites added to favorites
5) pop up pop up pop upssssss
6)if i cntrl alt delete and stop explorer process then access internet through Mcafee direct link to see threats at least i can serch/browse web

Please help! Mcafee isn't finding anything!

A:VIRUS-Error Cleaner, Privacy Protector, Spyware& Protection-HELP!!!

btw I am literate, i just can't type :)

3 more replies
Answer Match 47.88%

Just got my laptop. I running xp. download dss here the log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium II processor
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 223.36 MiB / 46.64 MiB
Pagefile Memory (total/avail): 546.66 MiB / 292.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.25 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 9.37 GiB total, 5.85 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HITACHI_DK23BA-10 - 9.37 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 9.37 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\... Read more

A:Old lady problem with Error Cleaner, Privacy Protector, Spyware

Please Please Help Me

12 more replies
Answer Match 47.88%

I have tried following instructions that some seem to have posted before with the same problems. My desktop background keeps getting replaced with a red background that states a privacy protection warning and that I should download spyware alond with window security alert pop ups. I also have error cleaner, spyware and protection, and privacy protector loaded on my desktop. Occassionaly I have sound effects and music playing. I used Smitfraudfix and DSS, which seemed to work for a bit but everything just comes back.

I would greatly appreciate the help, thanks!

A:Can't get rid of this virus (error cleaner, spyware&protection, privacy protector)

Please go HERE and carry out the instructions that are posted.

If you cannot complete any of the Steps, simply move on to the next one - remember to let the Analyst know about this when you post your logs.

Do not post your logs back in this thread - follow the guidance in the above link!

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply.

1 more replies
Answer Match 47.88%

Hi,

I am getting this pop up error message in the system tray on my laptop. "Warning Security Report! your computer is infected it is recommended to start spyware cleaner tool."
This is preventing me to go online using firefox or IE - after typing an url, it just stays there. shows Done at the bottom of firefox and does nothing. it also disabled my task manager.

Any help would be appreciated.

-Faria

A:your computer is infected it is recommended to start spyware cleaner tool

Try downloading this in safemode w/networking. If that doesn't work, you can burn it to a CD or download to a thumb drive from another computer----------------------------------The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some ... Read more

2 more replies
Answer Match 47.88%

Hi, everyone. It was suggested on another site somewhere that I come to bleepingcomputer.com for help on this issue. I have recently been infected with a malware program called Galileo System Cleaner. It basically gives constant popups, fake system scans, and then blocks any web browser from browsing the internet with a fake proxy problem page. It restores its own files when they are deleted, and I assume it's gone pretty deep into my system. Do you have any advice on this issue? Please keep in mind that I have no experience or knowledge concerning my registry (or even what that is), and both ComboFix (run in safe mode) and Malware Bytes have failed so far. Malware Bytes did detect two problem files, but their deletion had no effect on Galileo.Any thoughts? Any help would be wonderful.Argh, I realize I just posted this in the wrong forum! Sorry, mods. Is there no way I can delete this?Edit: Not to worry, moved topic from Win 7 to the more appropriate forum. ~ Animal

A:Galileo System Cleaner - Malware

I am having the same problem.

1 more replies
Answer Match 47.88%

I am home for Spring break and my mother's PC is completely infected. Had some weird popups and the browsers automatically set themselves to go through some proxy server. Any and all help would be greatly appreciated!
 
The FRST log is below and the Addition.txt file is attached.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Donna (administrator) on DONNAWESTON on 19-03-2015 19:09:26
Running from C:\Users\Donna\Downloads
Loaded Profiles: Donna (Available profiles: david & Donna & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPServi... Read more

A:Pro PC Cleaner/AirGlobe/Assortment of Malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===What can you tell me about this Air Globe?Air Globe (HKLM\...\Air Globe) (Version: 2015.03.15.160424 - Air Globe) <==== ATTENTION===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

CloseProcesses:

HKU\S-1-5-21-1612059837-2104035131-939018749-1004\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
AppInit_DLLs-x32: C:/PROGRA~3/{1C76F~1/193~1.1/cedo.dll => C:\ProgramData\{1C76F4B5-4CF4-2533-FD72-55B12DF0863F}\1.9.3.1\cedo.dll [1010688 2015-03-15] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detec... Read more

2 more replies
Answer Match 47.88%

I had an infection of Trojan.Win32.Patched.aa or W32/Liger which had infected Services.exe lsass.exe winlogon.exe and svchost.exe. I used Norman malware cleaner to remove the virus. The problem is it must not of correctly disinfected those files. After the removal reboot I could not drag and drop files and programs would not minimize to the taskbar. My user account in control panel was blank, the extended services applet did not work correctly and was blank while the standard Services tab would show the services but right clicking did nothing. Also installing certain programs does not work sometimes giving no error while .vbs scripts give access denied error.

I booted into another xp operating system on the same computer and replaced services.exe, lsass.exe, winlogon.exe and svchost.exe and the problems with drag and drop, taskbar, blank user account and extended services plus right clicking standard services were all gone but the installation errors are still present. Also Internet Explorer has restrictions placed on the internet zone where I get an error I cannot run activex on my computer when I try to go to Windows update. Changing settings in IE7 does not correct this problem and there are no settings in group policy that I can see that would create this restriction on my computer.

I tried to reinstall SP3 and install IE8 over IE7 but I get the error that the cryptographic service may not be started when it is running in the services applet. I tried running a .vbs scri... Read more

A:Norman Malware Cleaner and W32/Liger

The previous log is from another OS on another partition sory here is the correct DDS log:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 8:19:31.57 on 22/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.319 [GMT -8:00]

AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kerio WinRoute Firewall *enabled* {916dafda-8250-4a1d-9095-000da68ac4da}

============== Running Processes ===============

C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files ... Read more

4 more replies
Answer Match 47.88%

Hi

It's been awhile since I was last here. Not sure if we can request who helps us or not. Cookiegal helped me years ago and was very easy to understand. If possible I would like to work with her again. If not, thats ok. I know everyone here works on their own time for free and we all appreciate your services.

My problem is I seem to have some sort of malware. Every two minutes I get a security bubble alert in the taskbar that looks like a Microsoft update alert or warning (yellow triangle with an exclaimation mark inside) saying I have spyware, or someone is trying to connect to me. Its has 3-4 different bubble messages. Also, every 10 minutes I get a "Windows Security Center Warning" pop-up saying I have malware and to click here to remove it. Both of the mentioned pop-ups direct me to a page trying to sell me Spy Away and Perfect Cleaner. I also sometimes get the webpage to pop-up on its own. The URL is "about:Security". I've scanned with AVG AV and found no viruses. I used adaware and AVG anti-spyware and found several malware including AdBreak, 4Arcade Pbor and Dropper.small.j. (I used to just get cookies when scanning for malware) I've tried both deleting and quaranetee, but they come back usually on the next scan. Perhaps not Dropper.small.j.

I know the website that I got it from. I will post if it helps, but dont really want anyone going there to get what I got. It kept trying to get a microsoft program to run, but I kept clicking... Read more

A:Malware connects to Spy away and Perfect Cleaner

16 more replies
Answer Match 47.88%

I was supposed to be protected by Spyware Doctor (Pc tools)Suddenly a pop up window had open warning me about corrupted register.That window use the microsoft colors and style. I clicked to accept that proposal... and got an internet page proposal to buy an unknown antivirus program. I realised my mistake and then tried to run a scan with Spyware Doctor, but it keeps freezing at mid work.So I run <ATF Cleaner><Ad-aware SE><AVG Anti-Spyware><a-squared><Spybot > and <online Trend-Housecall>.... they did find an "clean" several Trojans, Malwares and nasty cookies.But it was impossible to process online Panda activescan (freezing at first registration window),and now even Trend-Housecall shows an error message.I also tried to install a Norton AV cd and installation fail !!!I downloaded and installed the last version of Spyware Doctor (Pc tools) to replace my corrupted one but now it refuses to run at all. even with my Agnitum Outpost Firewall disabled.Anyway the scams warning are still poping when I open Internet Explorer. A name is displayed on one of it : "Ultimate Defender" An unwanted sub-directory has been added into Program Filesm named: "Ultimate Cleaner" Names of removed spywares : PSGuard, Alexa, AzeSearch, CoolWWWsearch, NoAdware, Smithfraud-c, SpySheriff, Teslaplus.com, Tibs.mc, TNS-search, Java-Byserver.ac, Renos.iu, Troy-Dosky. Thank for helpEric---------------------------------------------... Read more

A:Adware Malware : Ultimate Cleaner ?

It is useless to try and clean your system until you get Sp4http://www.microsoft.com/windows2000/downl...p4/default.mspx

14 more replies