Tech Problem Aggregator

Help pls. Popup: Critical Error! Attention, ! Dangerous viruses detected in system...

Q: Help pls. Popup: Critical Error! Attention, ! Dangerous viruses detected in system...

Please help me, I Found this website on google.com after a Popup with the title Critical error! keeps on popping up everytime i access my C: drive and internet explorer. The popup reads:

Attention, ! Some dangerous viruss detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now! Click OK to download the antispyware. (Recommended) and i have an option of clicking yes to download the software and no which opens up an internet explorer page to software's website which will try to convince me to download the software.

I have read some posts on this forums with the same problems and have done the 5 steps on the "5 Steps before posting a log" thread. I have attatched the Panda Activescan log as well as copied and pasted it below but i could not attach the Hijackthis log as the attach page says it is an invalid file and so, i just copied and pasted it below. Any help will be appreciated. I will try to check this thread for replies whenever i can. Thanks!

Activescan log attachment:ActiveScan.txt



Activescan log:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-14 20:52:01
PROTECTIONS: 1
MALWARE: 39
SUSPECTS: 7
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00132447 adware program Adware No 0 Yes No c:\windows\system32\data.~
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.tradedoubler.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.revenue.net/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.overture.com/]
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[.adrevolver.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sd5pgdrn.default\cookies.txt[searchportal.information.com/]
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
01271815 Adware/Zango Adware No 0 Yes No C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSADF.exe
01271818 Adware/Zango Adware No 0 Yes No C:\Program Files\Seekmo\bin\10.0.406.0\Srv.exe
01895148 Malicious Packer SecRisk No 0 Yes No C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP1070\A0173387.exe
02235691 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe
02654416 Generic Trojan Virus/Trojan No 0 Yes No C:\ijji\ENGLISH\Gunz\MapHack.exe
02906154 Adware/AdsRevenue Adware No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\I8AI0BQX\popup[1].htm
02906154 Adware/AdsRevenue Adware No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MY18IJTV\popup[2].htm
02916239 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSAHook.dll
02916240 Adware/IST Adware Yes 0 Yes No C:\Program Files\Seekmo\bin\10.0.406.0\HostOE.dll
02917652 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DAP Premium\DAP.exe
02917653 Adware/Zango Adware No 0 Yes No C:\Program Files\Seekmo\bin\10.0.406.0\CoreSrv.dll
02917992 Adware/Zango Adware No 0 Yes No C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe
02919497 Adware/IST Adware No 0 Yes No C:\Program Files\Seekmo\bin\10.0.406.0\HostOL.dll
03007490 Adware/IST Adware No 0 Yes No C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll
03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Documents and Settings\Administrator\Desktop\Other\New Folder\YouTubeRobot2.0.2007.rar[CRACK\YouTubeRobot.exe]
03297525 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\KBG Keylogger\MPK64.exe
03429845 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP1070\A0173391.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location r
;===================================================================================================================================================================================
No C:\WINDOWS\system32\av.dll r
No C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll r
No C:\Program Files\KBG Keylogger\MPK.exe r
No C:\WINDOWS\system32\amovid.dll r
No C:\WINDOWS\system32\av.dll r
No C:\WINDOWS\system32\avid.dll r
No C:\WINDOWS\system32\avideo.dll r
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description r
;===================================================================================================================================================================================
;===================================================================================================================================================================================



hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:38 PM, on 14/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DeskSpace\deskspace.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\program files\KBG Keylogger\MPK.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: A.Video - {0603D38B-C4FF-458D-9E9A-C0FD113FAEC3} - C:\WINDOWS\system32\av.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C5E019769AA475760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: (no name) - {2D6A8669-37CC-7C21-00E4-8B925B138193} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: winhost_app.winhost_appdll - {5E06398E-3017-467B-A399-18425A20F655} - C:\WINDOWS\winhost_app.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Download Studio Click Monitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO - {9125F250-EB4F-49fe-AE17-C17665873A5C} - C:\Program Files\BHO\plugin.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\Instant Messenger Names\IM-svr.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\scan.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm022YYSG
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Video using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_video.htm
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RapidShare-Download - res://C:\Documents and Settings\Administrator\Desktop\Other\Rapidshare tools\RapidShare - the way YOU like it!\RapidShare - the way YOU like it!\more-rapid.exe/RsMenExt.html
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.lead.com.sg
O15 - Trusted Zone: http://*.litespeed.com.sg
O15 - Trusted Zone: http://*.moreatonce.com
O15 - Trusted Zone: http://schdnavdo.schooldna.com
O15 - Trusted Zone: http://schdnaweb.schooldna.com
O15 - Trusted Zone: http://schdnaweb1.schooldna.com
O15 - Trusted Zone: http://schdnaweb2.schooldna.com
O15 - Trusted Zone: http://www.schooldna.com
O15 - Trusted Zone: http://*.schooldna.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/.../GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1110781632671
O16 - DPF: {8C4A2492-3FED-41F2-BBAB-34E802844F8D} (IESettings Class) - http://schdnaweb.schooldna.com/schoo...naClientIE.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {FFFFFFFF-3C18-4A7E-A29D-E24F84B79BF1} - http://64.7.220.98/downloads/pi1_20.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{664F84B7-B929-4830-B6AE-701372218AE3}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 19709 bytes

A: Help pls. Popup: Critical Error! Attention, ! Dangerous viruses detected in system...

BUMP, please

1 more replies
Answer Match 110.4%

DANGEROUS ERROR! Attention (users name) Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted.This may lead to the destruction of important files in C:\WindowsDownload Protection Software now!Click OK to download the antispyware (Recommended)Yes / NoClicking either brings me to a website, with this message popping up again. Clicking no seems to produce another tab and another message, while yes brings me to another website without a popup. I get this message when I move around (ie go between folders) in My Computer.Scanned with TrendMicro (normal antivirus), found nothing. Trend was updated.I can't scan using online scanners I cannot access the internet without being shifted to the websites they want me to download from.My home page is still the same, on internet options, just that they keep intercepting me. Trusted Sites are empty. I have been downloading several anti viruses and shifting them over on a thumbdrive. (Thus, Step 5 in the preparation guide has been skipped, but I have Stinger, and Step 4)My HJ logs are Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:26:04 AM, on 9/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svcho... Read more

A:Dangerous Error! Attention (users Name) Some Dangerous Viruses Detected In Your System. Microsoft Windows Xp Files Corrupted.

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

1 more replies
Answer Match 97.5%

Attention,(me)! Some dangerous viruses detected in your system. mICROSOFT wINDOWS XP files corrupted. ect.

Click ok to download the antispyware, (recomended)

This keeps popping up on explorer and redirects me to blank pages and to other sites... How do i get rid of this?

I downloaded a stupid .exe file and everything started from then.
i ran mbam this is my log

Malwarebytes' Anti-Malware 1.30
Database version: 1452
Windows 5.1.2600 Service Pack 2

12/2/2008 9:50:16 PM
mbam-log-2008-12-02 (21-50-16).txt

Scan type: Quick Scan
Objects scanned: 57067
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 167
Registry Values Infected: 11
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 109

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarant... Read more

A:Attention,(me)! Some dangerous viruses detected in your system. HELP!

Oh my, certainly a lot going onPlease reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here

3 more replies
Answer Match 96.3%

Good afternoon (from my point of view) - again!I have already used this forum when I messed up some HW stuff. And have been very grateful for your help. Now, it seems to be some malware...It's been only 2 days since I started the martyrdom of downgrading my HP Pavilion dv6560ec to Win xp. I've been downloading and installing the necessary drivers, as the HP doesn't support XP on the machines, as I learned later.Now, being almost done, I got this warning everytime I wanted to open IE 6.0.2900 (have SP3):CRITICAL ERROR! Attention (users name) Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted.This may lead to the destruction of important files in C:WindowsDownload Protection Software now!Click OK to download the antispyware (Recommended)......... ........: YES: : NO :::::::: :::::::In the window, where my homepage is supposed to display, a note that it is redirecting me to another page appears. When I press "No". Then the IE shuts down and a note about some error displays prompting me to send it to the MS.I did the following:- ran Norton Internet Security (2007.2, updated the day before yesterday) full scan of the C: drive (as there are only 4 files on the other partition yet - haven't installed almost any sw yet) - nothing problematic detected. - updated and ran a free ad-ware application - this found 71 or so tracking cookies and deleted them, one file in quarantine.- before any installations of any drivers, I installed ... Read more

A:Critical Error! Some Dangerous Viruses Detected In Your System. Microsoft Windows Xp Files Corrupted.

Hello and Welcome to the forums! My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Please do not run any other tool untill instructed to do so!Please reply to this thread, do not start another!Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix. If you follow these instructions, everything should go smoothly. I am sorry that we were unable to reply to your post sooner. The forums have been very busy. If you are still in need of assistance, please scan again with HijackThis and post a fresh log. Also, please make an uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.Post the fresh HijackThis log and the uninstall list in the bo... Read more

2 more replies
Answer Match 95.4%

Help me please!
There is a virus in my system, whenever i open a folser it comes up with a message:

Attention! [NAME] Some dangerous viruses detected in your system. Microsoft Windows Xp Files corrupted. This may lead to the destruction of C:\WINDOWS. Download protection software now!

Click OK to download the antispyware (recommended).


It then has YES and NO.

I click NO but it takes me to hxxp://www.free-viruscan.com/id/4912933/4/1/

Luckily the site has been taken down for forgery.

Anyway, i really need help getting rid of this thing!
Here is my HiJackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:52 AM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
... Read more

A:Attention! [name] dangerous viruses detected in your system - Virus in explorer

Hello and welcome to TSF

==========
Download RSIT by random/random and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

============
Logs Required
log.txt
info.txt

If there is no response to this post within 72hrs, this thread will be closed.

2 more replies
Answer Match 86.7%

Every time I go to open my document folders I get the message: Attention, (name)! Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!
Click OK to download the antispyware. (Recommended)

Once I click NO, I'm lead to this site: http://fast-viruscanner.com/id/4912933/4/1/

How can I get rid of this bug??

My HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:56 PM, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Z... Read more

A:HELP! Error message: Attention! Some dangerous trojan horses detected in your system.

Please visit this webpage for instructions on installing recovery console and downloading/running ComboFix.

Post the log from ComboFix along with a new HijackThis log.
 

1 more replies
Answer Match 86.7%

I couldn't find a thread with this issue actually fixed, they were all just closed. Here are my logs, thanks in advance!!

Logfile of random's system information tool 1.04 (written by random/random)
Run by Andrew at 2008-11-07 11:15:30
Microsoft Windows XP Professional Service Pack 3, v.3264
System drive C: has 1 GB (2%) free of 78 GB
Total RAM: 1024 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15, on 07/11/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8... Read more

A:"Attention [name]! Dangerous viruses detected in your system"

Hello phreak214.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Your hard drive is almost full. Having too little free space on your hard drive can compromise system performance.


Quote:




System drive C: has 1 GB (2%) free of 78 GB




I suggest you move pictures, music, etc. to an external drive or USB stick if you have one and uninstall any programs that are never or hardly ever used.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me ... Read more

9 more replies
Answer Match 78.3%

Every time I go to open my document folders I get the message: Attention, (name)! Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!
Click OK to download the antispyware. (Recommended)

Once I click NO, I'm lead to this site: http://fast-viruscanner.com/id/4912933/4/1/

++++++++++++++++++++++++++++++++++++++++
if you got this error (it success)
go to this web http://www.windowsbbs.com/showthread.php?t=74202
or download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

lookpom : thailand
 

More replies
Answer Match 100.38%

System Error: Attention, <NAME>, Some Dangerous Trojan Horses Detected In Your System.

Caught a Trojan Malware virus, leads me to a Anti-Virus scan site that wants my money. I ran a ComboFix log on it, and here's my current log:

ComboFix 08-06-20.4 - Owner 2008-06-29 23:09:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.648 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\My Documents\My Received Files\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\smp.bat
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.
2008-06-29 17:06 . 2008-06-29 17:06 <DIR> d-------- C:\Games
2008-06-29 17:06 . 2008-06-29 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-29 17:05 . 2008-06-29 17:05 <DIR> d-------- C:\Program Files\Resources Wizard
2008-06-29 16:43 . 2008-06-29 16:43 26,624 --a------ C:\WINDOWS\system32\xmlview.dll
2008-06-29 16:42 . 2008-06-29 16:42 26,624 --a------ C:\WINDOWS\system32\domview.dll
2008-06-29 16:17 . 2008-06-29 17:28 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-06-29 16:16 . 2008-06-29 16:43 1,682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-29 16:16 . 2008-06-29 16:43 56 -r-hs... Read more

More replies
Answer Match 96.18%

i keep getting a pop up, attention, some dangerous trojan horses detected..it is just a pop up i have run virus scans and swept and found nothing, i have downloaded smitfraud, how do i get rid of the pop up?

A:Attention, Some Dangerous Trojan Horses Detected...

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

1 more replies
Answer Match 95.34%

I've already tried...smitfraudfix.exeSpybot S&DA-SquaredAVG Freeand now I've got Windows Firewall turned onBut I still have the same symptoms of the infection, namely, whenever I go into Control Panel, My Computer/Windows Explorer, or Internet Explorer a warning box pops up saying "System error!" "Attention User! Some dangerous trojan horses detected in your system. Microsoft Windows files corrupted. This may lead to the destruction of important files in c:\windows. Download protection software now!""Click OK to download the antispyware. (Recommended)"with two options:OK and CancelEither of those two options, or closing the window with the top right X button, or Alt-F4 all result in the same thing. A new Internet Explorer window opens and goes directly to a page that downloads or updates or does whatever to make this infection worse.I'd be ready to reformat if it weren't for the uncertainty of my backup files. I didn't have any recent backups prior to this infection (stupid me), so I decided to back everything up while infected, of course that means my backups potentially carry the infection.anyway, here' the combofix log:ComboFix 08-07-09.5 - Drew 2008-07-10 16:45:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2424 [GMT -5:00]
Running from: C:\Documents and Settings\Drew\Desktop\ComboFix.exe
.

(((((((((((... Read more

A:Infected By *attention User: Some Dangerous Trojans Detected...*

Hi,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following:O2 - BHO: VideoCodec Class - {284AAAD9-FDF9-49A3-93ED-9CAE4AA26805} - C:\WINDOWS\system32\AswBHO.dll* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Let me know if that solved your issue.

4 more replies
Answer Match 92.82%

HiI thought PC Tools was suppose to find and eliminate these kind of threats,but it does not i am usingAVG 8 FreePlease help me find and fix this problem manually...When I click on "My Computer" and any other folder this thing pop up twice. "System Error!Your computer was infected by unknown Trojan.It's dangerous for your system (critical files can be lost)!Click OK to download the antispyware program to clean your system! (Recommended)" then it open my internetto:http://spywareadvancedscanner.com/2008/3/_freescan.php?aid=880202Or Click on Cancel which does not cancel but also open my internet to:http://spywareadvancedscanner.com/2008/3/_freescan.php?aid=880202How do I remove it?MY hijack this Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:08:02 AM, on 7/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20815)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.ex... Read more

A::angry: "system Error! Your Computer Was Infected By Unknown Trojan. It's Dangerous For Your System (critical Files...

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do ... Read more

2 more replies
Answer Match 84%

My wife's computer is infected with a virus/spyware that puts a popup on the screen whenever she opens a new browser window or whenever something is loading on a webpage.

The title of the popup: Critical System Error!
Body of the popup: Your computer is infected with Trojan.Win32.obfuscated.gx
It's dangerous for your system, some files can be lost and your browser can be slow!
Click OK to download the antispyware program to clean your computer! (Recommended)

Then there are two buttons: [Ok] , [Cancel]

She said that she has had this popup ever since she was asked (she doesn't recall how) to update the Divx player software.

She has installed:
Windows XP Pro SP2
IE version 6.0.29
AVG 7.5 trial antivirus software
Ad-Aware 2007 free version from lavasoft

we had spyware hunter installed until I learned that it has possible ties to adware/spyware and removed it (hopefully.)

Any help will be greatly appreciated. Thank You!!

A:Critical System Error! Popup.

Hello and Welcome to Bleeping Computer Thallian.Please follow this BC Tutorial and tell how you do.How to remove IE Defender (Removal Instructions)

12 more replies
Answer Match 83.16%

I have a baloon popping up from a flashing ? in the task bar. It says critical system error and goes on about system having detected virus activities. If you click on it it goes to a download page for virust burst software. Very irritating Can you please help. I have tried the usual stuff. Here is my log. many thanks

Logfile of HijackThis v1.99.1
Scan saved at 17:36:29, on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\iCodecPack\isamonitor.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Fil... Read more

A:critical system error balloon popup

Hi alanmalarkey,

Welcome to Tech Support Forums!

OK, here's what we do first.

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won?t be able to access the Internet to view these instructions.



1. Please download SmitfraudFix (by S!Ri).
Extract the content (a folder named SmitfraudFix) to your desktop.
Please do NOT run a scan yet!

NOTE : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm



2. Please download CCleaner (freeware) from HERE.Run the CCleaner installer.
During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
Please do NOT run a scan yet!


3. Please download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30-day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the setup program.
Once the setup is complete you will need to run ewido and update the definition files.
On the m... Read more

13 more replies
Answer Match 81.48%

Hello All!..it's my first post trying to get help with this annoying pop up i have inherited on my computer.It keeps popping up stating 'Critical system error- trojan win32 agent AKK' it then asks you to download anti virus software..I have saved a Hijack this! logfile, (first time! heh!) and was wondering if anyone can help me find the problem.Cheers! KurskLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:13:17 PM, on 12/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre1.6.0_02\bi... Read more

A:Critical System Error Popup-trojan Win32 Agent Akk

Welcome to the BleepingComputer HijackThis Logs and Analysis forum KurskMy name is Richie and i'll be helping you to fix your problems.Please move HijackThis to a permanent folder on the hard drive such as C:\HJT. Create a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.If you need help,follow the info in the link below:http://russelltexas.com/malware/createhjtfolder.htmYou have ClamWin and AVG7 installed.Its not a good idea to have more than one antivirus program installed on your computer. Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.You should uninstall one of them now,then restart your pc.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have ... Read more

1 more replies
Answer Match 76.44%

Greetings, I made the mistake of allowing an Active-X code to run in IE7. (Went brain-dead for a second.) Don't know what this popup is called but the full text is: "System error Your system is infected with dangerous virus! Note: Strongly recommend to install antispyware program to clean your system and avoid total crash of hour computer! Click OK to download the antispyware. (Recommended)" It pops up 3 times while IE7 is loading my home page. It pops up 2 out of 3 times when double-clicking on My Computer. When I double-click on My Docs, it does not. It shows up at other odd places. When you search for anything in the Google search toolbar, the 2nd and 3rd entry are obviously supplied by the malware. 2) Error - your computer was infected etc etc. 3) You Tube - Porn - Watch now. I have never clicked on OK or these bogus Google search results. I have run Kasperski 7.0 full system scan many times. No threats are ever detected. A few general questions before I post the logs. 1. I have an attached USB drive for data. Do these things infect attached drives that are data only? 2. Why doesn't Kaspersky 7.0 ever find anything? 3. What causes System Restore not to work? What a disappointment! I went back as far as I could go. How do I make it work in the future? 4. I have turned on Kaspersky Proactive Defense and have blocked all suspicious activity, the Internet Explorer finally runs without popups... Read more

A:"your System Is Infected With Dangerous Virus..." Popup

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. You are running an older version of Java. This can be a security risk so let's get you the latest version.Upgrading Java:Download the latest version of Java Runtime Environment (JRE) 6 Update 6.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".Click on Continue.Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..Close any programs you may have running - especially your web browser.Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java version.Reboot your computer once all Java components are removed.Then from your desktop double-click on the download to install the newest version.Please post a new log from DSS.

6 more replies
Answer Match 76.44%

Hi all I would welcome your consideration of the following log(s).BASELINE HIJACKTHIS LOG (PRE-CLEAN)DECKARD'S SYSTEM SCANNER (main.txt)HIJACKTHIS LOG (POST-CLEAN)I have also attached a small JPG file which is a copy of the offending pop-up (image).So far I have used the following tools in an attempt to clean my system of this malware.Spybot, AVG Ant-spyware 7.5 Freeversion, DSS, CUREIT, UNDOFIX, PROVW21, CCLEANER v2.06,567 (current version)Thank-you for your assistance.RegardsAlan========================================================================BASELINE HIJACKTHIS LOG (PRE-CLEAN)--------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:57:43 PM, on 15/04/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Rundll32.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_05\bin... Read more

A:***** "your System Is Infected With Dangerous Virus!" Popup *****

Hello plshelpme2,Download FixIEDef.exe by ShadowPuterDude to the Desktop. Mirrors: Alternate official download locations for FixIEDef.exe http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe http://hosts-file.net/download/fixiedef/fixiedef.exe http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef http://archives.mysteryfcm.co.uk/?f=Securi...pyware/FixIEDef Double-click FixIEDef.exe, this will create a folder named FixIEDef on your Desktop. Double-click of the FixIEDef folder. NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender. WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process VISTA Users: Double-click on DisableUAC inside the FixIEDef folder and answer "Yes" if asked if you want to merge with the registry. After the script has finished double-click on EnableUAC.reg inside the FixIEDef folder to re-enable UAC. Answer "Yes" if asked if you want to merge with the registry. Locate FixIEDef.bat and double-click on it. VISTA Users: Right-click on FixIEDef.bat and select "Run as Administrato... Read more

2 more replies
Answer Match 75.18%

The problem started yesterday (9/19). I was prompted by McAfee to fix a lack in security on my computer. Not long after I did that Internet Explorer crashed and would not open again. I received the following message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions or access."

Upon further attempts, I also received this message: "Application cannot be executed. The file is infected. Please activate your antivirus software."

I tried to run a scan with McAfee, but got this error: "Scanning has encountered a problem from which it cannot recover. Here are the problem details - Error starting on demand scanner."

I opened a Firefox browser and was able to use it temporarily - but then it crashed also and will not open again.

Other applications have also failed - Outlook Express, etc.

I tried running Ad-Aware - it also crashes.

I tried running HijackThis, and the preferred methods suggested on this site (DDS.scr and RootRepeal). These executables all seem to start but do not run to completion. They just seem to disappear.

I'm sorry but I have no logs to post at this time. First off, I guess I need help figuring out how to get these logging tools to run in the current state of this machine.

Finally, I have also received this lengthy message: "Attention! System detected a potential hazard (Trojan SPM/LX) on your computer that may infect executable files. You private... Read more

A:attention! system has detected a potential hazard (Trojan SPM/LX)...

Moved from HJT to a more appropriate forum. Tw

10 more replies
Answer Match 74.34%

Deckard's System Scanner v20071014.68Run by Umair on 2008-07-03 11:46:28Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-07-03 05:46:35 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 80% (more than 75%).Total Physical Memory: 254 MiB (512 MiB recommended).-- HijackThis (run as Umair.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:48:54, on 03/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Network Associates\VirusScan\Avsynmgr.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\Explorer.EXEC:\MDaemon\WebAdmin\... Read more

A:Some Dangerous Trojan Horses Detected In Your System Please Download

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new DSS log

2 more replies
Answer Match 70.56%

Hello. I really need your help. I keep getting an annoying popup that says Critical System Warning: Your computer may be infected with the Trojan.Zlob-X.a virus and it tells me to download a free scan. When you click ok, it takes you to another download screen from the ie defender site. I did not download anything, but instead tried to find some answers. I cannot get this thing to stop and I ran all my Norton security. Please please help me!!!

A:Critical System Warning Popup Help!

Hello jamilynn211 and welcome to Bleeping Computer, Please run these...Follow these instructions: How to remove the Smitfraud / Generic Zlob From Normal mode Next:Download,install (save to desktop),update SUPERAntiSpyware.. .. Now reboot PC into Safe Mode. How to start Windows in Safe ModeScan by clicking on the Super icon on the desktop or Look up Superantispyware in the programs list.Scan the root drive (usually C:\)Quarantine all items found. Reboot back into normal Mode.Let us know how it went.

7 more replies
Answer Match 70.56%

I got a popup that wont go away, it reads as follows:

Critical System Warning!

Your system is probably infected with the latest version of Trojan.Zlob-X.a

Full system optimization will greatly increase your computer's performance and prevent data loss.

Click OK to download antispyware software (Recommended)

Also, when I do a any kind of google search, I get a red X w/ a spyware warning as well as a porn link. The rest are related to the search.

I've seen some threads on the issue. So I took the liberty of downloading Hijack this as recommended by dvk01 on another thread. I created a log, but haven't fixed anything as indicated in a previous thread. Please help, below is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:37 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shar... Read more

A:Please Help-Critical System Warning Popup

6 more replies
Answer Match 69.72%

Please help me!!!I'm a software guy so I have some idea how to fix a PC.My IE7 goes to a bogus .mht file in my system32 folder called spywarewarning.mhtC:\WINDOWS\System32\spywarewarning.mhtIt looks like a fake XP Security Center window.Also getting a Critical System Warning every few seconds, I have to CAD the proccess called adsnwz.exe to make it stop. The text in the Critical System Warning reads Took the image from another website.I used Ad-Aware, Spybot, SmitfraudFix, and Symantic AV with zero success. Please help me!!!!SteveKaz99XP MediaCenter Ed. at SP 2[/size]

A:Critical System Warning Popup Hijacking Me

Hello and welcome. Would you please post the SmitFraud log .The report can also be found at the root of the system drive, usually at C:\rapport.txt

13 more replies
Answer Match 69.72%

I am having problems with getting a pop up everytime I open up Internet Explorer or go to a new page. It is a warning message in the form of a popup that says something to the effect "Critical System Warning....your system may be infected with a version ofa Trojan Virus..down this spyware now". I tried using Adaware, Microsoft Defender and SpyBot, but had no luck. I have attached a copy of the HiJack this log. Thanks in advance for the help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:54 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:... Read more

A:Critical System Warning Popup issues

bump
 

2 more replies
Answer Match 68.88%

Hey folks,It looks like I've got the same medley of virii that pencraft was dealing with in his thread. Prior to finding this forum, I attempted to fix the problem using several anti virus/spyware applications. While they found and apparently fixed some problems, the System Window entitled "Critical System Warning!" was not fixed, nor were the balloons that popped up from the system tray.Here's what the System Window had to say: Critical System Warning!Your system is probably infected with the lastest version of Spyware.Cyberlog-X.Type: SpywareInfected Length: 266,129 bytesRisk: HighAffected Systems: Windows 95, 98, 2000, NT, 2000 Server, Windows XPBehavior: Cyberlog-X is a spyware program that monitors user activity, logs keystrokes, and track Web sites visited.Symptims: Low Internet connection speedLow System PerformanceSecyrity center alertsStrange pop up windowsProtection: Click OK to download antispyware softwareAfter reading the replies to pencrafts post, I ran ComboFix and it appeared to fix the obvious problems. Would someone mind looking at my logs to see if there are any processes running in the background? Is there any script that I can drag and drop into ComboFix (or any other solution) that would remove these processes?HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:38:13, on 6/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WIND... Read more

A:Spyware.cyberlog-x "critical System Warning!" Popup.

Hi,I've got quite a few anti-virus apps installed, however I've disabled them all as best as I could. I will be uninstalling all but a couple of them after this is done.You have 3 Antivirus installed!!Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.Then reboot after uninstalling.Then... not sure where you have read the instructions to use Combofix, but the first step required before you run it is to install the Recovery Console.Read here how to do this with Combofix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThe reason why Recovery Console is recommended is because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.Extra note: After you have installed the Recovery Consol... Read more

2 more replies
Answer Match 67.62%

My friend has gotten this bsod a few times and we arent really sure why. I believe I have the same ram as him. We both have crucial and returned them. Mine is working really well and his has for a few months then he told me he got this error. Never seen it or heard of it. I adjusted my rams to a lower voltage but not his so that could be the issue but unlikely. Any other information needed to help with this issue. Thanks

A:Modification of system code or a critical data was detected

any ideas?

2 more replies
Answer Match 67.62%

I made the mistake of downloading a file I was told was required to watch a sports video over the weekend. As a result, when my browser is open a box pops up stating the following:

Critical System Warning!
Your system is probably infected with the latest version of Trojan.Zlob-X.a
Full system optimization will greatly increase your computer's performance and prevent data loss.

Click OK to download antispyware software! (Recommended)

Since the box wouldn't go away, I finally clicked ok and a product called IEDefender was downloaded - it offered a fix, but wanted payment. I noticed an error in the payment popup so I didn't download it. But the issue is persistent. And my Google search page is corrupted as well - any time I try to use it, I get weird links including one for a porn site.

Anway, I found this link on the site (http://forums.techguy.org/malware-removal-hijackthis-logs/650694-solved-spyware-trojan-zlob-x.html) and attempted to follow the instructions. It's exactly the issue I have. I made it to the ComboFix download - when I launched ComboFix, an error message regarding the date of the product promptly shut down the program and removed it from my desktop. I sent a general message to the Tech Support Guy site and the response was I shoudn't try to fix my problem following someone else's fix, which may be unique.

Can someone help me?
 

A:PopUp Issue: Critical System Warning - Trojan.Zlob-X.a virus

12 more replies
Answer Match 67.62%

I found a thread on this already and tried to post a question on it but it said I didnt have access to that thread so I thought I'd post it here in hope I could get some help. I also have this "Critical System Warning!" pop up coming up every time I load a page in Internet explorer and it also affects my google searches. I followed dvk01's instructions to remove it that I foound in another thread but was curious if the fix that he posted would work on my system or if it was especially tailored to the posters PC. Here is dvk01's fix :
[Unregister Dlls]
[Registry - All]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {741403DD-46A4-4D58-8FA7-427335C3BBF6} [HKLM] -> %System32%\PowerVideo.dll [Video On-line]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Files/Folders - Created Within 30 days]
NY -> PowerVideo.dll -> %System32%\PowerVideo.dll
[Empty Temp Folders]
[Reboot]
I have attached my WinPFind3U.txt output log from the program. All I need to know is if this fix will work for me or what I need to change because I am trying the fix right now but it... Read more

A:PopUp Issue: Critical System Warning - Trojan.Zlob-X.a virus

I found another post with the exact same issue and I got my problem resolved by using the spyware removal tool mentioned. thanks anyways
 

1 more replies
Answer Match 66.78%

I am getting a constant bubble popup in my system tray titled "System Instrusion Detected!"The full text of the bubble (note the misspellings and poor grammar) is:"System Instrusion Detected!Dangerous infection was detected on your PCThe system will now download and install most efficientantimalware program to prevent data loss and your privateinformation theft.Click here to protect your computer from the biggest malwarethreats."Also, SpywareStrike 2.5 is being installed automatically even if I uninstall it.Any help is much appreciated!Here is my Hijackthis.log:Logfile of HijackThis v1.99.1Scan saved at 1:04:11 AM, on 1/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\NETGEAR\MEDIAS~1\ImmsService.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC... Read more

A:Getting Bubble Popup In System Tray Titled "system Instrusion Detected!"

Hello dioskilos, A tip of the hat to noahdfear for this fix. Print out these instructions as we will need to shutdown every window that is open later in the fix.Download SmitRem and save the file to your desktop. Double click on smitRem.exe and then click on Start. When it is done, click on the OK button. You should now have a folder called smitRem on your desktop.Next, please reboot your computer in SafeMode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, press F8.Instead of Windows loading as normal, a menu should appearSelect the first option, to run Windows in Safe Mode.When your computer has started in safe mode and you see the desktop, close all open Windows.Open the smitRem folder on your desktop and double click the RunThis.bat file to start the tool.Follow the prompts on screen and wait for the tool to complete and disk cleanup to finish.When the tool is finished, it will will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or the partition where your operating system is installed. Examining that log should show that the infection was cleaned.Reboot your computer back to normal mode.Click on the Start button, then click on All Programs (or Programs), and then locate the SpywareStrike folder and right-click on it. Select the option to delete that folder. Post a fresh Hijackthis log, the smitfiles.txt log, and tell me how your computer is running.

2 more replies
Answer Match 66.78%

I downloaded a video player from the net, which causes this pop up each time i attempt to connect to the net. PopUp Issue: Critical System Warning - Trojan.Zlob-X.a virus

it recommends downloading antispyware (which i have not done.) I have downloaded hijackthis. Can you help?

here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:49, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Spyware Doctor\svcnt... Read more

More replies
Answer Match 65.94%

Detail pls refer 2 attached popup.doc file.

A:Critical Error! Virus Detected Keep Poping Up

Hello acklim and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
Reg - MountPoints... Read more

1 more replies
Answer Match 65.94%

I've tried to recover my system with recovery manager. After this procedure I've got information that my instalation is not correct. Below information from my recovery manager. I bought my Envy with Windows8.1 and few month ago I installed upgrade to Windows10. 17:56:01.30] ChkErrBB.CMD :  Detect some error during PININST_BBV.[17:56:01.33] ChkErrBB.CMD :  Check c:\system.sav\logs\BurnBootWarn.log[17:56:01.33] ChkErrBB.CMD :  or, check c:\system.sav\logs\BurnBootMerge.log[17:56:01.33] ----------------------------------------[17:56:01.33] Critical error condition was detected at BBV1...[17:56:01.33][17:56:01.33] Refer the following file if exists.[17:56:01.33]   - c:\system.sav\Logs\BurnBootWarn.log[17:56:01.33]   - c:\system.sav\Logs\BurnBoot.log[17:56:01.33][17:56:01.33] Switch to 2ndCap's WinPE and show [Recovery Manager]'s Incomplete dialog.[17:56:01.33] because RM's dialog can't appear on [Start] screen on Win8 environment.[17:56:01.33] customer may not notice RM already shows Error dialog.[17:56:01.33][17:56:01.33] ----------------------------------------there might be unexpected reboot during BBV Clean or Last...The process will cause CTO panic because the image might not be normal... what now? harryON

More replies
Answer Match 65.94%

I recently notice that when I go into my windows explorer and click on any folder to access it a windows pops up saying :

Attention, <displays my full name here>! Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!
Click OK to download the antispyware. (Recommended)Click to expand...

When clicking no it sends me to: http://free-viruscan.com/id/4912933/4/1/
Which then brings it up as being blocked stating:

Reported Web Forgery!

This web site at free-viruscan.com has been reported as a web forgery and has been blocked based on your security preferences.

Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.

Entering any information on this web page may result in identity theft or other fraud.Click to expand...

I have Bitdefender AV 2008 Build 11.0.17 and have done a deep system scan with no results. Everything is up to date on that.

I have Windows XP SP2, 10gb partitioned for C: and 2 50gb partitions for programs and music etc. Anymore info just let me know!
Thanks,
matyd

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:21 AM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\... Read more

A:Critical Error popup when accessing any folders in windows explorer...

Anyone have any ideas?
 

1 more replies
Answer Match 64.68%

I have a vista 32 that I have encountered a trojan than I spent all day trying to get off. I downloaded installed and uninstalled several type of search and clean malwares. I would install run then reboot in safe mode and run again. I did this yesterday on at least 4 different types of cleaning tools. I still have the hard disk error with a bogus (I think) WindowsRecovery message that won't close. A guy I know that does this type work commercially asked if I had ran the combofix as one of the things I had done and I said no. So after reading the instructions I am ready to move forward with help. I also have a black screen and all my desktop icons are gone as well as favorites and that is what I know up to this point.

A:Critical Hard disk error has been detected with black screen

Please follow our Removal Guide here,there are steps there that should clear this. Remove Windows Recovery .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

6 more replies
Answer Match 64.68%

Hi. I'm new here. Am hoping someone can help me with my infected computer.First off; I have Windows Vista, Dell Dimension, McAfee Antivirus.My McAfee alerted me to a found trojan and said it got rid of it. Shortly after I started having computer issues and the following message came up:Critical error damaged hard drive clusters detected?? Private data is at risk!!Then it says there is no disc space.I went to another computer to try to find some answers. It was suggested to run Dell Diagnostics and I did that, going through the memory and all hard drives. It came up with no problems. I then went to Device Manager and started looking into that when the error messages came up again.Does anyone have any suggestions? Thanks

A:Critical error damaged hard drive clusters detected??

Have a read of this to see if it relates to your problem or not Mitann

5 more replies
Answer Match 63.84%

Hello.I just got home from a three day trip, and when i turned on my comp the first thing that came popping up was this error screen: I have no ideas of its origins, i'm guessing my brother stumbled upon it somewhere, but it's here now and i'd very much like it not to be I've tried reading in on the subject, but without grater success. According to the information i've found i'm dealing with some sort of SmitFraud here?So now i humbly turn to you for help.Here are the first logs:MAIN.TXTDeckard's System Scanner v20071014.68
Run by kim on 2008-05-24 14:40:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
81: 2008-05-24 11:40:17 UTC - RP370 - Deckard's System Scanner Restore Point
80: 2008-05-24 07:08:36 UTC - RP369 - Removed SPYWAREfighter.
79: 2008-05-23 18:05:51 UTC - RP368 - Installed SPYWAREfighter.
78: 2008-05-22 13:34:30 UTC - RP367 - System Checkpoint
77: 2008-05-21 13:06:29 UTC - RP366 - System Checkpoint
-- First Restore Point --
1: 2008-02-24 17:06:54 UTC - RP290 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Tr... Read more

A:Error Message: Your System Is Infected By Dangerous Virus!

Hello mrrej89,Download FixIEDef.exe by ShadowPuterDude to the Desktop. Mirrors: Alternate official download locations for FixIEDef.exe http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe http://hosts-file.net/download/fixiedef/fixiedef.exe http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef http://archives.mysteryfcm.co.uk/?f=Securi...pyware/FixIEDef Double-click FixIEDef.exe, this will create a folder named FixIEDef on your Desktop. Double-click of the FixIEDef folder. NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender. WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process VISTA Users: Double-click on DisableUAC inside the FixIEDef folder and answer "Yes" if asked if you want to merge with the registry. After the script has finished double-click on EnableUAC.reg inside the FixIEDef folder to re-enable UAC. Answer "Yes" if asked if you want to merge with the registry. Locate FixIEDef.bat and double-click on it. VISTA Users: Right-click on FixIEDef.bat and select "Run as Administrator&q... Read more

2 more replies
Answer Match 63.42%

When I open my dad's account (he is not the administrator) the desktop is black with a blue dialogue box (WindowsRecovery) which looks like it's from Vista or Windows 7 which is weird because I run xp. It says I have bad sectors on hard drive. It also pops up a dialogue box "Hard Drive Failure - The system has detected a problem with one or more installed IDE / SATA Hard disks. It is recommended that you restart the system." Also the lower right balloon near the clock says " Critical error run a system diagnostic utility .... Windows can't find hard disk space" and something about RAM. Please help!.DDS (Ver_11-03-05.01) - NTFSx86 Run by Aman Enconado at 16:14:21.56 on Sat 04/16/2011Internet Explorer: 6.0.2800.1106Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.246.31 [GMT 8:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\System32\svchost.exe -k HPZ12C:�... Read more

A:WINDOWS RECOVERY [CRITICAL ERROR Damaged hard drive clusters detected]

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 63.42%

I previously had a virus in a hidden folder on my PC called System Volume Information/restore. A harmful file was always detected in there, so I used AVG antivirus to get rid of it as it did well to delete/quarantine the file.

So now, whenever I do any online or manual program scan (as I did now with the panda activescan), no viruses are detected - only spyware and other possible hacking tools. However, I am unable to create a System Restore Point. I have raised this issue on the Windows XP help forum, but they are still in a very lengthy process of finding a solution and it seems they have given up. The error message I get is "System Restore is unable to create a Restore Point. Please restart your computer and try again", of course no matter what I try, nothing works. Ive tried toggling it off and on, and even used some scanners to find broken registry files which were repaired, however it still doesnt work.
I may have something wrong with my system as it seems. Is there any high extent of damage in this? This is my DSS report:


Deckard's System Scanner v20071014.68
Run by Domagoj on 2008-03-04 14:47:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Domagoj.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:28 PM, on 04/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00... Read more

A:An infection prevents me from using System Restore...No viruses detected, need help!

Bump.

3 more replies
Answer Match 62.16%

Himy problem that when i enter any folder or any website this pop-up message shows upso i downloaded combofix and it fixed the problembut after3 weeks i downloded the virus agian and it hit meand i tried combofix agian but i didbt work because a message appared and said the i have it alreday installedthen i tried the DSSand this is my logand the extra is in the attachmentand the log file that was created by combofix just in caseHELP ME PLZ!!!!Deckard's System Scanner v20071014.68Run by Medo on 2008-07-07 00:51:52Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --45: 2008-07-06 20:51:57 UTC - RP45 - Deckard's System Scanner Restore Point44: 2008-07-06 20:18:18 UTC - RP44 - ComboFix created restore point43: 2008-07-06 20:17:01 UTC - RP43 - ComboFix created restore point42: 2008-07-07 16:08:16 UTC - RP42 - System Checkpoint41: 2008-07-06 00:28:48 UTC - RP41 - System Checkpoint-- First Restore Point -- 1: 2008-06-14 12:06:14 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Medo.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:53:10 AM, on 7/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.... Read more

A:Attention! Some Dangerouse Viruses Maleware!

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. First let me tell you that you should not use Combofix without the proper direction. It's a powerful program and has the potential to render your computer unbootable. Click START then RUN Now type Combofix /u in the runbox and click OK

When shown the disclaimer, Select "2"===================Download Flash_Disinfector.exe by sUBs and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning and then exit the program. Reboot your computer when done.Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.===================Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwa... Read more

2 more replies
Answer Match 62.16%

Hey folks,

It looks like I've got a medley of virii. Prior to finding this forum, I attempted to fix the problem using several anti virus/spyware applications. While they found and apparently fixed some problems, the System Window entitled "Critical System Warning!" was not fixed, nor were the balloons that popped up from the system tray.

Here's what the System Window had to say:

Critical System Warning!
Your system is probably infected with the lastest version of Spyware.Cyberlog-X.
Type: Spyware
Infected Length: 266,129 bytes
Risk: High
Affected Systems: Windows 95, 98, 2000, NT, 2000 Server, Windows XP
Behavior: Cyberlog-X is a spyware program that monitors user activity, logs keystrokes, and track Web sites visited.
Symptims: Low Internet connection speed
Low System Performance
Secyrity center alerts
Strange pop up windows
Protection: Click OK to download antispyware software

After reading several posts, I ran ComboFix and it appeared to fix the obvious problems. Would someone mind looking at my logs to see if there are any processes running in the background? Is there any script that I can drag and drop into ComboFix (or any other solution) that would remove these processes?


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:13, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.ex... Read more

More replies
Answer Match 61.74%

Help! I have an unknown number of viruses on my computer! When I started it this morning, there was a UAC warning to run Update.exe from Windows\System32\Java\Update.exe. Then, I got a run dialog for an svchost in the Roaming folder! Then, I ran avast and it said my op was infected so I scheduled a boot scan. It found something in Temporary Files but my keyboard suddenly froze and I could not select delete options so I had to restart. Then Windows Error Recovery Came up and Repair just went back to the main screen so I selected Start Windows Normally.

Could you guide me through what to do? I haven't used HijackThis before.

A:Infected by Dangerous Viruses!!!

Hello there! Scan with this:

Malwarebytes.org

6 more replies
Answer Match 61.74%

Help! I have an unknown number of viruses on my computer! When I started it this morning, there was a UAC warning to run Update.exe from Windows\System32\Java\Update.exe. Then, I got a run dialog for an svchost in the Roaming folder! Then, I ran avast and it said my op was infected so I scheduled a boot scan. It found something in Temporary Files but my keyboard suddenly froze and I could not select delete options so I had to restart. Then Windows Error Recovery Came up and Repair just went back to the main screen so I selected Start Windows Normally.

Could you guide me through what to do? I haven't used HijackThis before.
 

More replies
Answer Match 61.32%

Keyboard not detected, Mouse not detected. Fatal Error, System Halted.

That's what the system said, in DOS, on the black screen. Of course, I had my mouse and keyboard unplugged at the time, because I had just unplugged everything to move the computer.

Anyways, I plugged the keyboard and mouse in, restarted the computer, and everything started normally.

My question is, what is with this error? Vista can't boot up if I don't have a keyboard and mouse plugged in? It's not a big deal, but it seems like very odd behavior.
 

A:Keyboard not detected, Mouse not detected. Fatal Error, System Halted.

This has nothing to do with Vista whatsoever. As you said it showed up on the black screen with white text, which is the boot screen. The computer hasnt even started loading windows yet. The fatal eror occurs because you have no input device. The computer recognises this, and given that they are important, it puts a warning up that there is no connection.
It is completely normal, really, and whatever OS you have, its going to do the same thing.
 

1 more replies
Answer Match 61.32%

Hi,

I got this error "Critical System Error! / System Alert:Trojan [email protected] " a few days ago. I had to select a Restore point in order to get back on the internet and now my computer is running excruciatingly slow. I ran Trend Micro Call, spybot, and a few others to try and get rid of the problem before I found this website. I have included the log as requested. Any assistance would be appreciated!!! Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:26 PM, on 12/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\... Read more

A:Critical System Error! / System Alert:Trojan [email protected]

Bump
 

1 more replies
Answer Match 61.32%

I got another call from my Dad today. After cleaning his computer completely last month with help from BleepingComputer.com there is another problem so I went to check it out. I can't believe it.

Now on startup a fake system scan runs with many warning of I/O errors and critical hard drive problems. It tries to take you to file-recovery-system.com to buy something. Obviously it is a virus/hijack. I searched on the web for fixes and was able to use RKill.exe to at least stop the process and the warnings. I tried to install MBAM but the install failed twice, I get a permission denied warning. I tried to install after restarting in safe mode, but had the same access denied at the end of the install.

Computer is Windows 7. I am posting from my clean computer since the browser redirects on his computer make it almost impossible.

A:file-recovery-system.com takeover, critical system error warnings

Boot into safemode with networkingDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

28 more replies
Answer Match 61.32%

I accidentally clicked a bad link and it directed me to this site which I closed immediately, and I received some kind of html script virus that made me open a lot of microsoft office outlook , however my antivirus quarantined it and I deleted it afterwords.

Should I still be cautious of the virus?



this is the link that gave me the virus: tinyurl.com/dyrusreplay

A:How dangerous are Html script viruses?

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

2 more replies
Answer Match 60.48%

Since yesterday, Avira has been contacting my non-stop about different viruses detected, the main ones being TR/Rootkit.Gen and Swizzor.Gen and more, but mainly Trojans and most found in C:/system32/driver
After repeatedly sending all the files to Quarantine, it seemed to calm down a little. I went into Safemode and scanned my pc with Malwarebytes AND Avira. I then rebooted and went back to normal Windows.

Today, I tried to download Avast because of its features range, but whilst installing, I came back and my computer had rebooted itself. It will stay on the Log in screen for a few seconds then restart again. The furthest I've gotten is logging into my account and then the screen goes blank. I am now in Safemode. Btw, I downloaded Avast from their website and I am using Mozilla Firefox not Internet Explorer (if that helps).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:36, on 17/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/... Read more

More replies
Answer Match 60.48%

Hi, i have no idea what's goin on with my computer. I came home and I see a new icon on the system tray. I'm not the only one that uses this computer so it could be something someone downloaded. It's flashing with an exclamation mark and and balloon that says that I have critical system errors. Here is my HJT Log...

Logfile of HijackThis v1.99.1
Scan saved at 11:54:13 PM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:... Read more

A:critical system error popups from system tray

You do have Smitfraud so we need to do the following:

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report ... Read more

3 more replies
Answer Match 60.06%

this is the error message i get, it pops up all the time with a red circle and white X
and then it keeps starting a program called spyaxe 3.0 and wanting me to buy it

i have adware, avg virus, zone alarm , windows one care and spybot search and destroy, i have done scans with all of them and i stil have this problem

what can i do to get rid of this ??

thanks

noasad

A:Dangerous Malware infection was detected

You need to uninstall Spyaxe. See this:

SpyAxe is an anti-spyware application that may be distributed and installed without a user?s knowledge or consent. The installed application functions up to the point when a user wants to remove a found infection, at which point the software requires purchase. The software may falsely alarm about infections, even prior to conducting a scan.

SpyAxe will falsely alarm the user of a registry key, which the software claims is a component of 2Search, and marks it as a high security risk. The registry key is actually belongs to a scripting component and is a part of the Microsoft Windows operating system.

Spyaxe seems to be downloaded and installed by Trojan-Downloader.Win32.Zlob.

To remove Spyaxe, follow the instructions here: http://www.bleepingcomputer.com/forums/topic36868.html

Hope it helps!

18 more replies
Answer Match 60.06%

Ok, here's the problem. Starting yesterday, Avira has been contacting me non-stop about different viruses detected, the main ones being TR/Rootkit.Gen and Swizzor.Gen and more, but mainly Trojans and most found in C:/system32/driver.After repeatedly sending all the files to Quarantine, it seemed to calm down a little. I ran a scan with Malwarebytes, but after 9 hours, it froze and was so slow I had to open Windows Task Manager and shut down my computer mid-scan.I went into Safemode and scanned my pc with Malwarebytes AND Avira. I then rebooted and went back to normal Windows.Today, I went into Safe Mode to scan with Malwarebytes AND Avira (with around 90 viruses in total found). However, Rootkit still kept coming up so I tried to download Avast because of its wide range of features, but whilst installing, I came back and my computer had rebooted itself. It will stay on the Log in screen for a few seconds then restart again. The furthest I've gotten is logging into my account and then the screen goes blank. It continues to restart even when I don't touch it. I am now in Safemode. Btw, I downloaded Avast from their website and I am using Mozilla Firefox not Internet Explorer (if that helps).I need this problem fixed ASAP because I have to start my GCSEs coursework which determines the grades I get when I get back next Monday. What do i do?

A:Been infected with dangerous viruses. Keeps restarting. Help needed immediately please!!

Hello do the the sious urgency,, Reformatting and reinstlling the system may be fastest and most secure,We can try booting from a rescue CD.Avira AntiVir Rescue System

1 more replies
Answer Match 59.64%

I run TrendMirco Internet Security 2007. A few days ago, I was doing a Google search and one of the links I hit pulled up got an immediate popup from Trend Micro indicating that I was trying to access a dangerous website. It actually happened twice once for w1.madway.net/cgi.bin and then for master.madway.net/cgi.bin. I immediately closed Internet Explore, but Trend Micro responded that a change had been made to my startup file which I asked it to roll back. Within 15 mintues the dangerous website popups started again. I shutdown, rebooted, and did a scan. TrendMirco found no issues, so I loaded a new signature, and Trend Micro did not find anything again. The popups telling me I was trying to access these two dangerous websites continued, so I blocked access to the sites via TrendMicro and then called them. We tried a few things, and then they asked me to send them a HJT log. I did and they suggested some changes and I made them but the dangerous web site popups continue. Obviously they only happen when I am connected to the Internet. I am continuing to pursue this issue with them, but I have used your forums before and have had excellent response (I am a former CIO, so I don't drop those kinds of comments lightly) so I thought I would submit the problem to you as well.

HJT log is attached.
Best regards, Lois
 

More replies
Answer Match 59.64%

I dont know what happened or when. Im not having any issues with my PC but all this came up today. My malwarebytes found nothing. I CCleaned..defraged.. dusted & waxed. What is this junk? Do I have a virus or is Vista just forcing me to upgrade? "";"Locked file. Not tested., C:\Program Files (x86)\Google\CrashReports\";"Infected""";"Contains macros, C:\Program Files (x86)\Microsoft Office\Office12\1033\EXPTOOWS.XLA";"Infected""";"Contains macros, C:\Program Files (x86)\Microsoft Office\Office12\Library\HTML.XLAM";"Infected""";"Password-protected, C:\ProgramData\AVG2013\IDS\config\quarantinedList.zip";"Infected""";"Locked file. Not tested., C:\ProgramData\Desktop\";"Infected""";"Locked file. Not tested., C:\ProgramData\Documents\";"Infected""";"Locked file. Not tested., C:\ProgramData\Favorites\";"Infected""";"Locked file. Not tested., C:\ProgramData\MFAData\msistorg.dat";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\02598c934385f330a935bda28d42b3c0_6d5b2038-4853-410b-ae52-70f22458b034";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03432f824cd17880cacbee7982c6a378_6d5b2038-4853-410b-ae52-70f22458b034";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03e3ea7301a61d2c42e69d0dbf7f91f6_6d5b2038-4853-410b-ae52-70f22458b034";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\083c634a2c3bea98e06057470b4a945a_6d5b2038-... Read more

A:AVG detected 267 potentially dangerous threats- not all were removed.

Hello, these are "Locked" files and cannot be modified by malware. They should NOT be unlocked. If you feel the need to scan these, use the AVG Rescue CD 
You may want to disable locked files reporting I AVG so they won't report these.

5 more replies
Answer Match 59.22%

Hello everyone, I keep getting a pop up that says i have been infected with the Trojan.win32.Agent.akk virus and must download a spyware program. Can anyone help me remove this trojan? thanx a lot.

A:Critical System Error

Use the Smitfraudfix tool in the link below.http://siri.urz.free.fr/Fix/SmitfraudFix_En.phpImportant==Follow up with SAS. Download and Install Super Antispyware free. Reboot and run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/How to Start Windows in Safe Mode:http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/ Post back with results of scans and for further instruction.

10 more replies
Answer Match 59.22%

Logfile of HijackThis v1.99.1Scan saved at 10:11:07 PM, on 10/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exec:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1135570678\ee\services\safetyCore\ver2_5_4_1\aolavupd.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\mcafee.com\personal firewall\MPFService.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Panda Software&#... Read more

A:Critical System Error Pop Ups

Help!!!! I HAVE RUN ANTI VIRUS AND ANTI SPYWARE AND I AM STILL INFECTED. DON'T KNOW WHAT ELSE TO DO!!!! I HAVE 2 ICONS BY THE TIME THAT SAY THAT I HAVE SOME TYPE OF CRITICAL SYSTEM FAILURE WHEN I CLICK ON THE BALLOON IT TAKES ME TAKES ME TO SOME WEBSITE TELLING ME TO BUY THIER SOFTWARE I HAVE RAN ALL KINDS OF SCANS AND HAVE DELETED THE SPYWARE AND IT KEEPS SHOWING UP!!!!Logfile of HijackThis v1.99.1Scan saved at 9:29:01 AM, on 10/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exec:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0&... Read more

6 more replies
Answer Match 59.22%

My computer seems to have been infected by some kind of nasty. I have used Trend Micro - Housecall and cleared some infections but still keep getting a Critical System Error notice in my taskbar which reads,

"System detected virus activities. They may cause critical system failure, Please use antimalware software to clean and protect your system from parasite programs. Click this balloon to get available software."

When clicking for more information I am taken to the website for "Virusburst" I know nothing of this site and suspect that this may be the very spyware/adware/malware that I am trying to rid myself of. Any advise appreciated.

Using XP home SP2

Should I run and submit a HijackThis Log?
 

A:Critical System Error

pilotbob said:

My computer seems to have been infected by some kind of nasty. I have used Trend Micro - Housecall and cleared some infections but still keep getting a Critical System Error notice in my taskbar which reads,

"System detected virus activities. They may cause critical system failure, Please use antimalware software to clean and protect your system from parasite programs. Click this balloon to get available software."

When clicking for more information I am taken to the website for "Virusburst" I know nothing of this site and suspect that this may be the very spyware/adware/malware that I am trying to rid myself of. Any advise appreciated.

Using XP home SP2

Should I run and submit a HijackThis Log?Click to expand...
Yes by all means...
 

2 more replies
Answer Match 59.22%

Hello

My system was attacked with some virus and currently the message critical system error pops up often.My OS is Windows XP.And I think I got this problem while trying to download some software.When ever I try to click the CRITICAL Error it takes me to VIRUSBLAST softwares and asks me to buy them.Trying to search in the forums for similar problems,I found to use SmitFraudFix and here is the text I got from that.Can anybody help me before my system crashes..and Thank you.

SmitFraudFix v2.110

Scan done at 19:53:38.78, 10/16/2006
Run from C:\Documents and Settings\Subash Chandra Bose\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\
C:\WINDOWS
C:\WINDOWS\system
C:\WINDOWS\Web
C:\WINDOWS\system32

C:\WINDOWS\system32\dpfwu.dll FOUND !

C:\WINDOWS\system32\LogFiles
C:\Documents and Settings\Subash Chandra Bose
C:\Documents and Settings\Subash Chandra Bose\Application Data
Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM... Read more

A:Critical System Error !!

14 more replies
Answer Match 59.22%

Hello people I have a virus can someone please help.here is my hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 7:52:25 PM, on 11/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\iVideoCodec\isamonitor.exeC:\Program Files\iVideoCodec\pmsngr.exeC:\Program Files\J... Read more

A:Critical System Error!

Please download SmitfraudFix (by S!Ri) to the Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zipExtract the files to the Desktop A folder named SmitfraudFix is created. We?ll use this program shortly.~~~~Start the computer in Safe Mode :-When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. -Select the option for Safe Mode using the arrow keys.-Press Enter to boot into Safe Mode. ~~~~Open SmitfraudFix Double-click smitfraudfix.cmd Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. The tool also checks if a relevant file, wininet.dll, is infected. You may be prompted to replace the infected file (if found).Replace infected file? Answer Y (yes) and hit Enter to restore a clean file. ~~~~Restart the computer to complete the removal process.~~~~Please post the SmitFraudFix report located at C:\rapport.txt , and a new HijackThis log.

1 more replies
Answer Match 59.22%

Hi,

I often leave my computer on all the time. Last night, i ran some spyware checkers and found nothing... and went to bed, today i wake up and the monitor is black... great, now what happened. i hit the reset switch....boots up all the way past the user name entry and then bang....

blue screen telling me- Stop: c000021a {fatal system error} The windows logon process system terminated unexpectedly with a status of (0x00000000 0x00000000). The system has shut down.

Ok, thats really nice, anyone know what i can do to save my system? I can boot into safe mode just fine. Loaded up into windows the normal way, and worked but then about 5 mins later, crashed right to that blue screen again...
 

A:critical system error

Have a look at: http://support.microsoft.com/search...L&maxResults=25&Titles=false&numDays=&InCC=on and see if any of these apply to you.
 

7 more replies
Answer Match 59.22%

I've some sort of a virus on my computer and i cant run any antivirus softwares nor spyware.. whenever i run those softwares, the computer shutsoff automatically. please help :s

Logfile of HijackThis v1.99.1
Scan saved at 12:32:22 AM, on 30/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Real\Update_... Read more

A:Critical System Error!

7 more replies
Answer Match 59.22%

Hallo,
I have icon on my main toolbar which is still shows balloon with text, that my computer is infected and it offers me programs for remove it.

Here is my Hijackthis, thanks:

Logfile of HijackThis v1.99.1
Scan saved at 11:49:07, on 20.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Max PC Secure\MaxSpyDetector\SDSystemTray.exe
C:\WINDOWS\system32\MaxSecureTray.exe
C:\Program Files\Max PC Secure\MaxSecure... Read more

A:critical system error

Hi vakoveverka

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd


Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.


Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to f... Read more

3 more replies
Answer Match 59.22%

Hello administrator, I was wondering if i could receive a little bit of help in eradicating a pesty problem that I have.i have an alternating blink between a green (wheelchair picture found in control panel) and a red (it looks like a stop smoking circle with a line drawn through it) icon. whenever my computer starts up, it is the first item to load into my lower right hand corner taskbar where the clock is. and a message pops up right above the clock area stating exactly: critical system error!system detected virus activities. they may cause critical system failure. please, use antimalware software to clean and protect your system from parasite programs. click here to get all available software.Logfile of HijackThis v1.99.1Scan saved at 9:16:11 PM, on 5/17/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\... Read more

A:Critical System Error!

Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

5 more replies
Answer Match 59.22%

Here's my Hijackthis log file, please help...Logfile of HijackThis v1.99.1Scan saved at 11:14:37 PM, on 9/8/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NP... Read more

A:Critical System Error

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download SmitfraudFix (by S!Ri) to your Desktop.Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.=======================Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close ewido anti-spyware. Do not run a scan yet!========================Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When... Read more

8 more replies
Answer Match 59.22%

Hi there, I`ve read your post zhen you helped the guy zith this spyware. It is just i have(had perhaps) it to and I follozed every step of this post http://forums.techguy.org/security/518452-solved-help-critical-system-error.html
I've installed the java update after I fully deleted the old one. I used smitfraud to search and in safe mode clean the registry. I ran a hijack scan and this is the output:

Logfile of HijackThis v1.99.1
Scan saved at 20:31:55, on 23-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Ima... Read more

A:Critical system Error

9 more replies
Answer Match 59.22%

Logfile of HijackThis v1.99.1Scan saved at 11:26:55 a.m., on 07/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Archivos de programa\LANDesk\Shared Files\residentagent.exeC:\Software\System Manager\BIN\ssm.exeC:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Software\System Manager\BIN\modemview.exeC:\Archivos de programa\Norton AntiVirus\navapsvc.exeC:\Archivos de programa\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\RTHDCPL.EXEC:\... Read more

A:Critical System Error!

Searching in this forum, i find the solution. Plese read this post:http://www.bleepingcomputer.com/forums/ind...al+System+Error!

3 more replies
Answer Match 59.22%

please help tried everything i know!Logfile of HijackThis v1.99.1Scan saved at 6:51:21 PM, on 10/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeD:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeD:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Boingo\WENGINE\wmonitor.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeD:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXED:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exeC:\WIND... Read more

A:Critical System Error

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

3 more replies
Answer Match 59.22%

Can anyone help me solve the problem.Here is my hijeckthis log Logfile of HijackThis v1.99.1Scan saved at 7:36:15 PM, on 10/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeC:\Program Files\Photodex\CompuPicPro\ScsiAccess.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\svchost.exec:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXEC:\Program Files\MMediaCodec\isamonitor.exeC:\Program Files\MMediaCodec\pmsngr.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\MMediaCodec\pmmon.exeC:\Program Files\ScanSoft\OmniPag... Read more

A:Critical System Error!

Hi Abba Cohen and Welcome to the Bleeping Computer!Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

6 more replies
Answer Match 59.22%

So my computer was attacked by virus or trojan. It always pop up the windows that say your computer was infected by Hijacker, and those kind of stuffs. I download the Hijackthis and romove all of those virus, but still on my taskbar still have the Critical System Error flashing )near by the clock) and say click here to download the available software to protect your computer and something like that. When I click it, the VirusBurst pop out on the webpage. So I wanna know if you guys can help me to make that website or to remove this Critical System Error... I really thank for your help.And this is the Logfile that I coppy from the notepad that appeared after using Hijackthis.Logfile of HijackThis v1.99.1Scan saved at 4:17:17 PM, on 9/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ACS.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Sha... Read more

A:Help Plz! Critical System Error

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.You are using the LimeWire and BearShare p2p file sharing program.This is not technically malware by itself, but it installs malware in order to run properly.It also opens the door for every other nasty program you can think of. I strongly recommend that you remove it from your computer.Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/I suggest you remove the program now. Of course if you decide to keep it, it's not a problem.Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:LimeWireBearShareThis is another article you can read:http://www.cexx.org/adware.htmRun HijackThis.On the first menu, click... Read more

10 more replies
Answer Match 59.22%

I have either a virus or malware attached to my system. There is a Question Mark and "X" that keeps flashing on the bottom right task "start up" bar. I completed the hijackthis steps and have run hijackthis for your review. Thank youLogfile of HijackThis v1.99.1Scan saved at 10:14:06 PM, on 10/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:&... Read more

A:Critical System Error!

What is disabled in msconfig - startupYou should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results fro... Read more

6 more replies
Answer Match 59.22%

Hi, I am getting a flashing icon saying i have critical system errors. I have done scans with zone alarm, ewido, spybot but nothing comes up. I tried virus bursters and got Money Tree - Win 32.TrojanClick.Spywad.b - SPY.Html.Smitfraud.c - Smitfraud.g

I have run in safe mode using all the scans i can send a hijack this log if it will help but not sure where to send it.
 

A:critical system error help

14 more replies
Answer Match 59.22%

Logfile of HijackThis v1.99.1Scan saved at 1:50:44 PM, on 10/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\Creative\Shared Files\CAMTRAY.EXEC:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\i... Read more

A:Critical System Error

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download SmitfraudFix (by S!Ri) to your Desktop.Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.=======================Please download AVG Anti-Spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do not run a scan yet!========================Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is... Read more

2 more replies
Answer Match 59.22%

for some reason i have this pop up saying that i have a critical system error...can someone please help.. it would be greatly appreciated:this is my hijack this logLogfile of HijackThis v1.99.1Scan saved at 4:42:59 PM, on 11/09/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\iCodecPack\isamonitor.exeC:\Program Files\iCodecPack\pmsngr.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\iCodecPack\pmmon.exeC:\WINDOWS\System32\RunDll32.exeC:\Program Files\iCodecPack\isamini.exeC:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEC:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exeC:\Program Files\ThinkPad\ConnectUtilities\... Read more

A:Critical System Error

this is a newer log:please help!Logfile of HijackThis v1.99.1Scan saved at 11:24:36 PM, on 11/09/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\System32\QCONSVC.EXEC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\WINDOWS\System32\RunDll32.exeC:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXEC:\Program Files\ThinkPad\Utilities\TpKmapMn.exeC:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Support.com ... Read more

11 more replies
Answer Match 59.22%

Hijack Log on Win 2000 laptop Help me, I am at a horrible crawl
Logfile of HijackThis v1.99.1
Scan saved at 2:12:23 PM, on 10/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\... Read more

A:Critical System Error

Hijack Log on Win 2000 laptop Help me, I am at a horrible crawl
Logfile of HijackThis v1.99.1
Scan saved at 2:12:23 PM, on 10/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\... Read more

2 more replies
Answer Match 59.22%

i was on my friend's comp when he keeps getting the critical system error. And when you click no the icon on the system tray it brings you up to a virusburst main website :T Maybe you guys can help him with the virus. Here is the HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 10:16:48 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\progra~1\valve\steam\steam.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cho\Desktop\hijackthis... Read more

A:Critical System Error

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

1 more replies
Answer Match 59.22%

Here's my HJT log, I have got the Critical System Icon in bottom right....... Can anyone help.Logfile of HijackThis v1.99.1Scan saved at 20:23:37, on 17/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\MMediaCodec\isamonitor.exeC:\Program Files\MMediaCodec\pmsngr.exeC:\Program Files\MMediaCodec\pmmon.exeC:\Program Files\MMediaCodec\isamini.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\SOUNDMAN.EXEC:\Apps\Powercinema\PCMService.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Adobe\P... Read more

A:Hjt Log - Critical System Error

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups.If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder.How do you make a permanent folder:Click "My Computer", then "C:\" and then on "Program Files".In the menu bar, "File"->"New"->"Folder".That will create a folder named "New Folder", whic... Read more

5 more replies
Answer Match 59.22%

Hello! I'm new to this forum and I'm having the same problem as gratenana did regarding Critical System error! Warning!!! The system is restored after critical error. Error code is 0x01FFEFAC. System Safety critically lowered now. Install System Error Fixer and Trusted Antivirus now? It then has a yes and no button. I hit no and my desktop (everything except the background) disappears.

I have downloaded HiJackThis and below is the log file. What should I do next? Please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:40 PM, on 10/18/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.000\shell.exe
C:\WINDOWS.000\System32\atiptaxx.exe
C:\WINDOWS.000\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\sj655\hpupdate.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS.000\System32\WinAvXX.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\G... Read more

More replies
Answer Match 59.22%

Hi ! recently my computer have been alerting me about viruses on my computer and there is always this pop up ( not from websites, rather from my taskbar, next to my internet icon) that says

YOUR COMPUTER IS INFECTED !

Critical System Error !
System detected virus activitis. They may cause critical system failure. please use antimalware software to clean and protect your system from parastie programs.

i've tried using free scan and it was dected that i have over 900 spyware ?! this is totally barbaric ! I've download so many addware,spyware, spyware terminator and they never work ! please help me ! Thanks in advance !

A:Critical System Error !

Does your popup look like any of the examples here? If so and your running Win XP or 2000, try the following:You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download, install and update Ewido Anti-Spyware v4.0. DO NOT perform a scan yet..Print out the Ewido Install and Scan Instructions. Go here and follow the instructions for using SmitfraudFix. Read "How to create/extract a ZIP File in Win ME/XP/2003" or "How to create/extract a ZIP File in Win 9x/2000" if your not sure how to do this.After using the tool reboot again in "SAFE MODE" and Clean out your Temporary Internet files as follows:Quit Internet Explorer and quit any instances of Windows Explorer.Click Start, click Control Panel, and then double-click Internet Options.On the General tab, click "Delete Files" under Temporary Internet Files.In the Delete Files dialog box, tick the "Delete all offline content check box", and then click "OK".On the General tab, click "Delete Cookies" under Temporary Internet Files, and then click "OK".Click on the Programs tab then click the Reset Web Settings button. Click "Apply" then "OK".Click "OK".Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. C... Read more

3 more replies
Answer Match 59.22%

i keep gettin this aswell, and sumthing else cums up saying i have need antimalware software:
SmitFraudFix v2.83

Scan done at 19:09:44.65, 06/09/2006
Run from C:\Documents and Settings\Jayesh\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

C:\
C:\WINDOWS
C:\WINDOWS\system
C:\WINDOWS\Web
C:\WINDOWS\system32
C:\Documents and Settings\Jayesh\Application Data
Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

C:\DOCUME~1\Jayesh\FAVORI~1
Desktop
C:\Program Files

C:\Program Files\PCODEC\ FOUND !
C:\Program Files\VirusBurst\ FOUND !

Corrupted keys
Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"F... Read more

A:Critical system error

7 more replies
Answer Match 59.22%

Hey guys, I did a logfile of my computer and now I'm trying to fix my friends. He has a "Critical System Error" encouraging him to buy software.. hmm.. never any anti-virus I have ever heard of. I ran spybot but that didnt do anything. He is running some downloaders so he might have gotten it from that.. little bit of help please?

Logfile of HijackThis v1.99.1
Scan saved at 3:01:48 PM, on 5/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\pudge\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software... Read more

A:Critical System Error...except its not...?

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

A. Please download the trial version of Ewido anti-malware from here:
http://www.ewido.net/en/download/Install Ewido anti-malware.
When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
The program will prompt you to update. Click the Ok button.
The program will now go to the main screen.
You will need to update Ewido to the latest definition files.On the left-hand side of the main screen click the Update Button.
Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.


B. Reboot your computer in Safe Mode.If the computer is running... Read more

1 more replies
Answer Match 59.22%

I recently got a message stating "Critical System Error! System detected virus activities. They may cause critical system failure. Please use a malware software to clean and protect your system from parasite programs. Click here to get all avialable software." This is in a red border box with a question mark symbol/do not enter symbol flashing. Also, a pop up stating "System integrity scan wizard" needed.

I had an outdated verison of McAfee and click on update which led me to WinAntirusPro 2006, which was added to my system. I also have PestTrap, which I think is worthless and wish to uninstall. WinAntivirisPro 2006 may not be very good either.

I want to get rid of the blinking "Critical System Error" indicator. My system is running slower than usual (virtual memory) too. I have Mediacom broadband.

Thanks for information and time given to my situation.
 

A:Critical System Error!

16 more replies
Answer Match 59.22%

This one?s lengthy and I hope not challenging for you guys. I am indebted for you previously getting me out of a fix with another computer of mine and am hoping you can help me with this problem.I have and have run repeatedly Norton, AVG super anti spyware free edition, Ad Aware 2007, Ad Aware SE Personal, CW Shreder and Spybot S&D to no effect.Here are, in great detail, the error messages I have been receiving:A balloon pops up from the tray attached to the yellow emblem w/the exclamation point advising: Your computer might be at risk*Latest software updates not installed*Incorrect files association*System appears to hang*Firewall has errorsClick balloon to fix the problemThen another balloon from the tray attached to the red emblem with the x on it will pop up advising:Tracking process is activated**ADDRESS: 0x10A3007BCan?t deactivate spyware program.Click baloon to fix the problemAnd finally the third balloon from the tray emblem with the four colors (red, green, blue, yellow) advising:Explicit content is detected:Further, I receive grey window pop ups :Your system is unstable.A problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer, Kernel32x.SYS ? Address 0xA73C20AE, error code Co2100, DateStamp 56b836A3, Kernel Debugger on port: COM3 (Port 0x19f, Baud rate 9201) If I click on any of the emblems, a web browser attempts to open and when I close it, the emblems disappear. I also receive this windows prompt:You h... Read more

A:Critical System Error

Yes, crj17.... you are infected with a variant of 'fake alert'/Zlob, also known as Smitfraud.Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php(If running Vista: Right click on it and choose "Run as Administrator") Click 'Do a System Scan and Save logfile'.The HJT log will open in notepad. Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

3 more replies
Answer Match 59.22%

my windows management instrumentation is damaged.i know this because when i go to the network connection advance tab,it says"Windows cannot display the Properties of this connection. The Windows Management Instrumentation (WMI) information might be corrupted.

To correct this, use System Restore to restore Windows to an earlier time (called a restore point). System Restore is located in the System Tools folder in Accessories."but when i click the system restore,is starts but the page is just white.i discovered this happen also to the search utility,system information(dont start not even once when i click it),and the help and support(also dont show any response after clicking it).any response is greatly appreciated.
 

A:critical system error

16 more replies
Answer Match 58.8%

Rootkit Revealer detected the file C:\System Volume Information\_restore{F6BB1AAD-2A8D-4B85-9D3A-4967072BF7AC}\RP257\A0034833.RDB which it described as "2.72 MB Hidden from Windows API.".

Is this hit a false positive, or is the file, in fact, a rootkit?
 

A:Suspicious file detected by Rootkit Revealer - dangerous or not?

6 more replies
Answer Match 58.8%

logo on the right side of my toolbar. i have gone through all the steps on the link below and am still getting the problem.http://www.bleepingcomputer.com/forums/t/63896/how-to-remove-virusburst-removal-instructions/my C:\Program Files\RoguesScanFix\task.txt file is:Export SharedTaskScheduler key ------------------------------ REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon""{168cf174-6dab-461c-a761-a7adfa5a5719}"="campy"sharedtaskkey: 168cf174-6dab-461c-a761-a7adfa5a5719 ---------------------------------------------------REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{168cf174-6dab-461c-a761-a7adfa5a5719}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{168cf174-6dab-461c-a761-a7adfa5a5719}\InProcServer32]@="C:\\WINDOWS\\system32\\wuwbxp.dll""ThreadingModel"="Apartment"

A:Critical System Error Flashing

this is my hijack this log:Logfile of HijackThis v1.99.1Scan saved at 2:31:55 AM, on 9/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Eset\nod32krn.exeC:\Program Files\Eset\nod32kui.exeC:\PROGRA~1\PESTPA~1\PPControl.exeC:\PROGRA~1\PESTPA~1\PPMemCheck.exeC:\PROGRA~1\PESTPA~1\CookiePatrol.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\TrojanHunter 4.6\THGuard.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AOLMediaPlaybackControl.exeC:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AOLMediaPlaybackControl.exeC:\Documents and Settings\Tim\Desktop\Fix it programs\HijackThis.exeR0 - HK... Read more

7 more replies
Answer Match 58.8%

Hi all,
Good old PCODEC got me. I found the advice on other pages and folloed that (Safe mode, run smitRem.exe, Ewido etc) But to no avail. That damn message still pops up.

Here is my latest logs:
Logfile of HijackThis v1.99.1
Scan saved at 22:18:21, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mic... Read more

A:Still Can't clear Critical System Error!

12 more replies
Answer Match 58.8%

Hey guys whats going on. Well I just had installed a new SSD Drive, and installled windows to it. Well for the past 3 days I had gotten 3 Critical shut down errors. And Also when I put the PC into sleep mode, it turns on for about 2-3 seconds then shuts off. And it will do that a few times during the night when I goto bed. All to be the same issue, and this happens when Im not in the room, or if the PC is in sleep mode.

Did some research using Google and found others had the same issue but could not determine the cause really.

Where should I start or what should I look at to replace? My PSU has never been replaced in about 5-6 years. All other parts are about a year old.
The error Im getting is: Event ID 41 Task category 63
- System

- Provider

[ Name] Microsoft-Windows-Kernel-Power
[ Guid] {331C3B3A-2005-44C2-AC5E-77220C37D6B4}

EventID 41

Version 2

Level 1

Task 63

Opcode 0

Keywords 0x8000000000000002

- TimeCreated

[ SystemTime] 2014-12-23T03:35:58.574803700Z

EventRecordID 6501

Correlation

- Execution

[ ProcessID] 4
[ ThreadID] 8

Channel System

Computer Flipid3-PC

- Security

[ UserID] S-1-5-18
- EventData

BugcheckCode 10
BugcheckParameter1 0x8
BugcheckParameter2 0x2
BugcheckParameter3 0x1
BugcheckParameter4 0xfffff80002c8c512
SleepInProgress true
PowerButtonTimestamp 0
__________________
My Setup
-Antec 1200 Case
- Intel Core I5 4670K
- Asrock Extreme 6 Mobo Z87
- G.SKILL Trident 4GB (2 x 2GB)
- G.SKILL Trident 2... Read more

A:critical system error, PC Shutting down....Need help

Also Im having issues with the PC coming out of sleep mode. When I hit the Keyboard or the Mouse, The PC wont come out of sleep. I have to hit the Power button. But when I hit the power button, sometimes the PC turns on then off then on then off then on then off, then on. Or sometimes just shuts down.

Have to reboot and all that.

9 more replies
Answer Match 58.8%

Hi!

I don't know what to do with these reports, actually I know nothing about computers but I try to do just something...

I did run Hijack this, SmitfraudFix (in safe mode and did registry cleaning), ewido, and Hijack this. Here are the reports:

Logfile of HijackThis v1.99.1
Scan saved at 13:06:05, on 7.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Media-Codec\isamonitor.exe
C:\Program Files\Media-Codec\pmsngr.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\FBM Software\ZeroSpyware 2004\NetGuard.exe
C:\Program Files\Media-Codec\pmmon.exe
C:\Program Files\Media-Codec\isamini.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\... Read more

A:trojan SPM/LX and critical system error

Welcome to TSG

Please navigate to Add/Remove Programs located in your Control Panel. Remove the following (if present):

Spywarefighter
Then, Delete the following Folder C:\Program Files\SPYWAREfighter

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only
Save it to your desktop

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

====================================================

Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spfprc.exe
O21 - SSODL: imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d} - C:\WINDOWS\system32\duxzj.dll

2. After checking these ite... Read more

3 more replies
Answer Match 58.8%

Please Help...I have an icon that showed up in my tool bar that keeps saying "Critical System Error". I am new to all this, so please have patience with me. I have run SmitFraudFix and this is what it says...I would appreciate the help.

SmitFraudFix v2.122

Scan done at 21:27:51.10, Wed 11/15/2006
Run from C:\Documents and Settings\Jason\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

???????????????????????? C:\
???????????????????????? C:\WINDOWS
???????????????????????? C:\WINDOWS\system
???????????????????????? C:\WINDOWS\Web
???????????????????????? C:\WINDOWS\system32

C:\WINDOWS\system32\jbtazy.dll FOUND !
C:\WINDOWS\system32\1024\ FOUND !

???????????????????????? C:\WINDOWS\system32\LogFiles
???????????????????????? C:\Documents and Settings\Jason
???????????????????????? C:\Documents and Settings\Jason\Application Data
???????????????????????? Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

???????????????????????? C:\DOCUME~1\JASON\FAVORI~1
???????????????????????? Desktop

C:\DOCUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUS... Read more

A:Please Help..critical System Error Icon

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. You are on the right track with Smitfraudfix, because it is definitely present. But we also need to see a hijackthis log in order to determine if there are other infections present also.Click here to download HJTsetup.exeSave HJTsetup.exe to your desktop.Doubleclick on the HJTsetup.exe icon on your desktop.By default it will install to C:\Program Files\Hijack This.Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.Put a check by Create a desktop icon then click Next again.Continue to follow the rest of the prompts from there.At the final dialogue box click Finish and it will launch Hijack This.Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

2 more replies
Answer Match 58.8%

Hi,

I having this problem with an icon in my bottom right task tray. Its an icon that flashes between a blue circle with a white question mark, and a red circle with a line through it. If I move my cursor over it I get the message "Critical System Error!" If I either right or left click on it I get directed to www.virusburst.com.

I dont know how to remove this. Please help!!!

Thanks
 

A:Solved: Critical System Error!

9 more replies
Answer Match 58.8%

Logfile of HijackThis v1.99.1
Scan saved at 3:19:45 PM, on 30/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
G:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\QuickTime\qttask.... Read more

A:Solved: Critical system error

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

3 more replies
Answer Match 58.8%

hallomine name is lizaura and I am 35 years hold. I live in Holland and I have 2 children. I have a 17 year old daughter and a 13 year old son.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:32:57 PM, on 12/17/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\SurfRight\Caretaker\Notifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Users\lizaura\Program Files\BitTorrent_DNA\dna.exeC:... Read more

A:Infected Critical System Error

Hello lizaura, I am SifuMike and I will be helping you. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ***************************** Reconfigure Windows Vista to show hidden files: To enable the viewing of Hidden files follow these steps: Close all programs so that you are at your desktop. Access Control Panel. Click Folder Options. After the new window appears select the View tab. Put a checkmark in the checkbox labeled Display the contents of system folders. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. Remove the checkmark from the checkbox labeled Hide protected operating system files. Press the Apply button and then the OK button and shutdown My Computer. Now your computer is configured to show all hidden files.... Read more

2 more replies
Answer Match 58.8%

hi ...
for me the malware,viruses etc is a dreadful thing....
i have this stupid critical system error problem which pops up in a blue baloon and an alternating prohibited sign.. also there is a yellow triangle with an exclammation mark.
I really have no clue how to go about fixing this... and in my home page there is some 403 forbidden error displayed.... can bleeping computer user /administraotrs help me with this... i would be grateful.

chitwan

A:Critical system error problem

Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

1 more replies
Answer Match 58.8%

This originally came from the misplacedhjt logs forum, sorry, I put it in the wrong forumOk, I give up, I tried all day thinking I could do this myself. I have the Critical system error - trojan.win32.startpage.fg problem. Everytime I use explorer or IE I get a popup with the above message. I have downloaded and scanned with all of the following;McAfeeLavasoft adawareSpybot Search and DestroyMcafee Stinger toolI uninstalled a bunch of crap, Java, Internet games, etc, cleaned out temp folders, removed all temporary internet files. Here is a copy of my HJT log;If anyone could help I would greatly appreciate it, Thank You!LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:48:04 PM, on 12/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA... Read more

A:Help Remove "critical System Error"

SOLVED!!!!!
Sorry, I couldn't resist working on it. I found another post here I think in the FAQ about IEDefender I followed those instructions and all seems to be well now.

Thanks Anyway

2 more replies