Tech Problem Aggregator

# Can't get rid of "Troj/FakeAle-FK" and "Warning! Spyware detected on your Computer!"

Q: Can't get rid of "Troj/FakeAle-FK" and "Warning! Spyware detected on your Computer!"

I have run webroot antivirus with antispyware, several times. Every time I do, it finds the same virus (sometimes others with similar names). This is from the latest scan:

Mal/EncPk-CZ
Troj/FakeAle-FK

and some cookies. However often I quarantine them, they reappear on the next scan and I also can't get the desktop to go back to its normal appearance, it's gone white with a big warning (as above) and refers to:

win32/privacyremover.M64

having been detected on my computer.

I have gone through the 5 steps.

This is the active scan log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-21 18:37:14
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Webroot AntiVirus with AntiSpyware 5.8.1.55 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
02677354 Exploit/LoadPdf HackTools No 0 Yes No personal folders\junk e-mail\credit report\debt.2007.10.29.1945027.pdf
02895136 Trj/Spammer.ADX Virus/Trojan No 1 Yes No archive folders\deleted items\you have card\ecard.zip[eCard.scr]
03490838 Trj/Sinowal.VRR Virus/Trojan No 0 Yes No personal folders\deleted items\tracking n 0670841689\fedx-retr871.zip[Fedx-retr871.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
No C:\i386\GTDownDE_87.ocx
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description `
;===================================================================================================================================================================================
;===================================================================================================================================================================================

And this is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:29, on 22/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS\system32\lphc5nvj0e5f9.exe
C:\Program Files\Webroot\Desktop Firewall\WDF.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Binatone Internet Phone\BinatoneInternetPhone.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\winzip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O3 - Toolbar: Skype Toolbar for Internet Explorer - {B13721C7-F507-4982-B2E5-502A71474FED} - C:\Program Files\Skype\toolbars\Skype for Internet Explorer\skype_toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Norton Ghost 9.0] "C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [DLBXCATS] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,[email protected]
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [lphc5nvj0e5f9] "C:\WINDOWS\system32\lphc5nvj0e5f9.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SMrhc1nvj0e5f9] "C:\Program Files\rhc1nvj0e5f9\rhc1nvj0e5f9.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Documents and Settings\AM\My Documents\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [BinatoneInternetPhone] "C:\Program Files\Binatone Internet Phone\BinatoneInternetPhone.exe"
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" /startup
O4 - HKCU\..\RunOnce: [Index Washer] "C:\Program Files\Webroot\Washer\WashIdx.exe" "AM"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Documents and Settings\AM\My Documents\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\winzip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\toolbars\SKYPEF~3\SKYPE_~1.DLL
O9 - Extra 'Tools' menuitem: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\toolbars\SKYPEF~3\SKYPE_~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O20 - AppInit_DLLs: c:\windows\system32\karina.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 13399 bytes

Can you help? What do I need to do? How do I stop it happening again?

Thanks and regards,
Henry

A: Can't get rid of "Troj/FakeAle-FK" and "Warning! Spyware detected on your Computer!"

Hi Henry

Disable SpySweeper's realtime protection. Open Spysweeper and click on Options
Choose Program Options and uncheck
startup
.
On the left click
shields
and then uncheck everything.
Uncheck
.
Uncheck
.
Exit the program.

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

19 more replies

Hi,

My laptop has been infected, as a result I am seeing a blue background with a rectangular box in the middle. The top half of this box is yellow and says "Warning! Spyware detected on your computer." The bottom half is blue and says "Install an antivirus or spyware remover to clean your computer."

I have run Norton , Grisoft and Spy-Bot, none of which has removed it.

This is the Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 3:00:07 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

A:[SOLVED] &quot;Warning! Spyware detected on your computer...&quot; message on desktop

Welcome to TSF.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/...ervicepack.cab
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll (file missing)

2. Double-click combofix.exe & follow the prompts.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

7 more replies

I downloaded a virus yesterday (8/10) trying to open a video of the opening ceremony of the Olympics (I do not remember the exact URL). The virus was disguised as a video codec for Windows Mediaplayer. After I downloaded the file, a blue screen with a warning in a yellow box replaced my desktop image. The warning says:

"Warning! Spyware detected on your computer. Install an antivirus or spyware remover to clean your computer."

I have tried to remove it with McAfee Antivirus and with a Virus Removal tool I got from my University, but neither of these was able to remove the program. Can you help me?

I attached the two log files below. If you need any additional information, please let me know.

Thanks!

****************Active Scan Log************************
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-11 16:20:06
PROTECTIONS: 1
MALWARE: 37
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated

A:Desktop Image Virus - "Warning! Spyware Detected On Your Computer"

Looking over your log, back ASAP.

13 more replies

Earlier this evening I randomly got 3 or 4 pop-up windows that were followed by a blue screen.
In a panic or something I pressed enter and the blue screen went away. Everything closed immediately by itself and then showed my desktop.
Ever since, my background is blue with a yellow box that reads
"Warning! Spyware detected on your computer!
Install an antivirus or spyware remover to clean your computer."

I haven't noticed any difference in how my computer is running, other than the fact that I have no desktop control.
When I right-click my desktop I can't change my wallpaper or any desktop settings.

I keep getting blue screens that go away after I press enter, although, my computer did shut off after I got one of the screens.

I've read posts relating to this but tried following the steps and things were too different.

Any help is appreciated. Thank you!

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:23 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ... Read more

Hello, and welcome.

Scans are best run in normal mode unless otherwise instructed.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

1 more replies

Hi!

Yesterday, I got a virus which changed the background of my Windows XP to a blue background with the message "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer."

Also, my screensaver has been changed to a fake BSOD and then the Windows startup screen which is highly irritating! On top of this, I am being bombarded with pop ups and redirections when using the internet.

Here is a copy of my HijackThis log:

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BLUETOOTH\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exe
C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
C:\Program Files\TalkTalk Online Security\backweb\81720\Program\fspex... Read more

A:Virus- Background changed to "Warning! Spyware detected on your computer!"

Anyone?

5 more replies

Need , help to fix, My CA spyware won't get rid of it,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:14 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Securit... Read more

More replies

Hi, my computer was infected yesterday after I downloaded what I thought was a software update . My computer desktop background was changed to a blue background displaying the message "Warning! Spyware detected on computer! Install an anti-virus or spy remover to clean you computer".

McAfee detected a trojan and deleted it immediately, I then physically disconnected from the internet straight away, looked at the task manager deleted the file B2E.exe that was running from the temp directory. The software tried to take me to a bogus website to download their software and this was blocked by firefox =).

I then ran spybot, followed by panda activescan and HijackThis, the logs are below, could any experts help me out here? I goggled and found websites that tells you how to remove this manually, but not sure if this would be applicable for every computer and the adware may have change since.

Panda activescan log

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-17 18:53:59
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Up... Read more

A:Help - "Warning! Spyware detected on computer!" on desktop background

Hi js200605

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

13 more replies

Every time I restart my computer the desktop is changed to a blue background with a yellow message reading "Warning! Spyware detected on your computer. Install Antivirus or Spyware Removal to clean your computer." My screen saver is changed to bugs. And it also changes the registry key "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies" so that there is no background or screen saver tab in the display options.

I have followed the instructions for this problem from other threads to no avail. I have rebooted in safe mood, ran smitRem, Hijack This!, Ad Aware, AVG, Kaspersky, Registry Mechanic, scan disk, and disk clean up.

All of this and still every time I reboot it comes back up. I will include my current Hijack This! file.

Logfile of HijackThis v1.99.1
Scan saved at 1:02:39 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

A:Desktop Hijacked "Warning! Spyware detected on your computer."

It sounds like you have been attacked with malware.

Don't Panic! The HJT Support Team are very proficient with these sorts of things.

With that said, we recommend that you read this article… "IMPORTANT - 5 Step Process: Read This Before Posting For Malware Removal Help"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

After your system has been verified as clean, if your are still experiencing those problems come back here and we will assist you further.

4 more replies

I have a similar problem to what I have read from other users in this forum, however my desktop has been turned into a white background and the popup has a red background header; below the red header in the popup, it claims, "Warning! Win32/Adware.Virtumonde Detected on your computer" and "Warning! Win32/PrivacyRemover.M64 Detected on your computer".

This began yesterday while I was working online.

I purchased a cd and installed Webroot Spysweeper, but it only found low risk cookies.

I tried an online trial version of XoftSpySE and it found two trojans (Downloader Agent BXW Trojan), but it won't clean them unless I purchase the full version. I would, but I'm afraid to disclose personal financial info online in order to purchase the full version.

I did the same thing for "Registry Fix" Version 7, but I can't remove the found problems without registering online - I don't want to do that either for fear my personal financial info will be exposed.

If I try to open any file folder on my desktop, I get a Windows popup that says Windows Explorer has encountered a problem and needs to close. I can open the two or three files on my desktop that are files - not folders - however, they are just doc files or similar.

If I try to access my Control Panel, nothing happens.

MOST IMPORTANT:

A:Popup "Warning! Spyware detected on your computer!" New version

I was given a bootable Kaspersky "rescue" cd today. I ran the disc and, after it did whatever it does, a black screen with a window opened. It was an operational window, so I chose "Scan drive c" and it returned with a message that my computer was at high risk. I clicked the "Fix-it Now", but it said the "databases were out of date" and should be updated. OK... however, there was no button or other mechanism to do this. I removed the cd and rebooted the computer. I am right where I was before.

I cannot go online to any anti-spy or anti-virus sites. It appears as though this virus recognizes those sites and prohibits me from going there. I typically get a messsage that reads, "Unable to connect." with a "Try again" button. I can't even go to this website!! I have to use my wife's computer to login here.

By the way, this is a problem on Firefox or IE. I can go to other sites, though. Yahoo, google, online stores, etc are accessible, but the desktop background is still hijacked and I have the same desktop warning window.

Remember... I can't remove it via any help from an online anti-spy or anti-virus site. If I try to access an anti-spy or antivirus site, I get the response as noted above. Unfortunately, this means I am not able to get past Step Two in your "5 steps before posting a log" thread. I did not find any rogue or suspect programs listed in step one.

It has been 24 hours wit... Read more

1 more replies

My father who is very new to internet surfing used my computer while I was away. When I came back there is this message shown as a desktop background "Warning! Spyware detected on your computer" and I could not make any change to the desktop background. I suspected it might be some kind of spyware, but I could be wrong since my computer always ran ZoneAlarm and AVG in the background.

I ran Panda ActiveScan and found that the computer is infected. The scan result is attached as a text file (activescan.txt). I then ran HiJackThis and below is the result. Please suggest what I should do next. Thanks in advance.

----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:21 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe

A:"Warning! Spyware detected on your computer" message on desktop

11 more replies

Hello, my name is Devon and im fairly new to computers, so I probably wont understand most "big computer words", if you know what I mean.

Warning! Spyware detected on your computer!
Install an antivirus or spyware remover to clean your computer.

That is my wallpaper and I can't change it. It's in a yellow box on a blue background, and in my Desktop Properties, theres no wallpaper tab, so I cannot change it.

Screenshot : http://i35.tinypic.com/2nveccg.jpg (Sorry if not allowed)
I'm sure you've seen it before

I have an emachines computer, service pack 2, Windows XP.

I have Avira AntiVir Personal free antivirus and I scanned the systems folder, found some viruses and deleted them, but still no luck.

ANY HELP IS VERY MUCH APPRECIATED!

Mod?s Message

Please note that this section of the forum is very busy, and re-familiarize yourself with the Bumping Rules found in Step 5 of our sticky topic Important - Please Read This Before Posting for Malware Removal Help, which you should have read before posting. We ask that no one bump a thread before 72 hrs have passed, and then, only once. Premature bump posts will be deleted.

Thanks for understanding.

A:blue "Warning! Spyware detected on your computer!" Wallpaper

wow no help?

3 more replies

I am running Windows XP Home Edition SP2 with McAfee.
This problem just occurred last night.
Cannot remove this new "picture" from my desktop background, as the Display Properties options have been limited to the tabs "theme", "appearance", and "settings". Also, McAfee wasn't in my taskbar as usual, is so I had to run it from Start. So far it has found nothing.

My new background image is like this:
In an orange box: "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer"
In a white box right below:
"Warning! Win32/PrivacyRemover.M64 Detected on your computer"
On the very bottom, the words in the image of a clickable button:

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:31 AM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

More replies

My buddy opened up an email and downloaded some sort of virus/malware/adware that I cannot get rid of. My background is blue, and there's a yellow box that reads "Warning! Spyware detected on your computer! Install an anti-virus or spyware remover to clean your computer." Malwarebyte's and AVG both didn't detect anything, and I'm out of options. If anyone could help it would be GREATLY appreciated.
Here is my HijackThis log...
Logfile of HijackThis v1.99.1
Scan saved at 11:05:50 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe

A:Blue background "Warning! Spyware detected on your computer"

Hi, Welcome to TSG!!
Run HJT again and put a check in the following:

O4 - HKLM\..\Run: [lphcrtwj0eva5] C:\WINDOWS\system32\lphcrtwj0eva5.exe

Close all applications and browser windows before you click "fix checked".

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
[b]C:\WINDOWS\system32\lphcrtwj0eva5.exe[/b]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it w... Read more

1 more replies

Hi,

This morning my laptop suddenly began displaying a "Warning! Spyware detected on your computer" desktop message. I tried running AVG, but it did not resolve the problem. The issue seems to be related to Agent.AADP and Generic_c.VCZ trojans.

I've followed all five steps of the tutorial. My HijackThis log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:05 PM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please perform the following:Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

14 more replies

Hello... and thanks in advance for helping!

I am the "Computer Support Technician" for my 75 year old very active business and close friend ( I am actually an EE) For his birthday 2 days ago, he received a "greeting card" and the trouble began...

First he has (had) NIS 2008 with Live Update on and MS Automatic updates turned on. He scans his computer once a week.

We now have a very active HD with the Red and White warning box with "Warning! Spyware detected on your computer!" with the Warning! Win32/Adware.Virtumonde Detected on your computer along with Win32/PrivacyRemover.M64 listed ALL in the wallpaper background... of course in which you can't access

In the Services tab of MSConfig their are two RPC services show... one stopped and one running... which I can't stop.

In the task manager processes I see a fairly busy svchost.exe taking up 3 percent of the time (just under the System Idle process)

NIS 2008 in safe mode found no virus. Thus I took over and use a version of AVAST that runs under BART PE (on a CD)... this found two trojans and a bad VBS file which it deleted.

So now the HD is very busy, and the computer slow. I can't kill the svchost.exe process... it wants then to shutdown after 60 seconds.

I do get blue screens of death... but they are fake as I can hit ESC and they go away.

I also can't install or uninstall anything... I get a The Windows Installer Service could not be accessed. I did find some comm... Read more

More replies

I recently downloaded something and opened a file named "run.exe" and then my computer kinda died, the backround changed to blue with a text in middle, and when I dont move anything it will come larvas from the sides and crawl all over the screen. Also, i get popups wanting me to buy stuff and internet explorer changed start site and leads me to wierd stuff. With my 2nd computer i looked this up in google but couldnt rly find any good solution, since I didnt find something exactly the same, but i tried some anti spyware/malware programs, deleted some stuff. But now im stuck, the things i delete keeps coming back. I have stopped getting popups but my screen is still blue (text is removed), and everything i try is "Disabled by Admin" which cant be true since im the only 1 on this computer. The start bar and icons are all gone and i cant right click anywhere either. Also where the clock should be it sais "VIRUS DETECTED!!"

I use XP and have Kaspersky 7.0.

Im gonna try to post a HJT file as soon as i get back to my PC.

Thx.

A:"Warning! Spyware Threat Detected On Your Computer!..."

Aight, I got the HJT

Logfile of HijackThis v1.99.1
Scan saved at 18:53: VIRUS ALERT!, on 2008-05-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Razer\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\NetLimiter 2 Pro\NLClient.exe
C:\Program\Razer\razertra.exe
C:\Program\Razer\razerofa.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\WinRAR\WinRAR.exe
C:\DOCUME~1\Micke\LOKALA~1\Temp\Rar$EX17.4359\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Star... Read more 1 more replies Answer Match 123.3% Hello, I recently was infected with some sort of virus/spyware that changed my desktop indefinitely. I am unable to change the desktop back, and I'm assuming that the virus may be causing other issues as well. I use the Norton Utilities software, and it recently cleaned up my registry. Right after cleaning the registry, this problem arose.. Below is the posted Hijack log.. Any help would be greatly appreciated! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:57 PM, on 6/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inf\rundll33.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\V... Read more A:"Warning! Spyware detected on your computer" Desktop Bug Hello and welcome to TSF. HijackThis is no longer the preferred initial analysis tool in this forum We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a Quote: Having problems with spyware and pop-ups? First Steps link at the top of each page. Please follow our pre-posting process outlined here: http://www.techsupportforum.com/f50/...lp-305963.html After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. 1 more replies Answer Match 123.3% I am running Windows XP with SP2 installed. Today, my desktop background suddenly changed to a bright blue with a dialog box stating "Windows Warning Message!" at the top and which had on a bright red field the words "Warning! Spyware Detected on your Computer!" At the bottom of the box it said "Please activate your antivirus software to Clean your computer" (sic) I've gone through the "5 steps before posting a log" on this forum and the only step I could not complete was #2, the Panda Activescan. About 15% of the way through the scan I crashed to a blue screen indicating a "software failure". The machine then automatically rebooted. I completed the remaining steps. My Hijack This log is as follows: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:27:44 PM, on 8/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\... Read more A:"Warning! Spyware Detected on your Computer!" on the desktop Bumped 8 more replies Answer Match 123.3% need help getting rid of it..... i have windows xp Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:08:38, on 8/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\TrayComm.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\AIM\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Win... Read more A:Need help removing "Warning spyware detected on your computer" Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately. You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Since it has been a few days since you first posted, please do this: --------------------------------------------------------------------------------------------- Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) 1 more replies Answer Match 123.3% I'm sure you have seen your fair share of these threads by now so I won't describe the problem unless you need me to. None of my anti-virus/spyware prevention has done anything. Here is my HJT log: Logfile of HijackThis v1.98.2 Scan saved at 21:02, on 6/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SysMetrix\SysMetrix.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Ad Muncher\AdMunch.exe C:\Progra... Read more More replies Answer Match 123.3% I'm a newbie, first time posting and I've been infected with a Virus. It masks itself with a Windows Security Alert (Windows Firewall has detected activity of harmful software, as the subheading) continual pop ups, less often now, don't know why, but perhaps it is more frequent when I'm surfing the internet. These pop-ups messages have included: Trojan-Spy.Win32.KeyLogger.aa Trojan-Spy.Win32.GreenScreen Trojan-Spy.HTML.BankFraud.dq Trojan-Clicke.Win32.Tiny.h Trojan-Downloads.Win32.Agentbq Oh, also if I do not push control, shift, escape to get into my Windows Task Manager to end the annoying pop-up process that not too long and I will get a "blue-screen of death" that pretty soon corrects to try and boot into windows, but then only shows the first inkling of the windows bar with nothing strobing by and then goes back into a blue screen of death again, and then it starts a continuous loop in that fashion. I have to restart my computer. Oh, also I did try another remedy from a thread somewhere, that from vague memory bits here, cleared my cookies etc and I think I even had to go boot in safe mode before I did 2 items, but I was supposed to have cleared my cookies then and instead had done it before not in that safe mode; maybe that is why that solution didn't work. I've gone through the 5 steps suggested on these log boards before to post my log below (see at the end of this message); also to include will be the log from Panda Acive scan below th... Read more A:"Warning! Spyware Detected on your computer!" pop ups problem. Hi Disable Spybot's TeaTimer Run Spybot-S&D in Advanced Mode If it is not already set to do this, go to the Mode menu select Advanced Mode On the left hand side, click on Tools Then click on the Resident icon in the list Uncheck Resident TeaTimer and OK any prompts. Restart your computer Please visit this webpage for download links, and instructions for running ComboFix tool: http://www.bleepingcomputer.com/comb...o-use-combofix Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link Remember to re-enable them afterwards. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use. 1 more replies Answer Match 123.3% Hi all, I recent got the "Warning" message on my desktop. I know nothing about computer...so could you guys help me? After reading a recent post, I did learn about downloading/scaning HijackThis. This is what I have so far. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:23:19 PM, on 7/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Fasoo DRM\fpm.exe C:\Program Files\Fasoo DRM\fph.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\lphcgbsj0e763.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA... Read more A:I recently got the "Warning! Spyware detected on your computer!" Hello and welcome to TSF Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt Click Upload. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. ======= Logs Required C:\Deckard\System Scanner\main.txt C:\Deckard\System Scanner\extra.txt<----Attached 1 more replies Answer Match 123.3% Yeah, somehow I got this spyware/malware and it's nasty! I can't get past the blue splash warning screen, and even in safe mode my system was crashing after a few minutes, requiring a reboot. Others seem to have this same problem, I see, and I did a Hijackthis scan, too - however, I didn't seem to find the same problem lines in my output that others had, so I didn't want to run a Combofix without finding something first. Perhaps someone can assist. FYI, I can only operate this computer in Safe Mode. Here is my Hijackthis output: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:19, on 2008-08-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CF8926.exe C:\ComboFix2\nircmd.com C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4... Read more More replies Answer Match 122.1% The blue and yellow sign that shows up on my desktop says "warning Spyware..." I couldn't remove it. I downloaded spybot search & destroy. I removed some programs that it found but after re-boot the sign reappeared. I followed the 5 steps before posting a log. Durring the steps The desktop was back to normal. No "warning sign". But I wan't to make sure this is taken care of. Here is what I have: Hijack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:43:57 PM, on 8/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\lotus\notes\ntmulti.exe c:\program files\lenovo\system update\suservice.exe c:\Program Files... Read more More replies Answer Match 122.1% I came back from work today and when i started my computer the back ground was changed to a blue screen with a yellow text box that said "warning spyware detected on your computer" followed by a blue box saying "install an antivirus or spyware remover to clean your computer" I have seen several of this same problem in the forums. I don't really know what may have caused this, and i'm not that great with computer but i will try my best. I have hijackthis and i ran it and here is the log. I hope someone can help =( i don't really know what else to do. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:14:57 PM, on 7/31/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.c... Read more A:"warning spyware detected on your computer..." Hi there solitary Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks. If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point. Please follow these directions in the order they are set out for you. We need to disable your TeaTimer as it may interfere with the fixes that we need to make. 1) Run Spybot-S&D 2) Go to the Mode menu, and make sure "Advanced Mode" is selected 3) On the left hand side, choose Tools -> Resident 4) Uncheck "Resident TeaTimer" and OK any prompts 5) Restart your computer. After all of the fixes are complete it is very important that you enable TeaTimer again, I will let you know when it is safe to do so. Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save ... Read more 1 more replies Answer Match 122.1% These words are embedded into my wallpaper along with a big blue screen behind them. My computer is running slow, and I have an unnamed button on the taskbar saying, "SYSTEM ALERT! System has dectected spyware..." and it links to this webpage: http://www.virprotect.com/?aff=1012. when I exit this webpage I get a Windows (apparently) message: "Are you sure you want to navigate away from this page? Your computer may still be infected with spyware." I have run norton to no avail, I have registered Spy Hunter, and removed many problems, but still have the problem with my wallpaper. I'm unsure of what else this thing might be doing to my computer. Any help would be appreciated. My hijack this log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:41:54 PM, on 1/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\Progra... Read more More replies Answer Match 122.1% Please Help. I have a popup that has appeared on my desktop that claims the following: "WARNING! Spyware detected on your computer. Install an antivirus or spyware remover to clean your computer." It also says, "Warning! win32/Adware.Virtumonde detected on your computer" "WArning! win 32/PrivacyRemover.M64 detected on your computer" This appeared on my desktop yesterday and it will not allow me to change the desktop picture. I also get a blue screen if the computer is left dormant for a while. I attempted the 5 Steps before posting and was only able to complete a few of them. Here is the Hijack This Log: Logfile of HijackThis v1.99.1 Scan saved at 10:28:36 AM, on 8/25/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\WI... Read more A:"Warning! Spyware detected on your computer" Hello and Welcome to TSF. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper. ------------------------------------------------------ Please download ComboFix and Save it to your Desktop. **Note: It is important that it is saved directly to your desktop** First, we need to install the Windows Recovery Console. The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if n... Read more 1 more replies Answer Match 121.5% HI, I am getting a "warning spyware detected on your computer install an spyware.." on my desktop wallpaper since past two days. I read about a similar problem on this forum. Thanks in advance for your help. I ran SUPER Anti spyware, then ran combofix and then HJT. I'll post the logs in that order. Right now the message has gone, but I guess its still not fixed. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/13/2008 at 03:22 PM Application Version : 4.15.1000 Core Rules Database Version : 3503 Trace Rules Database Version: 1494 Scan type : Complete Scan Total Scan Time : 01:31:36 Memory items scanned : 603 Memory threats detected : 2 Registry items scanned : 5735 Registry threats detected : 1 File items scanned : 105474 File threats detected : 242 Rogue.Dropper/Gen C:\WINDOWS\SYSTEM32\LPHC5Q4J0EV87.EXE C:\WINDOWS\SYSTEM32\LPHC5Q4J0EV87.EXE [lphc5q4j0ev87] C:\WINDOWS\SYSTEM32\LPHC5Q4J0EV87.EXE NotHarmful.Sysinternals Bluescreen Screen Saver C:\WINDOWS\SYSTEM32\BLPHC5Q4J0EV87.SCR C:\WINDOWS\SYSTEM32\BLPHC5Q4J0EV87.SCR C:\WINDOWS\Prefetch\BLPHC5Q4J0EV87.SCR-206729A6.pf Adware.Tracking Cookie C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt C:\Documents and Settings\Jazz\Cookies\[email protected][2].t... Read more A:Getting a "warning spyware detected on your computer install an spyware.." on desktop 6 more replies Answer Match 118.2% I am infected with this crap and have used the following tools to try to get rid of it: Windows Defender, Unible PowerSuite (SpeedUpMyPC, Registry Booster & Spyware Protector) and Norton's One Button Checkup and WinDoctor. Not sure if it's related, but my DISPLAY is locked at 640 X 480. Atempted the 5 Step Process before posting and Panda ActiveScan froze and crashed after scanning 59253 files, but not before identifying 28 spyware files. Here's my extra.txt log from Deckard's: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz Percentage of Memory in Use: 36% Physical Memory (total/avail): 1277.95 MiB / 810.39 MiB Pagefile Memory (total/avail): 1516.89 MiB / 1165.44 MiB Virtual Memory (total/avail): 2047.88 MiB / 1930.88 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 37.21 GiB total, 18.7 GiB free. D: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 1 partition \PARTITION0 - Unknown - 39.19 MiB \PARTITION1 (bootable) - Installable File System - 37.21 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled... Read more A:Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..." Bump. 14 more replies Answer Match 115.8% all of a sudden my screen went blue with a yellow box saying "warning spyware detected" it has apparently happened to lots of people but there is no quick fix. can someone please talk me thru how to fix this thanks in advance for any help josh A:Blue Screen with yellow box "Warning Spyware Detected" Please help Get yourself a spyware removal tool - I think they have a forum here for that. 3 more replies Answer Match 115.8% Was surfing around yesterday and noticed this new background was loaded with out my approval. Also, it will not let me access backgound / screen saver settings. Here is my HJT log, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:41:47 PM, on 6/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program File... Read more A:Same problem: Blue background "Warning! Spyware detected" I forgot to mention that I have Norton Internet Security 2008 and have run the virus scan 2 times. Each time it finds and deletes problems, but never fixes the problem. 1 more replies Answer Match 115.2% This message is on the center of my desktop whenever the computer's started and stays there. The top of the box is yellow and says in black text "Warning! Spyware detected on your computer." The bottom is blue with white text and says "Install an antivirus or spyware remover to clean your computer." I ran Spybot, it found nothing. I cannot run Ad-Watch, the program starts and then immediately closes as well so I assume that whatever's going on is attempting to block real "ad removal" programs. Plus now my computer is unstable, it's about as bad as a two legged table in an earthquake, I was getting blue screens while doing the online Panda Activescan, the errors were something like Panic something (Haha sorry I was trying to get some sleep while it was scanning and my half-awake self forgot to write down what was said). Anyhow here's the goods from the two logs. Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:54:36 AM, on 8/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C... Read more A:"Warning! Spyware detected" message on desktop 72 hour bump. 2 more replies Answer Match 115.2% Hi, I downloaded some kind of malware on 7/22 and found this site through Google. I saw that you were able to help some others with this same problem. My desktop was hijacked, and now only shows a blue screen with a yellow box in the middle that says "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your system." I also do not have a screensaver anymore. Instead when my computer would normally go into a screensaver, it shows a blue screen instead. The first couple of times, I thought it really was a blue screen of death, but learned that if I hit enter, the blue screen will disappear. I've done the 5 steps already and even though several trojans have been identified, this particular problem has not been resolved. I would sincerely appreciate your help. I have the log from the panda scan, and from an Ad Aware scan I did before the Panda scan, both of which, I can post if either can be of use. I am attaching the extra.txt file from DSS. I forget which scan program identified this, but one program highlighted c:\windows\system32\phcedtj0ejbe.bmp as a suspicious file that it was unable to delete. Maybe that's a starting point?? Again, I thank you for any assistance you can give. This is the main.txt from DSS: Deckard's System Scanner v20071014.68 Run by Owner on 2008-07-27 20:57:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Re... Read more A:"Warning! Spyware detected..." hijacked desktop Hello and welcome. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. For Windows XP Service Pack 3, you may use the Recovery Console package for Windows XP Professional Service Pack 2. http://www.microsoft.com/downloads/d...displaylang=en As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return. Once the Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. If you have any questions along the way, STOP and ask them before proceeding. 13 more replies Answer Match 115.2% i need help! whenever i open ie a page that says "warning! spyware detected" appears which directs me to something like an "internet-options" website. there is also this annoying popup about "american green card". i already used spybot and adaware. here is my hijackthis log.thank you very much! Logfile of HijackThis v1.98.2 Scan saved at 9:39:38 PM, on 12/16/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\RunDll32.exe C:\WINDOWS\System32\khooker.exe C:\WINDOWS\System32\carpserv.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\NetPumper\NetPumperIEProxy.exe C:\WINDOWS\yvdhmlvh.exe C:\WINDOWS\system32\ntnut.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\Sy... Read more More replies Answer Match 115.2% i need help! whenever i open ie a page that says "warning! spyware detected" appears which directs me to something like an "internet-options" website. there is also this annoying popup about "american green card". i already used spybot and adaware. here is my hijackthis log.thank you very much! Logfile of HijackThis v1.98.2 Scan saved at 9:39:38 PM, on 12/16/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\RunDll32.exe C:\WINDOWS\System32\khooker.exe C:\WINDOWS\System32\carpserv.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\NetPumper\NetPumperIEProxy.exe C:\WINDOWS\yvdhmlvh.exe C:\WINDOWS\system32\ntnut.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\Sy... Read more More replies Answer Match 114% In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too. But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds". Any thoughts as to how to change this? A:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes" 16 more replies Answer Match 113.4% Ok, so im new here so hey everybody.. to the point: my laptop is "stuttering"/lagging/skipping. whatever you wanna call it its doing it. my video/music/and cursor skip every second for a splt second it starts on start-up and dont stop til i turn my laptop off. it happens in a pattern its not random, ive done checked my drivers, spyware, and m RAM is good.. so can someone please help me? ***could it be because my battery wont hold a charger? so it has to be hooked up to the charger at ALL times or it dies Example: is the charger not got the "juice" to run the laptop by itself so it studders/skips..*** i dont know if this has anything to do with my problem but i ran "event viewer" and found this : The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook PLEASE HELP OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz, x86 Family 6 Model 14 Stepping 8 Processor Count: 2 RAM: 502 Mb Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb Hard Drives: C: Total - 39723 MB, Free - 23484 MB; D: Total - 12684 MB, Free - 3633 MB; Motherboard: Dell Inc., 0FF049, , .HWPLLB1.CN1296167S5169. Antivirus: McAfee VirusScan, Updated: Yes, On-Demand Scanner: Disable A:Solved: Whole computer "studders"/"skips"/"lags" .. have event viewer report (PLEASE 6 more replies Answer Match 113.4% I double-click and get "search" instead of "open"--only when I click a disk, like Hard Drive C: or Floppy A: or CD F: and so on. It didn't used to do this, so I must've inadvertently changed some setting somewhere, but darned if I can find it now. Any ideas? A:Solved: On the "my computer" list, I double-click on disks and get "search" instead of "open" 12 more replies Answer Match 112.8% I am running Windows XP SP3, fully updated, on an Acer lap top PC. I have several folders full of .mp3's and want to see the bit rate and duration. To do this I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too. The two new columns appear, but the format of the "Duration" column appears to be "hours:minutes", so I see "00:04" or "00:03" for most .mp3's, when what I want to see is 'hours:minutes:seconds", e.g. "00:03:45". This also happens for video files (.avi files), e.g. all my episodes of "Heroes" (sad, I know) have a duration of "00:42" instead of "00:42:xx". Here are two pictures showing the problem with the .mp3's. The first is of Explorer showing the Duration as "Hours:Minutes": The second picture is of the properties window of the first .mp3 in the list above: I copied some .mp3 files to another (old) PC on my home network, and it displayed the duration field correctly: Also, the properties window correctly shows the duration also: I'm not the only person to have this problem. I received a private message from a member of another forum where I posted about this problem several weeks ago. That person also has the same problem with the duration field. The tech guys on that forum were unable to find the source... Read more A:Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes" * bump * Tricky, this one! 8 more replies Answer Match 112.2% Ok, so im new here so hey everybody.. to the point: my laptop is "stuttering"/lagging/skipping. whatever you wanna call it its doing it. my video/music/and cursor skip every second for a splt second it starts on start-up and dont stop til i turn my laptop off. it happens in a pattern its not random, ive done checked my drivers, spyware, and m RAM is good.. so can someone please help me? ***could it be because my battery wont hold a charger? so it has to be hooked up to the charger at ALL times or it dies Example: is the charger not got the "juice" to run the laptop by itself so it studders/skips..*** i dont know if this has anything to do with my problem but i ran "event viewer" and found this : The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook PLEASE HELP A:Whole computer "studders"/"skips"/"lags" .. have event viewer report (PLEASE HELP) **(DONT KNOW IF THIS WILL HELP..)*** Tech Support Guy System Info Utility version 1.0.0.1 OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz, x86 Family 6 Model 14 Stepping 8 Processor Count: 2 RAM: 502 Mb Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb Hard Drives: C: Total - 39723 MB, Free - 23484 MB; D: Total - 12684 MB, Free - 3633 MB; 2 more replies Answer Match 109.8% hello, This site helped me cure my Laptop in the past and now I am in the process of aiding a friend whose IE is being hijacked to a suspected Anti-malware site for a product known as "Ultimate Cleaner 2007". He also keeps getting repetative pop-ups for an alleged virus known as "Worm.Win32.NetSky" which redirects you again to an unknown site. here is his HJT log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 8:27:09 PM, on 11/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\WINDOWS\system32\wuauclt.exe C:\Docume... Read more A:HJT log for "Ultimate Cleaner 2007" browser hijacking and "Worm.Win32.NetSky" warning Welcome to TSG Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm 3 more replies Answer Match 108.9% I'm trying to fix my brother's computer after he opened a trojan attached to an email. The email was the one saying your credit card had been charged for airline tickets. The computer is a Dell Dimension 3100 running Windows XP SP2. The first problem is that after normal login there is a blue screen with a yellow window in the window with the message "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer." There are no icons visible. The only action I can perform is CTL-ALT-DEL to bring up the Windows Task Manager. I told my brother to start in Safe Mode from which he scanned the computer using AVG Free Edition which was installed before the infection. This did not fix the problem. Starting Safe Mode I now get a black screen with Safe Mode in the corners and the operating system name at top. The blue login screen then comes up with Administrator and my brothers account. I click on Administrator and I get the same black screen as before with Safe Mode in the corners and the writing at top. My brothers account does the same. There are no icons or Start button visible. Again, the only program I can bring up is the Windows Task Manager. Using that, I managed to install and run SmitfraudFix which was given as a solution to "Spyware detected" screen. After rebooting this did not fix the problem. I also installed SpyHunter 3.5.11 which found Zlob.Trojan, Rogue.AntivirusXP 2008 plus some other ... Read more A:Safe Mode "Black Screen" and "Spyware detected" screen Anyone want to answer this? 1 more replies Answer Match 108% Ok, so basically, whenever I turn the computer on, 3 error messages appear: - A virtual driver failed to inicialize DLL. Chose close to end the program. H:/Windows/system32/code/pRee.exe - A virtual driver failed to inicialize DLL. Chose close to end the program. H:/Windows/system32/code/pRee1.exe - Error loading H:/Archiv~/GBPLUG~/gbiehcef.dll. Couldn't find specific module. (sorry if some terms are incorrect, my computer is in Spanish, to I tried to translate as best as possible) Please help me solve this terrible problem, it is really getting me on my nerves! (oh, and if this helps, I've recently donwloaded this so called "Limewire acceleration", and whenever I ran the setup, it didn't work. I don't really remember the name of the website I downloaded it from, sorry...) A:Can't Open "My Documents", "Trash" or other files in "My Computer"!? Hi and Welcome to the forum I am almost certain that you have malware problems. Most like caused by you doing file sharing/ P2P - Limewire. Suggest that you go here and follow the directions: http://www.techsupportforum.com/secu...oval-help.html Please be advised that the malware people are very busy and it could take a couple days to assist you. BG 1 more replies Answer Match 108% I thought I was computer savvy until this problem came up. When I double click my computer, recycle bin, control panel, etc, the hourglass comes up for a few seconds, goes off, and nothing else. No error messages or anything, just nothing. I have viewed a few of the threads covering this and a common link was the hijack this result. I have posted that here, and really hope that someone can help me with this. I have run SpyBotSD and adaware, I have run mutiple virus scans, I did an SFC, and the final thing was to repair windows using the original disk, none of which has help. I am running Window XP w/SP2. Any other suggestions would be certainly appreciated. Hope to here from someone soon. MTCS, out. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TDSTEL~1\ENTERN~1\app\pppoeservice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusCl... Read more A:I cannot open "my computer" "control panel" "recycle bin", etc... You may want to reinstall the operating system. Backupthe files that are importantto you before you reinstall. The "New" installation will overwrite the current one If you do not format your hard drive before the reinstall the installation should not harm your files (That's why I suggest backingup your files) and will speed up the installation process. 1 more replies Answer Match 107.7% I've run SuperAntiSpyware, Ad-Aware, SpyBot and Norton which removed some trojan files and registry items but I'm still getting pop-ups ("Security System Warning" and "System Integrity Scan Wizard"). Below is my HiJackThis log. Thanks in advance! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:00:21 PM, on 4/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\cryptainersrv.exe

A:"Sys Integrity Scan Wizard" & "Security System Warning" Pop-ups

Hi Welcome to TSG!!

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

1 more replies

My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar was represented with a big custom icon to save eye strain. I had them installed in opposite vertical margins, and they were set on auto-hide to keep them out of the way when not being used. Just move your mouse pointer to the left or right margin, and BAM! Sorry for the cliche, but I really got used to the convenience of what I had set up, and I just don't think I can be as efficient without anything comparable.

Now there appears to be nothing comparable in the Windows 7 GUI, and it's making me sick with rage! I see only the option to put a "toolbar" on an existing "taskbar", and no option to create any additional taskbars! This cramps up your one-and-only taskbar, plus the tiny toolbar access buttons require way too much precision for anything that's supposed to be quick. When you've figured out how to bring up that ridiculous button, the list that it yields is small enough to cause painful eyestrain - nothing efficient, much less cool about this at all! I have seen customization options in other OS GUIs that may have resolved some of these issues, but I see none such in W7.

I have tried every google search string that I can think of, and found... Read more

Several possibilities here: Second taskbar in windows7? [Solved] - Windows 7 - Windows 7

1 more replies

Hi,

When our website users click on an html attachment embedded on a web-page in IE9, the download manager will not display the "Open" option. It will only display "Save" and "Cancel" which our users don't like, having to save the
html document in a folder to open it. Whereas, when downloading attachments like pdf, word etc. all three options are displayed.

Is there any setting to tweak , which will display all the 3 options for HTML attachments as well?

Hi,
So I suggest you test to reset all zones to a lower level temporarily and then please attempt to download this html attachment again.

However, since you can normally download the other documents, I suspect there is some restriction in the website which you are trying to view. I recommend you to contact the administrator of that website if possible.
Thanks!

We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

6 more replies

I saw a few other posts for this problem and tried to cut and paste your solution but it did not work. Maybe there are minor differences I don't see... I am an amateur and need help. (please)

I thought I was downloading an update to Adobe Media Player and this started to happen.... my wallpaper is gone and replaced by a blue screen with a message telling me I have Spyware and it tries to send me to a site to buy software. McAfee did not get rid of it. I also tried Super Antispyware with no help.

Here is my Hijack This scan

Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:19 PM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

A:Blue screen with "Spyware detected on your computer" message

I tried to follow some of your advice to other members and got rid of the lphcvkwj0eccr.exe

This seemed to work and I can control my wallpaper again. But here is another Hijackthis file... Did I miss anything? Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:24 AM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe

1 more replies

Ok, I know this has been on here before but i seriously need help with it.

Im getting the "Your computer is infected! Windows has detected spyware infection." message from a white 'X' in a red circle in my tray and it says click on it to get protection, its obviously the virus / malware itself that is causing this message but I cant get rid of it.

Previous forums said it was Spyaxe, but I tried the uninstallers from spyaxe to get rid of it but that didnt work. I also tried Smitrem and have run Adaware SE (which seems to feeze when it gets to the system32/dllcache part of the scan????????) and it wont cure it.

I think some rogue programs such as ann.exe and winstall.exe have come from this malware (if this helps!!?) but I have tried everything to get rid of it and it just wont go!

Oh I also had a prob getting to safe mode, when i select it from start up (i.e. after pessing F8) a blace screen with a list of dll files comes up and then it freezes and wont boot up. I have to turn off power and restart to normal mode to get rid of it!!! dont know if this is anything to do with it??

ANY help at all will be so gratefully received.

Cheers guys.

A:"Your computer is infected! Windows has detected spyware infection."

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into a new thread in the Security and the Web forum, only after doing the above.

9 more replies

This spyware has taken over the whole computer, I cannot access the desktop at all and not in safe mode either.

Blue backround with a red and white box with big words.

I repeat I have no way of getting to the desktop, I need either a flash drive with a bootable os, or a way to clean the virus in cmd or something of that nature.

I need help.

More replies

Hi, recently my computer has been acting rather slow and the desktop changed to a blue background with a warning displaying: Spyware detected on your computer install an antivirus or spyware remover. I have run adaware and deleted what I think was the problem, the desktop remains the same however.

Logfile of HijackThis v1.99.1
Scan saved at 12:18:25 AM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1141071513\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

A:Desktop displays "spyware detected on your computer"

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

http://www.trendsecure.com/portal/en...HJTInstall.exe

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

========================

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

6 more replies

After letting a friend surf the net on my computer, I came back to a desktop that is blue and reads:

Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer.

I am unable to place a new image as my desktop (nor can I get into the 'canned' Windows options by right-clicking on the desktop and going to Properties). Also, my Task Manager access is being blocked.

After doing some digging online, I realized this was actually a problem in and of itself.

I've run CCleaner, SpyHunter, and a few other programs, but nothing seems to take care of it. I then stumbled on your site. Per your suggestions, I've done the following:

1. I've left one anti-virus software (AVG) running and removed anything from the Control Panel that matched your list (only found Viewpoint Media Player).

2. I tried to perform an online scan with Panda ActiveScan, but their website was having issues after the registration step. I skipped that step and went to the next one.

4. I updated my OS. I was already at SP2, so I stayed there. There were no critical updates, so I didn't go any further with anything on this step.

5. I downloaded Hijack This and ran a scan. Here are the results of the scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:16 AM, on 2008.08.12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.1667... Read more

A:Blue "Spyware detected on your computer!" desktop

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

------------------------------------------------------------------------------------------

Please also go to Start > Run and copy/paste the following, then press Enter:

A text file should open. Please post the contents of that file in you... Read more

15 more replies

I've been having some problems with my computer and I've always somehow managed to work my way around the issues spyware/malware etc. have created but lately it's been getting out of hand.. Some time ago I got a virus or something that made the entire tab under "Processes" dissapear. So I could not see process-names in the task-manager. I have re-installed XP but this problem persists. I have been using a different application to monitor and handle processes.

The problem now is the constant pop-ups generated from this fake anti-virus program calling itself "Anti Virus Pro 2007" or something.. It pops up with fake commercials, and even attach itself into other explorer-windows while I view other pages.

As popups and messageboxes keep popping up, I close them, but after a while windows will open a messagebox telling me "Buffer overrun detected in e:\Windows\system32\explorer.exe" (or \\windows\explorer.exe I don't remember really but you get the idea) and explorer.exe will be terminated, sometimes taking some internet explorer windows along with it, other times explorer.exe just starts up again and all my windows remain.

I used to have Norton but was forced to remove it as it was sucking up all my CPU. It rendered my computer useless, as I mainly use it for gaming.

I've also experienced having the connection between me and my modem broken while beeing on the internet, and I don't know if my computer actually is offline or if -I'm- just... Read more

A:Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or something++

Hello and welcome to TSF

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Expected logs:

Combofix.txt
HijackThis log

19 more replies

ok!!!!!!!!!! what is it and how do i fix it,,,, eyes crossed knees woobly help?????????????????????

A:[Solved] mplay32.exe,1"/play/close"%L"." and sndrec32.exe"%L"."

9 more replies

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "about:blank" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe

More replies

I am using Windows XP Home SP2 and IE 6.0 .

When I do a Spyware Audit using Earthlink's Spyware Audit Program, it shows two spyware present, identified as: (1) "a7c44 Research in Progress" (2) "SearchSquire" . They only show up when using the "Earthlink Spyware Audit". I have scanned using the following most updated Spyware Scans on their most extensive in-depth levels of Scan: Earthlink, Ad-aware 6.0, Spybot S&D (1.3), TDS-3, Adware Away, Panda and neither of the two spyware have shown in their results. Microsoft level 2 technicians have not been able to rid these two spyware and says that the spywares are false positives.

Accordingly, the following is a list of my HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 11:54 AM, on 10/18/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe

A:Help in deleting 2 spyware: (1) "a7c44 Research in Progress" (2) "SearchSquire"

http://www.doxdesk.com/parasite/SearchSquire.html

Run HJT again and put a check in the following:

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O16 - DPF: Win32 Classes -

Close all applications and browser windows before you click "fix checked".

3 more replies

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "blank: about" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe

More replies

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "about:blank" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe

More replies

Made a HUGE mistake, messed with the settings under "My Computer" > "Manage" > "Services> and also the "Local Users". Now having trouble, can not see my "Start and Task Bar", the "windows"+ ''e" is no longer working.

How can I restore the Services & the Local Users account without having to reinstall my whole computer? I am afraid I will loose lots of files... I do not remember what exactly I changed, but some of the "Services" I changed to "disable" now when I try to open properties and change them back, I am unable. The right click to get to properties is not working.

A:How to restore the defaults for "services" under "My Computer" > "Manage>

I am not sure about the "quick" way of restoring, but what you can do is go back to services, "RIGHT-CLICK" the white area select "HELP" then the third option is "Default settings for services"

you can see what the default was and manually restore it. I have tried to copy and paste it below

==========================================================

Service Startup Type Log On As Additional information
Application Layer Gateway Manual Local Service
Application Management Manual Local System
ClipBook Manual Local System
COM+ Event System Manual Local System
COM+ System Application Manual Local System
Computer Browser Automatic Local System
Cryptographic Services Automatic Local System
DHCP Client Automatic Local System
Distributed Link Tracking Client Automatic Local System
Error Reporting Automatic Local System
Event Log Automatic Local System
Help and Support Automatic Local System
IMAPI CD-Burning COM Manual Local System
Internet Connection Sharing Manual Local System
IPSec Services Automatic Local System
Logical Disk Manager Automatic Local System
Logical Disk Manager Administrative Service Manual Local System
MS Software Shadow Copy Provider Manual Local System
Net Logon Automatic Local System
NetMeeting Remote Desktop Sharing Manual Local System
Network Connections Manual Local System

3 more replies

Hi everyone!

Yesterday my HP laptop (Windows 7) started getting BSOD with various types of errors (mostly "STOP: 0x00000F4", "STOP: 0x0000007A", "c00021a" and one "missing %hs, c0000135"). Most of the time it restarts without any issues and works fine right after the BSOD and then an hour or two later I get a BSOD again.

I have tried restoring to Last Known Good Configuration, startup repair, hard disk check, virus scans and I also uninstalled any recently added programs I could think of and cleared up more than 50% of my hard disk space. None of these seem to have helped and I still get BSOD regularly.

I have attached the folder from the SF Diagnostic Tool and would appreciate any advice!
Thank you!

A:BSOD every few hours: mostly "STOP: 0x00000F4", "c00021a" & "c0000135"

Welcome to the forum.

MSINFO32:
Please go to Start and type in "msinfo32.exe" (without the quotes) and press Enter
Save the report as an .nfo file, then zip up the .nfo file and upload/attach the .zip file with your next post.
Also, save a copy as a .txt file and include it also (it's much more difficult to read, but we have greater success in getting the info from it).
------------------------
Test your Hard Drive(s) by running: Hard Drive Diagnostic Procedure
------------------------
Test and Diagnose RAM Issues with Memtest86+: RAM - Test with Memtest86+

Tip
Pay close attention to Part 3 of the tutorial "If you have errors"
Test the RAM with Memtest86+ for at least 7-10 passes. It may take up to 22 passes to find problems. Make sure to run it once after the system has been on for a few hours and is warm, and then also run it again when the system has been off for a few hours and is cold.

------------------------
Monitor hardware temperature with system monitoring software like Speccy or HWMonitor. Upload a screen shot of the Summary tab as well:Piriform - Speccy
CPUID - HWMonitor

Code:
*******************************************************************************
* *

5 more replies

I am using Windows 7 on my laptop and I have question about when to use "Home", "Work" and "Public" profile.

If I am logging in without setting password, and I am logging in network with "Public" profile, then will any other user, who can see my computer, be able to enter my computer and check the contents on my computer ?

I am connecting to a network and there are 6 other users connected to this network. In the set network location window, if I select the netwoek as "Home", does it mean that other 6 users will not be able to see my computer on network and if I use "Public", then all other six users will be able to see my computer on network ?

Thanks

More replies

Hi all,

So I'm kind of stuck.. I currently have the problem where I am in an endless cycle of "loading files" -> "Windows Boot Manager" (see: How To Boot Into Safe Mode On Windows 8 (The Easy Way)).
I have tried to load all of the options -- and none successfully load.
I also end up at a OneKey Recovery as well.. unfortunately, the laptop does not have initial backup or user backup images.
I have a Windows 8 CD for repairing purposes.. however, I cannot load the BIOS/UEFI to change the boot order to load the optical drives first. I have also tried to remove the CMOS battery to fix it.. did not work. .
Also - Windows Boot Manager:
Windows Setup [EMS Enabled] -- does not load properly (leads to OneKey Recovery) Safe Mode (does not load properly) Safe Mode with Networking (does not load properly) Safe Mode with Command Prompt (doesn't load - tries to boot and load all files onto partition that is too small.. can't change partition?)
Enable Boot Logging Enable Low-Resolution Video Debugging MOde Disable automatic restart on system failure Disable Driver Signature Enforcement Display Early Launch Anti-Malware Driver
Start Windows Normally
Any ideas would be greatly appreciated! Thanks!

More replies

Hello guys, the last week I've been strugling with these nasty BSODs. At first I thought it was my HDDs as ntoskrn.exe somewhat hinted towards that from googling it. My HDDs have been causing a lot of trouble earlier as well due to their somewhat long years of service. However, I've recently reformated my computer and installed W7 on a brand new Corsair Force GT 120GB SSD hoping the BSODs would go away, they didn't.

I googled BSOD and I stumbled upon this forum and I thought I'd give it a try. I'm somewhat desperate, as I need my computer working for both work, school and amusement.

I've been trying to run Memtest in order to test my memory but without any results. I'm also currently running on only on 4GB chip instead of two, to see if the problem still exists. Also, without any results.

This is the second time I'm writing this thread btw, I was just about to post it and my PC crashed.

Here is my two logs + dxdiag (last crash didn't generate a log oddly enough).

Here is additional hardware/gear that I use:

Razer Naga
Logitech G19
Logitech C920 (Webcam)
Corsair 750W PSU

My temperatures are also good. Both CPU and MB idles at around ~25. GPU's all good too. I'm also using a Corsair 650D chassi with dustfilters at both air-income so dust is minimal. On top off this, I use airpressure to clean away dust somewhat regularly and I also did exactly this 2 days ago when I reinstalled the pc.

Are you over-clocking? Is the bios set to its defaults? Is the SSD set on a SATA 3 port in AHCI mode?

5 more replies

Ok so I'm using a custom visual style made by another user however I don't really like the buttons used that I mentioned above. The creator states it is acceptable to change the theme to however you like as long as you don't redistribute it anywhere.

Ok so I opened up the .msstyles file (using Restorator) located in the theme folder of this VS. I went into the images directory and located what seems to be the images used for the buttons. Intuitively, it seems like it would make sense to replace those images with different ones (perhaps from another visual style) and it should change them. However, would this actually work? Could the theme get messed up in some other way (like proportions or something if the new button images are smaller)? I don't know of any other way to change them that would be easy.

But I did run into another problem. For some visual styles I can't even locate those buttons in the images directory. Where else would they be?

A:Changing the "minimize" "maximize" and "close" buttons of a theme

Use Windows Style Builder to do that...

9 more replies

Example sentence: vrytim I prss ths kys, nothing happns. Now I'm writing with my on-sreen keyboard. I'm clueless when it comes to computer stuff. How do I fix this? Is this a software problem, or a hardware problem?Help is much appreciated!

A:Kyboard deos not respond to the keys: "e", "d", "c" and "3"

My keyboard hath the thame problem with the thupid eth key. The blathted thing ith driving me nutth.

All theriousneth...er...seriousness aside, usually, that is a hardware problem. Can you find or borrow another keyboard and see if it will work correctly on your machine?

6 more replies

We are running EMET 5.5 on Windows 10 Enterprise LTSB 64-bit. Whenever we open IE or open a new tab in IE, we see the warning referenced in the title and the event listed below is logged. We have applied a slew of recommended security settings from the DISA
STIGs. I see several people complain about this, but they have worked around the issue by either adding a site to trusted sites or disabling ASR completely. Unfortunately, when I try to disable ASR, I still get the warning and I am assuming that is because
of the policy settings we have enforced. Either way, disabling a security feature is never the right answer, so I'd really like to figure out what is causing this. The default homepage is set to about:blank. Even if we change the homepage to something in Trusted
Sites, the warning still appears. Like previously mentioned, it also appears when opening a new tab, which isn't opening any page, so it seems the settings for ASR for iexplore.exe are not behaving correctly. Can anyone offer any guidance? Thanks!

Log Name:      Application

Source:        EMET

Date:          5/19/2016 4:40:43 PM

Event ID:      1

Level:         Warning

Keywords:      Classic

User:          N/A

More replies

I have searched to see if this was asked before without any success. Maybe someone has run into this problem before.
When I open "my computer" or "control panel" after I close it...it automatically goes into Internet Explorer as a blank page. Most of the time, when I close the IE blank page...it stops responding and I have the control-alt-delete to "end the program"
Thanks in advance for any help.

A:closing "my computer" or "Control Panel" open internet explorer window

Possibly malware - anything openning ie on its own raises an alarm in my books. Post a HJT log to the malware removal section of the forum and let the experts take a look at it

3 more replies

The hard drive is a Western Digital 320 GB that I've had plugged into this computer before (and worked). Then i got a virus and had to do a recovery of windows.

Ever since then I can't get windows to recognize/show it in my computer. I just "disabled" and "enabled" it in device manager to no effect. I have a C, D, and E drive which are: two partitions on the hard drive, and then the CD drive (respectively).

So i'm stuck, not sure where to proceed since it's obviously not the hard drive itself, I use it on my xbox all the time. What next?

A:External Hard Drive doesn't show up in "my computer" but does in "device manager"

Does it show in Disk Management ? ?
Right clik My Computer...select Manage...then Disk Management.
Find the drive...right clik it and select Properties.

15 more replies

Hi

Is it possible to start the app without "Security Worning" window ("Cancel. Open, More Info" buttons)? If yes, how you can make changes then?

Is it possible to start the app without "Microsoft Access" window on the background?

Thanks,
Barbos

A:Solved: Access 2003 - To start the app w/o "Security Warning" and "Microsoft Access"

6 more replies

Problem:

Everything was running fine until yesterday, when my PC crashed with the BSOD giving me the "IRQL not less or equal" error. I ignored it and carried on- which resulted in the computer crashing with "Memory management" blues whenever I started something that was not the browser (It later started crashing on browser start too).

I first thought it was the temperature - Memtest95 and GPUtemp said otherwise.

So I started testing the RAM (taking one DIMM out) with Memtest86- It passed 4 cycles, so I shut the PC down and put the other DIMM in.

When I turned the PC on again, there was no signal sent to my screen, and none to my keyboard (and the HDD light on the front of the case did not start blinking like usual). The fans were running, so I figured something might be wrong with the DIMMs I put in. I removed the graphics card and plugged the screen into the motherboard.

Now the screen gets a signal, background lighting starts up, and then it shuts down to hibernation again. This repeats itself until the machine is shut down manually.

I got no idea what to do.

System specs: http://pastebin.com/DQwejZLx
I can not post the Minidump folder, since the PC can't start and I did not back it up. Sorry.

More replies

Does anybody know how I can change these icons?

I changed the default icon for the network one in HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} but it didn't change.
Appreciate any help,

B

A:Changing "Computer" and "Network" icons in explorer navigation pane

Hello, and welcome to Seven Forums.

If you like, you could use the method in the tutorial below to change the icon of "Computer" and "Network" to what you like, and have it applied everywhere in Windows.

Desktop Icons - Change or Restore Default Icon

3 more replies

Hewlett-Packard
HP Pavilion dv7 Notebook PC
Intel(R) Core(TM) i7 CPU
RAM: 6 GB
64-bit Operating System

It started while i was browsing anime viewing websites on Firefox.(Both of which I've used for years.) Also note AVG's Resident Shield was online, and i don't remember going anywhere strange or downloading strange files. I had scanned used malwarebytes anti-malware the day before and found nothing.
Randomly, I received a blue screen stating something like "Client side encryption is not supported by the remote server even though it claims to"

After restarting, my computer failed to start normally.(I think it failed to load the operating system?) It went to some kind of auto repairing thing to fix itself in order to startup properly. But it failed.

Safe mode = same as above

Last Known Good Configuration = same as above

Bootlogging? Debugging? Description was it would mention at which startup file it failed to load. It loaded files from the top of my screen to almost the middle, which is about < 10 things. It failed, and without telling me any new information, did the "same as above".

3 attempts of system restore. One was more than a month ago. It would get to the end and "finish" restoring for a brief moment, then immediately show an error pointing to "...Appdata/Roaming/Firefox/(jumble of letters).profile/session(the rest was cut off, but i thought i could see half an "s") It said it couldn't replace the file?

A:"Client Side Encryption not supported by..." --> "computer failing to load"

Its the server that you were on, it did not like the encryption that that server was using.

4 more replies

I have a big problem here,
I have used my hard disk for 9month,
Yesterday when I watched movie on the half way,
My hard disk suddenly disfuntion,
And I thought my laptop problem due to always lagging so I restart my computer.
But after that I can't read my hard disk (WD)in my computer.
It can read in computer management there.

Ways I try:
1)I try to uninstall and reinstalled again,BUT it doesn't work.
2)I try to unchecked the hide folder and device at view.
3)I try to update the software BUT it still disfunction.
4)I try to use disk management and initialized it BUT there appeared CANNOT INITIALIZED Due to I/O device error.

Any solution for me ?

A:Hard Disk can't read in "my computer ", "initialized",I/O device error

The most usual cause is that the Hard Drive is beginning to fail. Back up your stuff. Go to the website of the manufacturer and test the drive.

8 more replies

I am trying to rebuild by search index because my computer won't let me arrange items using the "Arrange By" option... However, when I try and load my indexing options to rebuild the index it will sit there and say "Waiting to receive indexing status". If I click the "Advanced" button it will freeze... I also receive an icon and loading display problem SEE PIC#1. Also when I click on "My Computer" it sometimes will sit there searching and it won't load. SEE PIC#2

I have tried the following:
1. Restarting the "Windows Search" service multiple times at different boots.
2. Deleting the files contained in the folder "C:\Windows\System32\config\TxR\". http://support.microsoft.com/kb/2484025
3. Stopping the "Windows Search" service then I opened up "regedit". I went to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSearch, SetupCompletedSuccessfully" I changed the value from a 0 to a 1. Then I rebooted my PC. I then went back to the same key and changed it back to a 0 and rebooted my PC again.
4. Turning the "indexing service" on and off from the "Turn Windows Features on or off" menu.
5. Microsoft Fixit Indexing Troubleshooter
6. Sfc /scannow
7. Tried this hotfix http://support.microsoft.com/kb/977380
8. Tried another user account and creating a new user account
9. Tried resetting folder view to "defaults" http://www.sevenforums.com/tutorials/15692-... Read more

A:"My Computer" won't load, Disappearing Icons, & "Arrange By" option won't work. Help?

13 more replies

Not a major issue, of course, purely cosmetic, but still a minor annoyance none-the-less:

I have a number of card reader drives that I never use (haven't even removed that plastic cover tape from them to help keep the dust out) that show when viewing the "Computer" window that displays drives. Is there any way to hide specific unused drivers from this view? Not remove drive entirely, of course, I may need to use one in the future, but just to hide them so they aren't visible, until I may chose to make them visible again?

Thanks as always,

Russell

A:Hiding unused "removable storage" devices from "Computer" folder

Hello Russell,

You could check Hide empty drives in the Computer folder in Folder Options to have them stay hidden until you insert a card. When a card is inserted, the drive will display in Computer.

Drives - Hide or Show Empty Drives in Computer Folder

Hope this helps,
Shawn

3 more replies

Which one should I do? I originally wanted to just do "Return computer to factory condition" but Theog just suggested "Use A System Image Created Earlier." I have no idea what to do. So confusing!

A:"Return computer to factory condition" or "Use A System Image Crea..."

Hello M4TE and welcome to Seven Forums. Sorry for the delay in responding but I just came across your question.

Most newer manufactured computers have a hidden recovery partition on the hard drive. The manufacturer provides specific instructions on how to access that partition in case you want to restore your machine to the exact condition it was in when it left the factory. That means you'd have to go through the time consuming process of cleaning out factory bloatware (like free trials of programs you'll never need), installing programs you do need, updating everything, creating your personal settings, etc. Here is a general idea of how to access the hidden recovery partition.

HP Recovery From Partition

1 more replies

my computer was hijacked by "support tool" a so called virus protection hijacker. i'm in safe mode with networking now & attached you see my hjt log file. help please. THanks!

actually, i'm on a different computer. it has windows xp home ed. & its a dell inspiron 530S

also, in trying to fix the problem initially, my wife deleted the file "rundll32" beacause the virus stated that had a virus error. so this file may be missing as well & we may need to replace it.

A:Computer Hijacked by "Support Tool" "Virus Protection" Prog

I posted this yesterday to get help for a "Support Tool" hijack on a computer. Please help. Log file attached. Thanks.

3 more replies

OK.....
As I said I am new.....
Hope this info is the way you need it.
MANY MANY THANKS IN ADVANCE FOR THE TIME & HELP !!!
Check out the following .....HHEELLLPPP

Logfile of HijackThis v1.98.2
Scan saved at 12:38:36 PM, on 11/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\Promon.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Frank M. Gazzo\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

hi

how to create a folder ?

right click anywhere in your desktop
click new,a tab opens ,click folder ,name it hjtantivirus .

download again hijackthis and install it in the new created folder .

C:\Documents and Settings\Frank M. Gazzo\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

it will not work properly if it stays there .

and don t create a new thread ,keep only one thread .this one ,now .

1 more replies

I tried to associate the file extension .txt to a new editor program
with the well known cmdline programs ASSOC and FTYPE.

No, assigning them through WinExplorer menu does not work.
But this is another problem which should not discussed here.

When I type now one of the following alternative commands at the CommandPrompt then Win7 returns me something like:

assoc .txt=txtfile

The following error occurs: .txt"

or

The following error occurs: txtfile"

Why?

The command above work fine under WinXP

Peter

Question:

Did you run cmd.exe with administrative previlliges?
Elevated Command Prompt

3 more replies

Hi:

According to Infoworld, it was "Optional" in May, but I was not offered it then.
This week, it was offered as "Important" and "Recommended" (!), but only for one of my 2 Win7/64 boxes.

I have read the MS KB article, as well as THIS FORUM THREAD, the latter of which includes a report of a BSOD due to this particular update.

However, there isn't much out on the web about it.
And most of the discussion about it is overly technical for me.
And I am confused as to why it was previously offered as "Optional", but now is "Important" or "Recommended".

I don't *think* I "need" it (as I have no webcam on this box). And I don't like to tempt fate by fixing things that are not broken.

So, 3 questions:
Is it safe to install?
Is it really necessary/important?
Or would I be OK to hide it?

A:KB3054476 offered as "Important"/"Recommended"/"Optional"

The status of updates changes with circumstances.
If an update isn't relevant, it won't be offered at all.
If however it's relevant but the related software is not apparently in use, it may be 'optional' - and gravitate to 'Recommended' or 'Important' if the related software is in use.
It can also be promoted through the hierarchy by MS depending on feedback through WU and error-trapped feedback.

If you have (and use) a webcam, then it's probably best to install the update.

4 more replies

hi,

OK, this is a weird one.

I wanted to move the "My Music", "My Pictures", "My Videos" folders to another HDD. I moved the "My Documents" Folder to this HDD without a problem but the others I accidentally set the whole HDD as the folder (if that makes sense). So now the music, videos and pictures folders are set to this HDD and dont have an actual folder to change the properties of. Therein lies my dilema.

If anyone can offer any advice on this curly issue it would be greatly appreciated.

Shane

A:Remaking "My Music", "My Pictures", "My Videos" folders

Quote: Originally Posted by Legume

hi,

OK, this is a weird one.

I wanted to move the "My Music", "My Pictures", "My Videos" folders to another HDD. I moved the "My Documents" Folder to this HDD without a problem but the others I accidentally set the whole HDD as the folder (if that makes sense). So now the music, videos and pictures folders are set to this HDD and dont have an actual folder to change the properties of. Therein lies my dilema.

If anyone can offer any advice on this curly issue it would be greatly appreciated.

Shane

You have a backup from before the problem started? a win 7 dvd to do a repair install?
ken

4 more replies

First things first, thanks to all who can help.....

I need to programmatically make some adjustments to the Internet Explorer security settings. Most of these settings I have found but there are a few I have not been able to get a clear exact location for in the registry. I will be using a .BAT file to make

Here is what I am looking for.....

Under the "Internet  Properties" found in control panel, under the "Privacy" tab there is an "Advanced" option button. When I click on it I get an "Advance Privacy Settings" options box. On it are several settings.
The first setting, "Override automatic cookie handling" needs to be checked in order to access the other options. I can do that by adjusting the DWord value of "PrivacyAdvanced" under the "Internet Settings" key in the registry,
"HKCU\Software\Microsoft\Windows\CurrentVersion\Internet settings", to be specific.

What I have not been able to find are the registry entries for the "First-party Cookies" "Accept, Block, or Prompt" options, the "Third-party Cookies" "Accept, Block, or Prompt" options, and the "Always allow

I have seen references to the following settings as being where those options exist, but nothing that explains ... Read more

More replies

Help, I keep on getting a "Windows Security Alert" popup appearing that says:

"Warning ! Potential Spyware Operation!

Internet files. Run full scan now to prevent any unauthorised access

This is currently appearing about every 5 minutes.

Also, I ran Spybot S&D, and it detected and removed Smitfraud.C

I just checked in my startup folder and found 2 programs that I think shouldn't be there "autorun.exe" and "system.exe"

What's going on here?
Logfile of HijackThis v1.99.1
Scan saved at 9:38:26 AM, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\SUPERVOC\PROGRAM\PICPMON.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe

A:Solved: Regular popups - "Warning! Potential Spyware Operation!"

12 more replies

I have searched the forum and tried many things but still could not get rid of this blinking "Warning - Dangerous spyware - Following viruses were found on your computer: Trojan horse, PassCapture and etc....."

H/W & OS: Dell laptop D630 - XP Pro SP3

Symptom: Got many pop ups in IE and Firefox. Desktop screen gone black with a box with blinking "Warning" and text listed below:

"Warning - Dangerous spyware - Following viruses were found on your computer: Trojan horse, PassCapture and etc.
Your private information may be potentially transferred to third parties.

Actions taken so far:

- Ran Spybots and Malwarebytes several times, deleted infected objects and rebooted laptop.
- Ran McAfee OnDemand scan few times and found no virus (???)
- Tried System Restore but does not work, even in Safe Mode Command Line, just can't click Next to restore any restore points.
- Ran Kaspersky's Online Scanner 7, found 7 objects infected
- Ran McAffe again and cleaned those infected object. Rebooted the laptop and the message still there....

=======================================

1) Malwarebytes' Anti-Malware Short scan found 7 infected objects. Removed & rebooted
Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 5.1.2600 Service Pack 3

5/16/2009 4:46:00 PM

A:Blinking "Warning, Dangerous spyware...Trojan horse, PassCapture etc"

It got worse. I ran virus scan and Malwarebytes' Anti-Malware, Spybots again and it found adn removed about 8 more infected objects / trojan horse. Rebooted the laptop and now I cannot logon. It logs me out immediately from both user account and Administrator account.
Any suggestions beside reinsatll XP is appreciated.

1 more replies

Hello. I seem to have a virus/trojan on my computer.

I get a message down in the tray saying "warning! security report. your computer is infected!it is recommended to start spyware cleaner tool."

If I click on it, it directs me to real- av.org

I am running windows xp, recently upgraded to SP3.

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:15, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe

More replies

I was recently the victim of a virus/spyware/trojan (probably all 3!) programme which did a number of obvious things:

1. Changed my background to a black screen with "warning: Spyware detected?" 'ahtn.html' is now my background.
2. Caused me to receive warning messages every few minutes, pretending to have run a scan on the computer (little red "X" next to the clock)
5. Keeps disabling resident scan on Avast
6. Probably much more...

Since the malicious software installed itself I have disabled my network card; rebooted the machine to 'safe mode without networking' and performed a quick and (now doing) thorough scan of all hard drives using Avast (should be up to date since it's always telling me it's done a database update). Although it claims to have found a series of Trojans I am not convinced it's on top of things and haven't ventured back into 'Normal Windows' or onto the www yet.

I have downloaded to a USB stick (on second PC, laptop) the following which I could run this evening when I return home from work...
dds.scr (from sticky link on this forum)
Malwarebytes Anti-Malware
Spybot Search & Destroy
and ComboFix (already read: http://www.techsupportforum.com/f100...ml#post1829551 so not going to run it (if at all) until instructed to)

I used the qualifie... Read more

A:"warning: Spyware detected…" 'ahtn.html' is now my background

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies

I was recently the victim of a virus/spyware/trojan (probably all 3!) programme which did a number of obvious things:

1. Changed my background to a black screen with "warning: Spyware detected?" 'ahtn.html' is now my background.
2. Caused me to receive warning messages every few minutes, pretending to have run a scan on the computer (little red "X" next to the clock)
5. Keeps disabling resident scan on Avast
6. Probably much more...

Since the malicious software installed itself I have disabled my network card; rebooted the machine to 'safe mode without networking' and performed a quick and (now doing) thorough scan of all hard drives using Avast (should be up to date since it's always telling me it's done a database update). Although it claims to have found a series of Trojans I am not convinced it's on top of things and haven't ventured back into 'Normal Windows' or onto the www yet.

Also; I have a number of hard drives installed into this system... the avast scan is taking an age since it goes through them all... am I best going inside the box and disconnecting them before starting this? I suppose the query is if the malicious software moves between drives or just stays on my main C-drive.

A:"warning: Spyware detected…" 'ahtn.html' is now my background

By the way; this is all being run from within 'Safe Mode without Networking'.
I have not read anywhere that this isn't ok so I hope it is.

18 more replies

Hello. I seem to have a virus/trojan on my computer.

I get a message down in the tray saying "warning! security report. your computer is infected! It is recommended to start spyware cleaner tool."

If I click on it, it does nothing.

I am running windows xp.

When I try to run any type of antispy programs it comes up with further errors such as TFORMAAW or TLVGrouper and closes.

When I try to go to Task Manager it refuses. It states that the Administrator has not allowed. However I am the only adminstrator account.

More replies

Hey folks,

It looks like I've got a medley of virii. Prior to finding this forum, I attempted to fix the problem using several anti virus/spyware applications. While they found and apparently fixed some problems, the System Window entitled "Critical System Warning!" was not fixed, nor were the balloons that popped up from the system tray.

Here's what the System Window had to say:

Critical System Warning!
Your system is probably infected with the lastest version of Spyware.Cyberlog-X.
Type: Spyware
Infected Length: 266,129 bytes
Risk: High
Affected Systems: Windows 95, 98, 2000, NT, 2000 Server, Windows XP
Behavior: Cyberlog-X is a spyware program that monitors user activity, logs keystrokes, and track Web sites visited.
Symptims: Low Internet connection speed
Low System Performance
Strange pop up windows

After reading several posts, I ran ComboFix and it appeared to fix the obvious problems. Would someone mind looking at my logs to see if there are any processes running in the background? Is there any script that I can drag and drop into ComboFix (or any other solution) that would remove these processes?

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:13, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:

More replies

Hi,

I am trying to fix my friend's computer (the key word here is *trying*) and I ran across some things that I have no idea how to fix. First off, I used Spybot Search and Destroy in Normal mode and Safe mode to try and get rid of as much as possible. Even after doing this, I am still getting the world's most annoying messagebox with the title of "Windows Security Alert" The body of the messagebox reads as follows: "Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unauthorised access to your files! Click YES to download spyware remover . . ." I have no idea how to get rid of this.

Also, when trying to go to Add/Remove Programs in Control Panel, I find that i can no longer access Control Panel (it says that the operation is cancelled due to restrictions on this computer, but there is only one account and it is admin). Now, Control Panel no longer shows up anywhere!

Posted below is my HijackThis file. I would appreciate any help with this matter. Thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:20 AM, on 3/21/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe

A:"Warning! Potential Spyware Operation!" messagebox and unaccessible Control Panel

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

3 more replies

My desktop has all turned blue with a background-like warning image. It has a message "SPYWARE INFECTION" Your system is infected with spyware.

I cannot change my wallpaper at all. I have lost the option. Please help get rid of the infection.

Here are the results of my Hijackthis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:31 PM, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\ANTIVI~1\AVG\avgcc.exe
C:\WINDOWS\system32\svchost.exe
D:\AVGAntiSpyWare\AVG Anti-Spyware 7.5\guard.exe
D:\ANTIVI~1\AVG\avgamsvr.exe
D:\ANTIVI~1\AVG\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HiJackThis\HijackThis.exe

A:Solved: VIRUS; HELP!! My desktop is blue with a "spyware infection" warning-like back

16 more replies