Over 1 million tech questions and answers.

Anti-spyware & Anti-virus Disabled, Keylogger, Hijack, Worms

Q: Anti-spyware & Anti-virus Disabled, Keylogger, Hijack, Worms

I have just finished with my original support and probably have to reformat. However, I would like to find out what is going on or at least in some contribute to helping someone in the future so I have come here.Despite good computer hygiene, Adaware, Spybot, McAfee-now Kasperskey, CCleaner, HijackThis, updating (wondering if this might have brought in some problems), and Zone Alarm firewall, I have problems which I first noticed when I was hijacked from Paypal. This showed on my first HJT scan but disappeared without treatment shortly thereafter. My antivirus, etc., have been disabled although they LOOK as if they are working but don't so much as find a cookie anymore--except for CCleaner. Spybot doesn't find About:Blank but it showed up on the browser scan. I tried to delete it and it doesn't show on any scans but I still see it fly by the bottom of my screen as IE pages are loaded. When I go to my history or temporary files, when I can see them, they are mostly ad pages. I have tried all the usual CWShredder, etc., and they don't find anything.MWAV is the only scan that has shown much. When I submit some suspicious files from comboscan to either VirusScan or Jotti, more often than not they jam VirusScan and I get error messages from Jotti that it is either the wrong stream or the file is empty. Sometime the folders are empty. I have tried to rename them but many times I am not allowed. Sometimes when I explore I can see the folders have information but when I go to submit them I get the message they are empty. Recently, after submitting a file to Jotti I got a page that said, "Prepare to Die!." It also had a photo of a man dressed like a woman leaning over a desk with a big shot facing a another man in a suit.When I try to repair or update some of my anti-spyware I often get a navigational error page.Also, I have noticed than many of my files dates are saying that they are created and modified on June 6, 2005. This includes some files I know I had recently accessed, installed, or tried to delete.I am not hopeful but I want to find out what is doing this. I know I need to reinstall but I want a good detective to have at it first. I ran a newer Hijack This but will include a comboscan with an older version because HijackThis reccomended that I try an older version. I was careful while doing the comboscan not to let it access any HijackThis that I already had and not to access the internet for one. The scan was quite different.I recently also tried IceSword and found many more entries in the startup than have been revealed before. It also found items in the drivers and registry but I wasn't sure how to proceed. I can't save a log from it but things looked quite different.Thanks for the help. I don't want to reformat and then find that is thing is in my memory, my peripherals, and my saved files on CD and reinfect myself again. So I do need some urgent help.Many thanks & Happy Hunting!!!!Logfile of HijackThis v1.99.1Scan saved at 7:26:14 PM, on 3/18/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\AOL\Active Virus Shield\avp.exeC:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXEC:\Program Files\Common Files\AOL\1127327071\ee\AOLSoftware.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXEC:\Program Files\AOL\Active Virus Shield\avp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\America Online 9.0\aoltray.exeC:\WINDOWS\system32\devldr32.exec:\program files\common files\aol\1127327071\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exec:\program files\common files\aol\1127327071\ee\aolsoftware.exeC:\WINDOWS\System32\svchost.exeC:\HijackThis\HijackThis.exeO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1127327071\ee\AOLSoftware.exe"O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16" target="_blank" class="wLink">http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cabO16" target="_blank" class="wLink">http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://support.gateway.com/support/profiler/PCPitStop.CABO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cabO16" target="_blank" class="wLink">http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cabO16" target="_blank" class="wLink">http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16" target="_blank" class="wLink">http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118153487515O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122422829054O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16" target="_blank" class="wLink">http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cabO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXEO23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXEO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeHere is the comboscan. Please let me know if it proved helpful or not.ComboScan v20070306.20 run by Marla on 2007-03-18 at 18:59:53Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis Clone ------------------------------------------------------------Emulating logfile of HijackThis v1.99.1Scan saved at 2007-03-18 18:59:55Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.0.5730.11)Running processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLacsd.exeC:\Program Files\AOL\Active Virus Shield\avp.exeC:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exeC:\Program Files\Common Files\AOL\1127327071\ee\aolsoftware.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exeC:\Program Files\AOL\Active Virus Shield\avp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\America Online 9.0\aoltray.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Common Files\AOL\1127327071\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exeC:\Program Files\Common Files\AOL\1127327071\ee\aolsoftware.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\svchost.exeC:\Documents and Settings\Marla\Desktop\comboscan.exeR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%sR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...mp;plcid=0x0409O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dllO4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1127327071\ee\AOLSoftware.exe"O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - CmdMapping - (file missing)O9 - Extra 'Tools' menuitem: (no name) - CmdMapping - (file missing)O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} () - http://office.microsoft.com/templates/ieawsdc.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} () - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/6/7.../OGAControl.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} () - http://support.gateway.com/support/profiler/PCPitStop.CABO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} () - http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...or/sw_promo.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/0/5...heckControl.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} () - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} () - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118153487515O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122422829054O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} () - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} () - http://www.sibelius.com/download/software/...tiveXPlugin.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} () - http://www.superadblocker.com/activex/sabspx.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cabO16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} () - http://download.microsoft.com/download/7/E...04/clearadj.cabO18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLLO18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dllO18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLLO18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLLO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dllO23 - Service: Alerter - C:\WINDOWS\System32\svchost.exe -k LocalServiceO23 - Service: Application Layer Gateway Service (ALG) - C:\WINDOWS\system32\alg.exeO23 - Service: AOL Connectivity Service (AOL ACS) - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exeO23 - Service: AOL Spyware Protection Service (AOLService) - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exeO23 - Service: Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcsO23 - Service: ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exeO23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Active Virus Shield (AVP) - "C:\Program Files\AOL\Active Virus Shield\avp.exe" -rO23 - Service: Background Intelligent Transfer Service (BITS) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Computer Browser (Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Indexing Service (cisvc) - C:\WINDOWS\system32\cisvc.exeO23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exeO23 - Service: COM+ System Application (COMSysApp) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}O23 - Service: Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcsO23 - Service: DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunchO23 - Service: DHCP Client (Dhcp) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Dell Printer Status Watcher (DLPWD) - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exeO23 - Service: Dell Printer Status Database (DLSDB) - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /comO23 - Service: Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: DNS Client (Dnscache) - C:\WINDOWS\System32\svchost.exe -k NetworkServiceO23 - Service: Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Event Log (Eventlog) - C:\WINDOWS\system32\services.exeO23 - Service: COM+ Event System (EventSystem) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Human Interface Device Access (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilterO23 - Service: InstallDriver Table Manager (IDriverT) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - C:\WINDOWS\system32\imapi.exeO23 - Service: iPodService - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Server (lanmanserver) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Workstation (lanmanworkstation) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\System32\svchost.exe -k LocalServiceO23 - Service: Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exeO23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exeO23 - Service: Windows Installer (MSIServer) - C:\WINDOWS\system32\msiexec.exe /VO23 - Service: Network DDE (NetDDE) - C:\WINDOWS\system32\netdde.exeO23 - Service: Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exeO23 - Service: Net Logon (Netlogon) - C:\WINDOWS\system32\lsass.exeO23 - Service: Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Network Location Awareness (NLA) (Nla) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exeO23 - Service: Removable Storage (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcsO23 - Service: NVIDIA Driver Helper Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exeO23 - Service: Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: IPSEC Services (PolicyAgent) - C:\WINDOWS\system32\lsass.exeO23 - Service: Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exeO23 - Service: Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Remote Access Connection Manager (RasMan) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exeO23 - Service: Routing and Remote Access (RemoteAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\system32\locator.exeO23 - Service: Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcssO23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exeO23 - Service: Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exeO23 - Service: Smart Card (SCardSvr) - C:\WINDOWS\system32\scardsvr.exeO23 - Service: Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcsO23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcsO23 - Service: Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exeO23 - Service: System Restore Service (srservice) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\System32\svchost.exe -k LocalServiceO23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\System32\svchost.exe -k imgsvcO23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\System32\dllhost.exe /Processid:{3F559694-250B-447D-9D7E-E6E5FB5BC220}O23 - Service: Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exeO23 - Service: Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunchO23 - Service: Themes - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcsO23 - Service: Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\System32\svchost.exe -k LocalServiceO23 - Service: Uninterruptible Power Supply (UPS) - C:\WINDOWS\system32\ups.exeO23 - Service: TrueVector Internet Monitor (vsmon) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -serviceO23 - Service: Volume Shadow Copy (VSS) - C:\WINDOWS\system32\vssvc.exeO23 - Service: Windows Time (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - "C:\WINDOWS\wanmpsvc.exe"O23 - Service: WebClient - C:\WINDOWS\System32\svchost.exe -k LocalServiceO23 - Service: Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcsO23 - Service: Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: WMI Performance Adapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exeO23 - Service: Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcsO23 - Service: Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcsO23 - Service: Network Provisioning Service (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs-- Files created between 2007-02-18 and 2007-03-18 -----------------------------2007-03-17 23:56:50 0 d-------- C:\IceSword120_en<ICESWO~1>2007-03-17 22:45:53 306720 --a------ C:\DNLDSSC.exe2007-03-17 22:24:28 377856 --a------ C:\ariesremoverinst.exe<ARIESR~1.EXE>2007-03-17 01:10:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe2007-03-17 01:04:49 21822168 --a------ C:\AdbeRdr80_en_US.exe<ADBERD~1.EXE>2007-03-16 23:17:50 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>2007-03-16 22:56:38 0 d-------- C:\Scanner1982<SCANNE~1>2007-03-16 03:46:44 2685104 --a------ C:\ccsetup138.exe<CCSETU~1.EXE>2007-03-15 20:03:05 0 d-------- C:\Documents and Settings\Marla\.housecall6.6<HOUSEC~1.6>2007-03-15 17:41:41 0 d-------- C:\Trendscan<TRENDS~1>2007-03-15 16:41:16 1144839 --a------ C:\stng260.exe2007-03-15 14:25:22 0 d-------- C:\tsc2007-03-13 17:44:46 0 d-a------ C:\WINDOWS\zts2.exe2007-03-13 17:44:46 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll2007-03-13 17:44:46 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll2007-03-13 17:44:46 0 d-a------ C:\WINDOWS\rundll16.exe2007-03-13 17:44:46 0 d-a------ C:\WINDOWS\rundl132.dll2007-03-13 17:44:46 0 d-a------ C:\WINDOWS\logo1_.exe2007-03-13 17:19:29 135680 --a------ C:\WINDOWS\system32\TASKMGR.COM2007-03-13 17:19:29 146432 --a------ C:\WINDOWS\REGEDIT.COM2007-03-12 20:02:44 531744 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat2007-03-12 20:02:44 4741664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat2007-03-12 19:30:43 0 d-------- C:\!KillBox2007-03-10 01:07:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat2007-03-05 18:01:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\HP2007-03-05 17:57:40 0 d-------- C:\Documents and Settings\All Users\Application Data\HP2007-03-05 17:40:48 5389 -----n--- C:\WINDOWS\hpomdl06.dat2007-03-05 17:40:48 89277 --a------ C:\WINDOWS\hpoins06.dat2007-03-05 03:35:32 0 d-------- C:\Program Files\IrfanView<IRFANV~1>2007-02-27 21:37:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe2007-02-27 17:51:06 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb<DOCTOR~1>2007-02-27 11:18:31 0 d-------- C:\fixwareout<FIXWAR~1>2007-02-26 18:15:32 135680 --a------ C:\WINDOWS\system32\T.COM2007-02-26 18:15:32 146432 --a------ C:\WINDOWS\R.COM2007-02-24 01:37:00 737431 --a------ C:\Program Files\SDFix.exe2007-02-23 21:48:30 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>2007-02-23 21:45:42 0 d-------- C:\Program Files\Checker2007-02-23 20:26:05 0 d-------- C:\Program Files\Grisoft2007-02-23 20:22:12 0 d-------- C:\WINDOWS\ERDNT2007-02-23 17:00:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>2007-02-22 15:00:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\ScanSoft2007-02-21 16:45:20 0 d--h----- C:\WINDOWS\PIF2007-02-20 21:05:09 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>2007-02-20 19:45:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>2007-02-20 13:13:02 2354 --a------ C:\WINDOWS\system32\tmp.reg2007-02-20 10:10:10 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>2007-02-20 04:08:34 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>-- Find3M Report ---------------------------------------------------------------2007-03-17 01:11:09 0 d-------- C:\Program Files\Common Files\Adobe2007-03-15 11:56:37 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub<MIEE00~1>2007-03-13 17:21:39 0 d-------- C:\Program Files\America Online 9.0<AMERIC~1.0>2007-03-13 17:21:36 0 d-------- C:\Program Files\QuickTime<QUICKT~1>2007-03-13 17:21:34 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>2007-03-13 17:21:34 0 d-------- C:\Program Files\Messenger<MESSEN~1>2007-03-12 20:02:44 0 d-------- C:\Program Files\AOL2007-03-08 22:25:17 0 d-------- C:\Program Files\PhoneTreeMVPu<PHONET~1>2007-03-07 20:26:17 0 d-------- C:\Program Files\CCleaner2007-03-01 21:30:51 0 d-------- C:\Program Files\Common Files\Ahead2007-02-24 19:35:42 0 d-------- C:\Program Files\Google2007-02-24 19:35:02 0 d-------- C:\Program Files\Common Files\Scanner2007-02-21 23:29:53 0 d-------- C:\Program Files\Common Files\Xerox Shared<XEROXS~1>2007-02-20 09:00:20 0 d-------- C:\Program Files\Common Files\AOL2007-02-17 15:44:21 0 d-------- C:\Program Files\Dell Printers<DELLPR~1>2007-02-17 15:44:09 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE2007-02-08 00:52:18 0 d-------- C:\Documents and Settings\Marla\Application Data\Viewpoint<VIEWPO~1>2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe2007-01-12 10:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll2007-01-12 10:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>2007-01-12 10:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll2007-01-12 10:27:42 6054400 -----n--- C:\WINDOWS\system32\ieframe.dll2007-01-08 20:04:54 105984 --a------ C:\WINDOWS\system32\url.dll2007-01-08 20:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll2007-01-08 20:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll2007-01-08 20:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll2007-01-08 20:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll2007-01-08 20:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll2007-01-08 20:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll2007-01-08 20:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll2007-01-08 20:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll2007-01-08 20:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll2007-01-08 20:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll2007-01-08 19:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe2007-01-08 19:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe2007-01-03 23:17:01 774144 --a------ C:\Program Files\RngInterstitial.dll<RNGINT~1.DLL>2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll-- Registry Dump ---------------------------------------------------------------[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1127327071\\ee\\AOLSoftware.exe\"""Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"""DLPSP"="\"C:\\Program Files\\Dell Printers\\Additional Color Laser Software\\Status Monitor\\DLPSP.EXE\"""aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]"Installed"="1""NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup""nwiz"="nwiz.exe /install""HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe""SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe""InstantAccess"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE /h"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\EPSON SMART PANEL for Scanner.lnk""backup"="C:\\WINDOWS\\pss\\EPSON SMART PANEL for Scanner.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\EPSON\\EPSONS~1\\ESPMAIN.EXE /h""item"="EPSON SMART PANEL for Scanner"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk""backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe ""item"="HP Digital Imaging Monitor"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk""backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s""item"="HP Image Zone Fast Start"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk""backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l""item"="Microsoft Office"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk""backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe ""item"="Microsoft Works Calendar Reminders"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package Menu.lnk""backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~3\\SonyTray.exe ""item"="Picture Package Menu"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package VCD Maker.lnk""backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h""item"="Picture Package VCD Maker"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marla^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]"path"="C:\\Documents and Settings\\Marla\\Start Menu\\Programs\\Startup\\reminder-ScanSoft Product Registration.lnk""backup"="C:\\WINDOWS\\pss\\reminder-ScanSoft Product Registration.lnkStartup""location"="Startup""command"="C:\\PROGRA~1\\TEXTBR~1.0\\Ereg\\REMIND32.EXE ""item"="reminder-ScanSoft Product Registration"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AOLDial""hkey"="HKLM""command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="HPWuSchd2""hkey"="HKLM""command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="iTunesHelper""hkey"="HKLM""command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="WkDetect""hkey"="HKCU""command"="???\\WkDetect.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="msmsgs""hkey"="HKCU""command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="NeroCheck""hkey"="HKLM""command"="C:\\WINDOWS\\system32\\NeroCheck.exe""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="PortAOL""hkey"="HKLM""command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="qttask""hkey"="HKLM""command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="RealPlay""hkey"="HKLM""command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER""inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="SpySweeper""hkey"="HKLM""command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray""inimapping"="0" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=dword:00000000[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0NetworkService REG_MULTI_SZ DnsCache\0\0rpcss REG_MULTI_SZ RpcSs\0\0imgsvc REG_MULTI_SZ StiSvc\0\0termsvcs REG_MULTI_SZ TermService\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{986cc518-7818-11db-95cb-00038a000015}]Shell\AutoRun\command F:\LaunchU3.exe -a-- End of ComboScan: finished at 2007-03-18 at 19:00:33 ------------------------Past help: http://www.techsupportforum.com/security-c...installing.html

RELEVANCY SCORE 200
Preferred Solution: Anti-spyware & Anti-virus Disabled, Keylogger, Hijack, Worms

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Anti-spyware & Anti-virus Disabled, Keylogger, Hijack, Worms

Download this program:submit files packerHighlight the files listed below in bold and right-click and selecting copy.C:\WINDOWS\zts2.exeC:\WINDOWS\system32\vcmgcd32.dllC:\WINDOWS\system32\iifgfgf.dllC:\WINDOWS\rundll16.exeC:\WINDOWS\rundl132.dllC:\WINDOWS\logo1_.exeC:\WINDOWS\system32\TASKMGR.COMC:\WINDOWS\REGEDIT.COMC:\WINDOWS\system32\T.COMC:\WINDOWS\R.COMC:\WINDOWS\system32\tmp.regThen start the file packer program and right click in the white box and select paste to paste the copied file names in the field.Then press the Continue button.I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.Rename this file to yourmembername.cab (for example grinler.cab).Then go to:http://www.bleepingcomputer.com/submit-malware.phpand fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.

Read other 54 answers
RELEVANCY SCORE 112.4

Hello!

I've been doing a springclean for my PC, and I would be grateful if someone would check my hijack this log for problems.

I've run all of my anti-spyware and AVG programes first. But, I have a question: after my programes have scanned for problems and put all the bad stuff into quarentine, do I need to do anything else with them?

I'm not sure if I should be trying to find ways of removing trojans etc. or if it is ok to just leave them in the quarentine area indefinatly.

Thanks for your help!

-------------

Logfile of HijackThis v1.98.2
Scan saved at 13:43:41, on 24/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AntiVirusKit\AVKService.exe
C:\Program Files\AntiVirusKit\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\AntiVirusKit\AVKPOP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\ctfmon.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Pro... Read more

A:Solved: A hijack this log, and a quick question re: anti-spyware and anti-virus programes

Read other 7 answers
RELEVANCY SCORE 103.6

Hi Im new here this is my first post also my first problem

Well everything was going great no virus getting detected

I use ESET nod32, malwarebytes and SpyBot

Now my problem is that all of my protection applications wont Update

Also I can't access any protection site like Microsoft.com, Eset.com, the website of malwarebytes and Spybot
and last is that sometime (happens sometimes) computer auto shutsdown
with a timer of 60 seconds before shutdown (please save all works...)

all other applications and websites works great except for those I mentioned

HOPE u could help me if possible ASAP because I'm using my CPU for business purposes and advance thanks

sorry forgot my HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:38 PM, on 2/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\I... Read more

A:Anti-Virus Anti-Malware and Anti-spyware not updating

Hi, welcome to TSF!

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 4 answers
RELEVANCY SCORE 103.6

Hi Im new here this is my first post also my first problem

Well everything was going great no virus getting detected

I use ESET nod32, malwarebytes and SpyBot

Now my problem is that all of my protection applications wont Update

Also I can't access any protection site like Microsoft.com, Eset.com, the website of malwarebytes and Spybot
and last is that sometime (happens sometimes) computer auto shutsdown
with a timer of 60 seconds before shutdown (please save all works...)

all other applications and websites works great except for those I mentioned

HOPE u could help me if possible ASAP because I'm using my CPU for business purposes and advance thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:38 PM, on 2/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\... Read more

Read other answers
RELEVANCY SCORE 103.6

Have bad infection...need best free Anti-virus, Anti-spyware, and Anti-malware software please....

THANX

Running Windows XP
 

Read other answers
RELEVANCY SCORE 100.8

Googled all over, can't find an answer because on almost every link or forum when this question is discussed it invariably turns into a discussion of what people use on smart phones. Or the usual myths about Android is oh, so safe, safe just like the Mac and Linux and whatever they claim. Given that there is NO OPERATING SYSTEM on Earth THAT's SAFE, I post this. Let's start with ...Subject: A tablet that is NOT a smart or dumb phone, uses only Wi-Fi, runs Google's Android 3.1, needs something other than a built-in, default, blanket permission to connect everywhere it wants (facebook, twitter, scumware, trojans...), some of it behind your back, and can download a ton of free applications full of little ads from the Android Marketplace (many of which are sooooo cooool ).Any suggestions? Any places to look?

A:Firewall+Anti[virus,keylogger,rootkit,spyware] for Android tablets

Here's a good start...Noscript Firefox security extension goes mobilePOPULAR FIREFOX SECURITY EXTENSION Noscript has been released for Android and Maemo builds, giving users of these two mobile operating systems access to a web browser security feature comparable to that available to desktop computer users.

Read other 5 answers
RELEVANCY SCORE 100.4

First of all i would like to apologize if this topic is in wrong category, or it should not even be asked on this site. And second of all, please be patience i'm a noob looking for answers So whats all about? Well i'm meeting new terms here and i have no idea what they mean and what they do. And as anyone else i wanna be safe in this era of cyber-crime. So basically i know whats a anti-virus and a anti-spyware and that they can run together. Also i heard that 2 anti-virus don't do good but 2 anti-spyware do. So what i'm asking is, what is a anti-malware? Can a anti-malware, anti-virus, and anti-spyware run together? Could you suggest some good+free of those 3? Sorry for my bad English and being such a noob

A:Anti-malware, Anti-virus, Anti-spyware

Florin, you might take interest in this thread, though it may be quite a bit of reading: What's the Best Anti-virus?

It is there that they discuss all kinds of different antiviruses and coupled security software. I personally only use Microsoft Security Essentials, but I have used it along with Malwarebytes for added security in the past.

Basically, you could have your system completely locked down with lots of extra security, but in some cases it becomes a hassle because of how much your computer becomes protected and overly secured. If you prefer a speedy computer over security, generally you use less security software, but if it is the other way around, you will want beefier security software which may slow things down slightly. That link I've provided will have most everything you will need.

Read other 9 answers
RELEVANCY SCORE 98.4

Symptoms:
- Google Search Results Hijacked - clicking on search results link redirects to unrelated page.
- Microsoft Security Essentials - Will not start. Microsoft Antimalware Service is disabled. When manually enabled, something disables the service.

What I tried:
- Ran Malwarebytes' Anti-Malware - Updated to latest definitions. Found a few things which seemed to be successfully cleaned. Ran in both - standard and safe-mode.
- Ran Avast which did not find anything useful.
- Uninstalled Avast and installed Microsoft Security Essentials (SE). SE will not run because the service is disabled. I was able to get it to run in safe-mode when logged in as Administrator. Found and cleaned a few things but did not resolve original issue.

DDS (Ver_10-12-12.02) - NTFSx86
Run by rgwebber at 15:47:56.84 on Sat 01/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2843 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files ... Read more

A:Search Results Hijack / Anti-Virus Disabled

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh DDS log back here

Read other 10 answers
RELEVANCY SCORE 98.4

PLease find the attached log file-
I am running Symantac Anti virus w/firewall- i am unable to Enable the firewall and live update-
it tells me that i do not have admin rights

Logfile of HijackThis v1.97.7
Scan saved at 7:42:02 PM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\ntvdm.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Defaul... Read more

A:Windows XP - ANTI Virus Disabled- HIJACK LOG FILE

Read other 7 answers
RELEVANCY SCORE 98

Hi there.

Two days ago I was sent a fake youtube link through YIM. I clicked on the link not knowing it was a fake. It started with a letter G before the words youtube on the URL. Once I clicked on it, it took me to a page that appeared to be a youtube page. Once there, it said that I had to update my Adobe in order to see the video. Well, like an idiot I clicked on it and all he-- broke loose. I now don't have access to use any of the following on my computer: Safe Mode, System Restore, Spybot Search and Destroy, AVG, Super Antispyware, or Ccleaner. If I hit F8 after rebooting the computer, it takes me to the black screen where I can choose Safe Mode. Once there, I pick safe mode and it brings me back to the same black screen over and over again. When I try to do system restore, it says it's disabled by group policy. I've searched high and low to try to fix the System Restore problem and it just won't let me. Can someone please help me? I'm going crazy over here. Thanks so much.
 

A:Fake youtube link gave me a virus, disabled spyware/malware/anti-virus

Hello again.

I have realized that I have this lingering around somewhere in my computer. $McRebootA5E6DEAA56$

Would anyone be able to tell me how I go about trying to find out in which folder this is at? I found this running when I entered msconfig on the Run field.
 

Read other 1 answers
RELEVANCY SCORE 97.2

I have found that whenever anti virus and anti spyware software is disabled on my computer, there is a virus... Also when I turn it on it has been telling me that the USB Controller's drivers are not installed. I have been having trouble with a external hard drive that stopped functioning maybe it is because of that.I have another problem but I'm not sure if this is a hardware or software problem. I live in Haiti where we have rolling blackouts. Whenever electricity is turned on the computer goes on all by itself and I have to set the date and time every time.I have attached the Attach.txt and ark.txt.Here is the contents of the DDS.txt log below.DDS (Ver_10-03-17.01) - NTFSx86 Run by Lillian at 13:47:22.43 on Mon 03/29/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.751 [GMT -5:00]AV: avast! antivirus 4.8.1368 [VPS 100329-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink DVD Solution\Po... Read more

A:Anti virus and anti spy ware disabled sometimes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 96.4

Hello,

I have a problem that is far beyond my limited skills. One of our people has a laptop that has either malware or a virus infecting it. Two symptoms are present: first, when using firefox web pages get redirected to advertising or to unrelated google searches; second, the machine seems more sluggish than usual.

I have tried to download anti-spyware software (e.g. Spy Sweeper, CounterSpy, MalwareBytes, Superantispyware, PC Doctor) and nothing works. In some cases such as Counterspy and PC Doctor, the executable will run but the program will not update (and thus, not allow for a scan). In other cases such as MalwareBytes, the executable simply will not run.

I have run a Trend Micro anti-virus scan. It seems to detect something but it crashes before the scan can complete. The same thing happens with Panda Activescan. Last night, I ran Panda Activescan for over 8 hours. When I woke up, the scan had frozen at the 52% point and had found 1 infected file, which it didn't appear to clean up.

Anyway, I'd really appreciate any help.
Best regards,
Jordan

A:HELP! -- Anti-spyware / Anti-virus doesn't work; malware crippling our machine

Uninstall all of the programs but Super Antispyware, Trend Micro and MalwareBytes AntiMalware.Find the MBAM.exe and rename it BAMM.com by right clicking on the file and choosing rename.Download the manual updates for MBAM from the link below. Double click on it to install. http://www.malwarebytes.org/mbam/database/mbam-rules.exeINSTRUCTIONS FOR USING MBAM:http://www.bleepingcomputer.com/forums/ind...t&p=1100727

Read other 1 answers
RELEVANCY SCORE 96.4

Hello, I consider myself a fairly advanced computer user, but I'm having an issue I'm 99% sure is MalWare related. My laptop freezes CONSTANTLY, sometimes out of nowhere, and sometimes when I walk away for 5 minutes. I have tried numerous times to run AVG, Ad-Aware SE, and both freeze shortly after the scan starts (also tried in SAFE MODE). Now sometimes I can browse the we for hours, but as soon as a start a scan, install, or update, these issues are more common. I am fairly confident that this is not a hardware issue, since I've ran advanced diagnostics on them all, including BIOS. I have a HiJack This Log, and help would be greatly appreciated!

HiJackThis.log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:22 AM, on 9/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDO... Read more

A:Unable to Run ANY Anti-Virus or Anti-Spyware programs, Comp freezes every 5 minutes.

BUMP!

--sorry, I'm desperate.
 

Read other 3 answers
RELEVANCY SCORE 96.4

According to a story at Washingtonpost.com, the latest definitions for Microsoft's Anti-Spy flags Symantec's Norton Antivirus as a trojan and prompts users to delete essentials of the program. Users who follow the instructions hose their installation of Norton, requiring Windows registry edits and complete removal/reinstallation of Norton.

Microsoft's support forum is filling up with complaints, many from businesses that have been hard hit. This should be a cautionary note about deploying beta products in production environments.
 

A:READ!!!Microsoft Anti-Spyware Deleting Parts of Norton Anti-Virus

Read other 8 answers
RELEVANCY SCORE 96.4

Hello All,I am not able to update my Zone Alarm Internet security suite for some weeks now. I was directed here from the Zone Alarm Forum. Although I can browse through most of the websites, I am not allowed to access Zone Alarm update, Microsoft update. I also tried http://www.malwarebytes.org/mbam.php and also http://downloads.superantispyware.com/down...AntiSpyware.exe but was denied access both on IE and FirexFox.Further Filemon and RootkitRevealer do not work any on my machinePlease help.Thanks

A:Unable to access Anti-virus updates / Anti-spyware website

Thanks guys,
All problems solved Thanks to SuperAntiSpyware.

Read other 2 answers
RELEVANCY SCORE 96.4

I recently downloaded PC Security Shield (supposedly a good anti virus program) and Spyware Terminator (antispyware) and noticed that their icons sometimes, do not show up in my system tray when I boot up. And it stays like that. I've had no icons for three days now...huh?

I've looked up this problem in the accompanying (Security Shield) help menu and it wasn't any help....but it basically states no icon = no protection....so what the bejeepers can I do to fix this problem?
 

A:Anti virus/anti spyware programs missing from system tray

Just a quick thought, go to start-up options and see if they are listed as due to run on start-up, if you have no suitable programme to view your start-up programmes go to run and type msconfig and check the start-up tab
 

Read other 2 answers
RELEVANCY SCORE 96.4

Please help. I am working on a network and need a corporate anti-virus program and anti-spyware programs? I know McAfee and Symantec offer something, but I know the personal editions I have had a less than nice experience. Any suggestions?

A:Need A Corporate Anti-virus Program And Anti-spyware Programs? Any Suggestions

Take a look at this Spysweeperhttp://www.webroot.com/enterprise/products/

Read other 4 answers
RELEVANCY SCORE 96.4

How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)





Quote:
If your PC is infected with the Win 7 Anti-Spyware 2011 malware or something similar, you?ve come to the right place, because we?re going to show you how to get rid of it, and free your PC from the awful clutches of this insidious malware (and many others)
Win 7 Anti-Spyware 2011 is just one of many fake antivirus applications like Antivirus Live, Advanced Virus Remover, Internet Security 2010, Security Tool, and others that hold your computer hostage until you pay their ransom money. They tell you that your PC is infected with fake viruses, and prevent you from doing anything to remove them.
This particular virus goes by a lot of names, including XP Antispyware, Win 7 Antispyware, Win 7 Internet Security 2011, Win 7 Guard, Win 7 Security, Vista Internet Security 2011, and many, many others. It?s all the same virus, but renames itself depending on your system and which strain you get infected with.


Source ...

A:How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)

Thanks for the information. I hope I never have to use it.

Read other 2 answers
RELEVANCY SCORE 96.4

Hey guys ... I've searched the forums and done just about everything that I can do so far to no avail and am at my wits end with this thing.So yesterday for no reason, FireFox just decides to close. Fine, no big deal, but then I relaunched and it did it AGAIN a few minutes later. Then I got the lovely Microsoft Security Essentials error message saying that I had a Trojan in Unknown Win32. Of course, I knew that was a fake, so I tried running my Spybot S&D, but it wouldn't load. Double-click, hourglass, nothing. Suddenly, I wasn't able to launch any anti-anything software, wasn't able to get to my regedit, task manager, nor launch a browser. Eventually, in safe mode, I located the Hotfix. exe, removed it, and the error message went away.However, I'm still unable to launch ANY anti-spyware/malware/virus software. In safe mode, I did actually download, register, and install StopZilla, which found 48 objects and removed them. I rebooted and ... yeah, same thing. Currently looking into getting a refund for that piece of fun.Spybot S&D loads in my systray and does the TeaTimer real time thing that it does, but I can't RUN it for scanning. Also, I have the installer for SuperAntiSpyware, but the nifty Double-Click, Hourglass, Done trick happens when I try to launch that for installation in safe mode OR out of it.In FireFox, I'll find a result for something that looks promising, click on it, and suddenly I'll be presented with another website ... Read more

A:WinXP - Unable to launch/install anti-spyware anti-virus and browser hijacked

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 2 answers
RELEVANCY SCORE 96.4

Hello. My Laptop has Windows XP SP3. I have both Windows Defender and Spy Sweeper for anti spyware and Norton Anti Virus. The problems started a few days ago when a weekly scan of the antivirus reported the following. 1/14/2010 20:06 23ecd795-1c985b76 ?????? Compressed file Quarantined admin C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\21\ Still contains 3 infected items Quarantine Clean virus from file Quarantine infected file Scheduled scan The file was quarantined successfully. 1/14/2010 20:06 myf/y/TrewsdF.class Downloader File; Compressed file Quarantined admin C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\21\23ecd795-1c985b76 Infected Quarantine Clean virus from file Quarantine infected file Scheduled scan The file was quarantined successfully. 1/14/2010 20:06 myf/y/LoaderX.class Downloader File; Compressed file Quarantined admin C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\21\23ecd795-1c985b76 Infected Quarantine Clean virus from file Quarantine infected file Scheduled scan The file was quarantined successfully. 1/14/2010 20:06 myf/y/AppletX.class Downloader File; Compressed file Quarantined admin C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\21&... Read more

A:Web Browsers Intermittently Hijacked. Malware undetectable by Incumbent Anti Spyware and Anti Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 11 answers
RELEVANCY SCORE 96

Hello,

Firstly thank you for your help - I really do appreciate it.

My HpCompaq laptop is infected with a virus that is blocking multiple anti-spyware software, Vista updates, and even my Kaspersky anti-virus.

1) The virus does not allow me to access websites to download anti-spyware nor access the windows update site.

2) I have downloaded the following programs on another computer, burned on CD and run on my laptop:
- Malwarebytes Anti-Malware - Installed but does not run
- Spybot - Cannot install as access to the website is blocked during installation
- AVG Anti-Virus trial version - Cannot install due to 0x8007013d - Action failed for file avgmfx86.sys

3) I have managed to run CCleaner and clear out all the temp internet files

4) The HiJack This log reads:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:59, on 14/09/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 96

That's pretty much my problem. I don't know any details that could help. I tried installing Spybot to scan for the problem but I couldn't install it because my computer couldn't connect to the website and I can't move on with the installation. I'm about to scan with Avast but I doubt it will help. I know I didn't say much substance but hope it helps. Here's the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:49, on 26/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.e... Read more

Read other answers
RELEVANCY SCORE 96

Hey,

How can I create a script that runs many different Anit-Virus, Anti-Spyware and many more one after another automatically?

Thanks
deanpcmad

A:Script To Run Anti-virus Anti-spyware, Etc Scans Automatically On After Another

I for one see a problem with 'automating' your malware tools, with a script. I don't allow any antimalware app to take action without prompting me for confirmation. That way I know what is coming up as malware. With a script you are trusting that it will make the right selection of actions without confirmation. The possibility is there to delete a perfectly legitimate file in error. Then you have to guess which application removed your legitimate file. Then you need to hope it can be 'restored'. In my opinion there is just too much trust and risk given to a script if it can even be done.

Read other 5 answers
RELEVANCY SCORE 96

I have Windows Defender right now, I don't know if it's good or not though. I did a Panda activescan online and it came with 40 different spyware infected files and one virus I think, but when I ran a full scan on Windows defender it found nothing. Basically I want to get rid of defender and find a good anti-virus and anti-spyware program that's free. It can be an online scan but preferrably works from the computer.

Any takers?
 

A:Need a good anti-virus & anti-spyware, etc program that's free.

Read other 11 answers
RELEVANCY SCORE 96

I use avast! anti-virus... and have for a long time. I've been using SuperAntiSpyware for several months (as well as other antispyware programs), too, and they've always co-existed together with no problems.

Suddenly last night, avast! alerted me that SuperAntiSpyware "contains a sample of a Win:32 Trojan".

I'm no expert but I'm thinking this is unlikely, so I have told avast! to ignore SuperAntiSpyware, and NOT scan that SuperAntiSpyware.exe file.

Is this foolish?

Should I allow avast! to move the offending file to quarantine?
Or should I uninstall SuperAntiSpyware first (since quarantining the exe file will certainly render it useless anyway)?
Or can I continue to ignore the warning altogether??

Any expert advice would be greatly appreciated!

Thanks in advance,

~Julie~
Additionally:

I connect to the 'net (and a home network!) wirelessly.
My computer spec's are in the profile.
 

A:Solved: Anti-Virus Suddenly Alerts Me to Anti-Spyware... ?

Read other 8 answers
RELEVANCY SCORE 96

Sometime back I came across a list of recommended free Firewalls, Anti-Virus and Anti Spyware Programs in one of the BC forums, but I do not remember where I found it.  Would someone point me in the right direction? 
 
Thank you, I appreciate it.

A:List of Firewalls, Anti-Virus and Anti Spyware Programs

Greetings,
 
If this is what you're talking about...
 
Antivirus, Antimalware, And Antispyware Resources
 
Hope this helps!!!

Read other 5 answers
RELEVANCY SCORE 96

Hello. =)

I'd like to know if there's an anti-virus/anti-spyware that, if my computer accidentally gets cut off, will resume where it left off? So, if the scan was 20% complete, and the computer turns off, once the computer is restarted it'll resume at 20%.

More Information
My computer, for some odd reason, keeps randomly turning off -- especially at night (usually after midnight). I've tried removing dust from the vents, wiping the vents with a little rubbing alcohol and a dry cloth, and using a fan to blow into the vents (in case it's getting too hot inside the hard drive). Nothing works.

A friend of mine told me to run an anti-trojan program; unfortunately, that didn't work. I've also run anti-virus scans (with AVG Free Edition) and anti-spyware scans (with LavaSoft, Anniversary Edition), and those didn't work either. The last time AVG & LavaSoft did a full scan was early this year (maybe January or February). But now, when I try running full scans, the computer ALWAYS cuts off.

Usually when I turn the computer back on, it gets frozen at the blue "HP/Intel" screen (Screen 1 of 4). Sometimes it'll go straight to the black "boot screen" (Screen 2 of 4; i.e., the screen where you can choose to use the Home Recovery Console, or go straight into Windows XP)...but then it (usually) immediately cut off. [*]

[*] = When my computer boots up, I always see four different screens before it reaches my desktop: a bl... Read more

A:Is there anti-virus/anti-spyware that resumes if computer turns off?

Hello

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 96

Microsoft Anti-Spyware Removes Norton Anti-Virus Posted by Zonk on Saturday February 11, @06:32PMAn anonymous reader writes "According to a story over at Washingtonpost.com, the latest definitions file for Microsoft's Anti-Spyware beta flags Symantec's Norton Antivirus products as a password-stealing trojan and prompts users to delete portions of the program. Users who follow the instructions hose their installation of Norton, requiring delicate Windows registry edits and a complete removal/reinstall of Norton. http://it.slashdot.org/it/06/02/11/2259232.shtmlMicrosoft Anti-Spyware Deleting Norton Anti-VirusBy Brian Krebs | February 11, 2006; 01:42 PM ETMicrosoft's Anti-Spyware program is causing troubles for people who also use Symantec's Norton Anti-Virus software; apparently, a recent update to Microsoft's anti-spyware application flags Norton as a password-stealing program and prompts users to remove it.According to several different support threads over at Microsoft's user groups forum, the latest definitions file from Microsoft "(version 5805, 5807) detects Symantec Antivirus files as PWS.Bancos.A (Password Stealer)".http://blog.washingtonpost.com/securityfix...deleting_1.htmlEdit to include note from Oldfrog at CCSP: This refers to the Enterprise version of NAV and not the home version.

A:Microsoft Anti-spyware Deleting Norton Anti-virus

Microsoft AntiSpyware Definitions Update #5807 corrected this false-positive.http://forums.subratam.org/index.php?showt...view=getnewpost

Read other 1 answers
RELEVANCY SCORE 96

Hi there, could anyone tell me if there is a free anti virus, anti spyware and firewall for UBUNTU 8.04 i386.

Thanks for any replies.
 

A:Free anti virus, Firewall/anti spyware for UBUNTU

Read other 6 answers
RELEVANCY SCORE 96

what is best free anti-spyware, anti-virus software for Windows 8?

Read other answers
RELEVANCY SCORE 96

I need some help with recent problems I've been having with my PC. There're pop-ups that keep coming back, and I don't know how to remove it. I've tried scanning with Ad-aware 2007, and I even used my CA anti-spyware and anti-virus but to no avail. So I tried manually removing it. I searched my PC for suspicious files. So I tried removing a bunch of files that may be malicious software like winctl.exe, and boat32. I found the instructions on removing them in this forums after searching for it in google. So I did that, but the pop-ups keep coming back. I tried using hijackthis, but I'm not sure which files to delete. I've tried fixing some files that I think are harmful, but it doesn't seem to help. Can you show me what to fix in my hijackthis log? The pop-ups are an advertisement on CiD something.

Oh, and I don't know why, but I when I check my task manager it says I have 2 iexplore.exe running when I don't coz I usually use firefox. When I end the processes they just come back. Can you help me? Thanks.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:55 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavas... Read more

A:Solved: Need help, pop-ups, Ad-aware, and CA anti virus/anti-spyware can't remove it.

Read other 16 answers
RELEVANCY SCORE 96

http://www.bleepingcomputer.com/forums/t/43934/microsoft-anti-spyware-deleting-norton-anti-virus/

Read other answers
RELEVANCY SCORE 96

http://blog.washingtonpost.com/securityfix...deleting_1.htmlBy Brian Krebs "Microsoft's Anti-Spyware program is causing troubles for people who also use Symantec's Norton Anti-Virus software; apparently, a recent update to Microsoft's anti-spyware application flags Norton as a password-stealing program and prompts users to remove it. According to several different support threads over at Microsoft's user groups forum, the latest definitions file from Microsoft "(version 5805, 5807) detects Symantec Antivirus files as PWS.Bancos.A (Password Stealer)."When Microsoft Anti-Spyware users remove the flagged Norton file as prompted, Symantec's product gets corrupted and no longer protects the user's machine. The Norton user then has to go through the Windows registry and delete multiple entries (registry editing is always a dicey affair that can quickly hose a system if the user doesn't know what he or she is doing) so that the program can be completely removed and re-installed." David(Moderator edit: By-line and quotation marks inserted,content reduced to comply with fair use. jgweed)

A:Microsoft Anti-spyware Deleting Norton Anti-virus

It wanted to del my Norton IS all2gether. No way billy boy i want control over my own box. c asyset.com pup

Read other 2 answers
RELEVANCY SCORE 96

I ran AVG anti spyware and Trend Micro AntiVirus and then f-secure. after cleaning up some viruses and trojans i still am getting pop-ups while browsing the internet.

log file:
Logfile of HijackThis v1.99.1
Scan saved at 2:45:02 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Documents and Settings\Heather Beamish\Application Data\WinTouch\WinTouch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Heather Beamish\Desktop\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Expl... Read more

A:Solved: Still Recieving pop-ups after running Anti-Virus and Anti-Spyware

Read other 6 answers
RELEVANCY SCORE 95.2

Hello,

I have Vista and I need a free anti-virus / anti-spyware removal tool/program. What is the best free one out there? I used to have Norton but it used too much memory and I didn't want to pay for subscriptions and updates.

Thank you for your time,

Joey

ps: is the stuff that comes with Windows (eg: windows defender) sufficient to deal with viruses?
 

A:Free Anti-virus / anti-spyware Program?

Read other 8 answers
RELEVANCY SCORE 95.2

I do a fair amount of computer support work where I disinfect Windows machines infected with various viruses or spyware/malware. I do the usual stuff like installing and updating anti-virus (AVG) and anti-spyware (Ad-Aware, SPybot, AVG, etc) apps, scanning the system in safe mode, and so on.

I'm wanting to setup a Windows machine dedicated to scanning hard drives for viruses, spyware, and malware. The idea would be to have this machine setup with good anti-virus and anti-spyware apps and I would use external USB hard drive enclosures to hold infected hard drives and scan them on my "clean machine". I've already got 2.5" and 3.5" external USB HDD enclosures and I've already scanned a few hard drives using them connected to a "clean" XP machine I have.

Ok, that's the background on to the questions:

How good are anti-virus and anti-spyware apps at scanning hard drives connected via USB HDD enclosures? During the scans I've done this way, a number of items have been found but there always seems to be something left behind when I boot from the scanned HDD.
How thoroughly can the Windows registry on the HDD being scanned be scanned and cleaned on an externally connected HDD?
Is scanning a HDD through an external USB enclosure any better/safer than scanning in safe mode?
Are there any anti-virus or anti-spyware apps that do a particularly better job at scanning the filesystem than others?
Thanks!

Peace...
 

A:Question about anti-virus and anti-spyware apps

Ok I see a little the problem.

You know each company and each anti-virus program or even version have a different type of operation while scanning. As example if you take McAfee they change there engine for each version and software whereas a Norton its practically the same.

Now to see the problem for you it depend what software you're using. Or I would ask you to use different type of antivirus(not at the same time uninstall and install the new one) and check if they do the same errors. And also another problem depends on your PC RAM available(remaining) if you RAM is very low and that you're using some programs at the same time the files for those program may not be well scan due they are already in use and can't be access sometimes.

Now try to close those program and when making a scan open on the anti-virus software and also try to use different anti-virus program and they have different engine. Me I prefer to use McAfee Total Protection for me its the best try it and let me know if you have other problem.
 

Read other 2 answers
RELEVANCY SCORE 95.2

My computer is working fine with one major exception - it wont allow me to run any anti spyware or antivirus. I try to run Adaware and the the program is instantly closed. I try to access a website relating to virus scanning/protection, and it closes. Pandasoft is the only thing that's worked, and that must be because its online. Here is the report it kicked out - (I installed 007spy on my own computer to better understand it).

Incident Status Location

Potentially unwanted tool:Application/007Spy Not disinfected C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\sophiel\Application Data\Mozilla\Firefox\Profiles\gud8dfes.default\cookies.txt[ad.yieldmanager.com/] ... Read more

A:Help! I cant use anti spyware, or visit anti virus sites.

For the moment I can only see one Trojan to come out..


Please download Combofix from HERE or HERE

Save ComboFix to the desktop.


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:



Quote:





KillAll::

File::
C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe








Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Read other 4 answers
RELEVANCY SCORE 95.2

Hi,
I'm not too PC-literate, but the way I see it,my Win XP Home has its own firewall, and my free AVG 9 is anti-virus/anti-spyware, so I'm fully covered aren't I, or do I really need to install extra programs?

A:so I need another firewall and anti-virus/anti spyware progs?

No malware program is 100% effective.That's why it's a good idea to go with a layered protection strategy.In addition to your AVG anti-virus, it's a good idea to occasionally run 1, or 2, online scans.Don't install a second Anti-virus, as this could potentially cause problems, which may render both programs ineffective.Check out Post #1, of our Freeware Replacements For Common Commercial Apps topic, for a list of some of the available online scanners.As far as malware is concerned, installing Malwarebytes' (mbam), and/or SUPERAntiSpyware, and running them as on-demand scanners, should pretty well cover your bases.As stated above, no program is 100% effective, and shouldn't be a substitution for safe surfing habits.

Read other 4 answers
RELEVANCY SCORE 95.2

So, tomorrow I'm going to purchase some anti-virus and anti-spyware software for a computer I'm working on. It's got Ad-Aware 2007, Spybot S&D 1.5.2, and AVG 8 (free edition) installed already but the computer owner is just NOT running scans like I recommend.

So, I'm going to buy some software with the hope I can schedule scans and have greater flexibility in how the software operates.

I would prefer getting an app that covers BOTH virus and spyware protection, so I'm sort of leaning toward a commercial version of AVG 8 but I wanted to start this thread to get your feedback.

This is for a Windows XP Home Edition w/ SP2 machine.

Any recommendations?

Peace...
 

A:Anti-virus and anti-spyware application recommendation

Security Suite:Zone Alarm Security Suite as a all in one soluation (With kaspersky antivirus

Antivirus:
ESET Nod 32
Kaspersky antivirus

AntiSpyware:
Spysweeper
SUPERantispyware
Malwarebytes Anti Malware (A mix of Antivirus, Anitspwyare and Ad-Aware)
Counterspy
 

Read other 3 answers
RELEVANCY SCORE 94.8

ok, i've got like an anti-virus, anti-malware, anti-spyware, and a hijack this. Should i like remove some of these programs? Cause i need the laptop to speed up. any suggestions?? thanks.
 

A:Anti-virus, antispyware,anti-malware, hijack this! should i remove some of them?

There is excellent support here on TechSpot for major infestations.
In the meantime, if you need free software, I would download Avira Antivir, SuperAntiSpyware, MalwareBytes, and the free Microsoft Security Essentials. Run full scans with each. If they find evil infestations, remove them, then reboot and rerun the scans one more time.
 

Read other 7 answers
RELEVANCY SCORE 93.2

Good morning all,

I usually get out of trouble by myslef but this time, I really need some help. I ran an application I shouldn't have and now I'm in trouble. I'm facing the www.adarson.com issue. I'm using Windows XP professional (with SP 2). I can't access regedit, msconfig, task manager, or the command promtp. The run option in the start menu isn't there anymore either. I tried running HJT but whenever I run it, it disapears only 1 sec after starting. I can't run the notepad either. Help would be greatly appreciated.

Thank you all in advance.
 

A:Can't run HJT and regular anti-spyware & anti-virus don't see anything

http://forums.techguy.org/security/562834-desperate-i-cant-even-run.html
 

Read other 1 answers
RELEVANCY SCORE 93.2

Hey guys,
Thanks for your help in advance.
I did go through the self fixes. I could run ATF fine.
My computer wont let me run Malware antibytes or spybot S&D. It gives me the following error msg :

c:\program files\malwarebytes' anti-malware\mbam.exe
X Windows cannot access the specified device,path, or file. You may not have the appropriate permissions to access the item.
It gives me the exact same msg for spybot, but with the appropriate file name.
Also, when I open a lotta folders, etc...I get this msg..
NERO
This program requires the file advrcntr2.dll, which was not found on this system.
And thirdly, it did start opening random internet explorer windows. Never had this problem before this.

One more thing I find funny, and I dont use internet explorer much, but everytime I open it, it asks me to update to explorer version 8. I have already done this like 5x and it still asks me this.
Ah, While I was typing this, I tried to run Hijack this and it gives me the same lame msg like spybot and malware ><
I dunno how to get the logs.
**EDIT : TO make things interesting, it gives me the exact same msg even when I run hijackthis, spybot, malware in SAFE MODE.
I have no clue how I can get logs now ><

Ok, I cant run ANY kind of spyware removal or virus removal >< I even tried to reinstall Hijackthis, and before running it, I renamed it to H.exe. But it still gave me same error ><

A:Cant Run Any anti spyware/anti virus, MOVED

OK, So I tried few more things while waiting on reply, hoping I can pinpoint my problem more precisely.

Here are few problems..

1. Spybot SD wont run. Same with Malwarebytes, Hijackthis, SuperAntispyware.
I did try to rename the installation files and then install and run it. But no luck.
Furthest I got was with SuperAntiSpyware, which scanned for about 5 mins, then the window just closed. Now I cant run the main file. It gives exact same error as I posted in the above post.

2. I tried kaspersky's online scanner. It was almost done updating, but got error and failed. Now, just like any other softwares mentioned above, I cant run it.

Error goes soemthing like...
Update has failed. Program has failed to start. Close the Kas online scanner 7.0 window and open it again to install program.
Then it gives some big line about you have to be online and at the end it says, KEY IS EXPIRED.

3. It was making it harder for me to get into safe mode too. But, regardless, I cant run any of the above mentioned softwares in safe mode either. It gives me the exact same errors.
I have no clue what kinda virus I have. If I could use any of the softwares, maybe I can figure it out and post some logs. But to get to that point, is my problem.
Atleast the virus is friendly enough that it doesnt stop me from browsing web, or running ANY other application that DOESNT try to remove any spyware/malware/viruses/trojans.

I have never seen anything like this before lol. Its like the dang thing ev... Read more

Read other 1 answers
RELEVANCY SCORE 93.2

I search Anti-virus and Anti-spyware to install on Win8, but i want the softwares is light and effective.
Think about AVAST anti-virus free and SPYBOT for spyware, Whats do you think about this?

And about MSE, i understood the operation system Win8 include the MSE in Windows Defender, but i dont see
the icon of MSE in my bar, So what need i to do to active MSE?

Thanks...

A:Anti-virus and Anti-spyware on Win8?

No need of a third party Anti-virus programs in windows 8.

Read other 6 answers
RELEVANCY SCORE 93.2

Hi everybody,
am a beginner user to computer.
I need following suggestiona from you.
how to protect my system? which is the best anti-virus, anti-spyware, firewall and other security programs?
now am using kaspersky internet security 7.0.1.325 only.
please send your valuable tips and tricks.
Thanks to all.

A:Best Anti-Virus, Anti-Spyware, Firewall

Coninue using what you have

Read other 4 answers
RELEVANCY SCORE 93.2

best to have on a PC? and should you have more than one of the same?
I use AVG free, but not sure if I should add to it?

Thanks
 

A:Free anti-virus and anti-spyware, which is the...

Read other 9 answers
RELEVANCY SCORE 93.2

can someone tell me how I disable these please (it says via a right click on Systems tray icon). I can't find this icon, I have windows XP. ThanksEdit: Moved topic from General Chat to the more appropriate forum. ~ Animal

A:Help to disable anti-virus & anti-spyware

Take a look here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Read other 3 answers