Over 1 million tech questions and answers.

Help Please: pop-ups, system alerts, added "live security center" etc

Q: Help Please: pop-ups, system alerts, added "live security center" etc

Hi all,

I'm sorry to post again, but I've some problems....

Recently I've got a lot of pop-up ads for anti-spyware etc. I've got a flashing icon in my system tray that says I have all sorts of malware (which I think is malware), and I had these two icons added to my programs list "live safety center" and some security thing which I deleted. I've been getting a lot of norton alerts telling me that it's found and deleted certain viruses etc. I think largely it started with Virtumundo and I downloaded to Vundofix programs and ran them and they seemed to work except that I'm still infected and I have no idea how I keep getting infected. I've ran norton, spybot, AVG, cleaned all my prefetch, temp files, garbage files, cache etc using CCleaner, Clean Up! and ATF Cleaner. But it keeps coming back. I'm running spybot again now and I think it's found some more stuff. I'm posting my HJT log below.

Since my last post, where my IE was knocked out, I haven't been using IE but using Firefox instead, which is now my default browser. But the pop-ups still come up in IE windows.

Currently, I've run VundoFix and Vurtomondubegone, spybot, and AVG, and combined i thought I picked up whatever virus I had. My system looked clean and then I started up a again, and as soon as I loaded my homepage, another popup came on!!! Then I thought it was maybe a widget that i had on my igoogle homepage--something created not by google or something. So i've removed and am now awaiting to see if my system will stay free and clear. But in the meantime, does it look like i've got some more fundamental infection??

Thank you so much!

Steve

EDIT: i've re-ran vundofix and virtumundobegone since i got this last pop-up and they say i'm clean...I don't know about other spyware though.

Running WinXP Home SP2 IE6.0, Firefox 2+

Logfile of HijackThis v1.99.1
Scan saved at 1:09:12 AM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Steve Sha\My Documents\Downloads\HJT\VundoFix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Steve Sha\My Documents\Downloads\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26BFFB87-5B07-4611-82BB-AF3947013FDD} - http://www.lexis.com/dl/IEDAP.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

RELEVANCY SCORE 200
Preferred Solution: Help Please: pop-ups, system alerts, added "live security center" etc

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Help Please: pop-ups, system alerts, added "live security center" etc

EDIT: So I've still been having some pop-up problems. The big system alert pop-up in the system tray has gone away. But, I was still getting some IE pop-ups whenever I had IE open; they would pop-up right on top of the window that would be open so it looked like it was a redirection. Anyway, after running some more VundoFixes and spybots, etc., I found a cache of infected .dll files in the C:\Windows\system32 dir created recently and so cleared them out. That improved my system but I was still getting pop-ups. I ran panda activescan (after feeling comfortable running IE) and here is the report:


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mlljg.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Steve Sha\My Documents\Downloads\HJT\VirtumundoBeGone.exe

The VirtumondoBeGone I think is a valid program (which I've been using to clear Virtumundo). The first .dll I was unable to delete because Win kept saying it was in use. I used MoveOnBoot to move/rename the file to a quarantined place and so have not been getting any pop-ups since (this was only about twenty minutes ago, though). I've also removed from the registry anything running the suspicious dll files, which I guess is moot because I removed the files arleady? Anyway, I will post again if I have more problems. But, please let me know if you see anything more suspicious; thank you!

Also, here's a new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 12:20:54 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Steve Sha\My Documents\Downloads\HJT\HijackThis.exe
C:\Program Files\SecureFX\SecureFX.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26BFFB87-5B07-4611-82BB-AF3947013FDD} - http://www.lexis.com/dl/IEDAP.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stanford.edu
O17 - HKLM\Software\..\Telephony: DomainName = stanford.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stanford.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = stanford.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Read other 1 answers
RELEVANCY SCORE 115.6

Ok where do I begin?! I have been dealing with viruses, spyware/malware for the past week. It all started with Norton advising me that I had been infected with Trojan. Vundo and Trojan.Zonebac. After that I started receiving many different pop ups warning me about critical system alerts. I also had an annoying yellow triangle at the bottom of my screen warning me about different trojans and worms. More evil friends included 2 new icons that had made their home on my desktop one named "Live Safety Center" and the other "Online Security Guide", also installed was a new toolbar named "Security Toolbar 7.1". I have scanned my computer with many different programs and have somehow finally managed to get rid of the pop ups and toolbar, although I know I'm probably still infected somewhere. I'm sorry this is so long but, I wanted to explain EVERYTHING! I'm running Windows XP SP2, and have followed all steps to post. I downloaded DSS, but after many attempts to run, it just wouldn't let me. I do have a fresh hijackthis log and my Panda report, I hope this is good enough.
Many thanks in advance to whomever helps me, I am desperate!
Monica

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:35 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe... Read more

A:2 evil friends on desktop "Live Safety Center" and "Online Security Guide" Help?

Hi, thanks for trying to perform all the steps.


Quote:




I downloaded DSS, but after many attempts to run, it just wouldn't let me.




At what stage does DSS stop working?

Read other 7 answers
RELEVANCY SCORE 114.8

I don't have a clue where to begin trying to fix this problem. Spybot doesn't seem to fix the problem. I keep getting random icons on my desktop and start menu called "online security guide" and "live saftey center". There are also many fake balloon warnings appearing and a window titled "Critical System Warning!" that wants me to download stuff. What process can I go through to clean my system. Any help would be great...thank you!

A:i need help - "online security guide" & "live safety center" icons!!

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 114.8

I'm having the same problem that a lot of people are having. These icons have showed up on my desktop and i keep getting pop ups telling me to download them because i have a virus. i would really applicate the help.
thanks!
John

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
91: 2007-11-17 16:39:03 UTC - RP554 - Deckard's System Scanner Restore Point
90: 2007-11-17 15:47:18 UTC - RP553 - System Checkpoint
89: 2007-11-16 15:05:33 UTC - RP552 - System Checkpoint
88: 2007-11-15 01:17:54 UTC - RP551 - Software Distribution Service 3.0
87: 2007-11-13 22:39:57 UTC - RP550 - Removed Banctec Service Agreement


-- First Restore Point --
1: 2007-11-12 23:17:11 UTC - RP464 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 2.78 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-17 11:42:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\... Read more

A:"online security guide" and "live safety center" deckard log here

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please download VundoFix.exe to your desktop. We'll use this later.

Download SDFix and save it to your Desktop.

Please download & install - ERUNT (This is a utility that'll replicate a copy of your Registry)
Start ERUNT, confirm the Welcome message.

Next, select the backup options:

System registry
Current User Registry
Other open user registry

Click "OK" and wait until the backup process is complete. (Note that depending on your system configuration this may take some time, and that the first bar is NOT a progress bar, just an indicator that the program is still running.)
# Note: To ensure proper operation of ERUNT, you should be logged in a... Read more

Read other 13 answers
RELEVANCY SCORE 113.6

I don't have a clue where to begin trying to fix this problem. I keep getting random icons on my desktop called "online security guide" and "live safety center". There are also many fake balloon warnings appearing and a window titled "Critical System Warning!" that wants me to download stuff. What process can I go through to clean my system. I didn't have this problem until I upgraded to Norton 2008. I am currently running IP tool antivirus and spyware, I also have ran Smitfraudfix, still getting pop ups like crazy. Also my IP tools is finding Trojan.Virtumonde. I use Quicken and it seems to have attacked it because I am no longer able to use it. Any help would be great...thank you!

A:"online security guide" and "live safety center"

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please follow these instructions if you still need assistance.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
Please attach extra.txt to your post.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

I will monitor this thread for your reply.

Thank you for your patience.

Read other 1 answers
RELEVANCY SCORE 113.6

My son uses his computer on the net a lot and of course there is a virus out there waiting to serve its twisted master.

He got the wellknown "Live Safety Center" and "Online Security Guide" and it keeps comming back and hijacks his internet browser to redirect to the same page that promises peace and wellbeing for money ... of course.

Here is the DDS log:
"
Deckard's System Scanner v20071014.68
Run by Emil on 2007-11-10 20:43:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Emil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:39, on 10-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\F?lles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\agsdyely.exe
C:\Programmer\F?lles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Progra... Read more

A:Need to get rid of "Live Safety Center" and "Online Security Guide"

I did follow MicroBell's 5 Step process and the Panda scan said that no virus could be found. However, my Avast anti-virus warned me 5-6 times about files while I was running the Panda virus scanning. One of them was named "win.exe" and was in C:\temp\ but has now been deleted. Every time Avast issued a virus alert I chose the option to delete the file in question.

Read other 19 answers
RELEVANCY SCORE 103.6

Hey guys, recently my computer started behaving strangely and I believe I have some sort of a virus. Two icons, with the names of "Live Safety Center" and "Online Security Guide," downloaded themselves onto my desktop. Also I would receive random pop-ups in IE imploring me to "find true love," among other things. Also I would receive a flashing exclamation point on my desktop toolbar stating that I had some sort of a virus and that I should go to a certain site to download software to remove it. There were a few other notifications that would pop up that would say other things, but at the moment I can't remember exactly what they said (although I think it also had to do with a virus on the computer and asking me to click on something to get rid of it). Any ideas on what's happening here? Thank you in advance for taking a look for me.

Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:06 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system... Read more

A:Malware/Virus Problem ("Live Safety Center/Online Security Guide")

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Read other 9 answers
RELEVANCY SCORE 98

Hey everyone, I'm having problems with a System Security Center control panel that ended up on my computer. Ive run CCleaner, AdAware, Spybot, norton antivirus and windows defender and all show no problems. Any help would be appreciated, here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:53:11 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symant... Read more

A:Can not remove "System Security Center" Control Panel

Hi coupon,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, let?s do this first.

Go to the Start menu, and click on Control Panel. Choose Add/Remove Programs and remove any of the following that are listed:

NetMeter


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\psc_mon.exe
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\HooNetMeter.exe


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please go to: VirusTotalAt the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to next file:

C:\WINDOWS\system32\psc_mon.exe

Click "Open".
Then click the "Send" button at the top of the VirusTotal page.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply together with a new HijackThis log.


NEXT:

Using Windows Explorer, please navigate to and delete the following FILES (if they exist):

C:\WINDOWS\system32\psc_mon.exe



Using Windows Explorer, please navigate to and delete the fol... Read more

Read other 10 answers
RELEVANCY SCORE 97.6

This began after dumbly going to some non-commercial website. NAV auto-protect did initially detect an infection, but indicated it could not quarantine or delete.

Now when launching IE6, it attempts to redirect to a fake virus software website. When I choose the "not recommended" link, IE crashes shortly afterward. Also, I get a fake "Security Center Alert" popup every few minutes. I stupidly clicked on the link to update the security center.

With System Restore deactivated, I have run (all updated, full scans in safe mode) NAV, Ad-aware, Spybot, SpySweeper, Avira and CCleaner. (Then I found this website and learned I should have waited to do this.) Spybot found a couple of registry entries, but that was the only detection made by any of the programs, other than NAV's initial auto-protect message. File gmer.txt is attached.

dds.txt:

DDS (Version 1.0) - NTFSx86
Run by Mike at 13:22:43.09 on Sat 12/06/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1399 [GMT -6:00]

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\... Read more

A:IE crash after "Insecure Internet activity", "Security Center Alert" popup

Before any work can be done on this machine, there is something that requires your immediate intervention.

This machine is messed up pretty badly because you have several anti-virus programs on your machine. That's not a good idea!!

Alike firewalls, anti-virus programs have conflicts co-existing with each other & produces undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstallPost a fresh logs when you have completed the above task.

Read other 11 answers
RELEVANCY SCORE 96.8

Hello,

I'm running Windows XP SP 3. I have fake "Security Center Alert" popups and "Security Center" popups. A program called "Malware Defense" has also seemed to installed itself onto my computer. And I've just noticed porn icons appearing on my desktop. It's also disabled my Avira software.

GMER doesn't seem to run. I've clicked on it a couple of times but it doesn't seem to do anything. The DDS logs are attached/follows.

Thanks in advance!

DDS (Ver_09-12-01.01) - NTFSx86
Run by zili at 23:28:31.96 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1022.493 [GMT 11:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WI... Read more

A:"Security Center Alert" popups, "Malware Defense" self install

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 4 answers
RELEVANCY SCORE 90.8

Hi, all, first post here, so hopefully I'll go about everything right.

Well, this started about half a week ago when I had an odd little instance of viruses come after me, unfortunately I can't remember all their names (Something about a "Hard Disk Drive crash" and XP Antivirus 2012 virus). I went to bleepingcomputer and managed to get rid of both of them. Then a day or two after, this little bugger shows up.
When I start the computer, the Windows Security icon in the toolbar (lower right) is seen, but red with a white X through it. A balloon pop up appears saying "Your Computer Might be at Risk!" or something along those lines.
I've been brave (and probably stupid) enough to click it. It says that my firewall isn't monitored, and automatic updates are off. Virus protection, however, it reads as being on. Personally, it looks pretty legit, and if this is the actual Windows Security Center flipping out and I'm still on edge from the virus attack, then I'm gonna feel pretty silly, seeing as how I've run Kaspersky, SUPERAntiSpyware, Malwarebytes, AVG and SpyBot all at least twice for a scan and they've all picked at least something up, things I haven't heard of (all trojans or cookies), but not this little guy, and since none of those have prevailed, I'm coming here.
Also, I've run iExplore.exe and exeHelper.exe before running everything, and I've followed several articles on all they way through on... Read more

A:Windows Security Alerts "Your Computer is at Risk" Virus? HELP.

DDS Log:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 22:09:12 on 2011-06-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.811 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
svchost.exe... Read more

Read other 1 answers
RELEVANCY SCORE 90.8

Logfile of HijackThis v1.99.1
Scan saved at 2:36:54 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Error Nuker\bin\ErrorNuker.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\DellSupport\DSAgnt... Read more

A:Solved: lots of "security alerts" to dl random stuff

Read other 8 answers
RELEVANCY SCORE 90.8

Hi,

My background changed to all-white and a red/white "pop up/warning" appeared in the center of the screen with "Virtumunde infection Danger".
There was a box on the bottom that said to "click-here for official virus protection". (I did not click the link).

Also there are several pop-ups (every few minutes), labeled as "Microsoft Security Alert!"

1. Microsoft Windows Alert > Critical Systems Warning!
"Your system is probably infected with version of Spyware IEMonster.b
....banking login/password info may be....."

"Click OK to protect your computer" (recommended)
(I did not click)


2. Windows Critical Alert!

Windows Security System detected your PC is under control of remote computer with IP address 297.4.167.118.

The remote computer got access to the following folders in your PC: \Windows\system32, \Program Files\Internet Explorer, \My Documents



Thank you very much!
Daisy_J


Here is my HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:45 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sv... Read more

A:Virtumunde virus, Spyware IEMonster.b, fake pop ups "Windows Security Alerts"

Looking over your log, back ASAP.

Read other 19 answers
RELEVANCY SCORE 90.8

Hi.

I've got the flashing yellow icon in the taskbar, the popups saying I'm infected, all the dodgy internet shortcuts on the desktop, it's the typical malware situation.
Attached are HJT logs.
Thanks lots
-D/

I had a bit of a stab at cleaning it last night using SmitFraudfix I think it's called, but looks like it's all reinfected it self.
I'm not totally stupid, so I was able to manually fix some of the stuff, like the HOSTS file redirecting all the antivirus and antispyware sites to dodgy IPS.
But one particular thing thats getting to me are all the Restrictions, Win+E is restricted, System Properties is restricted, Display properties is restricted.. I can't find anything in the registry, all the common restriction keys like 'NoDispCPL' or 'NoDispBackgroundPage' are all set to 0...

Anyway, heres the HJT log, help is much appreciated
Thanks
-D/

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:49:50, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Prog... Read more

Read other answers
RELEVANCY SCORE 90.8

To whom it may concern,

Today I began receiving pop-ups that appeared to be related to the Windows Firewall under the heading "Security Center Alert" that warned of a piece of suspicious software called "Sinowal.Trojan" on my computer and gave me an option to "Enable Protection". The aforementioned link takes you to a website for Perfect Defender 2009; some sort of rogue anti-spyware lookalike, apparently. At any rate, I can't get these stupid pop-ups to go away (they respawn every 10 minutes or so) nor can I get certain applications to work properly, like Mozilla Firefox and Thunderbird. The only browser I can use is Safari, and it's been crashing a good bit as well. MalwareBytes hasn't been able to fix the problem, and I recently found your website in hopes of figuring this out once and for all. I just want to get rid of this malware. Here are the requested logs. I received an error when trying to attach "Attach.txt" that reads: "Upload Errors
Attach.txt:
Attachment in Progress. Can be deleted here."

Thank you very much for your help and for donating your time!

Sincerely,
J. Addison


DDS (Version 1.0) - NTFSx86
Run by jaddison at 22:28:51.51 on Thu 12/04/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1354 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomL... Read more

A:False Security Alerts (pop-ups) for alleged "Sinowal.Trojan"; suspicious links

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.

Read other 19 answers
RELEVANCY SCORE 90.8

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

Read other answers
RELEVANCY SCORE 90.8

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\sy... Read more

A:"Your System Is Infected" Background + "Internet Security 2010" virus/malware problem

Hi and welcome to TSF.

I'm afraid HijackThis no longer provides the information we require.

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

Read other 1 answers
RELEVANCY SCORE 90.4

At first when I was normally on the internet, (Firefox) this invisible flash popup would slide along where I was clicking. Since I have flash blocked, I was able to see it until one day I clicked it on accident (when I click on the flash symbol it's supposed to show what it is). Nothing happened until like 5 minutes later when my internet crashed and it said "VIRUS FOUND!" with no way to get out of the window. After that IE opened and said "FREE SCAN!" and pretended to scan my computer. I closed the window as fast as I could.

My computer started running ridiculously slow so I looked in the programs and saw over 100 running processes of some program called "~.exe". I downloaded Avira & scanned it.... to find a trojan! I quarantined.

Now there's a security icon on my desktop with "Windows Security Alerts" saying I need to download their Microsoft update! Haha, I didn't.

I ran HijackThis! cause it seemed like the smart thing to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:57 PM, on 12/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe... Read more

A:fake "Windows Security Alerts" trojan! D:

Read other 6 answers
RELEVANCY SCORE 90.4

So I keep getting popups when I use firefox, and I have a Windows Security Alerts in my Taskbar. THe Windows Alerts keeps telling me to TURN ON AUTOMATIC UPDATES, but the thing is when I go into Control Panel and look in SYSTEM "it is on" It's lying to me. Oh and it also says turn my McFee Virus scan on. I ran SpyBot Search and Destroy and removed a bunch of stuff, but this is still going on.....

Here is my HiJackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 5:47:46 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\marks files\Programs\Adware\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system... Read more

A:POPUPS.... and "FAKE?" Windows Security Alerts

NEW! I fixed my problem. It was the virtumondo malware. The way removed it was as follows...

Download and ran ComboFIX.exe with all security on my computer disabled allowing it to do what it needed it to do. Let combofix.exe reboot my computer.

Ran HiJackThis.exe and removed the following enteries:

O20 - AppInit_DLLs: aiyjzc.dll
 

Read other 1 answers
RELEVANCY SCORE 89.6

One of my friends got this nasty virus probably from active x component thingy. Theres a yellow alert sign in the minipanel saying that "your computer is infected and its performace has dropped by " " percents" - and so on. Then there are these internert explorer pop-ups that are disguised as windows security alerts, offering "ultimate virus protection" and other hoax to remove the problem.

I cant locate the original source of the problem but I can remove all of its Zlob "minions" its downloading. I have spybot SD,Malwarebytes malware thing(cant remember the exact name!) and then AVG as active antivirus program.

I searched these forums and found quite similar problems, but couldnt find cure. I have used SmithFraud too trying to remove it came back pretty soon as I failed to eliminate the source.

Heres my Hijack-raport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:33, on 18.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\... Read more

A:Fake"windows security alerts" by IE

[email protected] Hijack HELP PLEASE!! Hi there,

Please please can somebody help us! we somehow appear to have got a NetWorm-i.Virus @ fp Hijack

The symptom are:
1) Flashing yellow triangle at the bottom right of the screen
2) A Security Toolbar (located just underneath the web address browser) which cannot be removed (which shows PC Security Level as Low and 2 green ticks for remove malware and scan for spyware)
3) Pop ups of all kinds (even when offline)

I have tried AVG and Lavasoft Adware 2008 but it's still there.

Any help would be greatly appreciated.

Regards
Darren

Click to expand...

Looks like I have exactly the same prob/virus(NetWorm-i.Virus) @ fp", so this thread can be killed.
 

Read other 1 answers
RELEVANCY SCORE 89.2

I've run SuperAntiSpyware, Ad-Aware, SpyBot and Norton which removed some trojan files and registry items but I'm still getting pop-ups ("Security System Warning" and "System Integrity Scan Wizard"). Below is my HiJackThis log. Thanks in advance!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:21 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WIND... Read more

A:"Sys Integrity Scan Wizard" & "Security System Warning" Pop-ups

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

Read other 1 answers
RELEVANCY SCORE 88.8

XP Home (installed SP2 recently, which MIGHT have something to do with this?).

Just saved two word docs and a bmp file, all separately. All three times I saw that a new location has been added to the Save As drop-down menu. It didn't open to My Documents folder but was in the general folder list of the whole computer. The location was called "FTP File Locations." It's never appeared on the Save As menu before. This made me think of the file/print sharing control, which is now located in the Windows Firewall, but I don't use that Firewall, I turned it off to use Norton. What was FTP Locations? And is there any way to disable file/print sharing without using the Windows Firewall? (These may be the same thing, I don't know.) Also, in Network Connections, I thought I'd find file/print sharing control there, but now XP wants me to run a whole Network Wizard thing..I'm afraid I'll somehow set up a network instead! or enable all kinds of things..I don't want to create a disaster here.

(My son installed an FTP program months ago for work he was doing, but the program was removed. I just searched for it, it's definitely gone.)

This is a stand-alone, non-networked home computer.

P.S. I saved another Word doc and now it's back to opening to My Documents folder as usual..now I can't find the FTP Locations anywhere.
 

Read other answers
RELEVANCY SCORE 88

Hello,

Can you please help me get rid of asafenotice.com virus. Below is my "hijack this" log. I keep getting pop ups and "System Alerts: [email protected]" in my taskbar telling me download malware removal software.

Logfile of HijackThis v1.99.1
Scan saved at 8:17:39 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\Program F... Read more

A:Infected by "System Alerts: [email protected]"

Read other 12 answers
RELEVANCY SCORE 88

I keep getting fake windows alerts, I completed the below instructions:

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.


Please download Malwarebytes Anti-Malware and save it to your desktop. alternate link 1 alternate link 2

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When ... Read more

A:"Windows Security Alerts"

Read other 14 answers
RELEVANCY SCORE 84.8

Hello - back with a new XP system and a smorgasbord of new worries. In a way I'm almost tempted to stick with the Windows 98SE exclusively for 'Net browsing and leave this one as "pristine" as possible, but, alas - the lure of speed cannot be resisted...

Anyhow, I just updated and ran Spybot, and the only item that came up is:

"Windows Security Center.AntivirusDisableNotify - 1 entry"

I was only a couple days from the end of the free 90-day NAV trial period included with the new system, so I bought the Norton renewal earlier today, which may have something to do with this. I'm reluctant to have Spybot delete it for fear of disabling something legitimate that NAV needs? But then I've never had that particular item come up in S&D either.

Should I do the fix or leave it be?
Here's a new HJT log, and thanks in advance for any assistance:

Logfile of HijackThis v1.99.1
Scan saved at 8:49:37 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton I... Read more

A:S&D found "Windows Security Center.AntivirusDisableNotify" - Real problem?

Check Here:

http://forums.techguy.org/showthread.php?t=386647&highlight=disable+notify+Spybot

Others (including myself) have experienced this 'problem'...
 

Read other 2 answers
RELEVANCY SCORE 84.8

Yesterday I started getting a popup claiming to be from "Security Center" and telling me that I have no antivirus software (I have AVG) and instructiong me to download certain files to fix the problem. The files are named:

Antivirus Security Package
MS Antivirus
The Spybot Antivirus
Spyshredder Professional Antispyware Suite

At the same time I got a series of warnings (which I ignored) and icons kept appearing on my desktop that gave links to porn websites. I ran AVG and Ad-Aware. both cleaned up a number of issues that were not there the day before. The porn links are gone but the so-called security center warning continues.

I ran Hijack This yesterday and again today and found a number of suspicious entries. I'm tempted to just get rid of them, but I would rather have someone take a look so that I can do this the right way. I have other minor issues that bug me, but I want to take care of the major stuff first. (Note: there are three other people who use this PC, all of whom claim innocence. Yeah, right)

Thanks for your help.

Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:35 AM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Fi... Read more

Read other answers
RELEVANCY SCORE 84.8

A strange DOS-like box appeared as well as several pop-ups appeared on my screen. Then my screensaver was replaced with a black one with a message telling me to install a security program. The taskbar started displaying messages from a fake windows security icon. An icon appeared on my desktop that says "TAG" with the title "Search Us" underneath. Pop ups about security occur whenever I use explorer. They do not occur when using I am Firefox (as I am right now).

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:28:56 AM, on 1/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents an... Read more

A:Explorer infected, strange "TAG" icon, fake security center

Update: I am now getting a flashing red X in the system tray with some BS message about fixing the spyware. Every few minutes there is an 'alert message' asking to run a scan. None of these 'alerts' are from legitimate programs. I'm at my wits end, any help would be greatly appreciated.
 

Read other 1 answers
RELEVANCY SCORE 84.8

For the second time I have gotten the fake anti-virus that names itself "Vista Security Center", last time was months ago, and I followed online, manual removal instructions.

Since then I have bought McAfee and when it came up this time, I just had McAfee scan and remove it.

However the I have NO working file/program associations, every time I click on the mozilla firefox shortcut I have to tell my computer to associate it with firefox.exe (the same thing happens even if I click directly on firefox.exe).

This literally is for everything, except computer navigation icons, like "My Computer" or "Control Panel"

I ran the DDS and will attach the two file, but even with the gmer.exe I had to tell my computer to associate it with gmer.exe, the exact icon I clicked on

Mostly this is just a pain in the ***, but some stuff just simply wont run, help would be GREATLY appreciated.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Ian at 14:38:20.59 on Sun 04/11/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4094.2230 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\Sy... Read more

A:All File/Program Associations lost - "Vista Security Center"

It only let me attach two files, here is my Ark.txt also

Read other 2 answers
RELEVANCY SCORE 84.8

Hello,

I'm a new poster here and I discovered the forum while searching for a solution to a problem that I am having with my Windows Security Center being turned off.

This is the last symptom of a problem that I noticed about a week ago. At that time my Google searches in Firefox were being hijacked to other sites on a pretty consistent, but not 100% basis. Google searches in other browsers, IE9 and Chrome still worked. Also my System Restore functions had been monkeyed with so they looked like that was not working (wouldn't open) but I could tell that it was actually working and the error message was spurious.

I was able to restore the Google search functionality in Firefox AND get system restore back by installing and running SUPERAntiSpyware. That program found several bits of malware and apparently fixed most/some of them. (Yes, I purchased a copy immediate--out of gratitude, if nothing else!). I also own a copy of Anti-MalwareBytes and ran that, but it found nothing.

I thought I was good to go, but today I noticed the little flag icon in the system tray was red X'd and I discovered the error message about the Security Center is turned off. I tried going to the service center and turn it on, but same error. I tried opening the list of services and there is none for Windows Security....so I'm assuming some malware has either removed or disabled the files in there.

As I mentioned I came here via Google search and read a long thread about a similar probl... Read more

A:Error message: "The Windows Security Center is Turned Off"

After posting my message above, I continued to Google around and found a page with directions about restarting the security service. I guess I'm not SUCH a "savvy PC user" after all, as I had missed the exact name of the service and I reported it missing above.

I re-enabled and then restarted it and it seems to be functioning again.

Thanks for anyone who read the entire message and my apologies for wasting your time if you did.

Stephen Porter

Read other 3 answers
RELEVANCY SCORE 84.8

I'm almost positive I've seen this problem posted somewhere before, but the search function is not finding it. General 'net searches for it turn up problems relating to a fake Security Center Service, but that's not what this is. At least, I don't think.

On both this system (Windows 7) and my laptop (Vista) I'm getting the same persistent error message in the little red shield, and I've seen it in both normal and safe modes on each machine:

"Windows Security Center Service is turned off."

Clicking the adjacent button labeled "Turn on" invariably gets you a popup that says:

"Windows Security Center can't be started."

Is this just a useless bit of MS bloatware that's rendered superfluous by outside-vendor antivirus (I'm running Sunbelt Vipre,) and firewall (ZoneAlarm) software, and can disabled with impunity? Or is it something more sinister?

Thanks for any info on this,

<***>
 

A:Solved: "Windows Security Center Service" Won't Start

When did the problem begin? After the installation or update of W7 or a program?

Are the W7 & Vista computers networked [ share file or printer; not merely internet connection ]?

Is security accounts mgr in "services" started?

Are you using other anti malware?

Consider uninstalling your AV & FW.
http://www.tomshardware.com/forum/239726-45-windows-security-centre

RF123
 

Read other 1 answers
RELEVANCY SCORE 84.8

Hi folks.

A multi-user computer is saddled with some really nasty malware. There is a taunting wallpaper that's been added and a bogus "Security Center" that someone must have inadvertently thought was legit. I have run Hijack This and MBAM and the logs follow. Any help you folks can offer is greatly appreciated in advance. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:53 PM, on 6/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061102
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061102
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ht... Read more

A:Big Trouble - Norton unresponsive bogus "security center" HJT log

Read other 12 answers
RELEVANCY SCORE 84.8

Ok I opened McAfee Security Center, and the "Home" tab is totally blank. (first screenshot). [See the attached file for what it should look like.] I have no idea why, or even when this started because I rarely open the Security Center, I just let it protect me in the background. Every other screen shows up fine (second screenshot). The weird thing is, it's not just that there's nothing there, but once I navigate away from it, I can't get back to it. Hitting the "Home" at the top right does nothing, and whatever other tab I'm on stays up and working.

Does anyone have any ideas? I've already tried updating it and restarting my computer. My updates for Vista are up to date as well. My only guess is that I had to hard reset my computer a couple days ago when it froze during updates (installing from Windows Update, not when shutting down). I know that's not a good thing to do, but I had no choice. I have a restore point I can use, and see if that helps, but I've installed several programs since then and would rather not use it if I can avoid it. However, I'd rather use a restore than have to reinstall McAfee.

Thanks for any ideas.

A:McAfee Security Center "Home" screen blank

This is a forum where we share ideas. You will probably not like this one, but its the advice that I take myself
Why play around with those AV, that may on occassion even caused BSODs?
Use the one that is made specifically for Windows. Yes, I mean Microsoft Security Essentials. If you thing\k Mcaffe is better stick with it. But cost should not be the reason. The Mcafee money is gone. MSE is free. MSE with Malwarebytes has kept me free of Virus and malware for years. Mcafee is easy to uninstall with the Mcafee unistall tool, too.
Just my thought.

Read other 11 answers
RELEVANCY SCORE 84.8

I continuously receive the following message within the Action Center:

Turn on Windows Security Center service (Important)

When I click on this message I get the error "The Windows Security Center service can't be started."

I am trying to apply the solution at the link support.microsoft.com/en-us/kb/2510301

However the Security Center service is not in the Services list.

Read other answers
RELEVANCY SCORE 84.8

here is my hijackthis log....please help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:34 PM, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Travis\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehom... Read more

A:Internet redirects me to "microsoft security center" saying i have a virus.

Please download Malwarebytes Anti-Malware and save it to your desktop.
If you have problems with that link, you can also download it from Here or HereMake sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here
and just double-click on mbam-rules.exe to install.
On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on t... Read more

Read other 4 answers
RELEVANCY SCORE 84.8

A new problem since last 2 weeks:

I have Microsoft windows defender installed.
In Vista's Reliability and Performance Monitor, I continually get this message:"The security center has not recorded an anti-spyware product."
on control panel->security, defender is recognized!
the defender update/work fine...
how do i get rid of the above "error" in In Vista's Reliability and Performance Monitor?
Thanks in advance.
ps-i do not use MSE

A:"The security center has not recorded an anti-spyware product."

Hello prukeyhi, I think this old thread may hold the answers you need

System Health [Diagnostic] Report doesn't recognise avast! anti-virus, as installed.

Read other 18 answers
RELEVANCY SCORE 84.8

hey ...not all that proficient in all things tech, so if my post is poorly setup or in some other way repetitive, apologies ... i admit i do not navigate any of these forums as efficiently as most .... thanx
my problem
i have been getting more and more
( seems like every other day )
" Internet Security Alerts " telling me my computer is likely infected ...
they seem bogus, and no real problem, other than the recurrence, appears to happen ....

i have completely shut down; the router / unplugged it and did similarly with the computer, following those instructions from another source a few months back when 1st happened ...
the Router, TV, sound system, Blu-ray etc, are in another room and wired via Ethernet cable, the computer in a different spot and is a Wi-Fi setup....

windows defender is my defense, windows 10 update was within the past 2 weeks, so as far as i know, all that's up to date ?!?
this has mainly happened ( 9/10 ) when using firefox ( which also recently updated ) but did happen with Microsoft edge yesterday as well ....

help
 

Read other answers
RELEVANCY SCORE 84.8

My last Spybot check found two entrees: Windows Security Center Anti Virus Disabler & Windows Security Center Firewall Disabler. I removed them. I run Spybot weekly. In between scans I noticed my Firewall & Virus protection were disabled at start-up. At first I was able to click on & enable them but then twice within 5 days I got the blue screen stop error (0X0000008E) right at the time these two items were loading. I hope by removing these items with Spybot Search & Destroy I have solved the bigger problem of the stop error. Has anyone else had this situation?
 

Read other answers
RELEVANCY SCORE 84.8

Hi all, just saw this in the bottom right tray a red windows security alert, when I click it on it says Malware protection, windows did not find any anti-virus software. Although I do have super anti spyware loaded on this machine. I have attached a screen shot.

Any help would be appreciated.
 

A:Solved: Windows security center message "Malware protection not found"

Read other 16 answers
RELEVANCY SCORE 84.8

This has been extremely frustrating.
I want to get email notifications of security bulletins, updates, patches, etc.

https://microsoft.com/en-us/msrc/technical-security-notifications


When you click to sign up, you have to log in. You are UNABLE to use a work (O365 account I assume) account. How silly is this? This is for work purposes, and I want to use my work email address. Of course, if I create a Microsoft account that I'll never
use, I can sign up and get notifications going to essentially a black hole, but there has to be a way to do this, or an alternative


Any ideas would be greatly appreciated.
Thanks,
HM

Read other answers
RELEVANCY SCORE 84.8

Everytime I start up my desktop, a fake windows security center message comes up trying to get me to install a fake protection system software. When this windows security center message comes up, it also adds three shortcuts to my desktop to porn sites. This virus is hindering me from using various software such as Malwarebytes, Spybot, and it wont let me install Hijack this. Also, this virus is making Internet Explorer practically unusable (using Safari right now). Please help me, it would be greatly appreciated.

A:infected with fake protection system/ fake windows security center/ fake security center alerts

I forgot to put this, but I am using Windows XP
One of the sample messages from Security Center Alter asks if I want to block a suspicious software called Trojan.Win32.Agent.dcc. This "Alert" has popped up many time, but warning me about different trojans.
Also, in the lower-right tray, messages are continuously coming up saying stuff like keyloggers, exploits, and etc have infected your computer.

Read other 4 answers
RELEVANCY SCORE 84.4

I'm at my wits end. I'm retired Air Force with 25+ years IT and System Security background from the Air Force. Earlier today I took a Trojan hit on my home computer. I have searched this forum and tried applying every corrective fix I could find here...no resoulution. As a last resort, I'm going to post what happened, what I've tried, and hope someone can offer a solution.

(OS: Win7 Home Premium 64)

My computer had Eset Nod32 Antivirus for Win7 64-bit running at the time. All functions of my computer were running fine security-wise. During an Internet session Eset popped up saying it had blocked and quarrantined a Trojan. From that point on, all heck broke loose. I began receiving pop-ups on my desktop from something called "Windows 7 Security 2012". It would begin "running" a very official-looking antivirus scan, showing that I had hundreds of "bad stuff" on my computer. If I closed the window, I would get periodic other pop-ups with other warnings. These were all obviously fake, as the only options I was allowed to choose were "Continue at your own risk" or "Register the software".

I ran an "on demand" antivirus check of my entire computer using Eset. It identified 5 errors. The first one was a file called "b**.exe" in one of my C:/User folders. Eset identified the other 4 errors as "trojan" files in other locations. My apologies, but I did not write down the file names (thus, the asterisk... Read more

A:Another "Windows Security Center Is Turned Off" Help Request

(Continued)...

Attempted Resolutions:

I have tried numerous things from different threads here pertaining to the same problem. Some of them are (many recommended by Jaycee):

1. An Eset on-line virus scan. Results showed no items identified.

2. Spybot Search and Destroy: Results identified about a dozen items, many of which were Windows Registry entries that seemed to coincide with the names of the 4 Trojan files Eset originally identified and deleted. I had Spybot repair all items found, and Spybot reported they were "fixed".

3. Tried running Command Prompt "sc query wscsvc" and "net start wscsvc". Results were "The specified service does not exist as an installed service" and "The service name is invalid".

4. Ran the command that lists all services and their status. Security Center does not show up in the list anywhere, so I can't choose whether to have it run "automatically" or otherwise.

5. As a last resort, I tried the "cut/paste to Notepad" of the batch file Jaycee recommended in one of the other threads. Ran it, it seemed to "do it's thing", but the problem isn't solved.

6. I have a HijackThis log I ran. I'm fairly familiar with using it...have done so in the past to correct Internet Browser hijacks, etc. I have to admit though...this current log has a few things in it I don't recognize, so I'm not comfy starting to guess at removing any of the entries. I can post the log if... Read more

Read other 9 answers
RELEVANCY SCORE 84.4

I have a small red circle with X inside, on my taskbar. Every 30 seconds or so, it produces a window that reads " Windows security Centre has detected spyware/adaware infection. Click here to install the latest protection tools"

Ive run adaware, spyblaster, spubot, Avast anti virus, eiwedo. nothing is found !

Any suggestions ?
Many thanks
Tony.Logfile of HijackThis v1.99.1
Scan saved at 11:35:23, on 30/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\... Read more

A:"Windows Security Center" Virus ? HTL attached

Read other 7 answers
RELEVANCY SCORE 84.4

Ok so, I have Norton Anti virus 2007, and today, it detected a trojan virus, but it supposedly blocked and quarantined it. After that, i noticed that windows security center was not working, and all it was doing was showing a red shield with a white x on the system tray, and when i put my cursor over it it says "Your computer is infected !" and every now and then a little talk box pops up and says that my computer has been infected with spyware that has effected the registry.

When I click the red shield icon (both left and right click) it comes up with a window titled "question" and says "Would you like to update your security software and install Registry Cleaner?" and all i can do is click yes or no. If i click no, the window goes away, and nothing else happens, if I click yes, it installs registry cleaner v3.2, and i can scan it, but i can't delete any of the files unless i buy the full version.

First i started by performing a full system scan with Norton Antivirus, which came up with nothing I have run spybot, ad-aware, spysweeper, etc., i also used a program i have called Registry Mechanic, and none of the above fixed the problem.

After searching the internet for about 3 hours, i found HijackThis and ran it.

I would GREATLY appreciate it if somebody could help me fix this (the only other thing i can think of is windows restore, but I really don't want to have to resort to that)

Here is the HiJackThis log:


Logfile of Hija... Read more

A:Windows Security Center "Your Computer is Infected!" please help!

Hello TheCabo0se and welcome to TSF,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

-----------------------------------------------... Read more

Read other 1 answers
RELEVANCY SCORE 84.4

Windows Security Center says I have two antivirus programs installed on my machine. I have Antivir installed and no other antivirus program installed. I have Comodo Firewall, Adaware and Webroot Spysweeper but no other antivirus. Security Center says one antivirus is updated and running. I looked at my Add/Remove Programs and all my programs in Winpatrol and do not have another antivirus program that I can find. I have XP Pro on my computer. Thanks for your help.
 

A:Windows Security Center-"Two Antivirus Programs"

Read other 8 answers
RELEVANCY SCORE 84.4

Dear members and experts,

I'm sorry to rush in with a problem on my first post, but I'm getting quite desperate for help with a very troublesome malware. I'm sure everyone's heard of the "Security Center", "Antivirus 2009" group of malware, and I seem to have one myself. I'll start at the beginning:

It landed on my computer (Windows Vista Home Premium) shortly after browsing along a user-posted news type of site, I don't know where it really came from. I saw the quick signs of it - a "Security Center" icon indicating a virus on the computer, giving a fairly detailed description and with one button enabled to "remove all". It then proceeded to a fake installation screen for an antivirus - sorry, I'm still trying to remember its name. The installation screen was a non-interactive EULA-looking screen which quickly changed to an unmoving installation status screen. I'm sorry I don't have a screenshot.

Ah, I remember now - it was called Paladin Antivirus. However, the program didn't actually install Paladin Antivirus, I think I strangled it before it did - but for some reason I still have all havoc breaking loose.

*Update: A search of my hard drive reveals no files containing the name "Paladin".

Before it all went to hell, I did a scan with AVG, which removed something serious, and the program itself didn't come back. However something still took over my laptop and it's in an awful state. Here is a list of the proble... Read more

A:Desperate to get rid of "Security Center"-esque malware

Hi everyone, an update:

I managed to finish getting rid of this monster of a virus about 10 minutes ago. The solution was indeed one of the easy paths to follow of downloading Malwarebytes Anti-Malware and using it to eradicate everything - though as I said earlier, I simply couldn't get it to run because the virus prevented me. It turned out that renaming the executable file during download worked, to my startled surprise, and even though I had tried all that before, I wasn't quite "doing it right". I'll detail below. I'm darn glad to have control again after what must have been 12 hours but this should have taken just 3.

-My biggest flaw in destroying this was ironically my using the old, expired Windows 7 trial to use the cleaning software. Sure enough, Malwarebytes Anti-Malware ran on the Windows 7 account to clean up my partitioned drive, but it was never exactly going to touch Windows Vista's registry if I'm logged into Windows 7, right? *facepalm* So as a result, a few dodgy looking viruses got removed from the drive but not the registry entries or anything else (I guess), and I suppose because of that everytime I logged back into Vista, virtually nothing had changed.

-Also, since I'm a naughty cheating student, my Windows 7 version is the seriously old beta which probably expired last summer. Thus, it is non-genuine and is programmed to shut down spontaneously every 2 hours, meaning it was impossible to get any sort of full virus/malware scan finish... Read more

Read other 1 answers
RELEVANCY SCORE 84.4

I get an Action Center flag telling me to turn on WSC service, but when I try it tells me that it can't be started. I know -- this is a common issue, but I haven't found any threads that solve the problem for me.

I'm running W7 home premium 32bit. It's a new install on a new hard drive (but everything else in the machine is older than 6 months).

As far as I know, the problem started when I got rid of AVG and installed ESET smart security 4 (free trial). My first guess was that ESET disabled Windows security so there wouldn't be any conflicts, but windows doesn't seem to recognise ESET in the security center in the same way it recognised AVG. It's as if Windows security knows ESET is there and won't turn on, but doesn't want to admit it in public.

Most of the threads I've seen treat this as a malware issue, so here's what I've tried so far:

ESET scan (found nothing)

Malwarebytes scan (found nothing)

Advanced System Care 4 malware scan and deep registry scan (found a cookie!)

Windows defender scan (found nothing)

sfc /scannow (found nothing)

None of this fixed the problem. I've also checked that Windows firewall and WMI are running and are set to "automatic" in services. I get a strong feeling that this isn't malware related. I think it's far more likely that it's the result of ESET not being installed/configured properly, or of me fixing things until they break in an attempt to optimise the system.

Sorry for the apparent thread repetition, but I haven't bee... Read more

A:"The Windows Security Center service can't be started" (again)

Just passing by..... & I'm curious.

Did you use the appropriate AVG Remover Tool to remove their program from your computer?

AVG - Download tools and utilities

Read other 5 answers