Over 1 million tech questions and answers.

Antispy Spider constantly popping up on desktop

Q: Antispy Spider constantly popping up on desktop

Somehow, sometime, a certain virus got onto my PC, I'm familiar with the sort, since i had a similar problem when i use to use XP, unfortunately, i don't remember how i removed it, an now a new rogue spyware program has planted it's seeds on my computer once again. It calls itself Antispy Spider and always pops up on my task bar in a small yellow triangle with an exclamation mark saying something like: Windows Security Center
An attack on you computer has been detected
Then it opens the browser (Firefox in my case) and gives me it's page, with the asking me to buy it since it'll protect my computer...Yeah, sure. I'm using McAfee Security Center 2007, which is enough for me. I'm posting my log since i can't find the things that belong and don't and i certainly need to get rid of this blasted Malware.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:25 PM, on 10/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\DELL\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\taskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJCTLfc.dll,#1
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JAPANF~1\AppData\Local\Temp\fcccawWO.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JAPANF~1\AppData\Local\Temp\xxyvttQH.dll,#1
O4 - HKCU\..\Run: [BM8d439fc1] Rundll32.exe "C:\Users\JAPANF~1\AppData\Local\Temp\rqpcgbxl.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P10 /q C:\Users\JAPANF~1\AppData\Local\Temp\~DF80D7.tmp C:\Users\JAPANF~1\AppData\Local\Temp\~DF7FE6.tmp C:\Users\JAPANF~1\AppData\Local\Temp\~DF4BB5.tmp C:\Users\JAPANF~1\AppData\Local\Temp\~DF4BA0.tmp C:\Users\JAPANF~1\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P10 /q C:\Users\JAPANF~1\AppData\Local\Temp\~DF80D7.tmp C:\Users\JAPANF~1\AppData\Local\Temp\~DF7FE6.tmp C:\Users\JAPANF~1\AppData\Local\Temp\~DF4BB5.tmp C:\Users\JAPANF~1\AppData\Local\Temp\~DF4BA0.tmp C:\Users\JAPANF~1\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\DELL\QuickSet\quickset.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F7BCD99-ED6C-465C-BEF1-29E7CB8D1355}: NameServer = 207.164.234.129,207.164.234.193
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

RELEVANCY SCORE 200
Preferred Solution: Antispy Spider constantly popping up on desktop

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Antispy Spider constantly popping up on desktop

Read other 6 answers
RELEVANCY SCORE 91.6

hi all,First time for me here at bleeping computer usually use other tech forums but this infection has made it pretty much impossible for me to acces those, So I thought I'd give bleeping computer a try.I've seen a couple of other threads discussing the same infection on here, I've got the same symptoms as described in those posts; Loads of pop ups, browser highjacking, changing of background on desktop, fake spyware warnings....It's driving me crazy hope you guys can help me get rid of this Deckard's System Scanner v20071014.68Run by slash on 2008-06-16 12:23:38Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --30: 2008-06-16 10:23:41 UTC - RP489 - Deckard's System Scanner Restore Point29: 2008-06-15 16:27:51 UTC - RP488 - Controlepunt van systeem28: 2008-06-14 15:51:34 UTC - RP487 - Controlepunt van systeem27: 2008-06-13 15:35:18 UTC - RP486 - Controlepunt van systeem26: 2008-06-12 15:22:35 UTC - RP485 - Controlepunt van systeem-- First Restore Point -- 1: 2008-05-19 11:16:48 UTC - RP460 - Controlepunt van systeemBacked up registry hives.Performed disk cleanup.-- HijackThis (run as slash.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:26:06, on 16-6-2008Platform: Windows XP SP1 (WinNT 5.01.... Read more

A:Antispy Spider, Red Background On Desktop.

Hello grouse and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional... Read more

Read other 1 answers
RELEVANCY SCORE 76

I am trying to help my daughter-in-law remove Antispy Spider from her computer.She had Windows XP Professional.She tried following instructions on "How to remove AntiSpySpider and sockins32.dll (Removal Instructions) from your website. When she got to step 9, she got the following message:Allow RegeditRun-time error '26001':Failed to delete registry key: '-2147483643' Section'Software\Microsoft\Widows\Current Version\Policies\System; key: 'Disable Registry ToolsCan anyone tell me what we need to do to get step 9 to work?She has tried different ways of getting rid of the spyware by running Ad-Aware and AVG. Before she started the steps in your removal instructions, she had already deleted all the files listed in your step 12 except for c:\WINDOWS\system 32\sockins32.DLL, which she couldn't find. Also, she had already downloaded FixASS.reg and installed it to the Registry before she realized is should have been left on the desktop until step 10.We are bumbling through this, so I hope someone can help.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Antispy Spider

I think it's in use. Close all programs then try again.

Read other 1 answers
RELEVANCY SCORE 76

Got this yesterday...attached is my llog file....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:10:02 AM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dispatch\Local Settings\Temporary Internet Files\Content.IE5\BAAH5VXC\HiJackThis_v2[1].exe
C:\WINDOWS\system32\wbem\... Read more

A:Help...Antispy Spider

Acvtive scan log::
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-09 10:47:47
PROTECTIONS: 1
MALWARE: 9
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.519 7.5.519 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dispatch\Cookies\[email protected] Read more

Read other 2 answers
RELEVANCY SCORE 76

I was online a few days ago and started getting a ton of popups and all these errors saying my computer is infected with spyware. Currently when I start it up, I get a bunch of popups saying that interent explorer is not currently online and asks if I want to connect or work offline. I also get pop ups saying cannot find file//windows/promo6.html (or promo 4 or promo 5) When I do get on the internet (i am using mozilla) the Antispy spider website keeps popping up wanting me to purchase there downloads. Then after awhile I get a windows security update stating I have threats. Each time it tells me a different threat. So far they are: trojandownloader.xs , 123 messenger, 2nd thought. I can't access my task manager (control alt delete) it says it is disabled by the administrator. I have downloaded spybot and they found a few entries, I checked them to be fixed and they will all be fixed except for 2 entries. These entries are still in use or running, however I have no windows open. Please HELP!!!!The following is what I got from hijack this:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:49:57 PM, on 4/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\A... Read more

A:Antispy Spider

Hello sandlgraphixWelcome to BleepingComputer ========================Please download ComboFix from Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Read other 3 answers
RELEVANCY SCORE 75.2

Please help me remove this malware. I keep getting pop ups of some spyware removal programs over and over again even when im not connected to the internet. I also get promo 4/5/6 or something popping up. My desktop background has been changed to some blue screen saying "Warning: Spyware threat has been detected on your PC. and then it tells me to click here to scan my PC for spyware" I get many microsoft warning bubbles on the rlower right hand corner of my screen. My computer is running slower than before. What should i do? Please help!!!Here are my logs:Deckard's System Scanner v20071014.68Run by Ivette Garcia on 2008-05-12 13:03:26Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --11: 2008-05-12 18:03:47 UTC - RP55 - Deckard's System Scanner Restore Point10: 2008-05-12 16:54:17 UTC - RP54 - Installed SpyZooka9: 2008-05-08 20:51:39 UTC - RP53 - System Checkpoint8: 2008-05-05 22:25:10 UTC - RP52 - System Checkpoint7: 2008-04-18 17:29:59 UTC - RP51 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-03-07 20:31:39 UTC - RP45 - Installed iTunesBacked up registry hives.Performed disk cleanup.Total Physical Memory: 503 MiB (512 MiB recommended).-- HijackThis (run as Ivette Garcia.exe) ---------------------------... Read more

A:Help! Antispy Spider! / Computer Two

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.Sorry for the wait, more infected computers that we can handle on a timely basis. If you have not resolved your issues, review the instructions posted above.Once that is complete, follow these directions:http://www.bleepingcomputer.com/malware-re...l/antispyspiderOnce you finish post a new HijackThis log using Add Reply, we will have more to do.Thanks

Read other 2 answers
RELEVANCY SCORE 75.2

started today popup cant get rid of help please
antispy spider

scanned with spybot search and destroy
avg 7 free

Logfile of HijackThis v1.99.1
Scan saved at 12:55:47, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS... Read more

A:antispy spider popup cant get rid of help please

also popups red desktop with link to buy software ie comes up goes to antispy spider site to burchas bugas software
 

Read other 1 answers
RELEVANCY SCORE 75.2

I have the red, desktop, pops everywhere for AntiSpy Spider, and TrojanDownloader.xs I already unisstalled old HiJack this, downloaded a new one. Downloaded and Ran Deckards DSS below is the main and attached is the extra files Please Help
Kristi

Deckard's System Scanner v20071014.68
Run by user on 2008-05-11 17:12:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
56: 2008-05-11 20:56:04 UTC - RP224 - Deckard's System Scanner Restore Point
55: 2008-05-10 21:03:33 UTC - RP223 - Last known good configuration
54: 2008-05-10 21:03:22 UTC - RP222 - Restore Operation
53: 2008-05-10 21:03:22 UTC - RP221 - System Checkpoint
52: 2008-05-10 21:03:22 UTC - RP220 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-10 21:03:08 UTC - RP169 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.64 GiB (less than 15%) free.


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:07 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WI... Read more

A:AntiSpy Spider Virus Please Help

Hi, welcome to TSF!

If you still need assistance, please post a fresh main.txt report.

Read other 1 answers
RELEVANCY SCORE 75.2

A while back I turned on the computer one day to find that the background had turned blue with warning messages of spyware and began recieving numerous false popups about my computer being infected with spyware all directing me to the site "http://antispyspider.us/69". Then the computer began to work more and more slowly and the "blue screen of death" or system error screen began shutting down my computer randomly. I hadn't really been paying attention but apparently all of my anti-spy and anti-virus software that had come with the computer had expired and I had recently been downloading an extensive amount of music from blogs on the internet, so I guess I'm not really suprised at this. Anyways, I did a bit of research and downloaded the Spybot Search and Destroy program which apparently removed a massive amount of stuff already, but the pop ups continue (however not quite as frequently.) I am embarassed to admit that I also blew thirty bucks on something called "SpyHunter" which did basically nothing and i was later told by Spybot was something known as a rogue spyware removal program. Anyways this is my first post and I'm really just trying to get into the right forum right now and in contact with someone that can help me, thanks. Also I am using windows XP.

A:Sockins32.dll Or Antispy Spider

It kinda seems like everyone else who posted a question was responded to rather quickly, wondering if I did something wrong...

Read other 2 answers
RELEVANCY SCORE 73.6

First of all, some background information: I am not a computer savvy person, but at the workplace, it is pretty much "on the land of the blind, the one-eye is king" situation, with myself being the most knowledgeable on computer related matters where everyone else isn't. Background information of the infected computer: Windows XP Service Pack 3So here is the deal, a co-worker thought her computer was infected with a virus, after she checked her e-mail, and the desktop got switched with a red wallpaper claiming that the computer needed security, because there were possible security violations, and regular pop-ups saying that the computer was open for attacks, to click to download security (task manager had become blocked). After things got worse, she asked me for help. I ran Spybot Search and Destroy, which detected 6 SmitFraud entries (but it was incapable to nullifying them).So, I researched about SmitFraud which took me to the following link:http://www.bleepingcomputer.com/forums/t/17258/how-to-remove-the-smitfraud-generic-zlob-quicknavigate-virtual-maid/After using SmitFraudFix.exe (following steps 1-12), the computer was somewhat better, because invasive unwanted pop-ups subsided, task manager was reinstated, but the problems were far from over.A day later, the computer was unworkable. No programs would open as normal (not even in Safe- Mode), a window requesting with what program would I want to open x or y program surfaced. Can't access any windows within the control pa... Read more

A:Spyware Doctor/antispy Spider/smitfraud

Hello and welcome to BC. Since you hava rootkit the security of your {C should be considered as compromised.A Rootkit is software that cloaks the presence of files and data to evade detection, while allowing an attacker to take control of the machine without the user's knowledge. Rootkits are typically used by malware including viruses, spyware, trojans, and backdoors, to conceal themselves from the user as well as from malware detection software such as anti-virus and anti-spyware applications. Rootkits are also used by some adware applications and DRM (Digital Rights Management) programs to thwart the removal of that unwanted software by users.High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer. SunBeltThe tools and advice for this malware are best handled by our HiJackThis team.Please follow the instructions in this Guide.. Preparation Guide for use before posting about your potential Malware problem ONce you've prepared the log post that into this forum, HijackThis Logs and Malware Removal, NOT HERE.

Read other 1 answers
RELEVANCY SCORE 72.8

Hi Friends,

I'm just new here. My system recently got very slow and locking up with antispy-spider and vista antivirus360.

I tried to force it to close but Task Manager is disabled. A friend suggested to try to follow a guide from this website drvirion.com but I prefer a more direct response to this particular issue. Has anyone of you encountered this problem? Please help. Thanks.

A:No Task Manager, Can't Change Wallpaper, Antispy-spider pop-ups

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 72.8

Every few seconds I have popups from antispy spider as well as multiple webads. My background has changed to red and says 'Warning: Your Computer Is Under Spyware Attack' 'Your Computer is infected by anonymous spyware program'In addition, Norton antivirus pops up every few minutes and says that it has blocked: http quickbrowser activity Risk: High Protocol: TCP Attacked IP: www.top-banners.com(193.189.93.14) Attacked Port: http(80)As well, I don't have use of task manager right now, either. It says that the administrator has disabled it.I am running Window XP.Also, I was running the Kaspersky program and got to around 86% complete and I guess my computer had enough with the popups and decided to close all the windows, including the Kaspersky program, so sorry I don't have that information right now.Deckard's System Scanner v20071014.68Run by J on 2008-06-07 23:43:01Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --79: 2008-06-08 04:43:30 UTC - RP833 - Deckard's System Scanner Restore Point78: 2008-06-07 21:33:35 UTC - RP832 - System Checkpoint77: 2008-06-06 19:13:54 UTC - RP831 - System Checkpoint76: 2008-06-05 18:20:06 UTC - RP830 - System Checkpoint75: 2008-06-04 07:52:40 UTC - RP829 - Installed QuickTime-- First Restore Point -- 1: 2008-03-09 21:4... Read more

A:Infected: Antispy Spider, Http Quickbrowser Activity, Etc...

Hi and Welcome to the Bleeping Computer Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

Read other 32 answers
RELEVANCY SCORE 71.2

I have recently been infected as of last Sunday by multiple trojans and spyware. I have attempted ad-aware 2007, spybot s&d, my paid for McAfee internet security suite, windows defender. Just about anything that is freeware. I have not been successful at cleaning EVERYTHING off. I know this because I have different symptoms upon each time I boot-up. I guess I should be thankful for that at least. Anyways, I have seen pop-ups for antispyware software (obviously didn't fall for), pop-ups along my taskbar, desktop background hijacked, slow or no internet access, winlogon.exe errors, system32 folder opens upon startup, initially didn't have access to task manager or regedit. I guess i'm just trying to give you as much info as possible to diagnose and clean my system. And to tell you WHAT A MESS!! I have gotten to a somewhat stable condition where I can at least log onto this website and post/vent my problems (first time). I have been able to complete the preparation guide exactly and will follow with the reports after this introduction. I do appreciate any help that anyone is willing to offer! Please Please PLEASE help us. Any other additional information you need, do not hesitate to ask! Thanks in advance!Please see the following reports according to that requested in the preparaton guide...###KASPERSKY REPORT###------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, May 19, 20... Read more

A:Originally Infected W/ Antispy Spider, Now Multiple Infections Including Virtumonde

Quick update....Since I posted on Monday, I have had my computer on without restarting the computer, and no pop-ups or anything trojan/spyware related. Everything appears to be working as normal, but like I said I haven't restarted my computer! I'm actually quite hesitant because I know I have read about the trojans loading with .dll files upon startup, and I don't want to have an unstable internet connection when I receive an experienced response from this websites' volunteers.Therefore, I intend to wait to restart my computer until I receive further instructions/directive from someone here telling me to do so. If I have successfully removed the trojan or spyware or whatever has infected my computer, I'm confident there are remains somewhere. Which leads me to believe that I should still seek the help I originally requested previously with cleaning up my computer. To be continued....

Read other 6 answers
RELEVANCY SCORE 55.6

I have a new laptop that has windows 8.1 installed.
However, I am use to Windows 7 (hate Win 8)
I enjoy spider solitaire. I play it while waiting for a download or while something else I am doing is finishing.
I downloaded solitaire, but whenever you want to play, it leaves the desktop and goes to the windows game screen.
I want the old spider solitaire, like the one that comes with Windows 7.
I want to be able to play the spider solitaire at the same time I am doing something else.
Can anyone tell me how this is possible/
I would appreciate your help.
Thank you

A:want spider solitaire on win 8 desktop

Here's a quick vid on multitasking with 'Metro' apps:

split screens - Edwin000's library

Oh, btw... a hearty welcome to Windows EightForums!

Read other 4 answers
RELEVANCY SCORE 53.6

One of the CA security center components keeps installing when I log on. This prevents me from uninstalling anything or installing anything new. Because it keeps installing (or is just installing), I can't even try to uninstall it because well, it's installing!

Help, please! Thanks!
 

Read other answers
RELEVANCY SCORE 53.6

I don't know what may have started this, but kaspersky kept telling me that svchost.exe was performing a suspicious action trying to inject something into winlogon.exe. It asked me to allow/deny, I denied, and it kept repeating. Eventually I ran a scan and detected that "smarthook.dll" contained a trojan. I used kaspersky to remove it, and downloaded a clean copy of the .dll and put it in my system32 folder.

Now I am receiving the classic:

svchost.exe:
"The instruction at "0x7588bba5" referenced memory at "0xfede1500". The memory could not be "read".

Click on OK to terminate the program
Click on CANCEL to debug the program"

Only this pops up every 5 seconds about 6 times and then stops, and randomly will continue this pattern.

I have attached 2 logs, one is current <taken today> the other I just happen to log a few days ago for the hell of it (before I noticed any errors). I don't know if.. comparing will help I just want to provide all info I have.

~Thanks!

[edit]
**Additional: Just ran AVG Anti-Rootkit Beta and it detected system32/userinit.exe as a "Hidden Application"

extra info: sometimes when the svchost error pops up, my taskbar at the bottom changes to the old grey style and not the windows xp style.

Also: included a screenshot (edited for size).

System Info:
AMD Athlon 64 processor 3500+, 1 GB RAM
Microsoft Windows XP Professional SP2
ASUS A8N-SLI Deluxe MOBO

A:svchost constantly popping up

nobody responding, so I'm trying to help myself. A couple things I've noticed
1) in my list of services, there is a service named "Asctcgwto" set to disabled. This brings up nothing in google.
2) After turning on my computer, I type "at" in the console and it responds with "The service has not been started." I use the at command fairly often.
3) I type "net localgroup" and it tells me that the workstation service has not been started. So I start it.... I Don't know why it isn't already started, (it's set as "Automatic" but was stopped).

The problem is getting worse because from the moment I click login, it brings up multiple svchost.exe errors and takes an exceptionally longer amount of time to fully log in.

Read other 1 answers
RELEVANCY SCORE 53.6

AVG free edition shows popup window with warning re: C:\WINDOWS\system32\atl7.dll TrojanHorseBackdoor.Generic10.AMEC

I would very much appreciate some help with this.

thankyou.
 

A:AVG constantly popping up with warning

Read other 16 answers
RELEVANCY SCORE 53.2

I've been having this problem where this thing pops up every few minutes and i don't know how to fix it

A:constantly popping up command promp

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be foun... Read more

Read other 21 answers
RELEVANCY SCORE 53.2

Every few seconds auto play pops up and immediately vanishes again. It's very annoying, to the point where I can barley use my computer, (I posted this from another computer.) The drive responsible says recovery H, H is my USB but there is nothing plugged in there. The Auto play fixer isn't for Vista 64 bit. I don't want to simply stop auto play as I like it when it works properly. I don't seem to have a windows restore point either. I have done everything I can think of. Any help would be greatly appreciated! Thanks for looking.

A:Auto play popping up constantly

For security reasons, auto-play is not a good idea. There are infections that specifically take advantage of flaws in the system.

You should also enable recovery points, it can be a life-saver if something goes wrong.

You may want to try disabling it and then re-enabling it for specific drives or types of files to see if that will help with your issue:
How to disable the Autorun functionality in Windows

Disable AutoPlay in Windows Vista - How-To Geek

Read other 2 answers
RELEVANCY SCORE 53.2

If my lap top is on for any more than 3hrs, the help window for whatever program i am using will pop-up and will not let me continue task. Comp must he turned off for a couple of hours to resolve this.

I ran trend micro's online virus/spyware tool (http://housecall.trendmicro.com/), cwshredder, ad-aware se & spybot s&d. Problem did not resolve, then someone told me to try hijackthis, and am now in need of help to analyze the results.

PLZ HELP.

thanx in advance.

the following is the log i got w/ hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 8:25:43 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\P... Read more

A:[SOLVED] help folder constantly popping up, plz help

i've had other issues since this post and have decided for a fresh start/formated drive
thanks all, no further help needed (for now, lol)

Read other 1 answers
RELEVANCY SCORE 53.2

I have Windows 10 and everything is running ok. Then, yesterday, I ran Windows Update and Update installed THREE updates....

KB3881449, KB3881488, KB3081452

It seems to be a NEW and BAD HABIT of Microsoft NOT to give us any details on what these updates do to our operating systems, what problems they solve, what features they provide or take away or what they modify. It would certainly be helpful in trying to diagnose a nasty problem that develops immediately, doesn't it? I don't like this new attitude at Microsoft of "we will run your computer and you will like it". Anyway, after updating and rebooting, I immediately started having a problem with the new Microsoft Edge Browser. It is now popping up on me without being asked to. This problem started immediately after I installed the updates and I DID NOTHING ELSE on my computer after rebooting.

There are a few things I want to say here...Microsoft DID THIS to my computer. I ran an anti-virus scan and malicious software scan using ESET SECURITY SUITE 8.0 both on my computer and an external ESET Anti-Virus Scan from ESET that sits off of my computer and nothing was found.

I also got ONE OTHER ERROR, I only saw it pop up one time and here it is, attached snapshot of the Error Message attached (it says)...

RUNTIMEBROKER.EXE

"The group or resource is not in the correct state to perform the requested action."

I looked into RUNTIMEBROKER.EXE and it is an operation in Windows 8 and app... Read more

A:Edge Browser is Popping Up on Me Constantly

Edge opening constantly might be malware.

Here's a link to the Malwarebytes blog that discusses those un-closeable Tech-Support-Scam pages and sites:

PSA: Tech Support Scams Pop-Ups on the Rise | Malwarebytes Unpacked
--------------------------------------------------------------------

Edge is installed as the default Windows 10 browser. Here's how to make Internet Explorer the default browser instead.

I believe the icon for Edge is automatically installed on the Taskbar. The icon looks very similar to the Internet Explorer icon.

To pin the Internet Explorer icon to the Taskbar, click on the Start Button, click All Apps,
Scroll down and click on Windows Accessories. Right Click on Internet Explorer, click on Pin To Taskbar.
The Edge icon is a darker blue. The Internet Explorer icon is lighter blue with a gold diagonal arc across it.

Right click on the Edge icon and select Unpin From Taskbar, if you wish.

Now to make Internet Explorer the default browser:

Click on the Start Button, Settings, System, Default Apps, scroll down the Choose Default Apps list and Click on Web Browser - Edge, and choose Internet Explorer from the pop-up menu. This makes Internet Explorer the default browser.

Read other 4 answers
RELEVANCY SCORE 53.2

Hi and thanks in advance for any and all help received. I would also, in all fairness, wish to inform anyone concerned that you are currently reading the words of quite possibly the most computer illiterate human being in the free world. Having said that, I will attempt to explain my problem.
My computer has been becoming increasingly slower over the last several months. I have been dealing with/ignoring this problem until the proverbial straw that broke the camel's back began appearing on the computer screen yesterday. I am receiving this official looking warning on my computer that keeps popping up constantly with every action I attempt. The warning says:
SYSTEM ERROR
Your computer was infected by unknown trojan
It's dangerous for your system! ( critical files can be lost !)
Click to download the antispyware program to clean your system (recommended)

From what Ive read on your site and others, I am assuming this is an attempt to get me to download even more trouble than what I am currently experiencing. I almost goofed up and downloaded it when it first popped up. In fact I clicked on the ok button but thankfully was warned that it was an unrecognized site and didnt have a valid signature or something to that effect (see, I told you I was computer illiterate) and I cancelled the attempt to download.

I followed all the other steps in your instructions. I had already downloaded the Windows Service Pack 2 a long time ag... Read more

A:Trojan Warning Constantly popping up

I was informed this information was needed as well
Deckard's System Scanner v20071014.68
Run by Tony Murdock on 2008-01-06 18:52:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
123: 2008-01-06 23:52:54 UTC - RP742 - Deckard's System Scanner Restore Point
122: 2008-01-06 23:45:12 UTC - RP741 - Software Distribution Service 3.0
121: 2008-01-06 23:40:20 UTC - RP740 - Software Distribution Service 3.0
120: 2008-01-06 22:04:36 UTC - RP739 - Software Distribution Service 3.0
119: 2008-01-06 06:03:14 UTC - RP738 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-10-09 05:03:21 UTC - RP620 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-06 18:57:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\... Read more

Read other 16 answers
RELEVANCY SCORE 53.2

I recently had a problem with a constant popping sound and started a thread here for help: http://www.bleepingcomputer.com/forums/top...ml#entry1400691It helped me identify the source of the sound. It was suggested I post here to see if an infection is at the root of my problem.To sum up, I was hearing an almost constant bubble popping sound which ended up in fact being the Windows XP Balloon Tip Sound. After some trial and error with the advice given I found my registry had been changed to not show the balloons. Once I changed it back I began receiving the following balloon - "IP Protection Infection Detected" from Malwarebytes. Many IP's have shown up from various spots on the globe and it was suggested perhaps this forum could help me find if an infection on my PC is "calling out" to these IP's known to be associated with malware, etc.The people on the other forum were awesome and helped me get this far. If anyone can help from here it would be greatly appreciated!

A:Malwarebytes IP Protection Constantly Popping up

I reccomend you visit the Malwarebytes Forum and create an account there so they can help with you issue more easily.

Read other 2 answers
RELEVANCY SCORE 53.2

Hi,

My laptop constantly shows windows security pop-up. I tried Spybot/Spyware Doctor, but not of use. Please help.

HJT Logs..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:04 PM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
C:\WINDOWS\s... Read more

Read other answers
RELEVANCY SCORE 53.2

I use a windows xp professional OS.
My contrast window keeps on popping up in the middle of my screen, this goes on happening constantly on its own accord.
What is this problem? and how do i rectify it?
Pls help..

Read other answers
RELEVANCY SCORE 53.2

I have an HP computer with Vista, Comcast as the ISP, and McAfee (I think it was provided by Comcast).
A new problem has popped up just recently. Every few minutes, I am interrupted when the black and red McAfee flash-screen is flashed on top of whatever I am working on. That is followed by a tan-colored screen called “Comcast Security - - - powered by McAfee”. (This is the same screen that comes up if I click on the McAfee shortcut on the Desk Top.) That screen changes its contents once before it quits. The coming of these screens has nothing to do with my pushing keys. They come even if my hands are not near the keyboard and if I am not on line with Comcast.
These screens flash on for only a fraction of a second – not long enough to read what they say. But they disrupt my train of thought and, if I am typing, can cause errors in my writing. I checked my McAfee and security settings and they seemed correct. If you can suggest a way to stop this, I would appreciate it. The screens have flashed on about six times while I was writing this.
 

Read other answers
RELEVANCY SCORE 53.2

Every few seconds auto play pops up and immediately vanishes again. It's very annoying, to the point where I can barley use my computer, (I posted this from another computer.) The drive responsible says recovery H, H is my USB but there is nothing plugged in there. The Auto play fixer isn't for Vista 64 bit. I don't want to simply stop auto play as I like it when it works properly. I don't seem to have a windows restore point either. Here is my Hijack This log file. Any help would be greatly appreciated! Thanks for looking.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:55:51 AM, on 2/10/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Bec\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartW... Read more

A:Auto play popping up constantly

You might want to try a Clean Boot troubleshooting procedure to hopefully isolate an offending application. Run it for both Services and Startup items.

Another thing you can try:

Download the free Process Explorer.

Run it and click Find.

Click Find handle or DLL...

Search for \device\harddisk.

See if any of the search results might have a reason to be accessing the USB drive.
 

Read other 1 answers
RELEVANCY SCORE 53.2

I reformatted by Dell Inspiron 1721 laptop a couple of months ago and everything's been working perfectly until a Windows SP2 update automatically installed itself last week - now Windows Media center opens up constantly (very distracting); I've removed it from services and from startup, but it continues to pop open.

Also, a funny looking file menu will sometimes pop up all by itself on the top left of the screen.

And windows or programs I have open may just close themselves out by themselves.

This has all been going on for a week and is becoming very annoying. I don't use Media Player, but understand it can't be deleted. Until I chose "Don't show me this message again" there was a message every time I booted up that said something like, "Your new hardware needs to be installed." I had not attached any new hardware.

Anyone have any ideas? I really don't want the hassle of reformatting again so soon.

Thanks,
SWOFKY

A:WMC Popping Open Constantly - Other Problems

Hi SWOKY, welcome to the board.

The problem could caused by anything, but you can start on making sure if the problem related to the update by restore the system to the day before the update.

Post back and let us know how is going?

Bruce

Read other 6 answers
RELEVANCY SCORE 53.2

So here is what's happening to me...

1. I've got this constant pop up thing happening that is saying contextual ads.
2. Under Uninstall or Change a program there is a program called Ron too1 addestination. If I click uninstall a box comes up asking for the verification code and in the center of the box it's got garbled letters, which I think they want you to use as the verification code.
3. I'm running on Windows Vista with several securities in place...MicroTrend, Windows Defender, AVG 8.0, Avira Antivirus, Malwarebytes' Anti-Malware, SpywareBlaster, SUPERAntiSPyware and used Spybot to search and destroy. They don't seem to be finding this thing.
4. I use Mozilla Firefox as my browers and I do frequent some social networks, specifically MySpace and Facebook. And often pay games on NovaWorld.

Is there any help for me? I'd be so very appreciatived!!!!

Suzanne

Read other answers
RELEVANCY SCORE 53.2

Every few seconds auto play pops up and immediately vanishes again. It's very annoying, to the point where I can barley use my computer, (I posted this from another computer.) The drive responsible says recovery H, H is my USB but there is nothing plugged in there. The Auto play fixer isn't for Vista 64 bit. I don't want to simply stop auto play as I like it when it works properly. I don't seem to have a windows restore point either. I have done everything I can think of. Any help would be greatly appreciated! Thanks for looking.

A:Auto play popping up constantly

You can try the FixIt at http://support.microsoft.com/kb/967715 , scroll down to How to disable or enable all Autorun features in Windows 7 and other operating systems.
 
Louis

Read other 1 answers
RELEVANCY SCORE 52.8

Hello,
I have a HP Pavilion m6-1045dx notebook with Windows 7 Home 64-bit SP 1, Premium, 8gb Ram, Intel HD graphics 4000, Intel Core i5-3210M.

The attached error codes keep showing up and they show up every 3-5 minutes. I recently just got my laptop back from a repair to the motherboard. They replaced the HDD and re-installed Windows 7 Home Premium and most of my needed drivers. I am also attaching the itinerary work notes of the repair for the computer.

NOTE: the error codes are not consistent after continuous pop ups, though the location of the application error seems to be the same. I realized that the errors are not the same all the time.

What is the cause and how do I fix this?

A:Error Codes popping up constantly every 3-5 mins

This sounds like a driver problem. Can you check to see if Windows is fully up to date and check Device Manager for any next to your hardware.

Read other 3 answers
RELEVANCY SCORE 52.8

Hi. I don't remember failing to untick a selection, but somehow this crummy Baboom Search element has come onto my computer. I have an Asus desktop computer and have Windows 8.1. and use Google Chrome and Mozilla Firefox. Every time I restart my computer Baboom's invisible extension activates setting Baboom Search to default alongside my Google default search and at this point I cannot remove it as a default program.

There is an option to disable the Baboom Search extension and doing so will make it disappear, but it does not give me the option to find and remove the extension that continually controls my search when I restart.

I have used Windows Defender, Anvi Smart Defender and an Anvi software trial that supposedly allowed one to use a Slim Toolbar option that could find an alter extensions and add-ons but it none of them found Baboom Search.

I cannot find the extension in any extension list, in the uninstall list in the Control Panel, nor can I find the name Baboom anywhere on my computer now that I have deleted a few small files with its name. Since I have been unable to see the extension I have been unable to get its App ID in order to find out what ID I could try deleting in the Roaming App Data on my computer but it feels like I have tried everything else to find and delete it. I even tried to find it in the Registry Editor in the apps section, but it did not appear.

Please, if you can offer me any assistance in taking down this nasty virus that doesn&#... Read more

A:Baboom Search Constantly Popping Up, Hidden

Read other 6 answers
RELEVANCY SCORE 52.8

Have followed the five steps including the DSS scan, below are pasted the results with main.txt, then the logfile of the HijackThis scan. The DSS extra.txt results are attached.

Deckard's System Scanner v20071014.68
Run by Idjit on 2008-02-07 19:20:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-02-08 00:20:04 UTC - RP843 - Deckard's System Scanner Restore Point
37: 2008-02-08 00:13:07 UTC - RP842 - Software Distribution Service 3.0
36: 2008-02-07 14:24:11 UTC - RP841 - Installed SUPERAntiSpyware Free Edition
35: 2008-02-07 02:35:44 UTC - RP840 - Point de v?rification syst?me
34: 2008-02-01 02:53:46 UTC - RP839 - Point de v?rification syst?me


-- First Restore Point --
1: 2007-11-10 17:18:39 UTC - RP806 - Point de v?rification syst?me


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Idjit.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:14, on 2008-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ser... Read more

A:virus protection malware constantly popping up

Hello and welcome to TSF.

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

Read other 1 answers
RELEVANCY SCORE 52

I have Malwarebytes Anti-Malware and I get pop up warning every 3 to 4 seconds that it has blocked a Malicious Website.  Its an outbound connection with the warning:
 
Domain: (empty)
IP: (different all the time)
Port: (different all the time)
Type: Outbound
Process: C:\Windows\System32\svchost.exe
 
When I received the laptop from previous owner, Avast virus protection was installed but not updated.
I removed it and installed Malwarebytes Premium and Eset Nod32 virus protection.
Ran MBAM and quarantined infections (lMBAMlog.txt file attached), Eset found nothing.
 
It was after MBAM install that running on the wireless connection began to produce the above stated pop-ups.
When MBAM is activated, the pop-ups start immediately and I loose wireless internet.
If wireless is turned off, no pop-ups.
Wireless connection is reestablished once I deactivate MBAM.
 
In  my attempts to fix, I also ran RogueKiller and got rid of a bunch of pum.dns
 
I also notice that what ever I search for in IE goggle, the top return is always a link to "Raaz.io/SafeSearch Install Now"
I downloaded and ran the Farbar recovery Scan Tool and my log is attached.
Thank you for looking at my topic,
Pilgrim.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-12-2015
Ran by Sidney (administrator) on SIDNEY-PC (29-12-2015 15:01:50)
Running from C:\Users\Sidney\Desktop
Loaded Profiles: Sidney (Available Profiles: Si... Read more

A:Outbound "Malicious Website Blocked" constantly popping up

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Remove these programs in bold Via the Control Panel > Programs and Features applet.VideoDownloadConverter Toolbar Chrome Extension (HKLM-x32\...\VideoDownloadConverter_4z Chrome Extension Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTIONWSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Fesulok] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sidney\AppData\Local\29d7106b1506c019\Dufaku.dat"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
CHR HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFT... Read more

Read other 9 answers
RELEVANCY SCORE 51.6

Hello, for the past three days I have been trying to access my computer. I'm quite positive I have a malware infection but I have no idea where it is. I am running Windows Vista Home Premium SP2 32bit.

As soon as I boot up my computer an error pops up before the password screen. It reads LoginUI.exe - Bad Image in the top bar and then gives the description:

error. C:\windows\system32\WinTrust.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

I have to click okay about 20 times before i can access the main login screen. Once i login i get another error similar but instead says Skype.exe - bad image. My windows virus protection has been disabled, and I am unable to open any virus program other than Avast and S&D. I get similar errors to the others when trying to open Norton or Ad-Aware. Even while I was trying to type my topic title to this thread, errors would come up every letter I typed.

Oh and one more thing. I am receiving window's errors constantly, the most common being Windows sidebar encountered a problem and closed, windows live id encountered a problem and closed, and gusvc encountered a problem and closed. I also cannot access msn messenger and my sound has been disabled

any help would be appreciated.

thank you in advance,

jonathon :

Read other answers
RELEVANCY SCORE 51.6

Hi!

I started getting attached pop up in my taskbar few days back and it has intensified since then. It now pops up every 2-3 min and disappears instantly. Managed to get it in screen shot.

Did bit of on-line search and there are few similar cases too but i am not sure about the reason behind it starting in my machine and solution to it.

I was getting some Bluetooth related message in Skype since i started using it just from few days back. Had skype since beginning but never used it before. Could this be because of it ? Should i uninstall and install skype again ?

And this is the first time i am facing any problem on this machine (HP Laptop with Windows 7 OS), it is about a year old.

Any suggestion appreciated!!!
Thanks
 

A:Unknown program quickly popping up and disappearing in task bar constantly

Read other 16 answers
RELEVANCY SCORE 51.6

Hello!
I would appreciate any help whatsoever! This virus, or whatever it is, has me stumped!
I think I have been hijacked, only on internet explorer-when checking task manager, Internet explorer is always running, even when I "End Task" . Mozilla Firefox is working fine, but Internet explorer pops up both visible and invisible windows, and constantly asks me to make it my default program!
I suspect malware, and possibly a virus, but my spyware program cannot find anything besides cookies. My antivirus program pops up saying it has deleted multiple trojans, but something is definitely going wrong!

here are is my Hijack this log
Logfile of random's system information tool 1.04 (written by random/random)
Run by Brennan at 2008-11-05 19:05:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (59%) free of 57 GB
Total RAM: 478 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:18 PM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mo... Read more

A:Hijacked? Internet Explorer constantly running and popping up, but I use Mozilla!

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if they still exist:

Viewpoint Manager
Viewpoint Media Pl... Read more

Read other 2 answers
RELEVANCY SCORE 50.8

The sound with both speakers/ headphones on my laptop is constantly making "popping" sounds, and sometimes it even stutters - very aggressively and without putting any load on the laptop - even with a simple mp3 playback.I've tried EVERYTHING - Realtek / Lenovo / Windows drivers, uninstalled Windows, wasted so much precious time on it.This is the second damaged unit I get from lenovo in a month's time. I hope they can provide a quick solution for this problem, or else I'm returning this laptop and never buying / recommending Lenovo ever again. 

Read other answers
RELEVANCY SCORE 50.8

Some program keeps popping up for a split second on my task bar every few minutes, and I can't figure out what it is.
It's pretty annoying because whenever it happens it switches the current window's focus.
It seems to happen randomly, and not at a set time interval.
I don't think it's malware... but I could be wrong. It pops ups and disappears much too quickly to identify it.
How can figure out what it is? (Btw, I'm running Windows 7.)
 

A:Solved: Unknown program quickly popping up and disappearing in task bar constantly

Read other 8 answers
RELEVANCY SCORE 50.4

DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 19:52:23.07 on Fri 02/11/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.921 [GMT -6:00]

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Hp\... Read more

A:Norton is constantly blocking Instrusion attempts by several different attackers and Just-In time debugging keeps popping up.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

Read other 26 answers
RELEVANCY SCORE 50.4

Hello,

My Norton 360 Antivirus keeps blocking intrusion attempts. There are a serious of different attempts every 20-30 minutes.

From the Norton Security Log,

Risk Name: HTTPS Tidserv Request 2
Attacking Computer: 01n02n4cx00.cc (91.212.226.5,443)
Source Address 91.212.226.5 (91.212.226.5)

Risk Name: HTTPS Tidserv Request
Attacking Computer: 91.212.226.182, 80
Attacking URL: 7gafd33ja90a.com/ (very long)

Risk Name: HTTP Misleading Application Detection
Attacking Computer: 91.217.162.190, 80
Attacking URL: xp-scaner.com/dm-php? (very long)

Also the Just In-Time Debugger keeps popping up on the main screen. I'm not sure if this is somehow related to viruses or attacks or simply a system error.

Please provide any assistance that you can in helping resolve this issue. I appreciate your help. Thank you!

James

A:Norton is constantly blocking Instrusion attempts by several different attackers and Just-In time debugging keeps popping up.

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 46.8

Since upgrading to Windows 10, on my Alienware 17R3, I Constantly keep getting a popup to "update Your Recovery Media".  I did update my recovery media immediately after upgrading to windows 10, But I still keep getting the popup every time i reboot my laptop and almost every hour or so.   I have clicked on "Do Not remind me" option on popup , but  I Still Get it!
I figured it no harm to trying to update my recovery media again just a couple days ago to see if I could get rid of the nagging popup, But I am still getting it.   Has anyone else experienced this and know any solution/suggestions?? 

A:"Update your Recovery Media" Constantly popping up. (Even after updating already)

Try asking your question in the Alienware owner club forum.

Read other 5 answers
RELEVANCY SCORE 46.4

Every time I try to run a program, I get a popup asking "how do you want to open this file". Is there any way to disable this annoying Windows 10 issue? A user on a Microsoft thread I found posted the following:

I found a free tech support site that resolved the problem.

http://techguy.org

It was an update that was missing information.

Please help!!

Thanks!
 

Read other answers
RELEVANCY SCORE 46.4

I did a search on this site, hoping to find someone else had this problem, but I came up empty handed.

My annoying problem is that I am using IE 6.0, and the "Work Offline, No internet connection is currently detected, blah blah blah" window keeps popping up! It will pop up even if I don't have IE 6 loaded. If I shut down all of my browsers and walk away, when I come back, there will be like 40 taskbar buttons, all the same, this annoying 'work offline' window has popped up over and over.

I have tried an IE repair, under the add/remove program. Didn't work. I am using AOL to get online, if that matters. But even if AOL is not loaded, nor any browsers, this "work offline' still pops up.

Can someone help? Thanks...
 

A:IE 6 "Work Offline" popping up constantly

Read other 11 answers
RELEVANCY SCORE 46

I tried downloading windows office from limewire, but i think i got a virus or something, because after i tried to install the winodws office, ads started popping up on my desktop randomly. every 30 min or so, an sometimes i get random voice ads. is there a way i can get rid of this?

A:Ads Popping up on desktop

hi and welcome first stop should be here http://www.techsupportforum.com/f50/...lp-305963.html and please do your self a favour get rid of the software that caused this you may also find helping with these matters is severly restricted due to the illegal activities involved on these sites

Read other 1 answers
RELEVANCY SCORE 45.6

thank you in advance...
I'm running windows 7. I have pop up window that keeps popping up. it is a Japanese porn site. I have only clicked the top right corner to close it but it keeps coming back. When I go to windows task manager to close it the window is not a IE window, chrome window, nor firefox window. To right click on the window "
 
I have run malwarebytes to remove this but it found nothing...
 
there are actually of these windows popping up. they pop up under other windows.
 
thanks in advance
 
Dave

A:Desktop Window keeps popping up. please help

Hello Dave -
Please download the tools to Desktop and Copy and Paste any logs.
 
First - This is a "basic clean-up" and we will go further depending on your answers.
 
Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.
 
Important: Do not reboot your computer until you complete the next step.
 
* NOW :
 Please download AdwCleaner by Xplode and save to your Desktop.
 * Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
 * Click on the Scan button (only once)
 * AdwCleaner will begin...be patient as the scan may take some time to complete.
 * After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Check the removals and see if you are OK with the list.
* Now
 * Click on the Clean button (only once)
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.
* A copy of all logfile... Read more

Read other 6 answers