Over 1 million tech questions and answers.

auto-logoff, best-seller antivirus security alerts

Q: auto-logoff, best-seller antivirus security alerts

-I cant use my computer unless I start in safe-mode
-on normal bootup i usually get a message on the login screen saying "mcafee has found a harmful file on ur computer. It is recommended you scan your computer"
- if i ignore the message and try login, it automatically logsoff before I can even see my desktop
-even in safe mode i keep getting message from "bestseller antivirus" and have messages that pop up on my system tray saying stuff like "System Alert: Malware threats" or "Your system performance has slowed 47%...". I am pretty sure this is part of the virus, as is the "Bestseller Antivirus Installer"
- MS-DOS window also opens up with the cursor ( _ ) blinking at random spots all over the screen
- Below is my HijackThis log. Thank you. I appreciate your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:03 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WebRoot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\restore\rstrui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Rabindra\LOCALS~1\Temp\peuagbsx.exe
C:\Documents and Settings\Rabindra\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com" target="_blank" class="wLink">http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ryrafmhf.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\WebRoot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [see] C:\Program Files\see\see.exe
O4 - HKLM\..\Run: [uxelqdap] rundll32.exe "C:\Program Files\uxelqdap\wxijinuj.dll",Init
O4 - HKLM\..\Run: [gfebczgv] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gfebczgv.dll"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [c8d75a84] rundll32.exe "C:\WINDOWS\system32\obymdomy.dll",b
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Policies\Explorer\Run: [{C8D75A2B-069E-1033-1026-050001}] "C:\Program Files\Common Files\{C8D75A2B-069E-1033-1026-050001}\Update.exe" mc-110-12-0000272
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Super Proxy Helper - {736D982F-8E2C-4afc-B202-D8195B48AB68} - C:\Program Files\Igoodsoft\Super Proxy Helper\ProxyHelper.exe
O9 - Extra 'Tools' menuitem: Super Proxy Helper - {736D982F-8E2C-4afc-B202-D8195B48AB68} - C:\Program Files\Igoodsoft\Super Proxy Helper\ProxyHelper.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/stanford/.../ebraryRdr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://ww3.projectsolve2.com/eRoomSetup/client.cab
O21 - SSODL: E404Helper - {1a9249e7-3071-4656-b93f-fb9e69bd3f62} - e404d.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\WebRoot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLANKEEPER - IntelŪ Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8738 bytes

RELEVANCY SCORE 200
Preferred Solution: auto-logoff, best-seller antivirus security alerts

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: auto-logoff, best-seller antivirus security alerts

Duplicate thread - see here.

Read other 1 answers
RELEVANCY SCORE 167.2

-I cant use my computer unless I start in safe-mode
-on normal bootup i usually get a message on the login screen saying "mcafee has found a harmful file on ur computer. It is recommended you scan your computer"
- if i ignore the message and try login, it automatically logsoff before I can even see my desktop
-even in safe mode i keep getting message from "bestseller antivirus" and have messages that pop up on my system tray saying stuff like "System Alert: Malware threats". I am pretty sure this is part of the virus as is the "Bestseller Antivirus"
- Below is my HijackThis log. Thank you. I appreciate your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:03 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WebRoot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\restore\rstrui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Rabindra\LOCALS~1\Temp\peuagbsx.exe
C:\Documents and Settings\Rabindra\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Int... Read more

A:auto-logoff, best-seller antivirus security alerts

Hello r8ty8,

Welcome to TSG. Unfortunately you got off to a bad start here double-posting. Just adds to the workload. Serious infection is showing there. We will be doing some repairs that need protective software disabled, but you also have both McAfee and SpySweeper running. These as is are likely causing conflicts there, and in the case of SpySweeper, that company recently made the very questionable choice to include installations of Ask with it's own install, a software from known adware/spyware vendor IAC Search and Media (see here). Given that and this conflict, maybe it is time to consider if SpySweeper is a keeper on this system. For now, especially with these two, you need to completely disable them, and keep them disabled while doing these repairs. If at any time while doing these steps you get an alert from any protective software, that means it is interfering, and not disabled.

You can do this first procedure from Safe Mode, but once it has effected some repairs I would like you to work from normal mode unless directed in steps posted.
Download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your deskt... Read more

Read other 1 answers
RELEVANCY SCORE 67.6

I see I'm not the only one with this issue. I picked up the Antivirus XP 2008 deal on Sunday, managed to get rid of it (and other things) yesterday but now I have an even bigger problem stemming from the Fake Windows Security Popup that warns me about Trojan-Spy.HTML.Bankfraud.dq or something. I, of course, stupidly clicked the "Enable Protection" button on the popup and then everything went haywire.At this point I can only function in safe mode. When I'm in normal mode things run slooooowwwww and I can't get Firefox or IE to open. I've run every removal tool I've come across, including MBAM and SDFix. I've tried everything I can think of but I'm at my wits end. Here's my HijackThis log. And yes, I'm sure my machine is a mess...6 years old and until two days ago it ran beautifully. Please help! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:13:04 PM, on 8/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32 ... Read more

A:Had Antivirus Xp 2008...got Rid Of It But Now Getting Fake Windows Security Alerts

Hi,We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.-screen317

Read other 17 answers
RELEVANCY SCORE 66.8

Hello,

Please help! For the past few months our computer has been constantly popping up virus messages. Every few seconds we get a Windows antivirus message that says windows has detected spyware... As soon as I close this box it reappears. Every 2-3 minutes we get a Windows Security Alert stating Warning! Potential Spyware Operation! And sporatically we get a Trojan Found message from McAfee VirusScan although I can not delete the infected file.

I looked through some websites and messages on this board looking for help. I downloaded Super Antispyware Free Edition and ran that program. It deleted 450+ items but the computer is running no better and the messages are popping up just as often.

Moreover, I can not access my control panel through the start menu and can not add or remove programs.

I have seen some people post similar problems and they are told to run a Hijack report so I did that. The log is below. Now I don't know what to do next.

Can someone please advise? Thank you so much in advance for your help!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:50 AM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE ... Read more

A:Please help--windows antivirus and security alerts! HijackThis report included.

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every inquiry.



Please go to Start > Run, and in the Open area copy/paste the following command (blue):

REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\system /v DisableRegedit /t REG_DWORD /d 0 /f

Click: OK

~~~~
Next, please download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.

Read other 1 answers
RELEVANCY SCORE 66.8

Hello,

I posted this morning about a problem I am having but received no replies yet. I decided to do the HijackThis report hoping someone could help me with this additional information.

My original post:
Please help! For the past few months our computer has been constantly popping up virus messages. Every few seconds we get a Windows antivirus message that says windows has detected spyware... As soon as I close this box it reappears. Every 2-3 minutes we get a Windows Security Alert stating Warning! Potential Spyware Operation! And sporatically we get a Trojan Found message from McAfee VirusScan although I can not delete the infected file.

I looked through some websites and messages on this board looking for help. I downloaded Super Antispyware Free Edition and ran that program. It deleted 450+ items but the computer is running no better and the messages are popping up just as often.

Moreover, I can not access my control panel through the start menu and can not add or remove programs.

I have seen some people post similar problems and they are told to run a Hijack report. I am not sure how to do that or what that means.

Can someone please advise? Thank you so much in advance for your help!!!

My HijackThis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:50 AM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system... Read more

A:Please help--windows antivirus and security alerts! HijackThis report included.

Bumping....
PLEASE, PLEASE, PLEASE someone help me!!!!!!!!!!! I am practically in tears over here. THANK YOU!!!!!!!!!!
 

Read other 2 answers
RELEVANCY SCORE 66.4

i have a winXP SP3 laptop (hewlett-packard) and i'm stuck in an auto log-off problem. i've read a lot around various sites about possible causes and fixes. seems it could be a "userinit.exe" file that is missing or corrupt. i used malwarebytes to remove the internet security 2010 virus and then upgraded from AVG antivirus v8 to v9.0. i also used latest spybot to scan the computer. malwarebytes found 43 infected files, which i removed (quarantine and delete) and spybot found two more which were also healed.

now, i have been trying to get into the computer through safe mode and safe mode with command prompt. i can not get past the user acct OR the administrator account logon before i get logged off. i can not get to a command prompt, as far as i can tell, in order to try any of the fixes i've read about.

can anyone tell me how i might get to a command prompt to run a system restore or otherwise fix this userinit.exe file problem?
thanks
 

A:auto-logoff after removing "internet security 2010"

Read other 10 answers
RELEVANCY SCORE 66

Hello. So, my laptop runs Windows Vista and I have Verizon DSL for Internet connection. I use Verizon Internet Security Suite (VISS) for antivirus and all that stuff. Now I have an icon in the task bar that takes me to Windows Security Alerts, which under Malware, says that "VISS reports that antivirus protection is out of date. Update now." I keep clicking Update Now and it takes me to VISS and then a popup window comes up which says "We detected no Internet connection. You must be connected to the Internet..."

I'm confused???? VISS has not "updated definitions" in a long time. Whenever I turned my computer on, a little window would say "VISS is updating such and such definitions now."

How do I fix this? Any help is appreciated. Thanks.
 

A:Windows Security Alerts - Antivirus out of date - no internet connection detected

Sorry I haven't got a solution, but you may be better off using a different anti-virus software. I can highly recommend COMODO because it has a firewall also, but you could also use AVG Free ~ both are free for the basic version.

COMODO: here
AVG Free: here

-Ollie
 

Read other 2 answers
RELEVANCY SCORE 64.4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:48 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.65.0.25:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-... Read more

A:popups/best seller antivirus & savetheinformation.com,secirityonpage.com

please help,there are appearing alot of popups....
 

Read other 1 answers
RELEVANCY SCORE 62

I have been reading the post and the fixes of others that are having the same problems that I am having. I downloaded and performed a scan with SuperAntiSpyware and it quarantined numerous files. I know that as soon as I access Internet Explorer again it will just all be re-loaded on my computer.

I have the same "Security Tool Bar 7.1" issue that others have been discussing along with the same triangle(!) in my system tray that keeps telling me that I trojans on my puter.

I need help.....nothing seems to work when removing this from my computer.

Here's my Hijack This log file after running SuperAntiSpyware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:57 PM, on 10/15/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technolog... Read more

Read other answers
RELEVANCY SCORE 58.8

Auto logoff?

I recently been getting logged off some websites that I am member on. It seems that if I click over to an other session and then come back, I get logged off. This happens on 3 site & these sites do not have an auto log off feature.

This just started happening & has not happened before.
Running XP sp3 & IE7

Any ideas?

Thanks
Steve
 

A:Auto logoff?

No one? Anyone?
 

Read other 2 answers
RELEVANCY SCORE 58.8

I am trying to find out how to enable auto logoff for users on a machine where it's shared by 6 people. I've been to the MS support site and tried the Winexit.scr suggestions to no avail. Does anybody know how to enable this option?
 

A:XP Auto Logoff

So it doesn't work even with the Force Application termination switch on?

Maybe one of similar programs found here will do the trick.
 

Read other 1 answers
RELEVANCY SCORE 58.8

I want to schedule a auto logoff in NT every 3 hrs .I Installed logoff.exe from NT resource kit and and sheduled it with task scheduler .But when it runs at specified time it asks the question logoff y/n ? .How to bypass this question so that it will logoff automatically as scheduled or is there any other way of doing this?.Please Help.
Thanks
Bhavesh
 

A:NT auto logoff

You might be able to use Kixtart or a "rundll" call from a batch. See <a href="http://www.robvanderwoude.com/kix.html" target="_blank">http://www.robvanderwoude.com/kix.html</a> for info on Kix and more links to info on it. There is reference to "logoff" on the link I provided. The section on batchfiles also has some info on "rundll.exe", though that might get tricky.

If that fails, you might be able to run logoff.exe from a Kix script and have it push the button for you in the GUI, see the example in the link above for running Symantec's live update from Kix.

mole
 

Read other 2 answers
RELEVANCY SCORE 58.8

Hey everyone, i'm new the this forum. I was wondering if there is a way to auto-logoff windows 7 Enterprise computers in a domain invironment? Bascially, i have 20 computers that are suppose to be used for printing only.

The non-technical people @ my job, don't want these systems used for antying else other than printing and are demanding that these systems to auto-logoff regardless of what apps might be opened.

Can anyone out there point me in the right direction on this? I have tried playing with group policy and have had zero success.
 

A:auto logoff

I haven't figured this out yet either. Like you, the kludge work-arounds don't actually work. Heck I'd be happy if I could get it to auto logoff a single workstation.
 

Read other 1 answers
RELEVANCY SCORE 58

I originally accessed a post regarding the lsa7_check.txt file problem and followed the forum post instructions to download and run combofix.exe and sdfix.exe. After completing the portion for sdfix.exe, and after reboot, the winxp machine I ran it on executes an immediate logoff and you log onto the machine.

Any ideas for a solution?

note - I am a software develop in java / powerbuilder / .net with a bs degree in comp science, so I can follow a highly technical solution. I know windows shell and win32api pretty well.

Read other answers
RELEVANCY SCORE 58

my win 2k pro system logs offf after ~15 minutes of inactivity (no keypresses, mouse movements). how do i stop this?
 

A:Prevent auto logoff

Have a poke around the power options in control panel and see if the setting is there.
 

Read other 3 answers
RELEVANCY SCORE 58

I am looking for a program something like what my library has on their computers. I want to be able to give each of the kids a username and password then when they log on a timer will automatically log them off say 30 min. but will also allow me to give them a max daily time limit. Or if this is possible within win 8 itself

Thanks
Paul

A:user auto logoff

What you're looking for is built into Windows 8 called family safety

Family Safety - Setup and Use in Windows 8

you can set time limits and times of day they are allowed or not allowed to use the computer

Read other 6 answers
RELEVANCY SCORE 58

When I tyr to log on to xp home by clicking my name the system try to star but then logs off to the log on screen again. I can't use the computer at all. Is this a virus? Thanks
 

A:XP Home auto logoff at log on

Here is the solution to the logon - logoff issue in Windows XP.

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry. Click Start, Run and type REGEDIT. Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]

In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.

NOTE If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.
Download details: Windows XP Home Edition Utility: Setup Disks for Floppy Boot Install

When you run the download, it puts the XP installation program, includin... Read more

Read other 3 answers
RELEVANCY SCORE 58

hello
I have a server with 70 RDP users on it
most people never log off when there finished

id like to make a new user group that get's auto logged off when idle for say an hour
but leave the others running 24/7

A:auto logoff when idle

I'm not sure it's working consistently, but here's what I've been able to collect to log off the computer at least twice:
A scheduled task named "Log Off Idle Session", set to run when the user logs on or when the system goes idle, and with Conditions set to run only if idle for 30 minutes. It's set to run only when user is logged on and [ ] Run with highest privileges is checked.
Here's the config. I'll continue to experiment to see if it works consistently. Perhaps this can help get you closer.

Read other 1 answers
RELEVANCY SCORE 58

Any one is there who help me for my windows xp Auto logoff problem And i repir the win xp but it till auto logoff . any one plzz help me ?
 

A:Auto logoff when login in win xp

When i am try to login on win xp it automaticly log off may be it's win xp licence problem ? can u plzz help me ?
 

Read other 2 answers
RELEVANCY SCORE 58

hi thar guys and gays, hihi~!

got a laptop here with some issue. it starts normally, loading the xp pro nicely, and politely ask for password. but after typing the password it'l load the profiles and yet jump back to login screen. no chance to see the wallpaper, and obviously no hijacklog.

same thing happened in save mode.

so i was wondering, is there any cure to this? laptop not mine, belongs to a customer, and i hav only a few days to help her out.

A:auto logoff issue

problem solved,

woota, thread close.

Read other 1 answers
RELEVANCY SCORE 57.2

I am working on a computer with Windows Xp Professional SP3. I was going through the group policy to familiarize myself with its capabilities. I saw an option to restart the computer when a user logs off. I was curious to see this option in action and chose it. I do not know where in the gpedit.msc I found it before and now I don't know how to shut it off. I did not type any code or add a txt file as many of the options suggest when I Googled my situation. It was simply an option to enable. Please let me know where to find this to shut it off. It is really starting to get on my nerves. I appreciate any constructive input. Thanks.

A:Auto Restart after user Logoff

Please review This M/soft Topic as it may help -

Read other 1 answers
RELEVANCY SCORE 57.2

I finally repaired the problem, I think, and am able to login to my computer. I replaced the userinit.exe file. Now apparently my desktop has changed and most of my programs and ICONS are gone. In msconfig my startup used to be "selective". now it's "normal" only and cannot be changed. Tell me I didn't erase most of my programs and this is just a start up problem. robin

A:windows xp auto logoff after login

I believe when you changed your userinit.exe file you changed your account from administrator to a guest account or an account with no administrator permissions and you do not have permission to access the things you could before.

You should go to user accounts and see if you are still the administrator, if not, then you have to make the necessary changes to change your account.

Bruce.

Read other 4 answers
RELEVANCY SCORE 57.2

I need to have a workstation automatically logoff a user after a defined period of inactivity.

I have looked in Local Security Policy and have only found an Automatic Logoff option for when the users Logon times expire.

Suggestions ?

Thank you
 

A:Auto Logoff Win2K after inactivity

You have a couple of options. One is a utiulity that comes with the resource kit called the winexit screensaver. It takes a little setting up for non-admin users, but it does work.
The other would be this freeware program that will also do this and is easier to setup. They have complete instructions on thier site.

http://www.winability.com/activesaver/
 

Read other 3 answers
RELEVANCY SCORE 57.2

hi.

ok, so every time I log in to windows xp pro the system starts to load the user settings background and startup programs then I get a message that the system can't load one of the startup programs because the system is shutting down. then the system completely shuts off.

After an exhaustive search online I found the recovery/copy userinit.exe wsaupdater.exe fix and tried that but I still get the auto logoff. I've tried repairing the installation using the OEM CD, but that only works for the first login. after that, same issue. I've run antivirus and spyware apps to check the system, but found nothing (I did this inbetween repairs).

After 6 times of going through this I'm ready to reinstall from scratch. It just annoys me that windows can break so easily. Did I meniton I hate windows?

Anything you could suggest, would be appreciated. I wait to here from someone in the forum before tackling such a HUGE project as to reinstall Windows and all my programs and data.

Thanks!
flyer007
 

A:Widows xp auto logoff after login

Read other 9 answers
RELEVANCY SCORE 57.2

Hey Guys,

So we just switched over to Server 2003 rather than a P2P network and now I am having trouble with people not logging off. Some of the PC's are setup where it goes to the screen saver and locks the computer and need my password or their password to get in, ya know.

So how can I change the settings so after a certain time of inactivity the computer logs the user completely off?

-Jay
 

A:Auto Logoff w/ Server 2003

Write a script that loads at logon that defines a "lease" for the login.
 

Read other 3 answers
RELEVANCY SCORE 57.2

How do you change the time when you computer auto logsoff. I've tried searching in the screensaver and in the power opitons, but no luck, even Google doesn't have the answer.

Please help!

A:How to tweek time until auto Logoff

Got to the (control panel)select (Power options) left hand Colum
select (change when the computer sleeps.)

Read other 4 answers
RELEVANCY SCORE 57.2

I believe that I inadvertantly downloaded or opened a virus or malware of some kind that is now preventing me from accessing my laptop. When I logon under any user I am automatically logged off again. I have tried booting in safe mode and to command prompt, but to no avail. Still the same problem.

I have looked on line and many people including Microsoft say that this is because 'userinit.exe' is missing in the registry. I have accessed the registry using bartPE and userinit is there.

Unfortunately I cannot locate my XP disk for this laptop; however I have a recovery disk from an older laptop, but when trying this I get a blue screen saying ' A problemhas been detected and windows has shut down to prevent damage to your computer'???? This error does give some further info, but without being able to access the laptop I cannot do anything about it.

Can you offer any advice?

A:Auto Logoff after user Logon

your userinit.exe is located in C:\Windows\System32

You can get a copy of the userinit.exe from another computer, or boot into recovery console from a XP disc, and log in. You should be at a c:\windows prompt. Type the following:

cd\windows\system32

You should be at a c:\windows\system32 prompt.

copy userinit.exe wsaupdater.exe

Allow it to overwrite.

Type exit and allow it to reboot, pull the CD.

Read other 10 answers
RELEVANCY SCORE 56.8

My university has an application that students must run it to do test (midterm, final,...). It really annoy to all students. It will close all file it can close on computer. (system file too...). So, users must turn account control to default level so... this app cannot auto close it.
I don't know this before. My account control is lowest level. So, when run this app, it will automatically restart. (because some system file has been closed). After twice times, I login at meet that error : No matter how I login, Windows appear Welcome, and logoff permantly after.
When I create another account and set account control to default level, I can run this app and can logon.
But I still want to use old account. (many settings I have set before). Please help me
Thanks

A:Windows 7 : auto logoff permantly after login

From what you say, it would appear your old user profile is corrupted for some reason.

Have a look at this Microsoft article, which offers advice on fixing the problem.

Fix a corrupted user profile

Read other 2 answers
RELEVANCY SCORE 56.8

These started to happen after I woke up. I tried to use system restore and "last good known configuration" but no anvil. I'm not sure if this could be the problem but, on a site it said that it was because anti-virus removed a certainly file and now it ended up like this. I tried many fixes but no luck at all. I went to recovery console on window cd but that didn't help either. I am really running out of options, please help

Read other answers
RELEVANCY SCORE 56

Hi,
Last night I downloaded a file which contained a virus(the source told me it was a false positive), that time it was all good. This morning I went on the computer and from multi boot I choose Windows 7(other was Vista) and when it prompted me to account screen I chose my account and logged in. Suddenly everything shutted down on start up and logged off and went back to the account selection screen. It is happening everytime Im logging on to Windows 7.
I ran a scan in Microsoft Security Essentials and there was no virus/malware found.
So, I want to run Windows 7 and fix this problem else I want to delete Windows 7 and install a new one with the CD I was given by Acer for Windows 7.

Thanks

A:Need help fixing auto logoff(virus?) or uninstalling Windows 7

  
Quote: Originally Posted by hawksking


Hi,
Last night I downloaded a file which contained a virus(the source told me it was a false positive), that time it was all good. This morning I went on the computer and from multi boot I choose Windows 7(other was Vista) and when it prompted me to account screen I chose my account and logged in. Suddenly everything shutted down on start up and logged off and went back to the account selection screen. It is happening everytime Im logging on to Windows 7.
I ran a scan in Microsoft Security Essentials and there was no virus/malware found.
So, I want to run Windows 7 and fix this problem else I want to delete Windows 7 and install a new one with the CD I was given by Acer for Windows 7.

Thanks


First acer may not have given you a win 7 dvd but rather a restore dvd. check before you do anything

second download malwarebytes and run in safe mode.

Let us know the results
Ken J

Read other 1 answers
RELEVANCY SCORE 55.6

Not saying I am a Pro, but I've built many custom PCs over the years, more than a couple dozen for myself, my wife, and other family members. But this is one of the weirdest problem I've ever come across: after doing a "fresh install" of Windows 7 64-bit, everything goes fine. For those familiar with the install, the final steps of setup are to ask for a login name and machine name. I enter that information, then specify passwords on the next part of the setup, then lastly the timezone selection. Then Windows prepares the desktop, and the install looks complete.

THEN, within 30 seconds, Windows automatically logs out and shuts down (i.e. clears the desktop and shows "Windows is shutting down" {or similar} message). It's sort of like when pressing the power button on some setups (for like 1 second, not the 5 seconds hard shutdown), which induces the shutdown procedure for Windows (depending on the setup, bios settings, etc). I believe there are some other conditions which might cause Windows to auto-shutdown, perhaps like overheat detection? Or perhaps over-the-network shutdowns, except I've intentionally not plugged in the Ethernet during the installation.

Just installing Windows alone is fairly hardware intensive, how can it make it all the way thru the entire installation, then only stay afloat for 30 seconds after the first login? This problem is so consistent. I've re-installed more times then I can remember now (with a few variations,... Read more

A:Win7 auto logoff and shutdown after completed clean install

It would not be in the media at all if it's post-install, so let's look at hardware and specifically the BIOS settings first. As it's a new mobo you'll have EFI firmware. What are the exact settings offered and set now for CSM, Legacy BIOS, UEFI, EFI, Secure Boot and BIOS Boot Priority order? Pictures will help: Screenshots and Files - Upload and Post in Seven Forums - Windows 7 Forums

In addition study all of the BIOS settings by reading the help caption for each on the right as you highlight each. Refer to the Manual on the mobo's Support Downloads webpage as well.

Is only one HD plugged in and has it been wiped first of all code? If not work through the steps to Troubleshoot Windows 7 Installation Failures - Windows 7 Help Forums.

After install, unplug the flash stick and DVD drive to eliminate it as suspect.

Try install with only one RAM stick, the if problem persists power down to swap RAM sticks to the other. Reconfirm these RAM sticks are spec'd precisely via the mobo Manual.

Since you already ruled out the mobo most likely, withdraw each other piece of hardware to test without it.

I don't think you can ignore having a CPU which ran for any time without its fan and then finding the fan cable entwined in its blades. This should be swapped out to test it if nothing else helps.

Read other 9 answers
RELEVANCY SCORE 53.6

Hi, I'm having a problem with pesky malware of some kind. It started with bogus "Windows Security Alert" messages, "Antivirus Software Alert" and "Infiltration Alerts", and "Security Warning / Application cannot be executed. The file xxxx.xxx is infected. Do you want to activate your antivirus software now?". It would also redirect me to different websites in IE8.Based on that info, I found the sticky forum on here that deals with that virus, and I ran RSKill, MalwareBytes, and also Spybot, etc. but the problems come back after the next reboot. I ran through the removal routine several times, but it keeps coming back.At the present time, the computer takes a very long time loading upon reboot, and IE8 blanks out whatever site address I type in -- it replaces the address with "http:///" and returns with a "the address is not valid" page. At the moment, the "Infiltration Alerts" are not happening, so I don't know if that first virus is gone, but it let another one in the door in the meantime, or if this is just a different manifestation of the original virus?I tried running DDS.SCR program as asked in the Preparation Guide. But it just flashed me the little black window with the DDS introduction for a few seconds, but never gave me the DDS.txt or Attach.txt results. I tried several times, without success.I was able to run the Gmer program on the second attempt. The first attempt ended after a... Read more

A:bogus Windows Security Alert messages, Infiltration Alerts, Security Warnings

Hello johntee, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post. I will be analyzing your log. I will get back to you with instructions.

Read other 39 answers
RELEVANCY SCORE 53.2

main.txt

Deckard's System Scanner v20071014.68
Run by Chris on 2007-10-15 22:09:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-10-16 02:09:29 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-10-15 03:10:50 UTC - RP2 - Installed Ad-Aware 2007
1: 2007-10-15 02:15:10 UTC - RP1 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:09:36 PM, on 10/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOW... Read more

A:Security Toolbar 7.1 + Security Alerts 4 dif. viruses(HJT log and panda log included)

extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 503.48 MiB / 304.72 MiB
Pagefile Memory (total/avail): 1228.8 MiB / 1039.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 24.42 GiB free.
D: is CDROM (UDF)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800EB-00DJF0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE1 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE2 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE3 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE4 - eM Bay Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris\Applicatio... Read more

Read other 8 answers
RELEVANCY SCORE 53.2

I recently inadvertently let in a virus that called itself XP Total Security. I am using Windows XP and was using Microsoft Security Essentials for Protection.OOPS!
After using another computer to search Bleeping Computer Forums, I managed to download RKill and Malwarebytes. I have ran both several times. Malwarebytes seems to remove the virus but when I re-boot it is back but with a different name. Now it is Windows Security Alerts. It has also hijacked by browser and will not let me do normal searches in my browser(Firefox) without re-directing to various other sites. I'm not sure what else to try. Now whatever the virus is - it is affecting non-web usage. While working on documents in Word or Excel, my computer will freeze and the only way I can move is to power down and then power back up.

A:Virus started as XP Total Security now Windows Security Alerts

I have also now tried Spybot and AVG. Even though they say they find trojans to remove - I am still having massive problems. Most of the time I can not log onto the internet and when I try to use System Restore - it either doesn't open or I get a pop up box that says System Recovery will not help me and then it exits. Please can anyone help?

Read other 2 answers
RELEVANCY SCORE 52

I'm pretty infested as of now... Not sure what to do, I ran AVG, Avast and I will run ad-aware soon(updating). I have scanned with ComboFix VundoFix and HJT

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:34:30 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program File... Read more

A:Spyware Help[Security Bar 2.7, pop-ups,false security alerts]

Hi, Nguyen

Welcome.

Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop

File::
C:\WINDOWS\system32\azrjvfbt.dll
C:\WINDOWS\system32\tmvshoqp.exe
C:\WINDOWS\system32\dtanmduu.exe
C:\WINDOWS\system32\rybasvqx.exe
C:\WINDOWS\system32\utbksejc.exe
C:\WINDOWS\system32\uquglcmp.dll
C:\WINDOWS\system32\pvhnpkfk.exe
C:\WINDOWS\system32\obxkkljl.dll
C:\Program Files\Hammer.dll

Folder::
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\que1
C:\WINDOWS\system32\hap1
C:\WINDOWS\system32\comms2
C:\temp\xOe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C16A180-5C20-4D22-947E-2271579EBF20}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\azrjvfbt]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wind... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

Hi,

I am new to this forum, and it seems to be a great place to find answers about a lot of things.
And that's good because I happen to have a problem ;).

Well, I have a cable internet connection on my laptop. Often now since a few days, I get disconnected and reconnected to the internet. It happens quite often and each time it's a very short cut in time but enough to break downloads, ip phone communication, chat etc... VERY annoying!

I went to see the event log abnd found that appearing pretty much each time I get disconnected !

Log :

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 2/16/2006
Time: 6:27:30 AM
User: NT AUTHORITY\LOCAL SERVICE
Computer: HP-PAVILON
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}

The process seems to be "Advapi"... What is that ? Looking on the net, it seems that there is a windows composante with this name... but is it the same... ? Do I have a virus ?
What should I do ?

Thanks for any help.
Fab

PS : my OS is Windows XP

A:Problem Logon/logoff Security

Hello toimprovelife and welcome to BC.Advapi32.dll is a valid windows file but in looking around I find advapi seems to be variously described as a backdoor trojan. F-Secure Anti-Virus 2006 calls it Backdoor.IE_Patch. The first link will let you download a trial version that no doubt will remove it as it is recognized by that company.What anti-virus/anti-malware programs do you run now?

Read other 3 answers
RELEVANCY SCORE 51.6

I am having a major problem. Pop ups saying windows sercurty alert and antivirus software alert. I've had this before, last time went through run - regedit, which took me to something with users hkey? i removed something and the downloaded malwarebytes which removed it.

this time it won't let me use run, says everything is infected. can run malwarebytes as that is aparently infected aswell. won't let me on internet, i'm having to use a friends computer to write this! i just don't know what to do please someone help me
 

Read other answers
RELEVANCY SCORE 51.6

I get literally hundreds of antivirus notifications (Symantec Antivirus) every single day. In the past 5 hours I've got 66. I've scanned my computer a few times, and no viruses were found. However Symantec keeps going through my temp folder and finding trojans, and I don't know what to do.Also, GMER didn't run with full settings enabled. All settings except Services, Registry, Files, and ADS were grayed out. I don't know why.Thank you guys in advance for your help.BTW, here's one of the antivirus alerts (they're all the same but differ in action taken and name of the file and location [temp folder or quarantine] ):Scan type: Auto-Protect ScanEvent: Risk Found!Security risk detected: Trojan.GenFile: C:\Users\Aditya\AppData\Local\Temp\DWH4360.tmpLocation: C:\Users\Aditya\AppData\Local\TempComputer: ADITYA-PCUser: AdityaAction taken: Pending Side Effects Analysis : Access deniedDate found: Monday, November 01, 2010 10:06:26 PMDDS (Ver_10-10-31.01) - NTFS_AMD64 Run by Aditya at 5:33:48.08 on Tue 11/02/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4027.2021 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Wind... Read more

A:Multiple Antivirus alerts

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

Read other 18 answers
RELEVANCY SCORE 51.2

Hi,I'm working on a friend's computer that has a fake antivirus.Internet proxy appears in LAN settings and has to be deleted to access web. Security programs blocked without going into safe mode. SAS portable Scan finds a cookies and a registry that returns after restart. Offers to "activate" antivirus return.Help appreciated!DDS and gmer logs includedThanks!bwebDDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by SoEmerson at 21:32:16.89 on Mon 05/17/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_15Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.2409 [GMT -4:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -... Read more

A:Fake antivirus alerts and offers

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 12 answers
RELEVANCY SCORE 51.2

My flash drive got infected someplace. Now my machine gets stuck before showing dialog. Antivirus giving me "Tidserve Requested" messages. Need Help!DDS (Ver_10-03-17.01) - NTFSx86 DSREPAIR Run by cc_madelg at 23:03:43.23 on Wed 04/21/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.2216 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.e... Read more

A:Receiving Tidserv alerts from my antivirus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 9 answers
RELEVANCY SCORE 51.2

My son has done some serious damage here...he clicked on something or went somewhere and now I have hundreds of alerts telling me I have multiple infected files. Please help! This computer has all of my business software on it and I am sunk for now.

I tried the Malwarebytes application to no avail. Also, while I am online, I get random sites popping up in internet explorer.

Thanks in advance for any help you can give.

shane

A:Hundreds of Antivirus alerts popping up EVERYWHERE

Hello, if by "to no avail" you mean it will not run then run RKill first them MBAM.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.Post back the MBAM log.

Read other 1 answers
RELEVANCY SCORE 50.4

Out of nowhere while visiting sites while doing research on Google, I received a Fake Antivirus alert and popups that ground my laptop to a standstill. It's an HP Pavilion with Win XP Media Version. My problem is the same as another post:

http://www.techsupportforum.com/f284...ed-457584.html

Initially, I could not run anything, but have since been able to stop the process that is generating the popups so that I can run other programs.

I don't see the final steps of the procedure in the post.

Thank you for your help.

A:Fake AntiVirus, Popup Alerts -- Similar to

Hi -

The steps you see posted there are only to get initial analysis logs. Follow the rest of the steps to produce the required logs.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 50.4

Hi

i typed: expand d:\i386\userinit.ex_ c:\
then copy c:\userinit.exe c:\wimdows\system32\

then i was able to log back into windows but now I've lost all my original desktop settings and programs. How do i get that back?

Your help would be appreciated

Thanks
 

Read other answers
RELEVANCY SCORE 50

VUNDO INFECTION SYMPTOMS1. This pop up alert comes up every now and then:"Attention! Your PC is in danger.Your system requires AV check!Av Check will perform a quick and free scan of your PC."Then, it creates a new tab in Firefox, redirecting me to a website which looks like a fake antivirus program performing a scan.2. Every time I perform a Google search and click on a result, it redirects me to other search websites/possible scams.3. Vista?s link to Windows Update does not work and when I attempt to go to it manually through my browser, it gives me an error that the webpage cannot be displayed.4. I attempted to follow the prep guide instructions but, while using GMER to scan, a blue screen comes up which says an error has occurred. It then tells me something similar to: "A process or thread crucial to the system unexpectedly exit or has been terminated. If this is the first time, restart the computer. If this reoccurs, check for disabled hardware. Or, check for BIOS updates." However, each time I tried to write this down word-for-word, my computer automatically restarted within 30 seconds. Thus, I restarted my computer and performed the scan again. The blue screen stopped my scan and restarted my computer a total of 3 times. I never finished the scan.MORE INFORMATIONI use Sophos Anti-virus but noticed it wasn't starting up automatically/performing scans or updates for at least a week now. On Sunday, May 16th, I installed AVG Anti-virus Free... Read more

A:Antivirus pop up alerts / Search redirects / Vundo Infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable ... Read more

Read other 19 answers
RELEVANCY SCORE 50

Hello

Win XP SP3 wireless card and wireless router

Started with Antivirus 2010, now that does not show up
Now has false Microsoft Security Essentials Alert screens (never installed MS Security Essentials)

cannot run Malwarebytes anti malware stops any scan aft 2-3 secs, then MalWareBytes is not accessible unless reinstalled

HiJackThis installed but does not allow log to appear more than 1 second.

AVG 8.5 found some Trojan activity and quarantined
AVG now clean but problems persist

Some new folders appeared in Program Files folder that are not recognized
like
XEROX, sub-folder NWWIA
NWWIA empty but cannot be deleted

I use Eusing Registry cleaner regularly.
Now it shuts down when scanning at Windows Services. If that is skipped it runs OK.

I have used Bleeping computer once before in 2008. I can follow instructions. I have another clean laptop running Vista Home 32

George Persico

A:Antivirus 2010 and false MSSecurity Essentials Alerts

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 2 answers
RELEVANCY SCORE 50

So recently our computer has been extremely slow. We have comcast and when we try to open our main page for the computer, it takes a very long time. We called in to the service center and told them about it, and they said that our computer is probably infected with spyware. Also, we have been getting a Security Alert from Norton Anti-Virus telling us that a remote system is trying to access our computer from some IP address from some port and whatnot.

So my question is, could someone do a run on my computer and tell me if we have anything that would be slowing down our internet or causing our Anti-Virus to trigger?

Also, I went to the Sticky "Posting for help" thread, and when I tried to download hijack this, the link supplied brought me to something funny, so I will need a working link to hijack this.--Nevermind

Your help is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:07:03 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\C... Read more

A:Curious Norton-Antivirus Alerts and slow Internet

Read other 15 answers