Over 1 million tech questions and answers.

Virus Alert beside clock / popups

Q: Virus Alert beside clock / popups

Good afternoon.

I have an issue with my computer (obviously). My clock is now showing up with VIRUS ALERT! beside it. My homepage has also been hijacked to hxxp://pc-antispypro.com/?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2

Please let me know if there is anything you can do to help me out, I have run a number of antispyware scans and have run my Norton a number of times and haven't been able to get rid of this so far, so I figured it was time to try to get some help before I spend many more hours and getting no where on my own.

This is the first time I've had to ask for assistance on this sort of issue, so please let me know if you require any further information.

A big thank you in advance for any assistance you can provide.

Here is the log file from RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by agordon at 2008-10-28 15:51:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (29%) free of 74 GB
Total RAM: 1014 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:55, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\agordon.STREAMLINEFOODS\Desktop\RSIT.exe
C:\Documents and Settings\agordon.STREAMLINEFOODS\Desktop\agordon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7CE2E843-8DBF-4E53-9BB3-0F85C0BE4455} - C:\WINDOWS\system32\wvUNfcBQ.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {C1D374E2-506D-4307-A363-ABB1774822F8} - C:\WINDOWS\system32\xxyxwUmL.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [968414c5] rundll32.exe "C:\WINDOWS\system32\xfuufoal.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Amazing%20Adventures%20Around%20the%20World/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photogize.com/bponet/Phot...eUploader4.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Amazing%20Adventures%20Around%20the%20World/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = streamlinefoods.local
O17 - HKLM\Software\..\Telephony: DomainName = streamlinefoods.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = streamlinefoods.local
O20 - AppInit_DLLs: hprsfi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wvUNfcBQ - wvUNfcBQ.dll (file missing)
O21 - SSODL: wvbegpqs - {34A23768-C9B3-4669-941D-039946000B47} - C:\WINDOWS\wvbegpqs.dll
O21 - SSODL: wfexqnrp - {8DDA5206-7A7B-4349-BA4A-F79C2AA2F56B} - C:\WINDOWS\wfexqnrp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9505 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Email Backup.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CE2E843-8DBF-4E53-9BB3-0F85C0BE4455}]
C:\WINDOWS\system32\wvUNfcBQ.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-01 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-07 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1D374E2-506D-4307-A363-ABB1774822F8}]
C:\WINDOWS\system32\xxyxwUmL.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-01 2554944]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"968414c5"=C:\WINDOWS\system32\xfuufoal.dll [2008-10-28 75392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\968414c5]
C:\WINDOWS\system32\xfuufoal.dll [2008-10-28 75392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
C:\Program Files\Launch Manager\CtrlVol.exe [2003-09-16 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eLockMonitor]
C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\agordon.STREAMLINEFOODS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-08-24 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-08-24 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
C:\Program Files\Launch Manager\LaunchAp.exe [2005-07-25 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files\Launch Manager\HotkeyApp.exe [2006-04-19 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
C:\Program Files\Launch Manager\OSDCtrl.exe [2005-07-25 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-08-24 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-20 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preload]
C:\Windows\RUNXMLPL.exe [2005-05-19 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-02-29 1481968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-01 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
C:\Program Files\Launch Manager\Wbutton.exe [2006-04-20 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds]
C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-05-27 4269296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^agordon^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
C:\Acer\EMPOWE~1\ACEREM~1.EXE [2006-08-03 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2008-10-07 161264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe yahoomusicengine -preload []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"WLSetupSvc"=3
"gusvc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="hprsfi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUNfcBQ]
wvUNfcBQ.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
wvbegpqs - {34A23768-C9B3-4669-941D-039946000B47} - C:\WINDOWS\wvbegpqs.dll [2008-10-28 282624]
wfexqnrp - {8DDA5206-7A7B-4349-BA4A-F79C2AA2F56B} - C:\WINDOWS\wfexqnrp.dll [2008-10-28 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]
"{7CE2E843-8DBF-4E53-9BB3-0F85C0BE4455}"=C:\WINDOWS\system32\wvUNfcBQ.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\xxyxwUmL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Documents and Settings\agordon\Local Settings\Temp\pft36.tmp\hpjsi.exe"="C:\Documents and Settings\agordon\Local Settings\Temp\pft36.tmp\hpjsi.exe:*:Enabled:HP Install Network Printer Wizard"
"C:\Documents and Settings\agordon\Local Settings\Temp\pft39.tmp\hpjsi.exe"="C:\Documents and Settings\agordon\Local Settings\Temp\pft39.tmp\hpjsi.exe:*:Enabled:HP Install Network Printer Wizard"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"D:\Personal\Vuze\Azureus.exe"="D:\Personal\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-10-28 15:51:49 ----D---- C:\rsit
2008-10-28 15:48:17 ----A---- C:\WINDOWS\gmer.ini
2008-10-28 15:48:16 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-10-28 15:48:16 ----A---- C:\WINDOWS\gmer.exe
2008-10-28 15:48:16 ----A---- C:\WINDOWS\gmer.dll
2008-10-28 15:21:47 ----D---- C:\Documents and Settings\agordon.STREAMLINEFOODS\Application Data\Autodesk
2008-10-28 15:21:32 ----D---- C:\Program Files\RogueRemover FREE
2008-10-28 15:00:19 ----A---- C:\smitfiles.txt
2008-10-28 13:05:27 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-28 13:05:13 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-28 13:05:12 ----D---- C:\Documents and Settings\agordon.STREAMLINEFOODS\Application Data\SUPERAntiSpyware.com
2008-10-28 12:11:27 ----SH---- C:\WINDOWS\system32\laofuufx.ini
2008-10-28 12:11:22 ----A---- C:\WINDOWS\system32\xfuufoal.dll
2008-10-28 12:10:53 ----A---- C:\WINDOWS\system32\9da7d0bb-.txt
2008-10-28 12:10:29 ----ASH---- C:\WINDOWS\system32\LmUwxyxx.ini2
2008-10-28 12:10:29 ----ASH---- C:\WINDOWS\system32\LmUwxyxx.ini
2008-10-28 11:58:48 ----D---- C:\Documents and Settings\agordon.STREAMLINEFOODS\Application Data\TmpRecentIcons
2008-10-28 11:58:26 ----N---- C:\WINDOWS\wvbegpqs.dll
2008-10-28 11:58:26 ----N---- C:\WINDOWS\wfexqnrp.dll
2008-10-28 11:58:26 ----A---- C:\WINDOWS\enxa.exe
2008-10-28 11:58:26 ----A---- C:\WINDOWS\emnvoqgx.exe
2008-10-28 11:58:04 ----D---- C:\Program Files\TS-2009
2008-10-28 11:41:58 ----D---- C:\Documents and Settings\agordon.STREAMLINEFOODS\Application Data\WinRAR
2008-10-28 11:41:47 ----D---- C:\Program Files\WinRAR
2008-10-28 09:17:40 ----D---- C:\Documents and Settings\agordon.STREAMLINEFOODS\Application Data\DVD Flick
2008-10-28 09:17:33 ----D---- C:\Program Files\MKV to DVD Converter
2008-10-27 21:21:16 ----D---- C:\Program Files\AviSynth 2.5
2008-10-27 21:20:53 ----D---- C:\Program Files\Avi2Dvd
2008-10-24 08:07:38 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 22:02:54 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 22:02:47 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 22:02:40 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 22:00:05 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 21:59:52 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-14 13:08:39 ----D---- C:\Documents and Settings\agordon.STREAMLINEFOODS\Application Data\SpinTop Games
2008-10-14 12:45:04 ----D---- C:\Program Files\Peggle Nights
2008-10-14 12:39:08 ----D---- C:\Program Files\Amazing Adventures Around the World
2008-10-14 12:39:08 ----D---- C:\Documents and Settings\agordon.STREAMLINEFOODS\Application Data\SpinTop
2008-10-08 09:09:27 ----D---- C:\Program Files\Microsoft Bootvis
2008-10-07 14:03:37 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-07 11:49:29 ----D---- C:\Documents and Settings\agordon.STREAMLINEFOODS\Application Data\OpenOffice.org2
2008-10-07 09:45:30 ----A---- C:\WINDOWS\KRON999.INI
2008-10-06 14:15:33 ----D---- C:\Documents and Settings\agordon.STREAMLINEFOODS\Application Data\DVDFab
2008-10-02 08:03:33 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-01 20:46:38 ----A---- C:\WINDOWS\system32\558.exe
2008-10-01 20:46:35 ----A---- C:\WINDOWS\system32\load.exe
2008-10-01 20:46:32 ----A---- C:\WINDOWS\system32\7002_49tnemele.exe
2008-09-29 13:27:50 ----D---- C:\Documents and Settings\agordon.STREAMLINEFOODS\Application Data\Help

======List of files/folders modified in the last 1 months======

2008-10-28 15:11:04 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2008-10-28 15:04:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-28 14:21:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-28 13:49:36 ----RSH---- C:\boot.ini
2008-10-28 13:49:36 ----A---- C:\WINDOWS\win.ini
2008-10-28 13:49:36 ----A---- C:\WINDOWS\system.ini
2008-10-28 09:14:24 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-20 15:25:00 ----A---- C:\WINDOWS\KRON998.INI
2008-10-15 22:03:00 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 12:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 13:41:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-29 13:43:02 ----A---- C:\WINDOWS\KRON990.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-06-01 21275]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081023.041\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081023.041\navex15.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-04-13 6144]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-12 47360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-23 162176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\Documents and Settings\agordon.STREAMLINEFOODS\Desktop\VCdRom.sys []
S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []
S2 DS1410D;DS1410D; C:\WINDOWS\SYSTEM32\drivers\DS1410D.SYS [1997-08-07 7328]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 CA561;ICatch VI PC CAMERA; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2004-11-29 122928]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-28 85969]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-11-02 32512]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-25 611664]
R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-02 198336]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-08-29 20480]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-12-30 126976]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-11-02 86016]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

RELEVANCY SCORE 200
Preferred Solution: Virus Alert beside clock / popups

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Virus Alert beside clock / popups

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Read other 11 answers
RELEVANCY SCORE 78.8

Hi,

This is my first post here, and my computer appears to be infected.

The Symptoms:
-- The desktop has "disappeared" and is replaced by a blank blue screen. The icons on the desktop are all gone.
-- There is no "bar" at the bottom: no start button, no task bar, no clock, no indications of open programs. i.e., the entire screen is blue.

-- However, the situation is different right after I start-up.
-- At first, I see all my programs. Sometimes I see the task bar and start button, clock, etc., sometimes not.
-- But something is wrong even then. The computer is slow. And I know desktop will not last long. Sometimes if I am quick I can double click on a desktop icon before the desktop disappears.
-- Sometimes there is a "transition" period. For a few seconds I'll see the desktop, then for a few it will go "all blue".
-- When it is "all blue", I can still get into programs. If I open up the task manager, I can click on the "New Task ..." button under the "Applications" tab.
-- I can still work with documents, but thinks are slow.
-- When I start in safe mode, I still have the problem of the missing desktop.

Other Signs:
-- When I can see the clock, it says "VIRUS ALERT!" followed by the time. My google searches inform me that this is a common symptom.

What I have done so far:
-- I've done the Norton "Quick Scan" -- found something the first time, and fixed i... Read more

A:Fake Anti-virus -- No Start Menu/task Bar/clock -- Or Has "virus Alert" At Clock

Welcome to BC no_more_virusIf you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix". This program is for Windows 2000/XP ONLY.-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.To fix the policy restrictions created by this infection, please open the SDFix folder or download XP_CodecRepair.inf and save it to your desktop. for Windows XP ONLY. Right-click on XP_CodecRepair.inf and select Install from the Context menu.Note: To download the .inf file, go to File, choose "Save page as" All Files and save XP_CodecRepair.inf to your desktop.Then log off or reboot to apply the changes.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has f... Read more

Read other 3 answers
RELEVANCY SCORE 68

Okay, I admit I was dl torrents and now Im in some trouble. I had my many virus protection programs running. As soon as I ran a recently dl program. All my vp programs went nuts! It stopped most of them but my search, control panel, run and my comp are missing. So, im in desperate need of some help. Thnx in advanced.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Diana\Application Data\inst.exe
C:\WINDOWS\erem.exe
C:\WINDOWS\SYSTEM32\fhiPoUvw.ini
C:\WINDOWS\SYSTEM32\fhiPoUvw.ini2
C:\WINDOWS\SYSTEM32\svevsbly.ini
C:\WINDOWS\system32\ylbsvevs.dll
.
---- Previous Run -------
.
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-13 17:26 . 2008-07-13 17:26 116,864 --a------ C:\WINDOWS\SYSTEM32\mmmghb.dll
2008-07-13 17:26 . 2008-07-13 17:26 116,864 --a------ C:\WINDOWS\SYSTEM32\hjjcbnwq.dll
2008-07-11 11:27 . 2008-07-11 11:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-11 09:46 . 2008-07-11 09:46 321,792 --a------ C:\WINDOWS\SYSTEM32\wvUoPihf.dll
2008-07-10 11:32 . 2008-07-10 11:32 <DIR> d-------- C:\Program Files\SymNetDrv
2008-07-10 00:34 . 2008-07-10 11:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-10 00:34 . 2008-07-11 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Applicati... Read more

Read other answers
RELEVANCY SCORE 68

hi all...a past few days my comp. affected with XP antivirus 2008..i've scan with Malwarebytes' Anti-Malware.but now beside my clock still got "virus alert"..can anyone hel me to slove this problembelow is my HijackThis..tqLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:25: VIRUS ALERT!, on 7/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\PC Tools Internet Security\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exeC:\Program Files\Creative\MediaSource\GO\CTCMSGo.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\Program Files\... Read more

A:Virus Alert Beside My Clock

HiFirst ... as you've run Malwarebytes' Anti-Malware ... please post the log THEN ...Download Deckard's System Scanner (formerly Comboscan) to your Desktop.Note: You must be logged onto an account with administrator privileges.1. Close all applications and windows. 2. Double-click on dss.exe to run it, and follow the prompts. 3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized 4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.5. Then do the same with extra.txtNote: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txtPlease remember to post both txt files ...Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.THEN ..Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My Co... Read more

Read other 2 answers
RELEVANCY SCORE 68

i let my friend on my computer while i was at work, came home computer is screwed up /sighControl Alt Delete Disabledfiles are hiddenClock has a VIRUS ALERT Beside itSafemode works.i ran these following programs in safemode.Malware Bytes - Anti MalwareAd-ware Personal - SpywareAd-ware 2008 AVG?? Cannot run for some reason.Search and DestroyA-squaredSDFixSmitfraudFixPlease help, thanks, Morth.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:52:59, on 7/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware2008\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0ZR5LBX4\HiJackThis[1].exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: {c1e31e8c-a12e-d8a8-1eb4-bba4f8dc0e11} - {11e0cd8f-4abb-... Read more

A:Clock - Virus Alert? - Hj Log

Bump

Read other 4 answers
RELEVANCY SCORE 68

Hi,I was downloading a keygen the other day and I got a virus where it displays "Virus Alert" on the clock and it changed all the setting in my computer. I was able to resolve a lot of it. The only one that I have left is the wall paper setting. When I tried to change the wall paper setting. i got the following error... file:///C:/Windows/privacy_danger/indexi have posted the Hijackthis log below. hopefully, somebody could help...thanks....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:18:10 PM, on 8/30/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Dell Network Assistant\hnm_svc.exeC:\Program Files\Common Files\LogiShrd&... Read more

A:Virus Alert On Clock

HiPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew HijackThis log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 2 answers
RELEVANCY SCORE 68

I had a virus alert next to the clock in addition to numerous other problems. Saw the fix here with using Malwarebyte's Anti-Malware, installed the program and ran it. It found numerous problems and fixed them, however I still have some issues. My wallpaper is gone. It shows up after booting then just goes to white. Also, on booting I get the message "cannot find 'file:///c:/Windows/privacy_danger/index.htm' " The computer is running much better and it appears that the Malwarebyte's program fixed most things but not all. Any more suggestions? I ran the program twice and it did find another problem the second time. I did reboot. Should I try a complete scan? Here are the logs:

First time:Malwarebytes' Anti-Malware 1.26
Database version: 1126
Windows 5.1.2600 Service Pack 3

9/7/2008 8:43:44 PM
mbam-log-2008-09-07 (20-43-44).txt

Scan type: Quick Scan
Objects scanned: 49284
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 15
Registry Values Infected: 29
Registry Data Items Infected: 13
Folders Infected: 1
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\efcDwUKB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wregiimn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\xwnldn.dll (Trojan.Vundo) -> Delete on reboot.
... Read more

A:Virus Alert Next To Clock

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow key... Read more

Read other 12 answers
RELEVANCY SCORE 68

Recently on my computer I have had these warnings pop up. One is a flashing triangle with an exclamation point in it and it says "System Alert: Popups - Your computer is infected with spyware managing pop-up malware (OHPE ver 4.12_23). Click the icon to learn more on what you can do about pop-up windows and other unwanted software." and then there is another icon that is a flashing red warning circle that turns into a green arrow. It opens up the SpyFalcon website. My HJT log has been moved to the HJT Forum.

I hope someone can help me.
Thanks.

A:Virus Alert And System Alert: Popups Warnings

Read Grinler's SpyFalcon removal instructions at:http://www.bleepingcomputer.com/forums/ind...yFalcon+RemovalAlso,post your HJT log in the HJT forum NOT anywhere else.

Read other 3 answers
RELEVANCY SCORE 67.2

Hi, any help anyone can give me is greatly appreciated. I have this virus that changed my system clock to military time, won't let me bring up my computer and has put a VIRUS ALERT! next to the system clock. Again any help would be much appreciated. My hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:32: VIRUS ALERT!, on 9/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Comodo\CBOClean\BOCORE.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\WINDOWS\system32\LxrJD31s.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC... Read more

A:Virus Alert Beside System Clock

Hi John05, Welcome to the forums!My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:Please make an Uninstall List using HiJackThis.To access the Uninstall Manager you would do the following:1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.Lastly, please keep these points in mind:If you have questions, please DON'T hesitate to ask!The instructions I give are specific to your current problem and should not be used on other systems.Please post your replies only to this topic, and please DO NOT start a new thread.Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"I am reviewing your log now, and will be back wi... Read more

Read other 4 answers
RELEVANCY SCORE 67.2

I was infected by several trojans (including Smitfraud.C and Antivirus2008) yesterday, but managed to get rid of the worst of them with Spybot S&D, Onescan, Windows Defender, Ccleaner and SUPERAntiSpyware. The "VIRUS ALERT!" next to my Windows clock, however, can't seem to be removed. Also, I can't seem to access my C drive from My Computer. Would appreciate any/all assistance. Deckard's System Scanner v20071014.68Run by April Han on 2008-08-02 14:24:00Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --79: 2008-08-02 06:24:10 UTC - RP419 - Deckard's System Scanner Restore Point78: 2008-08-02 02:51:28 UTC - RP418 - Cleaned registry with Windows Live OneCare safety scanner77: 2008-08-01 19:20:41 UTC - RP417 - Windows Defender Checkpoint76: 2008-08-01 18:11:37 UTC - RP416 - Installed SUPERAntiSpyware Free Edition75: 2008-08-01 17:59:29 UTC - RP415 - Windows Defender Checkpoint-- First Restore Point -- 1: 2008-08-01 03:12:48 UTC - RP341 - Software Distribution Service 3.0Backed up registry hives.Performed disk cleanup.-- HijackThis (run as April Han.exe) -------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:25: VIRUS ALERT!, on 8/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Interne... Read more

A:"virus Alert!" Next To Windows Clock

Hello Widowpoison and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is compl... Read more

Read other 6 answers
RELEVANCY SCORE 67.2

I was getting the virus alert in the clock area and was getting a lot of pop ups for virus scans. I read some of the forms and down loaded the Malwarebytes' Anti-Malware and ran some others as well. I was able to change the clock after getting the control panel and start menu back. I think I have everything taken care of but my firewall is turn off and I cant turn it on because of group Policy. I beleave that this can be cured buy the XP_CodecRepair.inf. You said that the link was taken away and I should start a new topic to resolve my problem. Thank you for all your help with this.

Read other answers
RELEVANCY SCORE 67.2

My computer has been infected with some pop-up message trojans or viruses. It has at least two visible problems: one is that the system clock now displays both the time and a message "VIRUS ALERT!" right after the time. The other problem is that various pop ups from both reputable and non reputable companies keep invading my IE. Last night a VIRUS ALERT! sign appeared on a message someone sent me on messenger, I have run AVG, ADAWARE, C Cleaner and SPYBOT in the safe mode but to no avail. The VIRUS ALERT! sign seems to be getting more virulent and invading more of my computer. Should I run a Hijack Log? Has anyone any idea! I really would be grateful.

A:Virus Alert! Message In Clock.

Moving to Am I Infected

Read other 18 answers
RELEVANCY SCORE 67.2

My computer was recently infected by a trojan (Trj\Downloader) but I believe that it has been deleted. Now, I'm trying to restore affected programs (including my Start Menu for which All Programs will not appear). My concern at the moment, though, is that my clock is consistantly in Military Time with the words "VIRUS ALERT!" after them. I found a similar thread on this website concerning this problem and followed the instructions given there (download a program called dss.exe, run the scan feature, and post the logs of the scan). Now I have no idea how to read the scan and was hoping someone here could help me out. I just need the time in Central Time (US) and the "VIRUS ALERT!" message to go away. Is this possible?

Main.txt

Deckard's System Scanner v20071014.68
Run by Tonya on 2008-07-13 21:26:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-14 02:26:40 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-14 00:01:32 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Tonya.exe) -----------------------------------------------

Logfile of Trend Micro HijackT... Read more

Read other answers
RELEVANCY SCORE 67.2

virus alert is in my task bar. the clock is reading in the 24 hour mode. I downloaded hijack this and have a file saved. I'm hoping for some helpMod Edit: Topic moved from Windows XP to more appropriate forum~ TMacK

A:Virus Alert Is In My Task Bar Next To The Clock

Hi uoi, and welcome to BleepingComputer.Please read this guide before going any further.

Read other 1 answers
RELEVANCY SCORE 67.2

Hello.

A few days ago I accidentally downloaded some malware onto my computer. My computer had slowed to a crawl, I couldn't access my hard drive, I kept getting messages about viruses and spyware and the words "VIRUS ALERT!" appeared next to my clock.

After following some instructions I found on another thread, everything seemed to be back to normal. My computer is working at full speed, the pop-up messages have stopped and the "VIRUS ALERT!" message has disappeared.

But I still can't access my hard drive. Does this mean I'm still infected with something or do I need to sort something out in my computer settings?

I would be very grateful for any help with this.

A:VIRUS ALERT! next to clock: Aftermath

What exactly do you mean by "still can't access my hard drive"? Can you provide more information. How are you trying to access the hard drive? Do you get any error messages?

Read other 4 answers
RELEVANCY SCORE 67.2

Good evening, eveyone.

I have a VIRUS ALERT! message next to my time clock which has been changed to military time. I ran symantec norton antivirus, windows defender and also spybot, none of which got rid of the message or changed my time clock back. When I go to my computer, I do not see any of my drives either. Please help me to fix this. I've been working on it for two days and I'm getting frustrated.

Thank you in advance.

Tweety

A:Virus Alert! Next To Time Clock

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

Read other 6 answers
RELEVANCY SCORE 67.2

Have VIRUS ALERT! on time clock tool bar and has been converted to military time. How to fix?

Results of scan:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-12 09:34:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
35: 2008-07-12 13:34:10 UTC - RP323 - Deckard's System Scanner Restore Point
34: 2008-07-09 00:57:37 UTC - RP322 - System Checkpoint
33: 2008-07-06 03:48:13 UTC - RP321 - Installed AVG 8.0
32: 2008-07-06 03:47:24 UTC - RP320 - Removed AVG 8.0
31: 2008-07-05 20:36:32 UTC - RP319 - Avg8 Update


-- First Restore Point --
1: 2008-04-08 16:25:17 UTC - RP289 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-12 09:35:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-A... Read more

A:VIRUS ALERT! on time clock

Hello and welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------


Quote:




C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AIHEOGZP\dss[1].exe




Please note that tools are best Run from the Desktop. Easier to find and perform specialized functions which may be required.

Save to the Desktop and then Run f... Read more

Read other 1 answers
RELEVANCY SCORE 67.2

I know you are prolly getting tired of this on but here it goes. I have the virus alert in the bar by the clock and some start menu items are missing or locked by admin,i am the admin. No control panel and IE is FUBAR. My whole system is EXTREAMLY slow . I keep getting alerts from SpyWare Dr. about Explorer.exe trying to write to the registery but Spyware Dr. stops it.

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59: VIRUS ALERT!, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CyberLink\PowerDVD8... Read more

A:Virus Alert in taskbar next to clock

Welcome to TSG
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Before we start with the fix, we need to fix the restrictions.
Navigate to the SDFix folder (usually C:\SDFix).
Right-Click on XP_CodecRepair.inf OR W2K_CodecRepair.inf depending on your Operating System.
XP for all versions of Windows XP and W2K for Windows 2000.
Click o Install
Your desktop may refresh a couple of times, don't be alarmed.
Please reboot into Safe Mode and follow the instructions below.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will rest... Read more

Read other 1 answers
RELEVANCY SCORE 67.2

Hi, I would appreciate any help with this..

i keep getting a popup that says :
“Windows Security Alert” warning:
windows has detected an internet attack attempt... somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to download spyware remover for total protections

I have Mcafee on the system but now I cannot change registry, my start menu is messed up (no icons) etc...
Here is my hijackthis log:
--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22: VIRUS ALERT!, on 10/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\svchostBT.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Netw... Read more

A:Solved: Virus Alert in clock

Thanks to the forum... this reply solved my problem.
http://forums.techguy.org/6175760-post2.html

--- here is the log from MalwareByte---
Malwarebytes' Anti-Malware 1.28
Database version: 1230
Windows 5.1.2600 Service Pack 2

10/5/2008 19:08:37
mbam-log-2008-10-05 (19-08-37).txt

Scan type: Quick Scan
Objects scanned: 56130
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 21
Registry Values Infected: 5
Registry Data Items Infected: 18
Folders Infected: 0
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBTJyXR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sbajslyg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ljJCrPIC.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\neksolda.dll (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\xgpsarbm.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{674855c3-b0b1-4413-9bb4-bfa6a9b5257b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjcrpic (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{674855c3-b0b1-4413-9bb4-bfa6a9b5257b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser H... Read more

Read other 1 answers
RELEVANCY SCORE 66.4
A:Solved: Virus Alert By System Clock

problem soved through another forum. thanks anyhows
 

Read other 1 answers
RELEVANCY SCORE 66.4

i have SuperAntiSpyware, MalwareBytes, and Avira installed trying to remove the virus to no avail.they do not find anything.the PC that im running is an XP SP3 machine with AMD athlon 1800+ @ 1.53GHz , 256 MB DDR ramI also have an HJT log saved if neededDDS LOGDDS (Ver_09-12-01.01) - NTFSx86 Run by TomlinJ at 2:50:36.34 on Thu 03/04/2010Internet Explorer: 7.0.5730.11============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2uSearch Page = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uWindow Title = Microsoft Internet Explorer provided by CompaquSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uDefault_Page_URL = hxxp://start.earthlink.netuDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.htmluSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7uSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=mSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\com... Read more

A:VIRUS ALERT! in system tray clock

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the to... Read more

Read other 6 answers
RELEVANCY SCORE 66.4

Hi,

These are the symptoms.

VIRUS ALERT! next to the tool bar clock
Control Panel and other options missing from the Start Menu
A Bugs screensaver (desktop is now blue, if left for 10/15 mins, little bugs start crawling across the screen.
Popups staing Vundo
Updates will not complete (yellow shield on tool bar)

Deckards log below. I would attach extra, but dont seem to have it. Sorry

Deckard's System Scanner v20071014.68
Run by philip on 2008-06-06 15:29:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-06 15:29:47
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\spool\drive... Read more

A:Vundo & VIRUS ALERT! by tool bar clock

Hello and welcome to TSF

Can you post the extra.txt from Deckard System Scanner, in you reply.

==========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please Do Not Attach logs to your posts unless you are advised to do so.

========

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

========

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and com... Read more

Read other 9 answers
RELEVANCY SCORE 66.4

Hi i am new to this site and have gone through "Preparation Guide for use before posting a HijackThis Log "I have shortcut links to 3 items appearing on my desktop everytime "Malware Defender, Protect your privacy, System Error fixer". Also the word "VIRUS ALERT!" appears on toolbar next to clock on right side. My computer would switch off, but i have managed to get to the point where its not switching off. I have no access to control panel, my computer, my documents, etc and progam list from start button, i only have access to "set program access and defaults" and "conect to" from start button, everything seems to have disappeared. I have ran spybot, ad Aware, avg, stinger, sygate firwall etc, but every time i switch the computer on virus or malware turns up again. Spybot always detects and remover the follwoing: NNC.MGRS, Microsoft.Windows.Explorer, Microsoft.Windows.System, Microsoft.WindowsSecurityCentre.RegistryTools, Microsoft.WindowsSecurityCentre.TaskManager, and most of all Smitfraud-C.CHANGED MY NAME TO USERNAME IN LOGLogfile of Trend Micro HijackThis v2.0.2Scan saved at 20:50, on 20/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\... Read more

A:VIRUS ALERT! on toolbar with clock, Smitfraud-C.

Hi

I'm sorry it took so long to get a reply. Forums have been very busy

If you still need help with this post a fresh hjt log, please.

Read other 2 answers
RELEVANCY SCORE 66.4

Hi,I've had an infection. I researched and performed the combofix/recovery tool programs and seem to be back to normal. Can you please check these logs and make sure there are no traces? Thank you in advance**EDIT**I also seem to not be able to establish an internet connection. I can do so with other laptops(the one I'm on) on the same wireless network, but cannot with the infected one, still.HIJACKTHIS LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:55, on 8/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Common Files�... Read more

A:Virus Alert In System Tray By The Clock

I've ran everything I know of to run.

It says I am connected to my wireless router. But Firefox or IE won't connect to anything.

Any ideas. I'm desperate

Thanks

Read other 3 answers
RELEVANCY SCORE 66.4

I have a message next to the clock saying virus alert, and pop ups appearing for internet explorer regarding homepage changes. i have run smitfraudfix superantispyware and spyhunter (subsequently finding the dll's which apparently were causing issues) and removed them, however the system still runs slowly and the message on the clock is still there ? your help is very much appreciated!
(and also the original pop up which no longer appears was a worm.win32.netbooster warning which i have understood to be a fake warning to con people into buying adaware software?)

(os is windows xp sp3)

A:Virus Alert Message On Toolbar Clock

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

Read other 8 answers
RELEVANCY SCORE 66

Hello, I was referred to post my problem here with a HJT log. I clicked on a file that changed my background and changed my clock to military time and it said "VIRUS ALERT" next to it. I followed the directions given to me by one of the moderators in the "Am I infected" forum. The clock is back to normal and it does not say virus alert anymore. However when I try to boot in regular mode, it usually just freezes at the desktop screen. I have run Malwarebytes, Superspy Search and destroy, installed zone alarms firewall, and avg antivirus. The Malwarebytes results with the same 4-6 infected files everytime I scan now. I will post that log along with the HiJackThis log. I appreciate any help I can get.Malwarebytes' Anti-Malware 1.28Database version: 1227Windows 5.1.2600 Service Pack 210/5/2008 4:32:12 PMmbam-log-2008-10-05 (16-32-12).txtScan type: Quick ScanObjects scanned: 54066Time elapsed: 5 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and dele... Read more

A:Military Clock Virus Alert Trojan.agent

Hello, dd198608. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoo... Read more

Read other 10 answers
RELEVANCY SCORE 66

I have a virus alerts and security alerts popping up and a loss of administrative ability. I also have a virus alert message where the clock is. I cant access alot of functions because of this. I managed to get a HJT log off of it (its a laptop). I cant remove any programs and i dont want to connect to the internet for fear of the malware downloading more stuff. I am transfering everything (HJT logs,programs you tell me to) with a flashdrive till I get this resolved.Hope you can help. You guys havent failed me yet. Heres my log.



Logfile of HijackThis v1.99.1
Scan saved at 13:59: VIRUS ALERT!, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost... Read more

A:Virus alert in clock area and no adminisrtaive ability

Hello and welcome to TSF

You are using an outdated version of Hijackthis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Do not post that log, instead, do this next:

============

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "... Read more

Read other 15 answers
RELEVANCY SCORE 66

Ugh, I hate Viruses. I knew when I clicked on this file it was a virus right away. At first it stripped my nice background image and gave this plain bluish backdrop and came up with virus warnings and many different virus scanner ads that wouldn't go away, they popup continuously. It took over my internet explorer and redirects it to download more viruses when it's opened. The system clock now says the time followed by "VIRUS ALERT!" in the lower right corner. I seem to have lost some icons, not sure what but there are definitely less on my screen now. Settings>Control Panel doesn't show up when you click on the start menu. I ran AVG and it found many different viruses and put them into the vault. Also ran Ad-Ware and stripped everything it found. Only thing left that I can think of is cleaning the registry but I need help in doing so. I'm not familiar with making adjustments to this critical file. Below I'm posting a copy from AVG and HijackThis.I'm having to use my business computer to surf the web for instructions on cleaning this garbage. I depend on this laptop for my wife?s online PhD courses any help would be greatly appreciated. How do we pay for your support? Donations? Box of flowers? Bow and kiss your toes? Give up my first son?DetailsThe laptop: HP Pavilion dv8000 Operating System: Windows XP Service Pack 2Ad-Ware Definitions File: 0117.000AVG Free version 8.0.169 Virus DB: 270.6.21/1669AVG scans over the last week or so: HijackThis information c... Read more

A:Virus Alert! In System Clock & Messed Up Registry

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 10 answers
RELEVANCY SCORE 66

Thought I had got rid of ushopper malware , but this pesky virus alert appears everywhere and has also meant that I have a popup saying I don't have genuine windows notfication etc. HELP! Have attached the log from HiJackthis

Logfile of HijackThis v1.99.1
Scan saved at 14:06: VIRUS ALERT!, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Ranger Remote Control\client32.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Google\Common\G... Read more

A:VIRUS ALERT added to clock on desktop toolbar

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entri... Read more

Read other 2 answers
RELEVANCY SCORE 66

Hi Forum, I'm new and have got a virus.
My taskbar has VIRUS ALERT! next to the clock, some stuff out of desktop and programs have disappeared.
Ran AdAware and Zonealarm, still not solved the problem, here is my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58: VIRUS ALERT!, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\WINDOWS\system32\wscntfy.exe
C:... Read more

Read other answers
RELEVANCY SCORE 66

I first had problems when Virus Alert! appeared next to the clock in windows, icons to various supposed spyware removal tools appeared on the desktop and internet explorer's home page defaulted to another supposed spyware removal site. Alongside general system instability and crashes and no access to the C or D drives.

I ran various scans with AVG and superANTIspyware with the latter showing up trojans which were nominally removed. I edited the registry regarding the clock as per these instructions http://miekiemoes.blogspot.com/2008/...o-restore.html
although I did not adjust the system properties.
I also used the VArestorepolicies.inf file from the above blog to regain access to drives.

Assuming it was the Zlob Media Codec issue I used SmitfraudFix from:
http://vpcsolutions.blogspot.com/200...ownloader.html which has appeared to have made the system more stable but still not properly usable.

Here is the HijackThis logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:18, on 19/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Pro... Read more

A:Partially resolved issues with Virus Alert! next to the clock.

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following
Download and Run RSITPlease download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:log.tx... Read more

Read other 2 answers
RELEVANCY SCORE 66

I have an infected computer which i am trying to clean, but I am not able to remove all of the viruses or reverse the corrupted settings. The Administrator account has no problems whatsoever, but the other users all have Virus Alert! next to the clock. Also, the Start menu does not have All Programs listed. And, when I press Ctr-Alt-Delete, I get a message that says the Administrator account removed premission to use the task manager. Here is my HiJack This log (main.txt)Deckard's System Scanner v20071014.68Run by Other user on 2008-06-23 16:09:39Computer is in Normal Mode.--------------------------------------------------------------------------------Total Physical Memory: 503 MiB (512 MiB recommended).-- HijackThis (run as Other user.exe) ------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:10:33 PM, on 6/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDevic... Read more

A:Virus Alert! Next To Clock, No All Programs Or Task Manager

Hello singlemp,

Welcome back to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 65.2

... as well, when I hit 'ctr + alt + del,' a "Task Manager Disabled By Administrator" message shows up. The VIRUS ALERT! shows up beside each scan in the history of performed scans in AVG Anti-Virus as well.

This happened when I installed a cracked copy of TuneUp Utilities 2008. I shall definitely fully uninstall that when I have a start menu back, as I know you do not condone illegal activity. The folder it came in would not delete, but I used KillBox to get rid of it.

I know this is similar to a thread that was just solved, but reading through that one, mine seemed different enough to post my own thread instead of fumbling about on my own.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27: VIRUS ALERT!, on 16/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.ex... Read more

Read other answers
RELEVANCY SCORE 65.2

Hi, I went through all of the steps, except the only update that was avaiable was Service pack 3, I wasn't sure if I should download it based on your comment about service pack 2. So here's the deal. First, On start up we get two messages, one being the new hardware wizard saying it found an audio device on high definition audio bus, the second beign a Rundll error loading C:\Windows\system32\ydnaajaw.dll, the specifies moduile could not be found.
After that I checked to see if the sound works, it doesn't. I dont know if I should try to find the driver for it or if it is part of some virus. Finding the control panel was a chore because almost all of the start menu is missing, everything on the right side is gone. I dont even get an all programs button. Also the C and D drives in my computer are missing, I can still get to them using the C: command in Win Explorer but I dont know how to put them back in the My computer folder. My clock also says Virus Alert next to it. I think the last thing will be that the internet won't work after about twenty minutes of being on. Anyway, here is the HiJack This log, thank you for any help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46: VIRUS ALERT!, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.e... Read more

A:Clock Virus Alert and start menu missing options

Hi, welcome to tsf!

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
C:\Qoobox\Add-remove programs.txt
New HijackThis log.

Read other 9 answers
RELEVANCY SCORE 64.4

Hi,I am running Windows XP Pro with AVG free and i downloaded a file that i that i thought was safe.it installed shortcuts to url's for privacy protectors and others. My Start bar is missing "all programs" and settings, search etc. next to files there is a clock and next to that is VIRUS ALERT! and i have a icon on the taskbar that says i have been infected and have to download a program. i ran security task manager and removed a couple infected Sys32 files that were reported "!Elderado" (dont know what it means) oh yeah and this is a screenshot.
 virus_alert.gif   251.37KB
  18 downloads Im running malware bytes now.EDIT: MALWARE BYTES LOGMalwarebytes' Anti-Malware 1.23Database version: 1008Windows 5.1.2600 Service Pack 212:35:23 AM 7/30/2008mbam-log-7-30-2008 (00-35-23).txtScan type: Quick ScanObjects scanned: 46395Time elapsed: 33 minute(s), 45 second(s)Memory Processes Infected: 0Memory Modules Infected: 3Registry Keys Infected: 50Registry Values Infected: 9Registry Data Items Infected: 16Folders Infected: 11Files Infected: 54Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\rqRKEXqQ.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.C:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> Delete on reboot.Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30... Read more

A:Task Manager Disabled, Virus Alert Next To Clock, And Rqrkexqq.dll Appeared!

The same thing happened to me. I got the use of my taskbar back thanks to Spybot Search and Destroy, but I still have the "virus alert!" next to my clock and my C drive doesn't show up under my computer. I also ran SUPERanti spyware and norton 360 and they picked up a few things. Did the virus create a administrator account? I can't seem to get rid of the new account either.

Read other 3 answers
RELEVANCY SCORE 64.4

Hello.
my computer was infected by my own stuipd fault and i cannot regain control. I have tried many things and i am having no luck... please help.... I am running Windows XP Pro. Service Pack2

This is what i see.
1st of all, i had a huge splash aross my desktop with a red background that said "this computer is infected, please download sypware cleaner to disinfect" my clock changed formats to Army time and says VIRUS ALERT next to it. When i start up the PC my desktop goes BLUE, then that RED screen shows up. When i click on MY COMPUTER i cannot see my C: drive or any of my CD/DVD drives. I get a message that windows cannot find folder names "privacy_danger".
all kinds of dos prompts pop up showing Windows32.dll (never seen that before)....

I've read other forums that sound like they have similar problems and i have followed their steps and remved alot of infections, but i still cant see my c:drive or cd/dvd drives, and my computer is soooooo slow now.....

I ran in safemode and offline, and did a SUPERantispyware clean up... it worked fine.
then i tried to do a Malwarebytes clean up in normal mode and on-line (as suggested); removed all items... it asked me to reboot my computer to remove the rest of the infections. i did that, and i still get all the same errors listed above.

I don't know what else to do..... i really don't want to wipe my PC and start over.

Please help!!!!

Thank you.

A:Computer Infected. Clock Changed To Army Time And Says Virus Alert Next To It....

Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.Please copy and paste the contents of Report.txt in your next reply.Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.Note: If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, you will need to fix the policy restrictions created by this infection. Open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on m... Read more

Read other 8 answers
RELEVANCY SCORE 64.4

clock is in militaryie: 20:39: virus alert!can't use task manager, tried regedit, says disabled by adminitrator. I am the administrator. Went through all of the stuff on the "new" page. it's better, but not 100%. Somehow got the following programs-error cleaner, privacy protector, spyware&malware protection. All programs does not show on my start menu and my hard drive does not show in "my computer". HELP!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:36: VIRUS ALERT!, on 9/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:�... Read more

A:Can't Use Explorer-says Error And Must Close. Clock Says Time In Military And Virus Alert!

virus scan ran and found and quarantined the following trojansvundo, puper, generic.dx, ad clicker-fc, generic downloader.x, unwanted programs: generic pup.x (cannot be completely removed) and advanced cleaner (removed)This is the new logfile.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 06:15: VIRUS ALERT!, on 9/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32&... Read more

Read other 15 answers
RELEVANCY SCORE 63.6

Hi there,
I am running Windows XP SP2
I have constant bogus system and virus alerts along with VIRUS ALERT! displayed by the clock. In addition to this when I select the 'Start' button the options for 'All programs', 'My Computer', 'Control Panel', 'printers and faxes', 'help and support', 'search' and 'run' have all disappeared. The only ones left are 'Set program access and defaults' and a 'connect to'
I have worked through your steps 1 to 5 with the following results:

STEP 1
I have AVG free and McAfee Security centre running, I have tried to uninstall McAfee but when I try and uninstall it I get an error message saying that legacy items must be removed first. At this point I am unable to select the uninstall option so I have had to leave it running for now.
In accordance with your malware list I removed 'ShopperReports by Hotbar' and 'Viewpoint Media Player'. There was nothing on spyware warrior that I needed to remove.

STEP 2
I have downloaded Panda Active Scan but when I try to install it I get an error message at 100% requesting me to try again. I have tried numerous times, it won't install. Hence there is no Panda scan log.

STEP 3
I have downloaded Spyware blaster and ie-spyad. Whilst installing ie-spyad and having to browse to select the file I noticed that there was no 'C' drive displayed in 'my computer'

STEP 4
Up until these problems started I had always kept windows up to date. When checking the latest updates as per your link I get an error me... Read more

A:Constant bogus system alerts and VIRUS ALERT! displayed alongside the clock

Bump please

Read other 13 answers
RELEVANCY SCORE 63.6

My computer was crashing all day yesterday with a blue screen of death saying 'Page Fault In Nonpaged Area' yet I hadn't made any recent hardware changes. It was crashing every two hours or so, and I left it off all night. However when I booted it up this morning I found my clock saying Virus Alert, all the icons on my desktop were deleted and three are now there saying 'System Crash Fixer', among other things. Also the start menu is limited and you can't open anything from it. I tried running combofix which I already had and nothing happened, so I downloaded SDFix and tried running that, again nothing happened. I re-booted into safe mode and yet they would still not run. Hijackthis will not run either, and task manager won't open. Also if not in safe mode, explorer.exe will close about five minutes after starting the computer up, and since task manager doesn't work, there's no way to bring it back.

I fail to see how I can eradicate this virus if it's stopping me from running anything to get rid of it.

Please help.
 

A:Solved: Clock Says Virus Alert/Combofix & SDFix Won't Run/All Icons On Desktop Delete

Read other 16 answers
RELEVANCY SCORE 63.2

I have a problem with my laptop. My first evidence was that the wallpaper changed to a message about a Virus Alert. I have been a computer user and hobby programmer since the Apple II days so I recognized this right away as a problem. I soon realized that I had shortcuts on my desktop for Error Cleaner, Privacy Protector, and Spyware & Malware Protection also. I recognized these from a friend's description from a problem he had a year ago. I then noticed that where my traybar clock should indicate AM or PM the text VIRUS ALERT! was present. I didn't realize that text could even BE changed. I also started getting fake dialog boxes popping up warning me of a virus threat and wanting me to install the recommended software to fix it. I knew better than that so I closed those using Alt-F4 as much as I could. I also had Internet Explorer windows popping up and trying to load pages from a risking looking URL. I turned off my wireless adapter's antenna so I wouldn't be on the internet. Apparently the virus had started working on broadcasting before I noticed this because a little later my ISP called to let me know I had a virus and that he had shutdown my connection temporarily. I told him I knew and that I had disconnected the offending machine from the internet already. He wished me luck and told me he would turn my connection back on so I could use another computer to troubleshoot the problem. I downloaded AVG 8.0 and ran it twice. The first ... Read more

A:Virus Alert! Next To Clock. Error Cleaner, Privacy Protector On Desktop. Wallpaper Changed

Hello and welcome to Bleeping Computer.A bit more info is needed. The Operating system (XP,Vista etc..). You can download now correct?Please follow these instructionsin our tutorial,ask any questions needed. How to remove Privacy Protector or PrivacyProtector (Removal Instructions)Post a copy of the scan report in your next reply. The report can be found at the root of the system drive, usually at C:\rapport.txt Follow with this scan and log:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan bu... Read more

Read other 15 answers
RELEVANCY SCORE 62.4

I have a very similar problem to this person, (http://www.bleepingcomputer.com/forums/topic160500.html) except I am running Windows XP home edition.
I downloaded a file I presumed would be safe, scanned it with Mcafee before opening it and unwittingly installed Total Secure 2009.
My computer then froze up so I had to restart. On restart, I managed to scan using Mcafee and Ad-aware, Mcafee found RemAdm-Generic (C:\windows\system32\LMInit.dll), Ad-aware found a few PuP's I removed.
I then restarted again, and a new account had been created "Admin" and I couldn't open the task manager on other accounts.
I tried to run MBAM, but after 3-4ish minutes the computer logged me out, then froze on the login screen.
Anyone help out? I don't like having to restart every 3-4 minutes

A:Task manager - disabled, computer freezes up after a short period of time, "VIRUS ALERT!" on the right of clock

First:Download ESET SysInspectorhttp://www.eset.com/download/sysinspector.php- Start program through the SysInspector.exeThe program will collect information about the situation on your machine.- When "inspector" is ready and log file - generated, select File> Save Log- Confirm their wishChoose to save the file somewhere and then upload on http://4storing.com/ (when you open the page, click on the Great Britain flag to open the page in English), then give me the link.

Read other 4 answers
RELEVANCY SCORE 60

I'm a new member and this is my first post. My problem is that I am being repeatedly hit by the Trojan.sink virus. Whenever I start the computer I get several popup Virus Alert! windows in succession telling me that NAV has detected the Trojan.sink virus and the Download.trojan virus and has deleted the files bbb.exe and winfavorites.exe. This goes on intermittently whenever I'm on the computer. I followed the instructions recommended by the Symantec Security Response website for clearing these viruses, but the NAV virus scan failed to find any infected files. I then removed all adware programs on my computer (these were associated with Kazaa), but to no avail. I read somewhere that the Trojan.sinkin virus was transmitted through AOL Instant Messenger, so I turned off AIM using the MSconfig start panel. No effect. I then found this web site and read another thread on Trojan.sinkin that recommended downloading and running spybot and Adware 6. These removed a bunch of files, including quite a few in a directory called CommonName that I had been suspicious about, but had been unable to remove the traditional way because it was in use by the system. I rebooted the system, and ... guess what? These files reappeared, and the virus popups kept on coming. Another recommendation made in the other Trojan.sinkin thread (Nunesfam 11-23-2003) was to use the add/remove programs control panel to remove the WIN32 BI Application. Well I couldn't find that application listed. So... Read more

A:Trojan.sinkin virus alert popups

Read other 12 answers
RELEVANCY SCORE 60

including [email protected]...

need help getting rid of these, this is my hijack this log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:57, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOW... Read more

A:security toolbar 7.1 and other virus alert popups

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 1 answers
RELEVANCY SCORE 59.6

One lapse of judgement and I'm out of action for the weekend...
Anyway, I've run Avast and removed a number of viruses it found, but I still have these annoying popups, etc.
Log:

reLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:49: VIRUS ALERT!, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technol... Read more

A:Time changed to 24h and reads "VIRUS ALERT!" also various "Security Alert" popups

Apologies for the double-post. I could not see an edit function.
I've cleaned out a couple of nasties with Adaware, although i've not seen much change - still getting the same "VIRUS ALERT!" and popups. Still, I thought it best to update the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37: VIRUS ALERT!, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE... Read more

Read other 9 answers
RELEVANCY SCORE 59.2

I got a virus that changed registry switches, windows graphics, and disabled many functions- most of this has been fixed (I think), using AVG Anti-Virus and various other tools-

But now- there is still a "VIRUS ALERT!" message embedded in the toolbar clock at the bottom right, basically the clock is followed by a colon and the message- if I hide the clock, the message goes away with it- I ran Hijack this if that helps:

Please Help!?!?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56: VIRUS ALERT!, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\syst... Read more

A:Removal of "VIRUS ALERT!" message embedded in toolbar clock???

Virus Alert in windows clock

I made a post (below) about this earlier- but I just realized that the Virus Alert is also embedded in the Date and Time Properties, in the Internet Time tab- next to the time as described below:::

Is there anyway to reinstall the clock and nothing else? I think it's harmless now- but very annoying-



(previous post)

I got a virus that changed registry switches, windows graphics, and disabled many functions- most of this has been fixed (I think), using AVG Anti-Virus and various other tools-

But now- there is still a "VIRUS ALERT!" message embedded in the toolbar clock at the bottom right, basically the clock is followed by a colon and the message- if I hide the clock, the message goes away with it- I ran Hijack this if that helps:

Please Help!?!?
------------------------------

Read other 2 answers
RELEVANCY SCORE 59.2

Heya! This is my third time doing this (*shame*). I've been pretty good about safe searching, but made a poor decision last night.
Now I'm paying for it and my desktop is disabled, firefox is disabled, my user settings are restricted so I can't alter files or access task manager or settings, helpful websites such as this one are blocked, security updates fail to work for my anti virus/spyware, most hyperlinks that work, take me to a different destination, and many of my programs such as hijack this and others do not load.
After booting in safe mode, tricky backdoor browsing and deleting some files I think were bad, I could get hjt and DSS to run in normal mode. I did all of what I could in the pre-posting steps, but many of them could not be completed. My apologies for that and for deleting some of the malicious files prematurely, but it was the only way I felt I could get a worthwhile log. You guys have never let me down, so here I am asking for your help again!

So here's the DSS log. I copied from my computer via a flash drive...

Deckard's System Scanner v20070426.43
Run by Ocha on 2008-07-11 at 13:11:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Ocha.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:11: VIRUS ALERT!, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2... Read more

Read other answers