Over 1 million tech questions and answers.

Fake antivirus popups, "cannot find logon.exe"

Q: Fake antivirus popups, "cannot find logon.exe"

First: I downloaded and unzipped Gmer, but whenever I try to run it, the program looks like it starts scanning and then stops responding?

I keep getting ramdom popups telling me to buy fake antivirus software. Windows security center also will randomly pop up and then immediately close.

Windows is slow to start after rebooting and I get many error sounds as well as "cannot find logon.exe".

Thank you in advance!

Here is the DDS report

DDS (Ver_09-07-30.01) - NTFSx86
Run by Dakin at 13:44:33.21 on Sat 09/19/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2272 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Adapter\WLService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dakin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.com/
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Shell=Explorer.exe logon.exe
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Aim6]
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellTransferAgent] "c:\documents and settings\all users\application data\dell\transferagent\TransferAgent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [ziyutitef] Rundll32.exe "c:\windows\system32\lipupara.dll",a
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
AppInit_DLLs: pikekise.dll c:\windows\system32\lipupara.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SystemLoading - {01EB8F3D-00A1-46D5-9EE7-4951D1823B66} - c:\documents and settings\all users\microsoft private data\microsoft\isannsdfak.dll
SSODL: nufekamal - {c894a8ee-f7b2-400c-b1ad-683f4b87f7b6} - c:\windows\system32\lipupara.dll
STS: kupuhivus: {c894a8ee-f7b2-400c-b1ad-683f4b87f7b6} - c:\windows\system32\lipupara.dll
LSA: Notification Packages = scecli tevaziva.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dakin\applic~1\mozilla\firefox\profiles\xdxve90y.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\dakin\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\dakin\local settings\application data\octoshape\octoshape streaming services\octoprogram-l03-nms0810164_sua_000\npoctoshape.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-7-16 31816]
R2 Dynex DX-WGDTC WLService;Dynex DX-WGDTC Service;c:\program files\dynex wireless g adapter\WLService.exe [2007-8-24 49152]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-4-18 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-7-16 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-7-16 54608]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-4-18 122368]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-8-30 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-8-30 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-8-30 174952]
S1 DW;DW; [x]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [2007-6-19 10368]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-4-18 245760]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]

=============== Created Last 30 ================

2009-09-19 04:35 381,952 a------- c:\windows\system32\wcenter.exe
2009-09-18 23:36 11,168 a---h--- c:\windows\system32\yudidezu
2009-09-18 21:01 61,440 a------- c:\windows\system32\drivers\fbeoux.sys
2009-09-18 15:44 <DIR> --d----- c:\program files\Trend Micro
2009-09-18 10:38 0 a------- c:\windows\system32\11478.exe
2009-09-18 10:28 51,197 a------- c:\windows\spool.exe
2009-09-18 10:28 47,872 a------- c:\windows\certificates.exe
2009-09-18 10:28 38,352 a------- c:\windows\regeditsys.exe
2009-09-18 10:28 33,149 a------- c:\windows\systemexplorer.exe
2009-09-18 10:28 28,320 a------- c:\windows\systemsecurity.com
2009-09-18 10:28 18,941 a------- c:\windows\microsoftreg.dll
2009-09-18 10:25 <DIR> --d----- c:\documents and settings\all users\Microsoft Private Data
2009-09-18 09:38 0 a------- c:\windows\system32\15724.exe
2009-09-18 08:38 0 a------- c:\windows\system32\19169.exe
2009-09-18 07:38 0 a------- c:\windows\system32\26500.exe
2009-09-18 06:37 0 a------- c:\windows\system32\6334.exe
2009-09-18 05:37 0 a------- c:\windows\system32\18467.exe
2009-09-18 04:37 0 a------- c:\windows\system32\41.exe
2009-09-08 15:37 153,088 -------- c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-09-19 11:37 89,088 a--sh--- c:\windows\system32\lipupara.dll
2009-09-19 11:37 37,888 a--sh--- c:\windows\system32\ninezoni.dll
2009-09-19 11:37 50,176 a--sh--- c:\windows\system32\vafubamu.dll
2009-09-19 11:37 91,136 a--sh--- c:\windows\system32\judinoyo.dll
2009-09-19 11:37 39,424 a--sh--- c:\windows\system32\depubedu.dll
2009-09-18 23:36 39,424 a--sh--- c:\windows\system32\pusogumu.dll
2009-09-18 23:36 91,136 a--sh--- c:\windows\system32\nijufagi.dll
2009-09-18 04:37 52,224 a--sh--- c:\windows\system32\remoyivi.dll
2009-09-18 04:36 39,424 a--sh--- c:\windows\system32\juviyame.dll
2009-09-18 03:16 38,644 a------- c:\docume~1\dakin\applic~1\wklnhst.dat
2009-08-21 05:46 450,560 a------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-18 12:00 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-18 12:00 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-25 14:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 04:17 729,600 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 04:17 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:17 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 04:17 729,600 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:17 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:17 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:17 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:17 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 04:17 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 07:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 07:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 07:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 07:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 07:40 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2009-06-22 07:35 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-01-15 18:25 76,032 a------- c:\docume~1\dakin\applic~1\GDIPFONTCACHEV1.DAT
2007-08-10 09:28 88 ---shr-- c:\windows\system32\18C0096FF8.sys
2007-07-25 08:00 56 ---shr-- c:\windows\system32\F86F09C018.sys
2009-06-19 11:37 50,176 a--sh--- c:\windows\system32\gobikose.dll
2008-05-21 10:25 6,372 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-06-19 11:37 50,176 a--sh--- c:\windows\system32\pikekise.dll
2009-06-19 11:37 50,176 a--sh--- c:\windows\system32\tevaziva.dll

============= FINISH: 13:45:32.84 ===============

RELEVANCY SCORE 200
Preferred Solution: Fake antivirus popups, "cannot find logon.exe"

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Fake antivirus popups, "cannot find logon.exe"

Got GMER to work, here is the log. Sorry for the bump before 72 hours.

Read other 6 answers
RELEVANCY SCORE 95.2

I am running winXP sp2 on a dell precision m4300 laptop.
One time I was notified my firewall was disabled for some reason, and from that point on I got aggravating pop ups for antivirus2009 and to a site with the url of, "hxxp://sagipsul.com/go/?cmp=vm_mg_juan&uid=A7BB4040D6D911DD9ED1166350CFFFFF&lid=search&url=www.google.com%2Fsearch%3Fhl%3Den%26q%3Dsearch%26btnG%3DGoogle+Search&guid=3A89FEB4A603401A92E80D4C46C9D2B8&affid=166350&rid=zdez&cl=superjuan" or "hxxp://83_1422112919.admarketplace.com/"
which seems to be tracking information on my searches, since it pops up every time i put something in the google search box. I tried running spybot S&D and AVG, but no avail. Please help!

HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:59 PM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program ... Read more

A:Firefox/IE Popups for "Antivirus 2009" and "sagispul"

Bump.
 

Read other 3 answers
RELEVANCY SCORE 91.6

Basically, a year ago I found myself on the wrong side of the internet and got a "fake internet scan" telling me I have many virus's. Sound familiar? Well, I managed to remove it, or so I thought. Just recently I got this exact message that popped up on my computer screen. "Explorer.exe would like to access computer, if you did this click confirm" of course I clicked cancel.. the scary thing is it kept popping back up. I gave in and clicked confirm and the fake antivirus popped up. So I did a recovery first, NOT a reformat YET. It stayed active for about a day and then the same "explorrer.exe" popped up again.
Getting straight to the point! (sorry so much typing, but it may help you solve the problem or atleast figure it out)

I restarted and reformated my computer to its original state, thinking it would destroy the source and or file of the virus location. I got Norton all updated, but I noticed something and gasped. " An intrusion attempt by localhost was blocked " Now wtf?
Looked at more of the details.
Risk name: Port Scan
Risk level: medium
Default action: Block
Attacking computer: localhost (127.0.0.1, 48000)
Destination address: localhost (127.0.0.1, 48009)
Traffic Description: UDP, 48000
 

Read other answers
RELEVANCY SCORE 90.4

While looking for AIM buddy icons, I clicked on one of the suggested links. The name should have warned me but I didn't notice it until the page was trying to load. There was no stopping the page from loading. Then the popups started. I did not click on "ok" or "cancel" but went straight to the "x" and clicked. I had no choice but to click something because I could not do anything--even ctrl-alt-del did not work. That was around midnight last night. I spent 4 hours trying to research what was happening (which was not easy because of all the popus). I've spent hours today just researching the problems. I've found possible solutions to some, while others don't seem to exist anywhere but on my computer.

I've ran manually updated versions of Ad-Aware SE and Norton Internet Security 2004 in both normal and safe-modes. Both programs say they have deleted the problem. But when I reboot, the problems come right back.

I have WinPatrol installed and that was what warned me about some of the things trying to load. It has managed to block everything but two files that are determined to load. The two files WinPatrol keeps alerting me about belong to a the ISRVS trojan. Norton deleted the dll file associated with it but could not delete anything else. I manually deleted the files in safemode but they came right back.

I thought about trying each individual fix I found at Symantec but hoped there would be another way since Symantec ... Read more

A:Overload of Adware, Spyware, Trojans, Popups, etc from "fake" website. HELP!!!!

Read other 16 answers
RELEVANCY SCORE 89.6

So I keep getting popups when I use firefox, and I have a Windows Security Alerts in my Taskbar. THe Windows Alerts keeps telling me to TURN ON AUTOMATIC UPDATES, but the thing is when I go into Control Panel and look in SYSTEM "it is on" It's lying to me. Oh and it also says turn my McFee Virus scan on. I ran SpyBot Search and Destroy and removed a bunch of stuff, but this is still going on.....

Here is my HiJackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 5:47:46 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\marks files\Programs\Adware\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system... Read more

A:POPUPS.... and "FAKE?" Windows Security Alerts

NEW! I fixed my problem. It was the virtumondo malware. The way removed it was as follows...

Download and ran ComboFIX.exe with all security on my computer disabled allowing it to do what it needed it to do. Let combofix.exe reboot my computer.

Ran HiJackThis.exe and removed the following enteries:

O20 - AppInit_DLLs: aiyjzc.dll
 

Read other 1 answers
RELEVANCY SCORE 89.6

Hi
I am running WINXP SP2 and over the last few weeks I have been geting these annoying popups every now and then. I am running AVG Free Edition Antinvirus & AVG Anti Spyware (a recent scan came up clean) and Spybot. I have already installed (but after the popups started appearing) SpywareBlaster and IE-Spyad (as recommended) but have been unable to perform the Panda Online Scan (halfway through all IE windows automatically close). I am also using E-mule quite extensively. Other symptoms? As soon as I start IE the main window freezes for a few seconds before I can type in the URL at the address bar and in general the performance of the computer has deteriorated over the lst few weeks since the appearance of the popups. I am attaching the log and await instructions. Thank you in advance

Deckard's System Scanner v20071014.68
Run by Johansson-Rigas on 2008-02-17 13:02:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-17 13:02:33
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svc... Read more

A:"Fake" Windows & MS-DOS Security Center popups

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

If you have any questions along the way, STOP and ask them before proceeding.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. To do so:

Download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

---------------------------------------------------------------------------------------------

Also, can you please post the extra.txt from Deckard's System Scanner once again? Something is amiss with the attachment. Just post it in the reply window this time. The file should be located at C:\Deckard\System Scanner\extra.txt

Read other 10 answers
RELEVANCY SCORE 89.2

I am infected with this crap and have used the following tools to try to get rid of it:
Windows Defender, Unible PowerSuite (SpeedUpMyPC, Registry Booster & Spyware Protector) and Norton's One Button Checkup and WinDoctor.

Not sure if it's related, but my DISPLAY is locked at 640 X 480.

Atempted the 5 Step Process before posting and Panda ActiveScan froze and crashed after scanning 59253 files, but not before identifying 28 spyware files.

Here's my extra.txt log from Deckard's:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1277.95 MiB / 810.39 MiB
Pagefile Memory (total/avail): 1516.89 MiB / 1165.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.88 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 18.7 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 1 partition
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled... Read more

A:Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..."

Bump.

Read other 14 answers
RELEVANCY SCORE 89.2

I have a Gateway Laptop with Windows XP on it...


And there's a fake antivirus program that blocks any attempt to load webpages and/or load programs!


The only way I could take snapshots (to see what we're dealing with) was to use a digital camera and upload these shots on my desktop computer.

I just came from the Windows XP forum, and they closed my previous thread and told me to come here. I've read the New Instructions sticky and then the Illegal Programs sticky, and can tell you that nothing on my computer is illegaly downloaded; this fake antivirus software just tricked its way onto my computer elsehow. I even purchased Norton Antivirus 2010 that includes 1-year membership, and I can't even get passed the install screen (explained in a bit...). ANYWAYS...


=-=-=-=-=-=


Here's how the fake antivirus program looks like:




=-=-=-=-=-=


Here is the fake prompt it gives on the tray aisle:




=-=-=-=-=-=


I purchased Norton 2010 to fix the issue, but after attempting to run it...:





...it gives me an error pop-up saying the .exe file can't be ran, because it's being derailed/blocked by the fake antivirus program!


=-=-=-=-=-=


The only thing I can get to load is the Security Center, and it tells me the obvious, that a true antivirus program (like the Norton I purchased) needs to be installed:




=-=-=-=-=-=


Here are 3 snaps I took of fake error-prompts that pop up:








=-=-=-=-=-=


Upon exiting, these are the on... Read more

A:"Fake Antivirus Software" Blocks All My Laptop's Loading Attempts

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr



Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER.

We prefer a more comprehensive set of logs to assist in detecting any malware that may be present.

Please follow our pre-posting process outlined here:

NEW INSTRUCT... Read more

Read other 4 answers
RELEVANCY SCORE 89.2

I have a Gateway Laptop with Windows XP on it...


And there's a fake antivirus program that blocks any attempt to load webpages and/or load programs!


The only way I could take snapshots (to see what we're dealing with) was to use a digital camera and upload these shots on my desktop computer.


=-=-=-=-=-=


Here's how the fake antivirus program looks like:




=-=-=-=-=-=


Here is the fake prompt it gives on the tray aisle:




=-=-=-=-=-=


I purchased Norton 2010 to fix the issue, but after attempting to run it...:






...it gives me an error pop-up saying the .exe file can't be ran, because it's being derailed/blocked by the fake antivirus program!


=-=-=-=-=-=


The only thing I can get to load is the Security Center, and it tells me the obvious, that a true antivirus program (like the Norton I purchased) needs to be installed:




=-=-=-=-=-=


Here are 3 snaps I took of fake error-prompts that pop up:








=-=-=-=-=-=


Upon exiting, these are the only options I have:




=-=-=-=-=-=


And I can't factory-reset my laptop, because these are the only 2 options I have:




=-=-=-=-=-=


I need desperate help! I need to know how I can bypass this fake antivirus program that derails all my attempts to do anything. I need to know how I can get to the factory-reset option (if there is a way, on this laptop), or any other worthy route to kill this fake antivirus program.

Thanks!

A:"Fake Antivirus Software" Blocks All My Laptop's Loading Attempts

which fake AV program is it. If you can install malwarebytes and run it in safe mode that may clean it up enough to install Norton.

Read other 3 answers
RELEVANCY SCORE 89.2

System:
Windows XP [5.1.2006], Service Pack 3

Regedit was blocked as well as task manager, and the internet wouldn't connect at all (though Yahoo messenger and vonage still worked, so the connection was still active). I would also receive popups to download "Registry Defender"

Through Safe Mode I was able to download Spyboy Search and Destroy and run enough scans to get online to post here. When I would search on google, all links would lead me to more malware or nothing at all---I could only get to cached sites, so unless I could find what I was looking for one-page deep, I couldn't get to it. The same would happen when using the address bar to go directly to a webpage, I'd get nothing.

Here's my HJT log, let me know if there's anything I can remove, or any other scans I can run
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:38 PM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\justin\LOCALS~1... Read more

Read other answers
RELEVANCY SCORE 88.8

Hi, it's my first time posting and I'm nowhere near tech savvy, so please bear with me. I'm using an IBM ThinkPad T43 running Windows XP Professional, v. 5.1.2600 Service Pack 3 Build 2600, 32 bit (I think).

A few days ago I was in the middle of an IM when my laptop started to act up. I don't quite remember what I did, but I must have clicked on a fake antivirus popup/link, which then prompted me to scan my computer for virus infection. It kept prompting me to do more scans, and if I refused, it opened up IE and also several web pages.

I searched for a fix online and found a free virus removal program called "Remove Fake Antivirus" that was posted on Softpedia. Downloaded it, ran it, and it seemed to have gotten rid of my virus - no more pop ups. However, after I rebotted my computer, my wireless card was completely disabled. Couldn't turn it on, couldn't search for networks, couldn't connect to anything, etc. I ran ipconfig /all and nothing came up except "Windows IP Configuration." I haven't tested the laptop wired but somehow I don't think it'd help. So I look some more online and thought perhaps my driver needed to be reinstalled. Found the driver via Intel, tried to run it, but the install never completes and just hangs...to the point I had to forcibly shut down the laptop. I also tried to install the TCP/IP manually but that also doesn't seem to work.

Hindsight is always 20/20 and I should've researched more and better antivirus removal p... Read more

A:Problems with laptop after using "Remove Fake Antivirus"

Hello and Welcome to TSF.

If it's a networking/wireless card problem, this is not the section for that.

http://www.techsupportforum.com/f134/

If you think the machine might be infected still....

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 88.8

Hi y'all

One of the ladies where I work inadvertantly opened an email and somehow got a fake antivirus program installed. I ran the latest version of Spybot S&D and it still is popping up- even as I write this.

can you help? Here's the HJT log I just ran:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:33 AM, on 12/3/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/de... Read more

Read other answers
RELEVANCY SCORE 88

I can't get rid of this fake windows security virus thats posing as an antivirus, and blocks all actions claiming that that file's infected, and then redirects me to a website online etc...

I can't use command or regedit. I tried to search all executable files but it gets about 98% of the search done and then just sits there.

I have no idea what to do. Id be willing to kill everything and start over but theres about 5 word/excel documents that I need. If anyone knows if theres a possibility i can extract them onto a flash or something thad work too.

Desperately need help here, Thanks
 

Read other answers
RELEVANCY SCORE 88

Hello again, I'm reposting my query after having read the instructions and am attaching the logs.
---

I'm using an IBM ThinkPad T43 running Windows XP Professional, v. 5.1.2600 Service Pack 3 Build 2600, 32 bit (I think).

On Monday night I believe I clicked on a fake antivirus popup/link, which then prompted me to scan my computer for virus infection. I don't remember the name of the fake antivirus program, but it installed an icon on my task tray and kept prompting me to do more scans, and if I refused, it opened up several web pages in IE, including a site that might've been called "www.laptoponline.com" (not sure) as well as a porn site (www.porno.com?). It also created multiples of the red "Your computer might be at risk" icon in my task tray to the point where it took up the entire Taskbar.

I searched for a fix online and found a free virus removal program called "Remove Fake Antivirus" that was posted on Softpedia. Downloaded it, ran it, and it might've gotten rid of my virus - not sure, but there were no more pop ups, likely because it completely disabled my network connections. After I rebotted my computer, my wireless card was completely disabled. Couldn't turn it on, couldn't search for networks, couldn't connect to anything, etc. I ran ipconfig /all and nothing came up except "Windows IP Configuration." I haven't tested the laptop wired but somehow I don't think it'd help. So I look some more online and thought p... Read more

A:"Remove Fake Antivirus" program

Sorry for prematurely bumping this thread, but the problems have changed since I first posted and I can't edit or change the title.

I reinstalled my network card drivers and fixed the network issues, but the virus is back (or probably was never removed)! When I tried to open my browser and connect to the net, the attack started again. I now know it's the Antivirus Live malware, which repeatedly opens IE and directs me to laptopantivirus.net to purchase the malware. It also bombards me with popups of virus infections which, if I keep closing, eventually opens a page to porno.com. I searched for a way to remove the malware but almost everything tells me to edit my registry entries, which I'm leery of doing. Fixes also mention removing something like sysguard.exe from the process, which I can't find at all. So I rebooted in Safe Mode, ran Microsoft Security Essentials, which detected and allegedly removed 2 FakeSpypro Trojans. Reboot again in normal mode, laptop seemed to work for 2 minutes before all the icons disappeared. Rebooting a third time brings them all back, but I believe parts of the virus/malware, if not all, are still there.

How to fix this? Should I run DDS again? I'm performing a full scan right now using Symantec, but I have a feeling I need something more heavy-duty. Help!!

Read other 14 answers
RELEVANCY SCORE 84.4

I've been having some problems with my computer and I've always somehow managed to work my way around the issues spyware/malware etc. have created but lately it's been getting out of hand.. Some time ago I got a virus or something that made the entire tab under "Processes" dissapear. So I could not see process-names in the task-manager. I have re-installed XP but this problem persists. I have been using a different application to monitor and handle processes.

The problem now is the constant pop-ups generated from this fake anti-virus program calling itself "Anti Virus Pro 2007" or something.. It pops up with fake commercials, and even attach itself into other explorer-windows while I view other pages.

As popups and messageboxes keep popping up, I close them, but after a while windows will open a messagebox telling me "Buffer overrun detected in e:\Windows\system32\explorer.exe" (or \\windows\explorer.exe I don't remember really but you get the idea) and explorer.exe will be terminated, sometimes taking some internet explorer windows along with it, other times explorer.exe just starts up again and all my windows remain.

I used to have Norton but was forced to remove it as it was sucking up all my CPU. It rendered my computer useless, as I mainly use it for gaming.

I've also experienced having the connection between me and my modem broken while beeing on the internet, and I don't know if my computer actually is offline or if -I'm- just... Read more

A:Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or something++

Hello and welcome to TSF

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

You are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

Expected logs:

Combofix.txt
HijackThis log

Read other 19 answers
RELEVANCY SCORE 84

Sometimes when I try to connect to a wifi network, i enter my username/password, it tries to connect for a while then I get the same popup asking me to enter my user credentials...again.
There is never any reason specified for why I am being asked to re-enter my user credentials.
This is extremely annoying. How can I troubleshoot this if Windows does not tell me why?
Event viewer shows no error messages either.
Is there any way to get Windows to tell me why I am being asked to re-enter my user credentials?

Read other answers
RELEVANCY SCORE 82.8

My computer picked up a bug where it continually tells me I have an alert that tells me I have a "security problem" via a pop up and asks me if I want to perform a virus scan, sometimes does a fictitious scan, and tries to load "antivirus plus". I tried various free programs such as ad-aware, anti-malware, spyware terminator and even purchased softspySE. None of the programs completely eliminate my problem. The popups have decreased some due to the running of these programs and the loading of avast antivirus but they do still popup every 10 to 15 minutes.

If I scan with antimalware I get this -
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.

My hijack this log follows. Please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:37 PM, on 2/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:... Read more

A:Help removing "antivirus plus popups"

Can I please get some help? Thanks!
 

Read other 1 answers
RELEVANCY SCORE 82.8

200+ Windows 7 Pro machines, similar configuration, 1/4 of them x86, 3/4 x64.
Encountered 6 such machines having this problem: After a restart, user logon stuck at a black screen. In Windows event application log there is an event 'The Windows logon process has failed to spawn a user application'. This application is an in-house developed
application and is called at winlogon\userinit registry key.
A restart into Safe Mode, first logon will experience an auto-restart, then second logon ok. Subsequent logon into normal Windows is ok.

Setting the group policy setting to User Account Control: Behaviour in Admin Approval Mode to 'Elevated without prompt' doesn't solve the problem.

All machines are in workgroup.
There seems to be a relationship between security hardening (through local security policy) and this behaviour but not conclusive because some of the machines encountering the problem had not been hardened.
When I booted a machine under MS DART and change the userinit registry key to call userinit.exe instead of the in-house application, subsequent user can logon correctly under normal mode. Then changing it back to call the in-house application will again
logon into black screen.
Based on these observations, can anyone share what Windows does during Safe Mode to recovery such problem? under what circumstances does it auto-restart after a logon? Can local GPO enforcement corrupt the default user profile?


Valuable skills are not learned, learned skil... Read more

Read other answers
RELEVANCY SCORE 82.8

Hey everyone,
        I am trying to get the REST queries to work with the sharepoint end points instead of graph end points. I first created an app with relevant permissions and have given it the admin consent. Then I am hitting the https://login.microsoftonline.com/<tenant>.onmicrosoft.com/oauth2/token?Content-Type=application/x-www-form-urlencoded end
point with https://<tenant>.sharepoint.com as resource. I am then using the access token retrieved to give the rest call to https://<tenant>.sharepoint.com/_api/v2.0/drives/b!3indYSbqZ0-hVSPnCgIZy-2xDMh7jH9AuQnEzJMc6TEfQoSJvJT-R6tT0lFBQiPr/root/delta
but it is failing with "error":{"code":"generalException","message":"General exception while processing"}}. The REST response code is 401 Unauthorized. I have filed a Microsoft support ticket but they
have asked me to post on these forms. Can someone please help me with this? I am not able to move forward because the error is pretty generic and doesn't give any additional details.
Thanks,
Sai Kiran Katuri.

Read other answers
RELEVANCY SCORE 82

Logfile of HijackThis v1.99.1Scan saved at 1:33:16 PM, on 02/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\atmclk.exeC:\WINDOWS\system32\dcomcfg.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\system32\svchost.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\... Read more

A:Pornographic Popups, Fake System Warnings, Fake Antivirus Download Popups

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 6 answers
RELEVANCY SCORE 81.6

Hi, we have regularly been buying Dell AC adapters from Dell partners but have seen several different model AC adapters which look like genuine products but instead of the normal p/n on the label beginning with 0 (ZERO) , it starts O (LETTER). Is this a telltale sign that the product it a counterfeit?
Here are 2 examples of this that I have found from other sellers online (please click on the images in the listings to see what I am referring to):

1) Dell PA-19:
2) Dell PA-4E:
 

A:Dell AC Adapters with Leading "O" instead of "0" in their p/n - Genuine or Fake?

JLESERIES,
They look like dell parts to me. I cannot fully verify if they are fake or not without knowing what computer they are supposed to be used on. You would need to call the Dell Spare Parts Department in the UK for verification.

Read other 1 answers
RELEVANCY SCORE 80.8

I cannot connect to the internet with this virus so I couldn't download hijackthis or do any of the other steps suggested in the stickies. However my problem sounds alot like this thread I found on the site

http://www.techsupportforum.com/secu...se-advise.html

I'm also missing my C: and D: drives, am told task manager has been disabled by my sys admin when I press CTRL-ALT-DEL and have the programs error cleaner, privacy protector, Spyware&...protection on my desktop, as well as fake pop-ups claiming to be system errors and offering to fix the problem.

I ran AVG and quaratined/deleted the files it found but everything I mentioned above is still going on. Any help would be greatly appreciated, Thanks

ok, i followed the instructions on the combofix website (+ windows recovery console) and here are my results (note: most of the problem is gone, however I'm sure there are still some lingering malware files.

ComboFix 08-09-11.02 - Benjamin Cohen 2008-09-12 17:26:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.592 [GMT -4:00]
Running from: C:\Documents and Settings\Benjamin Cohen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Benjamin Cohen\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Benjamin Cohen\Application Data\STEM3... Read more

A:Toolbar reads "VIRUS ALERT!", fake system alerts, fake AV programs on desktop

its been long enough I can bump right?

Read other 5 answers
RELEVANCY SCORE 80.8

Hello,

I'm running Windows XP SP 3. I have fake "Security Center Alert" popups and "Security Center" popups. A program called "Malware Defense" has also seemed to installed itself onto my computer. And I've just noticed porn icons appearing on my desktop. It's also disabled my Avira software.

GMER doesn't seem to run. I've clicked on it a couple of times but it doesn't seem to do anything. The DDS logs are attached/follows.

Thanks in advance!

DDS (Ver_09-12-01.01) - NTFSx86
Run by zili at 23:28:31.96 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1022.493 [GMT 11:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WI... Read more

A:"Security Center Alert" popups, "Malware Defense" self install

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 4 answers
RELEVANCY SCORE 80.8

Trying to fix my friend's laptop. She claims she was watching a youtube video and all of th sudden the computer started acting up and so she rebooted the computer and now it won't boot past the xp logon scren. Comes up with the error: "data execution prevention; userini logon application" with the only option of close message. windows does not contiue to boot and just sits there. I have tried to boot into safe mode but it only gives the option of booting into normal xp media center. tried last known good config and same results. any ideas?

acer aspire 3050-1594
AMD Sempron 3400+
xp media center
 

Read other answers
RELEVANCY SCORE 80

Hey guys, Ive run Adaware, Spybot, and Symantec in safemode. Adaware and Symantec successfully removed some entries but the problem still persists. Im getting constant popups including "netster", "heavy.com", "smashits", and others. Heres my log, and thank you in advance!

Logfile of HijackThis v1.99.1
Scan saved at 8:43:05 PM, on 7/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1... Read more

A:"Byte.Verify", "Downloader" virus, and endless popups

Also Backdoor.DSNX, Dropper.Agent.PP and Trojan.Dropper

Was looking around in the root C drive and found some interesting things there as well, but didnt want to do anything without advice first. Heres a "dir" listing

07/22/2006 04:38 PM 586,928 626_101newer.exe
09/25/2005 11:25 PM 219,412 adlog.txt
07/22/2006 08:44 PM 627 asdf.txt
07/26/2004 06:18 PM 0 AUTOEXEC.BAT
08/26/2005 07:53 PM 11,859,569 AVG7QT.DAT
07/26/2004 06:18 PM 0 CONFIG.SYS
07/26/2004 06:28 PM 10 csb.log
05/17/2006 10:47 PM 81 CTX.DAT
07/22/2006 04:37 PM 73,728 dfndred_7.exe
07/22/2006 04:38 PM 27,648 dist13.exe
07/26/2004 06:22 PM <DIR> Documents and Settings
06/30/2006 10:41 PM <DIR> Downloads
07/22/2006 08:44 PM 32,768 drsmartload.exe
07/22/2006 08:45 PM 20,480 drsmartload45a7d.exe
07/22/2006 08:45 PM 20,480 drsmartload46a7d.exe
07/22/2006 08:45 PM 20,480 drsmartload849a7d.exe
07/22/2006 08:45 PM 578,560 Installer3.exe
07/22/2006 08:45 PM 290,816 installerwnusnewer.exe
11/16/2004 05:11 PM <DIR> KPCMS
07/22/2006 04:37 PM 28,672 kybrded_7.exe
07/29/2004 02:16 PM <DIR> mj-comp-files
07/22/2006 08:45 PM 25,105 MTE3NDI6ODoxNg.exe
07/22/2006 08:44 PM 25,105 MTE3NDI... Read more

Read other 19 answers
RELEVANCY SCORE 80

System: Acer Aspire one netbook.
Win XP home ed. SP3

Synopsis of issue:
Got this comp. from my company for a new line of work I started. Was "deep frozen" when I got it and was useless to me in that state. Got it thawed and it suddenly wanted to do loads of updates, so I let it. Apparently I was not careful enough & got the "XP antivirus 2012" malware.

Eventually conquered that beast and installed avira free. almost immediately avira picked up on the "html/infected win.gen2" malware. I quarantined, deleted, scanned comp. w. avira, rkill, & malwarebytes. all scans came up clean but I now have no connectivity. wired conn. continually tries to acquire network address and w.less has limited or no....

Not my router or modem as I have 2 home comps actively cnctd as I type this. Also tried multiple other networks w. same neg. results.

After loads of searching and t/s'ing I believe I have found the root of the problem: When I look under "services" I found that "netbios helper", "Network Location Awareness" & "dhcp client" are all not started.

Trying to start them results in failure b/c some "dependencies are marked for deletion". the afore-mentioned 3 things are dependent upon the Netbios over tcpip and tcpip protocol driver.

Those drivers are in the system32/drivers folder but I cannot find a "non plug and play" section in the device manager. Yes, I looked under ... Read more

A:[SOLVED] No Connectivity after &quot;infected win.gen2&quot; and &quot;XP antivirus 2012&quot; issues

Hello Gunnersfan13,

I do see the problem and I'll have to ask you to please stop any more action on your part to resolve this yourself or you'll make my job that much more difficult. :)

You are still very much infected with ZAccess. I need to see the dds.txt. (You posted, and attached, only the Attach.txt produced by dds.scr)

Run dds.scr again, and post the contents of the dds.txt.

==============================

Next, open Notepad and copy/paste the contents inside the quote box below, into Notepad.


Quote:




regedit /a afdexport.txt "HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\AFD"
notepad afdexport.txt




Save this as afdexport.bat Choose to "Save type as - All Files"

Double click on the .bat file & allow it to run. Then post the log which it produces

===============================

Also, download SystemLook from one of the links below and transfer it to your desktop.

Download Mirror #1
Download Mirror #2Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


Code:
:filefind
afd.sys

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Read other 19 answers
RELEVANCY SCORE 79.6

This is a resurection of an old unresolved Vista Post, and it also happens in Windows 7.
====================================
Original subject - Start Menu - program search issue
I use Windows Mail for my daily email tasks, and would like to be able to
open the program by using the vista search bar built into the start menu. The
problem is, when i search for "mai" it brings up Windows Mail, and I can hit
enter and load the program. However, when I search for "mail", it returns:
"No items match your search." I have it set to index both the start menu and
my programs directory, and have even tried to rebuild the index.

It seems kind of strange that Vista would recognize that when I type "mai" I
want my mail programs, but when I actually type "mail", it gets confused...
and this in turn has -me- confused.
====================================
and
====================================
Oh thank goodness, I've finally found someone else with the same problem.
The word I have issues with is "photo" ("phot" works great, but no results
for "photo"). Not a show-stopper, but WHY!?
====================================

I've noticed the same thing with Windows Desktop Search in Windows 7. After some experimenting I think I have the reason why, but not a fix.

It seems to em that mail and photo are probably used as "kind =" prefixes in Windows search, and even if you enter photo with out ... Read more

Read other answers
RELEVANCY SCORE 79.6

Dear Experts,

I have created windows image on Drive F: but delete it after some time manually due to some space prob.
But while backup shows about 40 GB only few GB space got free after deletion. When i try to again take the the backup using windows 7 backup & restore option, its still shows 35 Gb of System Image in drive F: when i brows the Manage Disc Space option but i cant find it on the same drive. (Plz see attached pic)
Plz help me to locate this and delete the same.

Thanks

A:Cant find "System Image" of 36 GB but its shows on "Manage Disc Space"

Hello sattyaji, and welcome to Seven Forums.

It may still be showing if the system image was created as part of a Windows backup. Using the tutorial below to reset Windows Backup should clear it for you, but you will need to set up your backup again afterwards.

Backup User and System Files - Reset to Default Configuration

Hope this helps,
Shawn

Read other 5 answers
RELEVANCY SCORE 78.8

Hello

I have these 2 unwanted icons on my desktop, "Click to find & Fix errors" and " Sportsbook Football". I don't what type of programs they are but they downloaded themselves without my authorisation and I can't get rid of it.

I have run Ad-Aware, Spybot, The Cleaner (trial version), AVG anti spyware, Webroot (trial version),Windows Defender.

I think it was Webroot Spy Sweeper or The Cleaner that removed "Click to find & Fix errors" but it kept coming back.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:08 PM, on 5/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware ... Read more

A:Help remove "Click to find & fix errors" and "Sportsbook Football"

Hello
Can anyone help please?

Thanks

Read other 19 answers
RELEVANCY SCORE 78.8

Browser (IE7) will frequently redirect to a page with a message "Sorry we couldn't find "http://www.atdmt.com..." or "http://ad.doubleclick.com" or other various tags (though these are most common).

Web pages will often not load at all or will redirect while reading a webpage without any user action.

Occasionally it will simply say unable to load "actual web page trying to visit". Also oddly - problem seems to occur much more frequently in the morning than evening. This makes me wonder if it is a internet provider issue.

Problem has been occuring over the last 2-3 weeks.

I have followed the 5 Step process to the letter and run DSS after the first four steps. The contents of file main.txt are listed below and extra.txt is attached as a separate file.

Very much appreciated in advance for your help when you get a chance to review this.

Main.txt
---
Deckard's System Scanner v20071014.68
Run by SJL on 2008-01-30 17:09:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
83: 2008-01-30 22:03:16 UTC - RP661 - Deckard's System Scanner Restore Point
82: 2008-01-30 20:21:50 UTC - RP660 - System Checkpoint
81: 2008-01-29 18:59:32 UTC - RP659 - System Checkpoint
80: 2008-01-28 18:34:48 UTC - RP658 - Installed Microsoft Office Live Meeting 2007
79... Read more

Read other answers
RELEVANCY SCORE 78.8

I'm not sure what this is in Windows Update [and this seems to be greyed out itself too], but how is it possible to have no results in Google on this KB that's in Windows Update?

I also clicked on the "more information" for the Microsoft Knowledge Base, but nothing came up there either.

A:A "non-existent" Windows update ("KB3024777") even Google can't find

Also note that it can't be unchecked/deselected.

Edit: It seems this update removes kb3004394 and vanish without a trace (except in History).
Neither seems to be available in the uninstall list afterwards.

Read other 9 answers
RELEVANCY SCORE 78.8

"WindowsUpdate_00009C48" "WindowsUpdate_dt000" does anyone know how to fix those errors? cant find any info on those. please help? SOMEBODY HEEELP ME

Read other answers
RELEVANCY SCORE 78.8

I have searched all over the web and cannot seem to find a solution to the problem I recently started having with my computer. (Although I have found plenty of people claiming to have the same problem.) This is on a computer running XP Pro SP3 with an AMD Anthlon II X2 CPU processor: Normally, when I download something - file, pic, etc. - I can left click on the download dropdown box (revealing the downloaded items list), right click on an item and choose "Open containing folder" and the folder I download the item to would open. (I choose where downloads go, not the My Docs Download folder.) Now, nothing happens when I choose "Open containing folder". At first I thought it was a Firefox problem since that is the browser I usually use so I did a ?refresh? but that did not correct the problem. Then I realized it was also happening with Chrome, so that ruled out a browser setting causing the problem. (I have IE but never use it.) If what I have downloaded uses a program, double clicking on the file in the dropbox still opens the correct program normally.

More investigating revealed that right clicking on a program icon on my desktop and choosing "Find target" was also not working ? nothing happens. (Normally the program folder would open with the .exe file highlighted.) I have to think both problems are caused by the same malfunction. Windows Explorer is functioning normally and I can locate the folders and files manually.

Thinking that... Read more

Read other answers
RELEVANCY SCORE 78.8

I have followed pre-steps. My computer is running Win 98 (don't ask why), and when I went to Windows update page I got a message saying that the updates page was for Windows not Mac users? Many pop-ups are saying that they are from Drive Cleaner, but Drive Cleaner search programs haven't helped. Many thanks for any who can provide help cause I'm gettin' lotsa lotsa pop ups. Phil

Panda Soft and Hijack This logs attached.

Logfile of HijackThis v1.99.1
Scan saved at 7:17:19 PM, on 3/20/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\KEM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\MEMOREX\TRAVELDRIVE003C\UFDSE98.EXE
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGR... Read more

A:"Drive Cleaner" "Oinadserver" and Misc popups

Quote:





Originally Posted by Iguana07


I have followed pre-steps. My computer is running Win 98 (don't ask why), and when I went to Windows update page I got a message saying that the updates page was for Windows not Mac users? Many pop-ups are saying that they are from Drive Cleaner, but Drive Cleaner search programs haven't helped. Many thanks for any who can provide help cause I'm gettin' lotsa lotsa pop ups. Phil

Panda Soft and Hijack This logs attached.

Logfile of HijackThis v1.99.1
Scan saved at 7:17:19 PM, on 3/20/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\KEM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\MEMOREX\TRAV... Read more

Read other 5 answers
RELEVANCY SCORE 78.8

Hi Guys,

Having problems (see title). I have seen a few more threads about this so I guess it is a common problem?

Anyway, my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:56:12 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\cvpnd.exe
C:\WINDOWS\system32\kjmmprsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\VC9SecS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Virtual CD v9\System\VC9Play.exe
D:\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\lsass3.exe
C:\Program Files\Virtual CD v9\System\VC9Tray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
D:\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program File... Read more

A:Help removing popups ("Errorsafe", "SystemDoctor", and various other crap)

Read other 10 answers
RELEVANCY SCORE 78

May I know is it possible to show domain user's "Display Name" instead of "User Logon Name" as owner in print queue? Our company's domain using generic "User Logon Name", i.e. 001, 002, 003 and so on, each "User Logon Name" will have personalized "Display Name", e.g. Mary, John etc., but a problem is when a print job printed by a user is hold in the print queue of a network printer, other users won't know who is it (the owner of the print job may shown as 001, 002 etc.) and so not able to ask that user to remove the print job. Any ideas? Thanks a lot!
 

Read other answers
RELEVANCY SCORE 78

Hello,
We have strange problem with our one Windows 7 Pro machine. We have few users, that have set option (Logon to) to login on specified computers - for example pc1 and pc2.
These users are accessing these PC's via RDP. The problem is, that on "pc2" machine, none of users can't login via RDP to it. They can login locally, but not via RDP (they have all permissions to logon via RDP). "pc1" is working flawlessly
(users can login both locally and via RDP).

The funniest thing about it is that, when users have "logon to" option set to "pc1" and "pc2" - they
can't access "pc2".
BUT... if we set "Logon to" option to "All computers" - they can easilly access it.

Read other answers
RELEVANCY SCORE 77.6

I downloaded a Weather program, and my Antivirus program found a Trojan in the program.
It got rid of the virus, but now every time I boot or reboot I get a message "C:\WINDOWS cannot find "weathersetup.exe" ". I have tried everything I could think of, but cannot get rid of the system trying to load this.
Any help would be appreciated.
 

A:Solved: "Startup" problem (cannot find "Weathersetup.exe").

Read other 16 answers
RELEVANCY SCORE 77.6

I want to have my folders such as My Documents, Downloads, etc stored on a separate data partition to the OS, like many people do.  When you go to the properties of the (original) folder and click on the Location tab, what is the difference between
using the Move button and the Find Target button?  Is one recommended to achieve this over the other?
I haven't seemed to find the answer after some time searching, and didn't want to do anything irreversible.
Thanks.

A:"Move" Username/folders or "Find Target..."

Matt
 
It’s perfectly safe to use ‘Move’ to move the Documents folder to a different location. Navigate to the folder, then right-click it > Properties
> Location Tab > Move, select a Destination and follow the prompts. The location can be restored by choosing Restore Default.

Read other 2 answers
RELEVANCY SCORE 77.6

Loads of laptops have been flowing in advertising resolutions of 3200x1800 (QHD+) and 3840x2160 (4K), seemingly ushering in the new era of Retina-class displays. Sounds nice, right? However, it is important to know that, in many of these cases, these advertised resolutions are not a complete truth.
The "4K Ultra HD 3840x2160" display offered with the Inspiron 15.6" models uses the RG/BW Pentile matrix, a deceptive trick that enables manufacturers to produce a display that can be advertised as a particular resolution, without actually providing the full detail of the resolution. The specs page says 3840x2160, your display control panel says 3840x2160, but the actual display doesn't enough dots to properly display that resolution, so it has to be downsampled. These displays tend to produce fuzzy text, and they lose detail on anything zoomed less than 200%.
Displays like this are not competitive with Macbook Retina displays or other high-resolution displays, and have lower actual pixel density than the 2560x1440 (QHD) and 2880x1620 (3K) resolution displays that are available in other laptops, which don't even require as much graphics processing power to handle. Heck, they're worse quality than some of the normal 1080p IPS displays they're supposed to be an upgrade from, when it comes to color and contrast.
What Dell should have done: Dell should have used a 3K(2880x1620) resolution display in the Inspiron if they did not wa... Read more

Read other answers
RELEVANCY SCORE 76.8

In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds".

Any thoughts as to how to change this?
 

A:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

Read other 16 answers
RELEVANCY SCORE 75.6

The two main malware items I think I have. I've already assumed I will do a total C: delete and re-install. I've tried lots of things in safemode, etc. with Spybot, Malwarebytes, a Norten scanner, etc. either directly running or downloading/renaming, or by downloading on another computer and using memory stick to transfer. Nothing stays launched, runs nor completes.

What a pain in the butt. I use AVG and whatever it did jumped right through in no time.......I've read lots of posts in cnet, pctools, a few here, etc.

What a mess.

Some people have way to much free time......maybe they ought to get a job somehow using these skills...they'd make a mint.

Pete
 

A:"Total Security" and "Antivirus Pro 2010"

simpler to just reformat the whole computer
 

Read other 1 answers
RELEVANCY SCORE 75.6

I am running Windows XP SP3, fully updated, on an Acer lap top PC.

I have several folders full of .mp3's and want to see the bit rate and duration. To do this I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

The two new columns appear, but the format of the "Duration" column appears to be "hours:minutes", so I see "00:04" or "00:03" for most .mp3's, when what I want to see is 'hours:minutes:seconds", e.g. "00:03:45".

This also happens for video files (.avi files), e.g. all my episodes of "Heroes" (sad, I know) have a duration of "00:42" instead of "00:42:xx".


Here are two pictures showing the problem with the .mp3's. The first is of Explorer showing the Duration as "Hours:Minutes":




The second picture is of the properties window of the first .mp3 in the list above:




I copied some .mp3 files to another (old) PC on my home network, and it displayed the duration field correctly:




Also, the properties window correctly shows the duration also:





I'm not the only person to have this problem. I received a private message from a member of another forum where I posted about this problem several weeks ago. That person also has the same problem with the duration field.

The tech guys on that forum were unable to find the source... Read more

A:Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

* bump *

Tricky, this one!

Read other 8 answers
RELEVANCY SCORE 75.6

I have had this problem numerous times in the past where the installation proceeds then ends with the messages:

During the installation of the device.
The system cannot find the file specified
and it goes into a detection loop

HERE is the solution:

Windows 2000/XP has a bug that it cannot properly detect new hardware by *.inf files, if the RunOnce registry key is missing for the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

This key is often used by installers to execute post-reboot programs, but sometimes they accidentally delete this key.

IMPORTANT: This article contains information about modifying the registry. Make sure that you understand how to backup and restore the registry, in case a problem occurs. Please read the linked Microsoft Knowledge Base article prior to editing the registry.
Go to Start Run and enter "regedit."

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

With CurrentVersion Highlighted, go to the Edit menu and select New Key

Name the key RunOnce, leaving everything else about the key alone.

The RunOnce key should now exist underneath the CurrentVersion key.
Once the key exists, Windows 2000/XP stops redetecting the Hardware
 

A:"cannot find the file specified" "during the installation of the device."

Read other 16 answers
RELEVANCY SCORE 75.6

Well, I can't locate just "find" in Google Docs....."find and replace," no problem. But I use "find" all the time because I'll be working in multiple docs/versions/etc, and I will often need to find a certain section or part or whatever. In Word this of course is easy. Googling this just finds references to find and replace. Help?
 

Read other answers
RELEVANCY SCORE 75.6

Hi!

Yeah so i've been searching some hours now for how to make my desktop look like this:
I don't care about the taskbar style, all i want is my desktop to look like that when i minimize everything, the clock and all! I think it's a really sexy look! I found the picture in an old thread on a forum and the user doesnt go there anymore. Im hoping someone here might have a clue!
I don't have any prior experience with this sorta stuff so im really clueless!

Thanks in advance!!

A:Trying to find this "theme" or "skin" or whatever to call it!

hi Lekandesanden, and welcome to sevenforums,

the clock and system information on the desktop looks like rainmeter.

i don't know which specific skin it is though...

looks like the screenshot originally came from here.

maybe you could try joining that forum and asking the OP - even though the post was nearly 2 years ago...

Read other 2 answers