Windows Support Forum

"Warning! Spyware detected on your computer" Desktop Bug

Q: "Warning! Spyware detected on your computer" Desktop Bug

Hello I recently was infected with some sort of virus spyware that changed my desktop indefinitely I am unable to change the desktop back and I'm assuming that the virus may be causing other issues as well I use the Norton your Desktop Bug detected "Warning! computer" on Spyware Utilities software and it recently cleaned up my registry Right after cleaning the registry this problem arose "Warning! Spyware detected on your computer" Desktop Bug Below is the posted Hijack log Any help would be greatly appreciated Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C WINDOWS system inf rundll exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C WINDOWS system RUNDLL EXE C Program Files Messenger msmsgs exe C Program Files Viewpoint Common ViewpointService exe C Program Files Linksys Wireless-G PCI Wireless Network Monitor WLService exe C Program Files Linksys Wireless-G PCI Wireless Network Monitor WMP Gv exe C WINDOWS system wscntfy exe C WINDOWS System alg exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Documents and Settings Andrew Thomas Local Settings Application Data Google Update GoogleUpdate exe C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings Andrew Thomas Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Andrew Thomas Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Andrew Thomas Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Andrew Thomas Local Settings Application Data Google Chrome Application chrome exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS System wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AIM Toolbar aoltb dll R - URLSearchHook AOLSearchHook Class - EB EA-E BE- CFD- F F-C A C EAFA - C Program Files AIM Search AOLSearch dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO AOL Search Enhancement - EB EA-E BE- CFD- F F-C A C EAFA - C Program Files AIM Search AOLSearch dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C Program Files AOL AIM Toolbar aoltb dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - BHO Google Dictionary Compression sdch - C D FE-E D- -BB - C E E C E - C Program Files Google Google Toolbar Component fastsearch A FB BD dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar AIM Toolbar - DE C F- - A - B-AA ED D - C Program Files AOL AIM Toolbar aoltb dll O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - Toolbar Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dll O - HKLM Run AudioDeck C Program Files VIA Technologies Inc Audio Deck ADeck exe O - HKLM Run ViewMgr C Program Files Viewpoint Viewpoint Manager ViewMgr exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNC O - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMEName O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNC O - HKLM Run lphcvs j en t C WINDOWS system lphcvs j en t exe O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run AppleSyncNotifier C Program Files Common Files Apple Mobile Device Support bin AppleSyncNotifier exe O - HKLM Run nwiz nwiz exe install O - HKCU Run NortonUtilities C Program Files Norton Utilities nu exe S O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe O - HKCU Run Skype quot C Program Files Skype Phone Skype exe quot nosplash minimized O - HKCU Run MsnMsgr quot C Program Files MSN Messenger msnmsgr exe quot background O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run Google Update quot C Documents and Settings Andrew Thomas Local Settings Application Data Google Update GoogleUpdate exe quot c O - HKCU Run Google Desktop Search quot C Program Files Google Google Desktop Search GoogleDesktop exe quot startup O - HKLM Policies Explorer Run xccinit C WINDOWS system inf rundll exe C WINDOWS xccdf a dll xccd O - HKUS S- - - Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot background User 'SYSTEM' O - HKUS DEFAULT Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot background User 'Default user' O - Extra context menu item amp AIM Search - c program files aol aim toolbar resources en-US local search html O - Extra context menu item amp Windows Live Search - res C Program Files Windows Live Toolbar msntb dll search htm O - Extra context menu item Add to Google Photos Screensa amp ver - res C WINDOWS system GPhotos scr O - Extra context menu item Add to Windows amp Live Favorites - http favorites live com quickadd aspx O - Extra context menu item Open in new background tab - res C Program Files Windows Live Toolbar Components en-us msntabres dll mui bc d d c b a c cd a O - Extra context menu item Open in new foreground tab - res C Program Files Windows Live Toolbar Components en-us msntabres dll mui bc d d c b a c cd a O - Extra button AIM Toolbar - AF D- E - bda- -B C B - C Program Files AOL AIM Toolbar aoltb dll O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra 'Tools' menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Plugin for spop C Program Files Internet Explorer Plugins NPDocBox dll O - DPF -C A- E-A -C C BBF Windows Genuine Advantage Validation Tool - http go microsoft com fwlink linkid O - DPF E D -B - d-BC - AFFED E E System Requirements Lab - http www nvidia com content Driver sysreqlab cab O - DPF D ED D- C - B- AE- D FDC FB ActiveScan Installer Class - http acs pandasoftware com actives as stubie cab O - DPF E A- D- EE - C-DC FA D FC MUWebControl Class - http update microsoft com microsof O - Protocol skype com - FFC B - B - DFF- - C DD F D - C PROGRA COMMON Skype SKYPE DLL O - Filter x-sdch - B - EEC- C E-B F -B FE E - C Program Files Google Google Toolbar Component fastsearch A FB BD dll O - Service Apple Mobile Device - Apple Inc - C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe O - Service Bonjour Service - Apple Inc - C Program Files Bonjour mDNSResponder exe O - Service Google Software Updater gusvc - Google - C Program Files Google Common Google Updater GoogleUpdaterService exe O - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exe O - Service iPod Service - Apple Inc - C Program Files iPod bin iPodService exe O - Service Java Quick Starter JavaQuickStarterService - Sun Microsystems Inc - C Program Files Java jre bin jqs exe O - Service NVIDIA Display Driver Service NVSvc - NVIDIA Corporation - C WINDOWS system nvsvc exe O - Service Remote Packet Capture Protocol v experimental rpcapd - CACE Technologies - C Program Files WinPcap rpcapd exe O - Service Viewpoint Manager Service - Viewpoint Corporation - C Program Files Viewpoint Common ViewpointService exe O - Service WMP Gv SVC - GEMTEKS - C Program Files Linksys Wireless-G PCI Wireless Network Monitor WLService exe -- End of file - bytes

Relevancy 100%
Preferred Solution: "Warning! Spyware detected on your computer" Desktop Bug

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: "Warning! Spyware detected on your computer" Desktop Bug

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/warning-spyware-detected-on-your-computer-desktop-bug-383626.html
Relevancy 102.92%

Need help to fix My CA spyware won't get rid of it Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system LEXBCES EXE C Program Files CA SharedComponents HIPSEngine UmxCfg exe C WINDOWS system LEXPPS EXE C Program Files CA SharedComponents HIPSEngine UmxFwHlp Blue saying detected HELP!! Desktop computer" on your Spyware with screen "Warning exe C WINDOWS system spoolsv exe C Program Files CA SharedComponents HIPSEngine UmxPol exe C Program Files CA SharedComponents HIPSEngine UmxAgent exe C Program Files CA CA Internet Security Suite CA Anti-Virus ISafe exe C WINDOWS system CTSvcCDA EXE C WINDOWS eHome HELP!! Desktop saying "Warning Spyware detected on your computer" with Blue screen ehRecvr exe C WINDOWS eHome ehSched exe C Program Files CA SharedComponents PPRT bin ITMRTSVC exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files CA CA Internet Security Suite CA Anti-Virus VetMsg exe C WINDOWS HELP!! Desktop saying "Warning Spyware detected on your computer" with Blue screen system MsPMSPSv exe C WINDOWS system dllhost exe C WINDOWS Explorer EXE C Program Files CA CA Internet Security Suite CA Personal Firewall capfsem exe C Program Files Dell QuickSet quickset exe C Program Files CA CA Internet Security Suite cctray cctray exe C Program Files CA CA Internet Security Suite CA Anti-Spam QSP- QOELoader HELP!! Desktop saying "Warning Spyware detected on your computer" with Blue screen exe C Program Files CA CA Internet Security Suite CA Anti-Virus CAVRID exe C Program Files CA CA Internet Security Suite CA Personal Firewall capfasem exe C WINDOWS stsystra exe C WINDOWS system lphcpl j e exe C WINDOWS system ctfmon exe C Program Files Creative Shared Files Media Sniffer MtdAcq EXE C Program Files CA CA Internet Security Suite ccprovsp exe C Program Files CA CA Internet Security Suite CA Anti-Spyware CAPPActiveProtection exe C Program Files CA CA Internet Security Suite CA Anti-Spyware PPCtlPriv exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www google com ig dell hl en amp us amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Search Default Page URL http www google com ig dell hl en amp us amp ibd R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - D -A - EEA- -F B C - C WINDOWS system ssqPjJaX dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - HKLM Run Dell QuickSet C Program Files Dell QuickSet quickset exe O - HKLM Run cctray quot C Program Files CA CA Internet Security Suite cctray cctray exe quot O - HKLM Run QOELOADER quot C Program Files CA CA Internet Security Suite CA Anti-Spam QSP- QOELoader exe quot O - HKLM Run CAVRID quot C Program Files ... Read more

http://www.techsupportforum.com/forums/f284/help-desktop-saying-warning-spyware-detected-on-your-computer-with-blue-screen-272268.html
Relevancy 102.92%

I downloaded a virus yesterday Detected Computer" On "Warning! Spyware Your Desktop Image Virus - trying to open a video of the opening ceremony of the Olympics I do not remember the exact URL The virus was disguised as a video codec for Windows Mediaplayer Desktop Image Virus - "Warning! Spyware Detected On Your Computer" After Desktop Image Virus - "Warning! Spyware Detected On Your Computer" I downloaded the file a blue screen with a warning in a yellow box replaced my desktop image The warning says quot Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer quot I have tried to remove it with McAfee Antivirus and with a Virus Removal tool I got from my University but neither of these was able to remove the program Can you help me I attached the two log files below If you need any additional information please let me know Thanks Active Scan Log ANALYSIS - - PROTECTIONS MALWARE SUSPECTS PROTECTIONS Description Version Active Updated McAfee VirusScan Enterprise No Yes MALWARE Id Description Type Active Severity Disinfectable Disinfected Location Cookie Traffic Marketplace TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton trafficmp txt Cookie Casalemedia TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton casalemedia txt Cookie Doubleclick TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton doubleclick txt Cookie Atlas DMT TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton atdmt txt Cookie RealMedia TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton realmedia txt Cookie FastClick TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton fastclick txt Cookie Tribalfusion TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton tribalfusion txt Cookie Mediaplex TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton mediaplex txt Cookie Linksynergy TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton linksynergy txt Cookie Clickbank TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton clickbank txt Cookie Yadro TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton yadro txt Cookie Statcounter TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton statcounter txt Cookie Hitslink TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton counter hitslink txt Cookie YieldManager TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton ad yieldmanager txt Cookie Apmebf TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton apmebf txt Cookie BurstNet TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton burstnet txt Cookie Serving-sys TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton serving-sys txt Cookie Serving-sys TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton bs serving-sys txt Cookie BurstBeacon TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton www burstbeacon txt Cookie Adrevolver TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton media adrevolver txt Cookie WebtrendsLive TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton statse webtrendslive txt Cookie PointRoll TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton ads pointroll txt Cookie Overture TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton overture txt Cookie RealMedia TrackingCookie No Yes No C Documents and Settings Linh Melton Cookies linh melton realmedia txt Cookie QuestionMarket TrackingCookie No Yes No C Documents and Settings... Read more

A:Desktop Image Virus - "Warning! Spyware Detected On Your Computer"

Looking over your log, back ASAP.

http://www.techsupportforum.com/forums/f284/desktop-image-virus-warning-spyware-detected-on-your-computer-279381.html
Relevancy 102.92%

Hi My laptop has been infected as a result I am seeing a blue background with a rectangular box in the middle The top half of this box is yellow and says quot Warning Spyware detected on your computer quot The bottom half is on [SOLVED] "Warning! message on your detected desktop Spyware computer..." blue and says quot Install an antivirus or spyware remover [SOLVED] "Warning! Spyware detected on your computer..." message on desktop to clean your computer quot I have run Norton Grisoft and Spy-Bot none of which has removed it This is the Logfile Logfile of [SOLVED] "Warning! Spyware detected on your computer..." message on desktop HijackThis v Scan saved [SOLVED] "Warning! Spyware detected on your computer..." message on desktop at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS SYSTEM winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system spoolsv exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C WINDOWS system HPZipm exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C PROGRA COMMON SYMANT CCPD-LC symlcsvc exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS SYSTEM Ati evxx exe C WINDOWS Explorer EXE C PROGRA Intel Wireless Bin XConfig exe C Program Files Java jre bin jusched exe C Program Files Apoint Apoint exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Dell Media Experience PCMService exe C Program Files Dell QuickSet quickset exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system ctfmon exe C WINDOWS system spool drivers w x hpztsb exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files Common Files Real Update OB realsched exe C Program Files Apoint Apntex exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files DellSupport DSAgnt exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Internet Explorer iexplore exe C WINDOWS system wuauclt exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com R - HKCU Software Microsoft Internet Explorer Main Start Page http www cnbc com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C PROGRA COMMON SYMANT IDS IPSBHO dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar amp Google - C B - - d - B - A CD F - c program fil... Read more

A:[SOLVED] "Warning! Spyware detected on your computer..." message on desktop

Welcome to TSF.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/...ervicepack.cab
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll (file missing)

1. Download combofix at http://www.techsupportforum.com/sect...s/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

http://www.techsupportforum.com/forums/f100/solved-and-quot-warning-spyware-detected-on-your-computer-and-quot-message-on-desktop-250438.html
Relevancy 102.61%

Every time I restart my computer the desktop is changed to a blue background with a yellow message reading quot Warning Spyware detected on your computer Install Antivirus or computer." Desktop Spyware your detected on Hijacked "Warning! Spyware Desktop Hijacked "Warning! Spyware detected on your computer." Removal to clean your computer quot My screen saver is Desktop Hijacked "Warning! Spyware detected on your computer." changed to bugs And it also changes the registry key quot HKEY CURRENT USER Software Microsoft Windows CurrentVersion Policies quot so that there is no background or screen saver tab in the display options I have followed the instructions for this problem from other threads to no avail I have rebooted in safe mood Desktop Hijacked "Warning! Spyware detected on your computer." ran smitRem Hijack This Ad Aware AVG Kaspersky Registry Mechanic scan disk and disk clean up All of this and still every time I reboot it comes back up I will include my current Hijack This file Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS System svchost exe C Program Files Analog Devices Core smax pnp exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Roxio Easy Media Creator Drag to Disc DrgToDsc exe C WINDOWS SM BG EXE C Program Files Canon MyPrinter BJMyPrt exe C Program Files ScanSoft OmniPageSE OpwareSE exe C Program Files Java jre bin jusched exe C Program Files Windows Defender MSASCui exe C Program Files Winamp winampa exe C Program Files iTunes iTunesHelper exe C WINDOWS system lphc rfj ea exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files DNA btdna exe C Program Files iPod bin iPodService exe C Program Files Mozilla Firefox firefox exe C Program Files HijackThis HijackThis exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO no name - A-CCDD- B - F -D E E E C - no file O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - D B -D F - FFB-AF -BE - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dll O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run RoxioDragToDisc quot C Program Files Roxio Easy Media Creator Drag to Disc DrgToDsc exe quot O - HKLM Run SM BG C WINDOWS SM BG EXE O - HKLM Run CanonMyPrinter C Program Files Canon MyPrinter BJMyPrt exe logon O - HKLM Run SSBkgdUpdate quot C Program Files Common Files Scansoft Shared SSBkgdUpdate SSBkgdupdate exe quot -Embedding -boot O - HKLM Run OpwareSE quot C Program Files ScanSoft OmniPageSE OpwareSE exe quot O - HKLM Run SunJav... Read more

A:Desktop Hijacked "Warning! Spyware detected on your computer."

It sounds like you have been attacked with malware.

Don't Panic! The HJT Support Team are very proficient with these sorts of things.

With that said, we recommend that you read this article… "IMPORTANT - 5 Step Process: Read This Before Posting For Malware Removal Help"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

After your system has been verified as clean, if your are still experiencing those problems come back here and we will assist you further.

http://www.techsupportforum.com/forums/f10/desktop-hijacked-warning-spyware-detected-on-your-computer-257253.html
Relevancy 102.61%

My father who is very new to internet surfing used my computer while I was away When I came back there is this message shown as a desktop background quot Warning Spyware detected on your computer quot and I could not make any change to the desktop background I suspected it might be some kind of spyware but I could be wrong since my computer always ran ZoneAlarm and AVG in the background I ran Panda ActiveScan and found that the computer is infected The scan result is attached as a desktop message your on Spyware detected on "Warning! computer" text file activescan txt I then ran HiJackThis and below is the result Please suggest what I should do "Warning! Spyware detected on your computer" message on desktop next Thanks in advance ---- Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS system svchost exe C Program Files Common Files Ulead Systems DVD ULCDRSvr exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C Program Files Java jre bin jusched exe C WINDOWS system wscntfy exe C WINDOWS system LVCOMSX EXE C Program Files Common Files Real Update OB realsched exe C WINDOWS system lphc kj er exe C WINDOWS system ctfmon exe C Program Files Eraser Eraser exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS System svchost exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Adobe Adobe Photoshop CS Photoshop exe C DOCUME PT LOCALS Temp Adobelm Cleanup C Program Files Common Files Adobe Systems Shared Service Adobelmsvc exe C DOCUME PT LOCALS Temp Adobelm Cleanup C Program Files Trend Micro HijackThis HijackThis exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO ZoneAlarm Spy Blocker BHO - F D B -DA B- daf- E -DFEE A AA - C Program Files ZoneAlarmSB bar bin SPYBLOCK DLL O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar ZoneAlarm Spy Blocker - F D B -DA B- daf- E -DFEE A AA - C Program Files ZoneAlarmSB bar bin SPYBLOCK DLL O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync quot C WINDOWS system IME TINTLGNT TINTSETP EXE quot SYNC O - HKLM Run PHIME A quot C WINDOWS system IME TINTLGNT TINTSETP EXE quot IMEName O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run LogitechVideoRepair C Program Files Logitech Video ISStart exe O - HKLM Run LVCOMSX C WINDOWS system LVCOMSX EXE O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run lphc kj er C WINDOWS system lphc kj er exe O - HKLM Run SMrhcc kj er C Program Files rhcc kj er rhcc kj er exe O - HKCU Run CTFMON EXE C WINDOWS system ctfmon exe O - HKCU Run Eraser C Program Files Eraser... Read more

A:"Warning! Spyware detected on your computer" message on desktop

please help...

http://www.techsupportforum.com/forums/f100/warning-spyware-detected-on-your-computer-message-on-desktop-284314.html
Relevancy 102.61%

Hi my computer was infected yesterday after I downloaded what I thought was a software update My computer desktop background was changed to a blue background displaying the message quot Warning Spyware detected on computer Install an anti-virus or spy remover to clean you computer quot McAfee detected a trojan and deleted it immediately I then physically desktop detected computer!" "Warning! background on on - Help Spyware disconnected from the internet straight away looked Help - "Warning! Spyware detected on computer!" on desktop background at Help - "Warning! Spyware detected on computer!" on desktop background the task manager deleted the file B E exe that was running from the temp directory The software tried to take me to a bogus website to download their software and this was blocked by firefox I then ran spybot followed by panda activescan and HijackThis the logs are below could any experts help me out here I goggled and found websites that tells you how to remove this manually but not sure if this would be applicable for every computer and the Help - "Warning! Spyware detected on computer!" on desktop background adware may have change since Thanks in advance Panda activescan log ANALYSIS - - PROTECTIONS MALWARE SUSPECTS PROTECTIONS Description Version Active Updated McAfee VirusScan Enterprise No Yes MALWARE Id Description Type Active Severity Disinfectable Disinfected Location Cookie Atlas DMT TrackingCookie No Yes No C Documents and Settings Nic Cookies nic atdmt txt Cookie Tribalfusion TrackingCookie No Yes No C Documents and Settings Nic Cookies nic tribalfusion txt Cookie NewMedia TrackingCookie No Yes No C Documents and Settings Nic Cookies nic anm co txt Cookie Advertising TrackingCookie No Yes No C Documents and Settings Nic Cookies nic advertising txt Cookie QuestionMarket TrackingCookie No Yes No C Documents and Settings Nic Cookies nic questionmarket txt SUSPECTS Sent Location Jm VULNERABILITIES Id Severity Description Jm MEDIUM MS - Jm MEDIUM MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm MEDIUM MS - Jm HIGH MS - Jm MEDIUM MS - Jm HIGH MS - Jm MEDIUM MS - Jm MEDIUM MS - Jm MEDIUM MS - Jm HIGH MS - Jm MEDIUM MS - Jm MEDIUM MS - Jm HIGH MS - Jm MEDIUM MS - Jm HIGH MS - Jm MEDIUM MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm MEDIUM MS - Jm MEDIUM MS - Jm HIGH MS - Jm HIGH MS - Jm MEDIUM MS - Jm HIGH MS - Jm MEDIUM MS - Jm MEDIUM MS - Jm MEDIUM MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm HIGH MS - Jm MEDIUM MS - Jm HijackThis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe c program files common files logishrd lvmvfm LVPrcSrv exe C WINDOWS Explorer EXE C WINDOWS system hkcmd exe C Program Files TOSHIBA E-KEY CeEKey exe C Program Files Apoint K Apoint exe C WINDOWS system TPSMain exe C WINDOWS system ZoomingHook exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C Program Files TOSHIBA Accessibility FnKeyHook exe C Program Files TOSHIBA TME TMERzCtl EXE C WINDOWS AGRSMMSG exe C WINDOWS system TCtrlIOHook exe C Program Files TOSHIBA TouchPad TPTray exe C Program Files Java jre bin jusched exe C Program Files TOSHIBA ConfigFree CFSvcs exe C Program Files Adobe Acrobat Acrobat Acrotray exe C WINDOWS system TPSBattM exe C Program Files McAfee VirusScan Ent... Read more

A:Help - "Warning! Spyware detected on computer!" on desktop background

Hi js200605


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

http://www.techsupportforum.com/forums/f100/help-warning-spyware-detected-on-computer-on-desktop-background-281543.html
Relevancy 102.61%

Hi This morning my laptop suddenly began displaying a quot Warning Spyware detected on your computer quot desktop message I tried running AVG but it did not resolve / computer" Spyware "Warning! detected Agent.AADP on your Generic_c.VCZ - desktop the problem The issue seems to be related to Agent AADP and Generic c VCZ trojans I've followed all "Warning! Spyware detected on your computer" desktop - Agent.AADP / Generic_c.VCZ five steps of the tutorial My HijackThis log is as follows Logfile of Trend Micro HijackThis v Scan saved at "Warning! Spyware detected on your computer" desktop - Agent.AADP / Generic_c.VCZ PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Dell Network Assistant hnm svc exe C WINDOWS system nvsvc exe C WINDOWS Explorer EXE C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS system svchost exe C PROGRA AVG AVG avgrsx exe C Program Files Canon CAL CALMAIN exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system rundll exe C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C WINDOWS system WLTRAY exe C Program Files Dell QuickSet quickset exe C WINDOWS stsystra exe C WINDOWS system KADxMain exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe C Program Files Roxio Drag-to-Disc DrgToDsc exe C Program Files Dell MediaDirect PCMService exe C Program Files iTunes iTunesHelper exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Dell Support Center bin sprtcmd exe C PROGRA AVG AVG avgtray exe C Program Files DellSupport DSAgnt exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Dell Network Assistant ezi hnm exe C Program Files Digital Line Detect DLG exe C Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exe C WINDOWS System svchost exe C Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www google com ig dell hl en amp us amp ibd R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL http www google com ig dell hl en amp us amp ibd R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C Program Files Dell BAE BAE dll O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvS... Read more

A:"Warning! Spyware detected on your computer" desktop - Agent.AADP / Generic_c.VCZ

Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please perform the following:Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

http://www.techsupportforum.com/forums/f100/warning-spyware-detected-on-your-computer-desktop-agent-aadp-generic_c-vcz-290182.html
Relevancy 102.3%

HI I am getting a quot warning spyware detected on your computer install an spyware quot on my desktop wallpaper since past two days I read about a similar problem on desktop "warning computer detected on your a an spyware spyware.." Getting on install this forum Thanks in advance for your help I ran SUPER Anti spyware then ran combofix and then HJT I ll post the logs in that order Right now the message has gone but I guess its still not fixed SUPERAntiSpyware Scan Log http www superantispyware com Generated at PM Application Version Core Rules Database Version Trace Rules Database Version Scan type Complete Scan Total Scan Time Memory items scanned Memory threats detected Registry Getting a "warning spyware detected on your computer install an spyware.." on desktop items scanned Registry threats detected File items scanned File threats detected Rogue Dropper Gen C WINDOWS SYSTEM LPHC Q J EV EXE C WINDOWS SYSTEM LPHC Q J EV EXE lphc q j ev C WINDOWS SYSTEM LPHC Q J EV EXE NotHarmful Sysinternals Bluescreen Screen Saver C WINDOWS SYSTEM BLPHC Q J EV SCR C WINDOWS SYSTEM BLPHC Q J EV SCR C WINDOWS Prefetch BLPHC Q J EV SCR- A pf Adware Tracking Cookie C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected Getting a "warning spyware detected on your computer install an spyware.." on desktop txt Getting a "warning spyware detected on your computer install an spyware.." on desktop C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Documents and Settings Jazz Cookies email protected txt C Document... Read more

A:Getting a "warning spyware detected on your computer install an spyware.." on desktop

https://forums.techguy.org/threads/getting-a-warning-spyware-detected-on-your-computer-install-an-spyware-on-desktop.730247/
Relevancy 102.3%

I am running Windows XP with SP installed Today my desktop background suddenly changed to a bright blue with a dialog box stating quot Windows Warning Message quot at the top and which had on a bright red field the words quot Warning Spyware Detected on your Computer quot At the bottom of the box it said quot Please activate your antivirus software to Clean your computer quot sic I've gone through the quot steps before posting a log quot on this forum and the only step I could not complete was the Panda Activescan About of the way through the scan I crashed to a blue screen indicating a quot software failure quot The machine then automatically rebooted I completed the remaining steps My Hijack This log is as follows Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C WINDOWS system bgsvcgen exe C Program Files Common Spyware on "Warning! Computer!" on your the Detected desktop Files LightScribe LSSrvc exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS system "Warning! Spyware Detected on your Computer!" on the desktop wscntfy exe C "Warning! Spyware Detected on your Computer!" on the desktop WINDOWS Explorer EXE C Program Files QuickTime qttask exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C WINDOWS system wuauclt exe C Documents and Settings Administrator Desktop HiJackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www visionman com O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot "Warning! Spyware Detected on your Computer!" on the desktop -atboottime O - HKLM Run NeroFilterCheck C Program Files Common Files Ahead Lib NeroCheck exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKCU Run SUPERAntiSpyware C Program Files SUPERAntiSpyware SUPERAntiSpyware exe O - DPF D ED D- C - B- AE- D FDC FB ActiveScan Installer Class - http acs pandasoftware com actives as stubie cab O - Winlogon Notify SASWinLogon - C Program Files SUPERAntiSpyware SASWINLO dll O - Service Lavasoft Ad-Aware Service aawservice - Lavasoft - C Program Files Lavasoft Ad-Aware aawservice exe O - Service B's Recorder GOLD Library General Service bgsvcgen - B H A Corporation - C WINDOWS system bgsvcgen exe O - Service Google Updater Service gusvc - Google - C Program Files Google Common Google Updater GoogleUpdaterService exe O - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exe O - Service LightScribeService Direct Disc Labeling Service LightScribeService - Hewlett-Packard Company - C Program Files Common Files LightScribe LSSrvc exe O - Service NVIDIA Display Driver Service NVSvc - NVIDIA Corporation - C WINDOWS system nvsvc exe O - Service Pml Driver HPZ - HP - C WINDOWS system HPZipm exe -- End of file - bytes Thank you for any help you may be able to provide

Relevancy 97.34%

I have run webroot antivirus with antispyware several times Every time I do it finds the same virus sometimes others with similar names This is from the latest scan Mal EncPk-CZ Troj FakeAle-FK and some cookies However often I quarantine them they reappear on the next scan and I also can't get the desktop to go back to its normal appearance it's gone white with a big warning as above and refers to win adware virtumonde win privacyremover M having been detected on my computer I have gone through the steps This is the active scan log ANALYSIS - - PROTECTIONS MALWARE SUSPECTS PROTECTIONS Description Version Active Updated Webroot AntiVirus with AntiSpyware Yes Yes MALWARE Id Description Type Active Severity Disinfectable Disinfected Location Cookie Doubleclick TrackingCookie "Warning! Can't your on get detected rid and "Troj/FakeAle-FK" Spyware of Computer!" No Yes No C Documents and Settings AM Cookies am doubleclick txt Cookie FastClick TrackingCookie No Yes No C Documents and Settings AM Cookies am fastclick txt Cookie Tribalfusion TrackingCookie No Yes No C Documents and Settings AM Cookies am tribalfusion txt Cookie Mediaplex TrackingCookie No Yes No C Documents and Settings AM Cookies am mediaplex txt Cookie Xiti TrackingCookie No Yes No C Documents and Settings AM Cookies am xiti txt Cookie Statcounter TrackingCookie No Yes No C Documents and Settings AM Cookies am statcounter txt Cookie YieldManager TrackingCookie No Yes No C Documents and Settings AM Cookies am ad yieldmanager txt Cookie Apmebf TrackingCookie No Yes No C Documents and Settings AM Cookies am apmebf txt Cookie Advertising TrackingCookie No Yes No C Documents and Settings AM Cookies am advertising txt Cookie Smartadserver TrackingCookie No Yes No C Documents and Settings AM Cookies am smartadserver txt Exploit LoadPdf HackTools No Yes No personal folders junk e-mail credit report debt Can't get rid of "Troj/FakeAle-FK" and "Warning! Spyware detected on your Computer!" pdf Trj Spammer ADX Virus Trojan No Yes No archive folders deleted items you have card ecard zip eCard scr Trj Sinowal VRR Virus Trojan No Yes No personal folders deleted items tracking n fedx-retr zip Fedx-retr exe SUSPECTS Sent Location No C i GTDownDE ocx VULNERABILITIES Id Severity Description And this is the hijack this log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Java j re bin jusched exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Dell QuickSet quickset exe C Program Files Apoint Apoint exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Dell Media Experience DMXLauncher exe C WINDOWS system dla tfswctrl exe C PROGRA Intel Wireless Bin XConfig exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Apoint Apntex exe C Program Files Symantec Norton Ghost Agent GhostTray exe C Program Files Dell Photo AIO Printer dlbxmon exe C WINDOWS system lphc nvj e f exe C Program Files Webroot Desktop Firewall WDF exe C Program Files Webroot Spy Sweeper SpySweeperUI exe C Program Files Skype Phone Skype exe C WINDOWS system ctfmon exe C Program Files DellSupport DSAgnt exe C Program Files Windows Media Player WMPNSCFG exe C Program Files Bin... Read more

A:Can't get rid of "Troj/FakeAle-FK" and "Warning! Spyware detected on your Computer!"

Hi Henry


Disable SpySweeper's realtime protection. Open Spysweeper and click on Options
Choose Program Options and uncheck
load at windows
startup
.
On the left click
shields
and then uncheck everything.
Uncheck
home page shield
.
Uncheck
automatically restore default without notification
.
Exit the program.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

http://www.techsupportforum.com/forums/f100/cant-get-rid-of-troj-fakeale-fk-and-warning-spyware-detected-on-your-computer-283408.html
Relevancy 93.93%

Hi I downloaded some kind of malware on and found detected..." Spyware desktop "Warning! hijacked this site through Google I saw that you were able to help some others with this same problem My desktop was hijacked and now only "Warning! Spyware detected..." hijacked desktop shows a blue screen with a yellow box in the middle that says quot Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your system quot I also do not have a screensaver anymore Instead when my computer would normally go into a screensaver it shows a blue screen instead The first couple of times I thought it really was a blue screen of death but learned that if I hit enter the blue screen will disappear I've done the steps already and even though several trojans have been identified this particular problem has not been resolved I would sincerely appreciate your help I have the log from the panda scan and from an Ad Aware scan I did before the Panda scan both of which I can post if either can be of use I am attaching the extra txt file from DSS I forget which scan program identified this but one program highlighted c windows system phcedtj ejbe bmp as a suspicious file that it was unable to delete Maybe that's a starting point Again I thank you for any assistance you can give This is the main txt from DSS Deckard's System Scanner v Run by Owner on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Software Distribution Service - - UTC - RP - Software Distribution Service - - UTC - RP - Installed Ad-Aware - - UTC - RP - Restore Operation -- First Restore Point -- - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup Total Physical Memory MiB MiB recommended -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode Normal Running processes C WINDOWS system smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS explorer exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Webroot Spy Sweeper SpySweeper exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files QuickTime qttask exe C Program Files HPQ Quick Launch Buttons eabservr exe C Program Files Java jre bin jusched exe C Program Files HPQ HP Wireless Assistant HP Wireless Assistant exe C Program Files Hp HP Software Update hpwuSchd exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files HPQ shared hpqwmi exe C Program Files Messenger msmsgs exe C Program Files Google Google Desktop Search GoogleDesktop exe C WINDOWS system ctfmon exe C Program Files Stardock ObjectDock ObjectDock exe C WINDOWS system wscntfy exe C Documents and Settings Owner Desktop dss exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http www google com ie R - HKCU Software Microsoft Internet Explorer Main Search Page http www google com R - HKCU Software Microsoft Internet Explorer Main Start Page http www google com R - HKCU Software Microsoft Internet Explorer SearchURL Default http www google com keyword s R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fw... Read more

A:"Warning! Spyware detected..." hijacked desktop

Hello and welcome.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

For Windows XP Service Pack 3, you may use the Recovery Console package for Windows XP Professional Service Pack 2.

http://www.microsoft.com/downloads/d...displaylang=en

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

If you have any questions along the way, STOP and ask them before proceeding.

http://www.techsupportforum.com/forums/f100/warning-spyware-detected-hijacked-desktop-274101.html
Relevancy 93.93%

This message is on the center of my desktop whenever the computer's started and stays there The top of the box is yellow and says in black text quot Warning Spyware detected on your computer quot The bottom is blue with white text and says quot Install desktop on message Spyware detected" "Warning! an antivirus or spyware remover to clean your computer quot I ran Spybot it found nothing I cannot run Ad-Watch "Warning! Spyware detected" message on desktop the program starts and then immediately closes as well so I assume that whatever's going on "Warning! Spyware detected" message on desktop is attempting to block real quot ad removal quot programs Plus now my computer is unstable it's about as bad as a two legged table in an earthquake I was getting blue screens while doing the online Panda Activescan the errors were something like Panic something Haha sorry I was trying to get some sleep while it was scanning and my half-awake self forgot to write down what was said Anyhow here's the goods "Warning! Spyware detected" message on desktop from the two logs Hijackthis Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C Program Files Microsoft IntelliPoint ipoint exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS System alg exe C Program Files Mozilla Firefox firefox exe C Program Files Winamp winamp exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Bar http google icq com search search frame php R - HKCU Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO no name - D -C F - efb- B - ECA - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - Toolbar HP view - B E - D D- DEB- B - D BCF F - c Program Files HP Digital Imaging bin HPDTLK dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint ipoint exe quot O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe auto O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MI Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra... Read more

Relevancy 90.83%

Hi Yesterday Virus- to your Background detected "Warning! changed Spyware computer!" on I got a virus which changed the background of my Windows XP to a blue background with the message quot Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer quot Also my screensaver has been changed to a fake BSOD and then the Windows startup screen which is highly irritating Virus- Background changed to "Warning! Spyware detected on your computer!" On top of this I am being bombarded Virus- Background changed to "Warning! Spyware detected on your computer!" with pop ups and redirections when using the internet Here is a copy of my HijackThis log Running processes C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE C WINDOWS Explorer EXE C PROGRA COMMON AOL ACS AOLACSD EXE C PROGRA TALKTA backweb Program SERVIC EXE C WINDOWS system svchost exe C Program Files BLUETOOTH Bluetooth Software bin btwdins exe C Program Files TalkTalk Online Security Anti-Virus fsgk st exe C Program Files TalkTalk Online Security Anti-Virus FSGK EXE C Program Files TalkTalk Online Security backweb program fsbwsys exe C Program Files TalkTalk Online Security Common FSMA EXE C Program Files TalkTalk Online Security backweb Program fspex exe C Program Files TalkTalk Online Security Anti-Virus fssm exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files TalkTalk Online Security Common FSMB EXE C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS System nvsvc exe C WINDOWS System svchost exe C Program Files TalkTalk Online Security Common FCH EXE C WINDOWS wanmpsvc exe C Program Files TalkTalk Online Security Common FAMEH EXE C Program Files TalkTalk Online Security Anti-Virus fsrw exe C WINDOWS system SearchIndexer exe C Program Files Logitech Video LogiTray exe C WINDOWS system rundll exe C Program Files TalkTalk Online Security Common FSM EXE C Program Files TalkTalk Online Security Anti-Virus fsav exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system LVComS exe C Program Files TalkTalk Online Security FWES Program fsdfwd exe C Program Files Microsoft Office Office GrooveMonitor exe C PROGRA TALKTA ANTI-S fsaw exe C WINDOWS System alg exe C Program Files Sony Ericsson Mobile Application Launcher Application Launcher exe C WINDOWS system ctfmon exe C Program Files TalkTalk Online Security FSGUI fsguidll exe C Program Files Windows Desktop Search WindowsSearch exe C Program Files Google Google Updater GoogleUpdater exe C WINDOWS System svchost exe C Program Files Common Files Teleca Shared Generic exe C Program Files Sony Ericsson Mobile Mobile Phone Monitor epmworker exe C Program Files Mozilla Firefox firefox exe C Program Files Windows Live Messenger msnmsgr exe C Documents and Settings SAM Desktop HijackThis exe C WINDOWS System wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www supanet com R - HKLM Software Microsoft Internet Explorer Main Search Bar http www supanet com search iepanel R - HKCU Software Microsoft Internet Explorer Main Window Title Supanet Internet Explorer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO no name - CD AE ... Read more

A:Virus- Background changed to "Warning! Spyware detected on your computer!"

Anyone?

http://www.techsupportforum.com/forums/f284/virus-background-changed-to-warning-spyware-detected-on-your-computer-280550.html
Relevancy 90.83%

Earlier this evening I randomly got or pop-up windows that were followed by a blue screen In a panic or something I pressed enter and the blue screen went away Everything closed immediately by itself and then showed my desktop Ever since my background is blue with a yellow box that reads quot Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer quot I background on reads: "Warning! that Blue detected Spyware computer." your haven't noticed any difference in how my computer is running other than the fact that I have no desktop control When I right-click my desktop I can't change my wallpaper or any desktop settings I keep getting blue screens that go away after I press enter although my computer did shut off after I got one of the screens I've read posts relating to this but tried following the steps and things were too different Any help is appreciated Thank you Here is my Hijackthis log Blue background that reads: "Warning! Spyware detected on your computer." Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Safe mode Running processes C WINDOWS System smss exe C WINDOWS SYSTEM winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us Blue background that reads: "Warning! Spyware detected on your computer." rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www emachines com R - URLSearchHook no name - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - B - C - E- - F BDC E - C WINDOWS system bfjwx dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO no name - DC E E - - B C- - E AAE - C Program Files Messenger cekymyp dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - Toolbar Dictionary com - F A-B - D - A- F CF B - no file O - Toolbar WeatherBug Browser Bar - powered by MyWebSearch - EAB C -F EC- b -A BA-D BCAE C - no file O - Toolbar Veoh Browser Plug-in - D - - -A B -AEFAF AB - C Program Files Veoh Networks Veoh Plugins reg VeohToolbar dll O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe auto O - HKLM RunOnce SpybotDeletingA command c del quot C WINDOWS system drivers core cache dsk quot O - HKLM RunOnce SpybotDeletingC cmd c del quot C WINDOWS system drivers core cache dsk quot O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - HKUS S- - - Run MySpaceIM C Program Files MySpace IM MySpaceIM exe User 'SYSTEM' O - HKUS DEFAULT Run MySpaceIM C Program Files MySpace IM MySpaceIM exe User 'Default user' O - Extra context menu item amp AOL Toolbar search - res C Program Files AOL Toolbar toolbar dll SEARCH HTML O - Extra context menu item Copy to Image Visual Photo Favorite - C Program Files Visual Photo image htm O - Extra context menu item Search amp Dictionary - C Program files Lexico Toolbar dictionary htm O - Extra context menu item Search amp Thesaurus - C Program files Lexico Toolbar thesaurus htm O - Extra button no name - B E C - FCB... Read more

A:Blue background that reads: "Warning! Spyware detected on your computer."

Hello, and welcome.

Scans are best run in normal mode unless otherwise instructed.

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

http://www.techsupportforum.com/forums/f284/blue-background-that-reads-warning-spyware-detected-on-your-computer-262768.html
Relevancy 90.83%

I have a similar problem to what I have read from other users in this forum however my desktop has been turned into a white background and the popup has a red background header below the red header in the popup it claims quot computer!" Popup Spyware "Warning! on your New detected version Warning Win Adware Virtumonde Detected on your computer quot and quot Warning Win PrivacyRemover M Detected on your computer quot This began yesterday while I was working online I purchased a cd and installed Webroot Spysweeper but it only found low risk cookies I tried an online trial version of XoftSpySE and it found two trojans Downloader Agent BXW Trojan but it Popup "Warning! Spyware detected on your computer!" New version won't clean them unless I purchase the full version I would but I'm afraid to disclose personal financial info online in order to purchase the full version I did the same thing for quot Registry Fix quot Version but I can't remove the found problems without registering online - I don't want to do that either for fear my personal financial info will be exposed If I Popup "Warning! Spyware detected on your computer!" New version try to open any file folder on my desktop I get a Windows popup that says Windows Explorer has encountered a problem and Popup "Warning! Spyware detected on your computer!" New version needs to close I can open the two or three files on my desktop that are files - not folders - however they are just doc files or similar If I try to access my Control Panel nothing happens MOST IMPORTANT I have read your quot Start Here quot posts and cannot complete some of your instructions If I try to go online to download a version of anti-spyware software I get redirected to another quot search engine quot page or a window comes up asking me to identify what I was trying to search for it opens with a window of phrases in a blurred background I am asked to click on one of the phrases if one of the phrases matches what I was searching for Regardless of many different attempts to get around this it appears as though I can't go to any site for anti-spyware or anti-virus sites I can go to Yahoo and other inoccuous sites but not to places like Lavasoft - I get redirected immediately Somehow I was able to get XoftSpySE and Registry Fix but I can't even get to your site without a new window opening and another site opens that claims to be copyrighted quot www anticipatesavings com quot it lists ten sites for tech support - none of which are yours Also if the laptop is left idle for a few minutes the screen changes to a blue background with a text message across the entire screen that informs me the computer is being closed due to either one of the following quot No more stack IRP locations quot quot Maximum wait objects exceeded quot quot Panic stack switch quot I am running Win XP on an HP Tablet I use Firefox It has a non-functioning version of McAfee that has never been repaired reinstalled In essence other than my firewall I have been running without much protection except for the Windows Defender program Obviously I am very frustrated and would greatly appreciate your help advice Thanks in advance New info I don't know any reason but I can now access my Control Panel and I can get to any file or program that resides on my desktop

A:Popup "Warning! Spyware detected on your computer!" New version

I was given a bootable Kaspersky "rescue" cd today. I ran the disc and, after it did whatever it does, a black screen with a window opened. It was an operational window, so I chose "Scan drive c" and it returned with a message that my computer was at high risk. I clicked the "Fix-it Now", but it said the "databases were out of date" and should be updated. OK... however, there was no button or other mechanism to do this. I removed the cd and rebooted the computer. I am right where I was before.

I cannot go online to any anti-spy or anti-virus sites. It appears as though this virus recognizes those sites and prohibits me from going there. I typically get a messsage that reads, "Unable to connect." with a "Try again" button. I can't even go to this website!! I have to use my wife's computer to login here.

By the way, this is a problem on Firefox or IE. I can go to other sites, though. Yahoo, google, online stores, etc are accessible, but the desktop background is still hijacked and I have the same desktop warning window.

Remember... I can't remove it via any help from an online anti-spy or anti-virus site. If I try to access an anti-spy or antivirus site, I get the response as noted above. Unfortunately, this means I am not able to get past Step Two in your "5 steps before posting a log" thread. I did not find any rogue or suspect programs listed in step one.

It has been 24 hours with no help from anyone here. Can anyone help or point me in some direction?

http://www.techsupportforum.com/forums/f284/popup-warning-spyware-detected-on-your-computer-new-version-284514.html
Relevancy 90.83%

My buddy opened up an email and downloaded some sort of virus malware adware that I cannot get rid of My background on background Blue Spyware detected your computer" "Warning! is blue and there Blue background "Warning! Spyware detected on your computer" s a yellow box that reads quot Warning Spyware detected on your computer Install an anti-virus or spyware remover to clean your computer quot Malwarebyte s and AVG both didn t detect anything and I m out of options If anyone could help it would be GREATLY appreciated Here is my HijackThis log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C Blue background "Warning! Spyware detected on your computer" WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C WINDOWS system bgsvcgen exe C Program Files Bonjour mDNSResponder exe C WINDOWS system dlbxcoms exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS runservice exe C WINDOWS system PnkBstrA exe C WINDOWS System snmp exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgemc exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS eHome ehmsas exe C Program Files Java jre bin jusched exe C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS system dla tfswctrl exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Analog Devices Core smax pnp exe C Program Files iTunes iTunesHelper exe C Program Files Common Files Real Update OB realsched exe C Program Files Winamp winampa exe C WINDOWS system lphcrtwj eva exe C Program Files Logitech MouseWare system em exec exe C PROGRA AVG AVG avgtray exe C WINDOWS system tbctray exe C Program Files Messenger msmsgs exe C Program Files AIM aim exe C Program Files iPod bin iPodService exe C Program Files AIM aolsoftware exe C Program Files Mozilla Firefox firefox exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www comcast com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO ZoneAlarm Spy Blocker BHO - F D B -DA B- daf- E -DFEE A AA - C Program Files ZoneAlarmSB bar bin SPYBLOCK DLL O - Toolbar ZoneAlarm Spy Blocker - F D B -DA B- daf- E -DFEE A AA - C Program Files ZoneAlarmSB bar bin SPYBLOCK DLL O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run dla C WINDOWS system dla tfswctrl exe O - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot r O ... Read more

A:Blue background "Warning! Spyware detected on your computer"

Hi, Welcome to TSG!!
Run HJT again and put a check in the following:

O4 - HKLM\..\Run: [lphcrtwj0eva5] C:\WINDOWS\system32\lphcrtwj0eva5.exe

Close all applications and browser windows before you click "fix checked".

Please download the OTMoveIt2 by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
[b]C:\WINDOWS\system32\lphcrtwj0eva5.exe[/b]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy the entire report and paste it in your next reply with a new hijackthis log.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
 

https://forums.techguy.org/threads/blue-background-warning-spyware-detected-on-your-computer.718301/
Relevancy 90.83%

Please help I am running Windows XP Home Edition SP with McAfee This problem just occurred last night Cannot remove this new quot picture quot from my Spyware background... now "Warning! detected desktops' my on is your computer!" desktop background as the Display Properties options have been limited to the tabs quot theme quot quot appearance quot and quot settings quot Also McAfee wasn t in my taskbar "Warning! Spyware detected on your computer!" is now my desktops' background... as usual is so I had to run it from Start So far it has found nothing My new background image is like this In an orange box quot Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer quot In a white box right below quot Warning Win Adware Virtumonde Detected on your computer quot quot Warning Win PrivacyRemover M Detected on your computer quot On the very bottom the words in the image of a clickable button quot Please activate your antivirus software to Clean your computer quot Here is my Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS Explorer EXE C WINDOWS system svchost exe C WINDOWS system ctfmon exe C WINDOWS System svchost exe C PROGRA McAfee VIRUSS "Warning! Spyware detected on your computer!" is now my desktops' background... mcsysmon exe C Program Files Microsoft "Warning! Spyware detected on your computer!" is now my desktops' background... Money MSMONEY EXE C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Microsoft Office Office WINWORD EXE C Program Files Internet Explorer iexplore exe C Program Files Adobe Acrobat Reader AcroRd exe C WINDOWS TEMP rld B tmp C Program Files McAfee MSC mcshell exe c PROGRA mcafee msc mcuimgr exe C PROGRA McAfee VIRUSS mcods exe c PROGRA mcafee VIRUSS mcvsshld exe c PROGRA mcafee msc mcupdui exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Search Bar http www comcast net toolbar search R - HKCU Software Microsoft Internet Explorer Main Start Page http www fosters com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http www comcast net toolbar search R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Comcast O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO Comcast Toolbar - E BD F- B... Read more

https://forums.techguy.org/threads/warning-spyware-detected-on-your-computer-is-now-my-desktops-background.741905/
Relevancy 90.83%

Hello my name is Devon Spyware blue detected computer!" Wallpaper "Warning! your on and im fairly new to computers so I probably wont understand most quot big computer words quot if you know what I mean Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer That is my wallpaper and I can't change it It's in a yellow box blue "Warning! Spyware detected on your computer!" Wallpaper on a blue background blue "Warning! Spyware detected on your computer!" Wallpaper and in my Desktop Properties theres no wallpaper tab so I cannot change it Screenshot http i tinypic com nveccg jpg Sorry if not allowed I'm sure you've seen it before I have an emachines computer service pack Windows XP I have Avira AntiVir Personal free antivirus and I scanned the systems folder found some viruses and deleted them but still no luck ANY HELP IS VERY MUCH APPRECIATED Mod s Message Please note that this section of the forum is very busy and re-familiarize yourself with the Bumping Rules found in Step of our sticky topic Important - Please Read This Before Posting for Malware Removal Help which you should have read before posting We ask that no one bump a thread before hrs have passed and then only once Premature bump posts will be deleted Thanks for understanding

A:blue "Warning! Spyware detected on your computer!" Wallpaper

wow no help?

http://www.techsupportforum.com/forums/f284/blue-warning-spyware-detected-on-your-computer-wallpaper-272968.html
Relevancy 90.52%

Hello and thanks in advance for helping I am the quot Computer Support Technician quot for my year old very active business and close friend I am actually an EE For his birthday days ago he received a quot greeting card quot and the trouble began First he has had NIS with Live Update on and MS Automatic updates turned on He scans his computer once a week We now have a very computer" Another story "Warning!Spyware on detected your active HD with the Red and White warning box with quot Warning Spyware detected on your computer quot with the Warning Win Adware Virtumonde Detected on your computer along with Win PrivacyRemover M listed ALL in the wallpaper background of course in which you can't access In the Services tab of MSConfig their are two RPC services show one stopped and one running which I can't stop In the task manager processes I see a fairly busy svchost exe taking up percent of the time just under the System Idle process NIS in safe mode found no virus Thus I took over and use a version of AVAST that runs under BART PE on a CD this found two trojans and a bad VBS file which it deleted So now the HD is very busy and the computer slow I can't kill the svchost exe process it wants then to shutdown after seconds I do get blue screens of death but they Another "Warning!Spyware detected on your computer" story are fake as I can hit ESC and they go away I also can't install or uninstall Another "Warning!Spyware detected on your computer" story anything I get a The Windows Installer Service could not be accessed I did find some comments that somewhere that a system policy may have been changed in the registry to prevent the installer from working but changing it didn't seem to make any difference I also can't go online when use cmd and do a ipconfig renew it says the RPC server is not available probably because the bad one is running Thus per your steps Didn't see anything obvious There is a program called Bojour I don't know what it is but I can't uninstall it the Windows Installer is locked out No online scan possible Can't install any new protection at the moment The OS I believe is up to date No log possible I think I need to stop several processes svchost exe winlogin exe at the minimum and I need a way to get back install privledges Your thoughts and again thanks

http://www.techsupportforum.com/forums/f284/another-warning-spyware-detected-on-your-computer-story-282754.html
Relevancy 90.52%

Hi all I recent got the quot Warning quot message on my desktop I know nothing about computer so could you guys help me After reading a recent post I did learn about downloading scaning HijackThis This is what I have so far Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C detected recently on I got "Warning! your the Spyware computer!" WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS I recently got the "Warning! Spyware detected on your computer!" Explorer EXE C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS stsystra exe C Program Files Fasoo DRM fpm exe C Program Files Fasoo DRM fph exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files iTunes iTunesHelper exe C Program Files McAfee com Agent mcagent exe C Program Files SiteAdvisor SiteAdv exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system lphcgbsj e exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C Program Files SiteAdvisor SAService exe C WINDOWS system svchost exe C Program Files Canon CAL CALMAIN exe C Program Files iPod bin iPodService exe C PROGRA MOZILL FIREFOX EXE C WINDOWS system igfxsrvc exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Internet Explorer iexplore exe C Documents and Settings Catherine Kim Local Settings Temporary Internet Files Content IE BSA SR HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www daum net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - FD D- B- FC- - AE - C Program Files SiteAdvisor SiteAdv dll O - BHO e aa - aa- c - f -a ff d e - e d -ff a- f - c -aa aa e - C WINDOWS system qdtqufxx dll file missing O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO McAntiPhishingBHO - C E- F E- D C- F-F BD D CF - c PROGRA mcafee msk mcapbho dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO no name - F ACB C-E - C -AE B- DC B - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - c Program Files BAE BAE dll O - BHO no name - E -FC - -B C - E BC C - C WINDOWS system yayaxww dll file missing O - BHO no name - FF D D - D - -BA C-E F CD CE - C WINDOWS system awtsp dll file missing O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteA... Read more

A:I recently got the "Warning! Spyware detected on your computer!"

Hello and welcome to TSF

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

=======
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached

http://www.techsupportforum.com/forums/f284/i-recently-got-the-warning-spyware-detected-on-your-computer-269112.html
Relevancy 90.52%

Yeah somehow I got this spyware malware and it's nasty computer!" detected "Warning! = Spyware on HAVOC! your I can't get past the blue splash "Warning! Spyware detected on your computer!" = HAVOC! warning screen and even in safe "Warning! Spyware detected on your computer!" = HAVOC! mode my system was crashing after a few minutes requiring a reboot Others seem to have this same problem I see and I did a Hijackthis scan too - however I didn't seem to find the same problem lines in my output that others had so I didn't want to run a Combofix without finding something first Perhaps someone can assist FYI I can only operate this computer in Safe Mode Here is my Hijackthis output Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Safe mode with network support Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS system svchost exe C WINDOWS SYSTEM ZoneLabs vsmon exe C WINDOWS Explorer EXE C WINDOWS system CF exe C ComboFix nircmd com C Program Files Internet Explorer IEXPLORE EXE C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO QXK Olive - D B - BC- FB -A AC-C FDDBE - C WINDOWS mesdxbrqmnx dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar NetXfer - C CBAAC-A C- DB -A DD-CDF CAFCDD A - C Program Files Xi NetXfer NXToolBar dll file missing O - Toolbar vwsrfton - ABA CF - FB- CE-BB D-B D B EC - C WINDOWS vwsrfton dll O - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exe O - HKLM Run Creative WebCam Tray C Program Files Creative Shared Files CAMTRAY EXE O - HKLM Run SunJavaUpdateSched C Program Files Java j re bin jusched exe O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run dla C WINDOWS system dla tfswctrl exe O - HKLM Run PPMemCheck C PROGRA PESTPA PPMemCheck exe O - HKLM Run CookiePatrol C PROGRA PESTPA CookiePatrol exe O - HKLM Run VMware hqtray quot F VMWare Player hqtray exe quot O - HKLM Run ZoneAlarm Client quot C Program Files ZoneAlarm zlclient exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run lphc a j e dl C WINDOWS system lphc a j e dl exe O - HKCU Run mount exe F mount exe z O - HKCU Run hlpsrvgen C WINDOWS system bwvkhwjq exe O - HKLM Policies Explorer Run OWZF xwxxf C Documents and Settings All Users Application Data xmnkhaxu nazgrqve exe O - Startup HotSync Manager lnk C Program Files palmOne HOTSYNC EXE O - Startup Introducing Media Manager lnk C Program Files Common Files Microsoft Shared Media Manager SPLASHA EXE O - Startup Picture Motion Browser Media Check Tool lnk C Program Files Sony Sony Picture Utility VolumeWatcher SPUVolumeWatcher exe O - Global Startup Adobe Gamma Loader lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exe O - Global Startup FlashPath Monitor lnk C Program Files SmartDisk FlashPath sdstat exe O - Global Startup Google Updater lnk C Program Files Google Google Updater GoogleUpdater exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - HKCU Software Policies Microsoft Internet Explorer Control Panel present O - Extra context menu item Download all by NetXfer - C Program Files Xi NetXfer NXAddList html O - Extra con... Read more

http://www.techsupportforum.com/forums/f284/warning-spyware-detected-on-your-computer-havoc-280434.html
Relevancy 90.52%

I'm a newbie first time posting and I've been infected with a Virus It masks itself with a Windows Security Alert Windows Firewall has detected activity of harmful software as the subheading continual pop ups less often now don't know why but perhaps it is more frequent when I'm surfing the internet These pop-ups messages have included Trojan-Spy Win KeyLogger aa Trojan-Spy Win GreenScreen Trojan-Spy HTML BankFraud dq Trojan-Clicke Win Tiny h Trojan-Downloads Win Agentbq Oh also if I do not push control shift escape to get into my Windows Task Manager to end the annoying pop-up process that not too long and I will get a quot blue-screen of death quot that pretty soon corrects to try and boot into windows but then only shows the first inkling of the windows "Warning! on pop problem. your Spyware ups Detected computer!" bar with nothing strobing by and then goes back into a blue screen of death again and then it starts a continuous loop in that fashion I have to restart "Warning! Spyware Detected on your computer!" pop ups problem. my computer Oh also I did try another remedy from a thread somewhere that from vague memory bits here cleared my cookies etc and I think I even had to go boot in safe mode before I did items but I was supposed to have cleared my cookies then and instead had done it before not in that safe mode maybe that is why that solution didn't work I've gone through the steps suggested on these log boards before to post my log below see at the end of this message also to include will be the log from Panda Acive scan below that I think it was step or of the steps to take before posting malware problems I did have a valid reason for looking for a "Warning! Spyware Detected on your computer!" pop ups problem. VLK validation key just prior to my problems on the internet to activate my Windows Home Office and Student software was not activating with original software key as a possible origination of being infected as I've read can be a possibility when you surf those sites I've previously ran SUPERAntiSpyware Free Edition on it to no avail Also tried running my currently running Avast on it to no avail These were prior to reading not to do anything until could consult AND Any help is appreciated I'd have to get it before end of tomorrow SAT as I leave town for a week So permission to delete if I'm unable to attend to it after Sunday AM because I leave town for a week thereafter the week of Oct to Oct is totally granted here But what I will be finishing addressing it upon my return if the boards can wait for me that long Thank you Here is my hijackthis logLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Windows System Ctxfihlp exe C Windows System lphc sgj ea exe C Program Files Windows Sidebar sidebar exe F Fast Apps General Software Skype Phone Skype exe F Fast Apps System Maint Software SUPERAntiSpyware SUPERAntiSpyware exe C Windows System mdexofgb exe F Fast Apps Drivers HP xi Driver Digital Imaging bin hpotdd exe C Windows SYSTEM CTXFISPI EXE F Fast Apps Drivers HP xi Driver Digital Imaging bin hposol exe F Fast Apps General Software Skype Plugin Manager skypePM exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Windows system SearchFilterHost exe C Users Brian Habel Desktop HiJackThis HiJackThis exe C Windows System mdexofgb exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Searc... Read more

A:"Warning! Spyware Detected on your computer!" pop ups problem.

Hi


Disable Spybot's TeaTimer Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

http://www.techsupportforum.com/forums/f284/warning-spyware-detected-on-your-computer-pop-ups-problem-293923.html
Relevancy 90.52%

need help getting rid of it i have windows xp Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS your detected on computer" Need removing "Warning help spyware System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Avira AntiVir PersonalEdition Classic sched exe C Program Files Avira AntiVir PersonalEdition Classic avguard exe C WINDOWS System svchost exe C WINDOWS SYSTEM ZoneLabs vsmon exe C WINDOWS Explorer EXE C WINDOWS TrayComm exe C WINDOWS system hkcmd exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Java jre bin jusched exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files Avira AntiVir PersonalEdition Classic avgnt exe C Program Files QuickTime qttask exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files AIM aim exe C Need help removing "Warning spyware detected on your computer" Program Files Messenger msmsgs exe C Program Files MSN Messenger msnmsgr exe C Program Files Siber Systems AI RoboForm RoboTaskBarIcon exe C WINDOWS system wuauclt exe C Program Files WinZip WZQKPICK EXE c pzayu exe C Program Files Mozilla Firefox firefox exe C Program Files Lavasoft Ad-Aware Ad-Aware exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B Need help removing "Warning spyware detected on your computer" D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO RoboForm - d a - d Need help removing "Warning spyware detected on your computer" - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - Toolbar amp RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - HKLM Run TrayComm TrayComm exe O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run Zone Labs Client C Program Files Zone Labs ZoneAlarm zlclient exe O - HKLM Run HP Software Update quot C Program Files HP HP Software Update HPWuSchd exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run BHR quot C Program Files Zamaan's Software Browser Hijack Retaliator BHR exe quot O - HKLM Run avgnt quot C Program Files Avira AntiVir PersonalEdition Classic avgnt exe quot min O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run lphc rmj en C WINDOWS system lphc rmj en exe O - HKCU Run LDM C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe O - HKCU Run AIM C Program Files AIM aim exe -cnetwait odl O - HKCU Run Yahoo Pager quot C PROGRA Yahoo MESSEN YAHOOM EXE quot -quiet O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot background O - HKCU Run AdobeUpdater C Program Files Common Files Adobe Updater AdobeUpdater exe O - HKCU Run RoboForm quot C Program Files Siber Systems AI RoboForm RoboTaskBarIcon exe quot O - HKUS S- - - - - - - Run LDM C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe User ' ' O - HKUS S- - - - - - - Run AIM C Program Files AIM aim exe -cnetwait odl User ' ' O - HKUS S- - - - - - - Run Yahoo Pager quot C PROGRA Yahoo... Read more

A:Need help removing "Warning spyware detected on your computer"

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Since it has been a few days since you first posted, please do this:

---------------------------------------------------------------------------------------------
Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

http://www.techsupportforum.com/forums/f284/need-help-removing-warning-spyware-detected-on-your-computer-284037.html
Relevancy 90.52%

I'm sure your computer!" Spyware Another "Warning! detected Thread on you have seen your fair share of these threads by now so I won't describe the problem unless you need me to None of my anti-virus spyware prevention has done anything Here is my HJT log Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe Another "Warning! Spyware detected on your computer!" Thread C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Ahead InCD InCDsrv exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Symantec AntiVirus DefWatch exe C WINDOWS System svchost exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system ctfmon exe C WINDOWS System spool drivers w x hpztsb exe C PROGRA PESTPA PPControl exe C PROGRA PESTPA PPMemCheck exe C PROGRA PESTPA CookiePatrol exe C Program Files Ahead InCD InCD exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Common Files Real Update OB realsched exe C Program Files SysMetrix SysMetrix exe C Program Files Java jre bin jusched exe C Program Files Ad Muncher AdMunch exe C Program Files iTunes iTunesHelper exe C Program Files Messenger msmsgs exe C Program Files AIM aim exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Logitech SetPoint KEM exe C Program Files Rainlendar Rainlendar exe C Program Files Logitech SetPoint KHALMNPR EXE C Program Files SpywareGuard sgmain exe C Program Files SpywareGuard sgbhp exe C Program Files AIM aolsoftware exe C Program Files iPod bin iPodService exe C WINDOWS explorer exe C WINDOWS notepad exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Ian Desktop Virus Protection HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - URLSearchHook no name - lt default gt - no file O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO SpywareGuardDLBLOCK CBrowserHelper - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO QXK Olive - B -AC C- D -B - C EC D - C WINDOWS boqnrwdmdev dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - AA ED - DD- d - -CF F - no file O - Toolbar no name - DE C F- - A - B-AA ED D - no file O - Toolbar atfxqogp - EF - B - A C-B -A CAABA F - C WINDOWS atfxqogp dll file missing O - HKLM Run HPDJ Taskbar Utility C WINDOWS System spool drivers w x hpztsb exe O - HKLM Run WorksFUD C Program Files Microsoft Works wkfud exe O - HKLM Run PCDRealtime C WINDOWS realtime exe O - HKLM Run PestPatrol Control Center c PROGRA PESTPA PPControl exe O - HKLM Run PPMemCheck c PROGRA PESTPA PPMemCheck exe O - HKLM Run CookiePatrol c PROGRA PESTPA CookiePatrol exe O - HKLM Run InCD C Program Files Ahead InCD InCD exe O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run SysMetrix C Program Files SysMetrix SysMetrix exe O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run SunJavaUpdateS... Read more

http://www.techsupportforum.com/forums/f284/another-warning-spyware-detected-on-your-computer-thread-256352.html
Relevancy 90.52%

I recently downloaded something and opened a file named quot run exe quot and then my computer kinda died the backround changed to blue with a text in middle and when I dont move anything it will come larvas from the sides and crawl all over the screen Also i get popups wanting me to buy stuff and internet explorer changed start site and leads me Threat On "Warning! Detected Your Computer!..." Spyware to wierd stuff With my nd computer i looked this up in google but couldnt rly find any "Warning! Spyware Threat Detected On Your Computer!..." good solution since I didnt find something exactly the same but "Warning! Spyware Threat Detected On Your Computer!..." i tried some anti spyware malware programs deleted some stuff But now im stuck the things i delete keeps coming back I have stopped getting popups but my screen is still blue text is removed and everything i try is quot Disabled by Admin quot which cant be true since im the only on this computer The start bar and icons are all gone and i cant right click anywhere either Also where the clock should be it sais quot VIRUS DETECTED quot I use XP and have Kaspersky Im gonna try to post a HJT file as soon as i get back to my PC Thx nbsp

A:"Warning! Spyware Threat Detected On Your Computer!..."

Aight, I got the HJT

Logfile of HijackThis v1.99.1
Scan saved at 18:53: VIRUS ALERT!, on 2008-05-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program\Razer\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\NetLimiter 2 Pro\NLClient.exe
C:\Program\Razer\razertra.exe
C:\Program\Razer\razerofa.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\WinRAR\WinRAR.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\Micke\LOKALA~1\Temp\Rar$EX17.4359\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: atfxqogp - {AC9264CC-124E-43B6-9144-8664D704A0BC} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [razer] C:\Program\Razer\razerhid.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Diamondback] C:\Program\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Sear... Read more

https://forums.techguy.org/threads/warning-spyware-threat-detected-on-your-computer.715530/
Relevancy 89.59%

The blue and yellow sign that shows up on my desktop your computer" Spyware Detected "Warning on says quot warning Spyware quot I couldn't remove it I downloaded spybot search "Warning Spyware Detected on your computer" amp destroy I removed some programs that it found but after re-boot the sign reappeared I followed the steps before posting a log Durring the steps The desktop was back to normal No quot warning sign quot But I wan't to make sure this is taken care of Here is what I have Hijack log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C "Warning Spyware Detected on your computer" WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS "Warning Spyware Detected on your computer" system spoolsv exe C WINDOWS system IPSSVC EXE C Program Files Intel AMT atchksrv exe C Program Files Diskeeper Corporation Diskeeper DkService exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files Intel AMT LMS exe C Program Files McAfee Common Framework FrameworkService exe C Program Files Network Associates VirusScan mcshield exe C Program Files Network Associates VirusScan vstskmgr exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files lotus notes ntmulti exe c program files lenovo system update suservice exe c Program Files Common Files Lenovo Scheduler tvtsched exe C Program Files Intel AMT UNS exe C WINDOWS system SearchIndexer exe C WINDOWS Explorer EXE C Program Files Diskeeper Corporation Diskeeper DkIcon exe C Program Files McAfee Common Framework UdaterUI exe C Program Files McAfee Common Framework McTray exe C WINDOWS system ICO EXE C Program Files Analog Devices Core smax pnp exe C Program Files Analog Devices SoundMAX Smax exe C WINDOWS system FSRremoS EXE C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system igfxsrvc exe C Program Files Common Files Lenovo Scheduler scheduler proxy exe C Program Files Java jre bin jusched exe C WINDOWS System DLA DLACTRLW EXE C Program Files Common Files InstallShield UpdateService issch exe C Program Files Lenovo AwayTask AwaySch EXE C PROGRA THINKV PrdCtr LPMGR exe C Program Files Network Associates VirusScan SHSTAT EXE C Program Files MagicMus MulMouse exe C Program Files Common Files SolidWorks Installation Manager Scheduler sldIMScheduler exe C WINDOWS system lphcguqj epag exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Windows Desktop Search WindowsSearch exe C Program Files SolidWorks SolidWorks swScheduler swBOEngine exe C Program Files MagicMus MagicWl exe C DOCUME ckexv LOCALS Temp SolidWorksLicTemp C Program Files Common Files SolidWorks Shared Service SolidWorksLicensing exe C Program Files lotus notes NLNOTES EXE C Program Files lotus notes ntaskldr EXE C Program Files lotus notes nxpcdmn EXE C Program Files Java jre bin jucheck exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http lenovo live com O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO ... Read more

http://www.techsupportforum.com/forums/f284/warning-spyware-detected-on-your-computer-282375.html
Relevancy 89.59%

I came back from work today and when i started my computer the back ground was changed to a blue screen with "warning spyware computer..." detected on your a yellow text box that said quot warning spyware detected on your computer quot followed by a blue box saying quot install an antivirus or spyware remover to clean your computer quot I have seen several of this same problem in the forums I don't really know what may have caused this and i'm not that great with computer but i will try my best I have hijackthis and i ran it and here is the log I hope someone can help i don't really know what else to do Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes "warning spyware detected on your computer..." C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system "warning spyware detected on your computer..." services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C PROGRA COMMON AOL ACS AOLacsd exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C Program Files Common Files Creative Labs Shared Service CreativeLicensing exe C WINDOWS system CTsvcCDA exe c program files mcafee com agent mcdetect exe c PROGRA mcafee com vso mcshield exe c PROGRA mcafee com agent mctskshd exe c PROGRA mcafee com vso OasClnt exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE c program files mcafee com vso mcvsshld exe C PROGRA McAfee com PERSON MpfService exe c progra mcafee com vso mcvsescn exe C PROGRA McAfee SPAMKI MSKSrvr exe C Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exe C Program Files Dell QuickSet NICCONFIGSVC exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrA exe C WINDOWS system wuauclt exe C Documents and Settings All Users Application Data tkjijirm lslgxgta exe C WINDOWS system rundll exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS System svchost exe C WINDOWS system WLTRAY exe C WINDOWS stsystra exe C Program Files Dell QuickSet quickset exe C Program Files Creative SBAudigy Surround Mixer CTSysVol exe C WINDOWS system Rundll exe C Program Files Creative VoiceCenter AndreaVC exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C DOCUME Alex LOCALS Temp clclean C Program Files Common Files InstallShield UpdateService issch exe C Program Files Dell Media Experience DMXLauncher exe C PROGRA mcafee com agent mcagent exe C PROGRA McAfee SPAMKI MskAgent exe C Program Files ATI Technologies ATI ACE cli exe C PROGRA McAfee com PERSON MpfTray exe C WINDOWS system lphcrlnj ecf exe C Program Files NetWaiting netWaiting exe C PROGRA McAfee com PERSON MpfAgent exe C Program Files Creative MediaSource Detector CTDetect exe C WINDOWS system ctfmon exe C Program Files DellSupport DSAgnt exe C Documents and Settings All Users Application Data Dell TransferAgent TransferAgent exe C Program Files Steam Steam exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files Digital Line Detect DLG exe C Program Files Microsoft SQL Server Tools Binn sqlmangr exe C Program Files ATI Technologies ATI ACE cli exe C Program Files Mozilla Firefox firefox exe C Program Files AIM aim exe c progra mcafee com vso mcvsftsn exe C Program Files Messenger msmsgs exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www google com ig dell hl en amp suk amp channel us R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell com R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell com R - HKLM Software Microsoft Interne... Read more

A:"warning spyware detected on your computer..."

Hi there solitary

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

We need to disable your TeaTimer as it may interfere with the fixes that we need to make.

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

After all of the fixes are complete it is very important that you enable TeaTimer again, I will let you know when it is safe to do so.

Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily. Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

A Tutorial for Tea Timer can be found here -> http://russelltexas.com/malware/teatimer.htm

I would like to look a little deeper using a tool called Deckards System Scanner (DSS)

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

http://www.techsupportforum.com/forums/f284/warning-spyware-detected-on-your-computer-275546.html
Relevancy 89.59%

These words are embedded into my wallpaper along with a big blue screen behind them My computer is running computer!" "Warning! on your Detected Spyware slow and I have an unnamed button "Warning! Spyware Detected on your computer!" on the taskbar saying quot SYSTEM ALERT System has dectected spyware quot and it links to this webpage http www virprotect com aff when I exit this webpage I get a Windows apparently message quot Are you sure you want to navigate away from this page Your computer may still be infected with spyware quot I have run norton to no avail I have registered Spy Hunter and removed many problems but still have the problem with my wallpaper I m unsure of what else this thing might be doing to my computer Any help would be appreciated My hijack this log "Warning! Spyware Detected on your computer!" Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C "Warning! Spyware Detected on your computer!" WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS ehome ehtray exe C windows system hpsysdrv exe C WINDOWS system hkcmd exe C WINDOWS AGRSMMSG exe C HP KBD KBD EXE C Program Files Common Files Real Update OB realsched exe C PROGRA MYWEBS bar bin m SrchMn exe C PROGRA MYWEBS bar bin mwsoemon exe C Program Files Common Files AOL ee services safetyCore ver AOLSP Scheduler exe C WINDOWS SOUNDMAN EXE C WINDOWS ALCWZRD EXE C WINDOWS ALCMTR EXE C Program Files Common Files AOL ee AOLSoftware exe C Program Files Roxio Media Experience DMXLauncher exe C Program Files Roxio Drag-to-Disc DrgToDsc exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files Common Files AOL Loader aolload exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files SanDisk Sansa Updater SansaDispatch exe C PROGRA COMMON AOL ACS AOLacsd exe C WINDOWS system ctfmona exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Enigma Software Group SpyHunter SpyHunter exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C WINDOWS system ctfmon exe C Program Files Common Files AOL Loader aolload exe C Program Files Common Files AOL ee aolsoftware exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files CA PPRT bin ITMRTSVC exe c Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system HPZipm exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS wanmpsvc exe C WINDOWS ehome mcrdsvc exe C Program Files iPod bin iPodService exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C WINDOWS System alg exe C My Downloads HiJackThis v exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink L... Read more

https://forums.techguy.org/threads/warning-spyware-detected-on-your-computer.676777/
Relevancy 89.59%

Please Help I have a popup that has appeared on my desktop that claims the following quot WARNING Spyware detected on "Warning! computer" detected on your Spyware your computer Install an antivirus or spyware remover to clean your computer quot It also says quot Warning win Adware Virtumonde detected on your computer quot quot WArning win PrivacyRemover M detected on your computer quot This appeared on my desktop yesterday and it will not allow me to change the desktop picture I also get a blue screen if the computer is left dormant for a while I attempted the Steps before posting and was only able to complete a few of them Here is the Hijack This Log Logfile of HijackThis v Scan saved at AM on Platform Windows "Warning! Spyware detected on your computer" XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe c Program Files Common Files Symantec Shared ccSetMgr exe c Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS "Warning! Spyware detected on your computer" Explorer EXE C WINDOWS system spoolsv exe C Program Files Java j re bin jusched exe C windows system hpsysdrv exe C WINDOWS System hphmon exe C HP KBD KBD EXE C Program Files Common Files Symantec Shared ccApp exe C WINDOWS LTMSG exe C Program Files Multimedia Card Reader shwicon k exe C WINDOWS ALCXMNTR EXE C WINDOWS System rundll exe C Program Files MUSICMATCH MUSICMATCH Jukebox mmtask exe C WINDOWS System lphcro j ea e exe C Program Files Messenger msmsgs exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Updates from HP Program BackWeb- exe c Program Files Norton AntiVirus navapsvc exe C WINDOWS System nvsvc exe c Program Files Norton AntiVirus SAVScan exe C Program Files Internet Explorer iexplore exe C WINDOWS System wuauclt exe C Program Files HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Search Bar http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Search Page http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Start Page http www comcast net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Search Bar http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Search Page http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Start Page http us hpwis com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http us hpwis com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - B CA - A - D -A DF- BB - no file O - BHO NAV Helper - BDF E -B - AD-A -FADC B - c Program Files Norton AntiVirus NavShExt dll O - BHO no name - FDD B - D - ffb- - B AD ACC - no file O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar HP View - B E - D D- DEB- B - D BCF F - c Program Files HP Digital Imaging bin hpdtlk dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - c Program Files Norton AntiVirus NavShExt dll O - HKLM Run SunJavaUpdateSched C Program Files Java j re bin jusched exe O - HKLM Run hpsysdrv c windows system hpsysdrv exe O - HKLM Run HPHUPD c Program Files HP B B-DCAB- - EE - F hphupd exe O - HKLM Run HPHmon C WINDOWS System hphmon exe O - HKLM Run KBD C HP KBD KBD EXE O - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe ... Read more

A:"Warning! Spyware detected on your computer"

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

For XP Home >> http://www.microsoft.com/downloads/d...5-719F45C382A4

For XP Pro >> http://www.microsoft.com/downloads/d...2-631504EF5E26

Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Please continue as follows:
Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
Please click Yes to continue scanning for malware.
When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall HijackThis 1.99.1 in the Add or Remove Programs section of your Control Panel and delete your current version.

Please download HijackThis and Save it to your Desktop.

Alternate link

Double-click on the file you just downloaded. Click 'Run' or 'Install' and follow the prompts to install.

It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double-click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Please post the HijackThis log in... Read more

http://www.techsupportforum.com/forums/f284/warning-spyware-detected-on-your-computer-284586.html
Relevancy 85.25%

After letting a friend surf the net on my computer I came back to a desktop that is blue and reads Warning Spyware detected desktop detected your Blue computer!" "Spyware on on your computer Install an antivirus or spyware remover to clean your computer I am unable to place a new image as my desktop nor can I get into the 'canned' Windows options by right-clicking on the desktop and going to Properties Blue "Spyware detected on your computer!" desktop Also my Task Manager access is being blocked After doing some digging online I realized this was actually a problem in and of itself I've run CCleaner SpyHunter and a few other programs but nothing seems to take care of it I then stumbled on your site Per your suggestions I've done the following I've left one anti-virus software AVG running and removed anything from the Control Panel that matched your list only found Viewpoint Media Player I tried to perform an online scan with Panda ActiveScan but their website was having issues after the registration step I skipped that step and went to the next one I installed Spyware Blaster and IE-Spyad per your directions I updated my OS I was already at SP so I stayed there There were no critical updates so I didn't go any further with anything on this step I downloaded Hijack This and ran a scan Here are the results of the scan Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System svchost exe C WINDOWS system svchost exe c Program Files Hewlett-Packard Drive Encryption HpFkCrypt exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS System SCardSvr exe C WINDOWS system msdtc exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C Program Files Bonjour mDNSResponder exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files Common Files InterVideo RegMgr iviRegMgr exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C WINDOWS Explorer EXE C Program Files Hewlett-Packard IAM bin asghost exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C Program Files SolidWorks COSMOS FloWorks binCFW StandAloneSlv exe C Program Files SolidWorks COSMOS FloWorks binCFW StandAloneSlv exe C Program Files Microsoft SQL Server Shared sqlwriter exe C Program Files Western Digital WD Drive Manager WDBtnMgrSvc exe C WINDOWS system SearchIndexer exe C Program Files Hewlett-Packard Shared hpqWmiEx exe C WINDOWS system mqsvc exe C WINDOWS system mqtgsvc exe C WINDOWS system RUNDLL EXE C Program Files Analog Devices Core smax pnp exe C Program Files Hewlett-Packard HP ProtectTools Security Manager PTHOSTTR EXE C Program Files Synaptics SynTP SynTPEnh exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Java jre bin jusched exe C Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exe C WINDOWS SMINST Scheduler exe C WINDOWS system wbem wmiprvse exe C WINDOWS system AccelerometerSt exe C PROGRA Grisoft AVG avgcc exe C WINDOWS system taskswitch exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files Common Files SolidWorks Installation Manager Scheduler sldIMScheduler exe C Program Files Western Digital WD Drive Manager WDBtnMgrUI exe C Program Files iTunes iTunesHelper exe C Program Files Common Files LightScribe LightScribeControlPanel exe C WINDOWS system ctfmon exe C WINDOWS system sluhmjoh exe C Documents and Settings All Users Application Data qhmxoxkh abobebcv exe C Program Files Google Google Calendar Sync GoogleCalendarSync ... Read more

A:Blue "Spyware detected on your computer!" desktop

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

------------------------------------------------------------------------------------------

Please also go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------------------------------------------

Please go to: VirusTotalOn the page you'll find a "Browse" button.
Next to the browse button you'll see a box to enter text.
Please copy/paste the following in BOLD:

C:\Program Files\khmkzlf\DscSrvMsg.dll

Then click the "Send File " button just below.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

------------------------------------------------------------------------------------------

If you have any questions along the way, STOP and ask them before proceeding.

http://www.techsupportforum.com/forums/f100/blue-spyware-detected-on-your-computer-desktop-279480.html
Relevancy 85.25%

Hi recently my computer has been acting rather slow and the desktop changed to a blue background "spyware your computer" on detected displays Desktop with a warning displaying Spyware Desktop displays "spyware detected on your computer" detected on your computer install an antivirus or spyware remover I have run adaware and deleted what I think was the problem the desktop remains the same however Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C Desktop displays "spyware detected on your computer" WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Java jre bin jusched exe C Program Files Roxio Easy Media Creator Drag to Disc DrgToDsc exe C Program Files Desktop displays "spyware detected on your computer" McAfee com VSO mcvsshld exe C Program Files McAfee com VSO oasclnt exe c progra mcafee com vso mcvsescn exe c program files mcafee com agent mcagent exe C PROGRA McAfee com PERSON MpfTray exe C WINDOWS SM BG EXE C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Common Files AOL ACS AOLDial exe C PROGRA COMMON AOL AOLSPY AOLSP Scheduler exe C Program Files Common Files Real Update OB realsched exe C Program Files QuickTime qttask exe C WINDOWS system ctfmon exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C Program Files GameSpot DownloadManager Win exe C Program Files GameSpot GDM TrayApp exe C WINDOWS System svchost exe c program files mcafee com agent mcdetect exe c PROGRA mcafee com vso mcshield exe c PROGRA mcafee com agent mctskshd exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C PROGRA McAfee com PERSON MpfService exe C Program Files Linksys Wireless-G USB Wireless Network Monitor WLService exe C Program Files Linksys Wireless-G USB Wireless Network Monitor WUSB Gv exe c progra mcafee com vso mcvsftsn exe C Program Files Messenger msmsgs exe C PROGRA McAfee com PERSON MpfAgent exe C WINDOWS system wuauclt exe C PROGRA MOZILL FIREFOX EXE C WINDOWS System svchost exe C Program Files HijackThis HijackThis exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - Toolbar AOL Toolbar - D A-C B- -B B-B B E D C - C Program Files AOL Toolbar toolbar dll O - Toolbar McAfee VirusScan - BA B -B - c -B - F F - c progra mcafee com vso mcvsshl dll O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run RoxioDragToDisc quot C Program Files Roxio Easy Media Creator Drag to Disc DrgToDsc exe quot O - HKLM Run VSOCheckTask quot C PROGRA McAfee com VSO mcmnhdlr exe quot checktask O - HKLM Run VirusScan Online C Program Files McAfee com VSO mcvsshld exe O - HKLM Run OASClnt C Program Files McAfee com VSO oasclnt exe O - HKLM Run MCAgentExe c PROGRA mcafee com agent mcagent exe O - HKLM Run MCUpdateExe c PROGRA mcafee com agent mcupdate exe O - HKLM Run MPFExe C PROGRA McAfee com PERSON MpfTray exe O - HKLM Run SM BG C WINDOWS SM BG EXE O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exe O - HKLM Run AOLDialer C Program Files Common Files AOL ACS AOLD... Read more

A:Desktop displays "spyware detected on your computer"

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.



Please download HijackThis to your desktop..

http://www.trendsecure.com/portal/en...HJTInstall.exe
Alternate link
http://download.bleepingcomputer.com...HJTInstall.exe

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

========================

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

http://www.techsupportforum.com/forums/f284/desktop-displays-spyware-detected-on-your-computer-260173.html
Relevancy 82.46%

all of a sudden my screen went blue with a yellow box saying "warning spyware detected"
it has apparently happened to lots of people but there is no quick fix. can someone please talk me thru how to fix this

thanks in advance for any help

josh

A:Blue Screen with yellow box "Warning Spyware Detected" Please help

Get yourself a spyware removal tool - I think they have a forum here for that.

http://www.techsupportforum.com/forums/f10/blue-screen-with-yellow-box-warning-spyware-detected-please-help-281036.html
Relevancy 82.46%

Was surfing around yesterday and noticed this new background was loaded with out my approval Also it will not let me access backgound screen saver settings Here is my HJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Common "Warning! Blue background problem: Spyware detected" Same Files Symantec Shared ccSvcHst exe C WINDOWS system spoolsv exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Google Common Google Updater GoogleUpdaterService exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS Explorer EXE C Program Files Common Files Logitech QCDriver LVCOMS EXE C Program Files Java jre bin Same problem: Blue background "Warning! Spyware detected" jusched exe C Program Files Dell Media Experience PCMService exe C Program Files ATI Technologies ATI ACE Core-Static MOM EXE C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system ctfmon exe C Program Files MSN Messenger msnmsgr exe C Program Files Google Google Same problem: Blue background "Warning! Spyware detected" Updater GoogleUpdater exe C Program Files Logitech SetPoint SetPoint exe C Program Files ATI Technologies ATI Same problem: Blue background "Warning! Spyware detected" ACE Core-Static ccc exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Start Page http www forsterphotography com open-screen open-screen htm R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www forsterphotography com open-screen open-screen htm O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - C Program Files Common Files Symantec Shared coShared Browser coIEPlg dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C PROGRA COMMON SYMANT IDS IPSBHO dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO no name - FDD B - D - ffb- - B AD ACC - no file O - Toolbar Show Norton Toolbar - FEBEFE - B - - D -FFB D B CA - C Program Files Common Files Symantec Shared coShared Browser CoIEPlg dll O - HKLM Run LVCOMS C Program Files Common Files Logitech QCDriver LVCOMS EXE O - HKLM Run LogitechGalleryRepair C Program Files Logitech ImageStudio ISStart exe O - HKLM Run LogitechImageStudioTray C Program Files Logitech ImageStudio LogiTray exe O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run Kernel and Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run IgfxTray C WINDOWS System igfxtray exe O - HKLM Run HotKey... Read more

A:Same problem: Blue background "Warning! Spyware detected"

I forgot to mention that I have Norton Internet Security 2008 and have run the virus scan 2 times. Each time it finds and deletes problems, but never fixes the problem.
 

https://forums.techguy.org/threads/same-problem-blue-background-warning-spyware-detected.718307/
Relevancy 82.15%

i need help whenever i open ie a page that says quot warning spyware detected quot message problem spyware detected" "warning! appears which directs me to something like an quot internet-options quot website there is also this annoying popup about quot american green card quot i already used spybot and adaware here is my hijackthis log thank you very much Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system "warning! spyware detected" message problem lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files Norton AntiVirus navapsvc exe C WINDOWS System RunDll exe "warning! spyware detected" message problem C WINDOWS System khooker exe C WINDOWS System carpserv exe C WINDOWS System spool drivers w x hpztsb exe C Program Files HP hpcoretech "warning! spyware detected" message problem hpcmpmgr exe C Program Files Hewlett-Packard HP Software Update HPWuSchd exe C WINDOWS System hphmon exe C Program Files Common Files Symantec Shared ccApp exe C Program Files NetPumper NetPumperIEProxy exe C WINDOWS yvdhmlvh exe C WINDOWS system ntnut exe C Program Files WinZip WZQKPICK EXE C WINDOWS System ctfmon exe C WINDOWS System HPZipm exe C PROGRA NETPUM NETPUM EXE C WINDOWS explorer exe C Program Files Messenger msmsgs exe C Program Files ISTsvc istsvc exe C Program Files HJT HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http search cgi b R - HKCU Software Microsoft Internet Explorer Main Search Page http search cgi a R - HKCU Software Microsoft Internet Explorer Main Start Page res C WINDOWS system shdocpe dll security htm subID BSW R - HKLM Software Microsoft Internet Explorer Main Default Page URL http red clientapps yahoo com customize ie defaults stp ymsgr http my yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize ie defaults su ymsgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http search cgi b R - HKLM Software Microsoft Internet Explorer Main Search Page http search cgi a R - HKLM Software Microsoft Internet Explorer Main Start Page http search cgi a R - HKLM Software Microsoft Internet Explorer Search SearchAssistant res shdocpe dll asst htm R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize ycomp defaults su http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride R - Default URLSearchHook is missing O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C PROGRA YAHOO COMPAN INSTALLS cpn ycomp dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO CNavExtBho Class - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar no name - ACB E - - C -A - B A A CB - no file O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA YAHOO COMPAN INSTALLS cpn ycomp dll O - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWnd O - HKLM Run CARPService carpserv exe O - HKLM Run SiS KHooker C WINDOWS System khooker exe O - HKLM Run HPDJ Taskbar Utility C WINDOWS System spool drivers w x hpztsb exe O - HKLM Run HPHUPD C Program Files Hewlett-Packard B B-DCAB- - EE - F hphupd exe O - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run HP Software Update quot C Program Files Hewlett-Packard ... Read more

https://forums.techguy.org/threads/warning-spyware-detected-message-problem.308352/
Relevancy 82.15%

i need help whenever i open ie a page that says quot warning spyware detected quot appears which directs me to something like an quot internet-options quot website there is also this annoying popup about quot american green card quot i already used spybot and adaware problem "warning! message spyware detected" here is "warning! spyware detected" message problem my hijackthis log thank you very much Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files Norton AntiVirus navapsvc exe C WINDOWS System RunDll exe C WINDOWS System khooker exe C WINDOWS System carpserv exe C WINDOWS System spool drivers w x hpztsb exe C Program Files HP hpcoretech hpcmpmgr exe C Program Files Hewlett-Packard HP Software Update HPWuSchd exe C WINDOWS System hphmon exe C Program Files Common Files Symantec Shared ccApp exe C Program Files NetPumper NetPumperIEProxy exe C WINDOWS yvdhmlvh exe C WINDOWS system ntnut exe C Program Files WinZip WZQKPICK EXE C WINDOWS System ctfmon exe C WINDOWS System HPZipm exe C PROGRA NETPUM NETPUM EXE C WINDOWS explorer exe C Program Files Messenger msmsgs exe C Program Files ISTsvc istsvc exe C Program Files HJT HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http search cgi b R - HKCU Software Microsoft Internet Explorer Main Search Page http search cgi a R - HKCU Software Microsoft Internet Explorer Main Start Page res C WINDOWS system shdocpe dll security htm subID BSW R - HKLM Software Microsoft Internet Explorer Main Default Page URL http red clientapps yahoo com cus my yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com cus www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http search cgi b R - HKLM Software Microsoft Internet Explorer Main Search Page http search cgi a R - HKLM Software Microsoft Internet Explorer Main Start Page http search cgi a R - HKLM Software Microsoft Internet Explorer Search SearchAssistant res shdocpe dll asst htm R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com cus www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride R - Default URLSearchHook is missing O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C PROGRA YAHOO COMPAN INSTALLS cpn ycomp dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO CNavExtBho Class - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar no name - ACB E - - C -A - B A A CB - no file O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA YAHOO COMPAN INSTALLS cpn ycomp dll O - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWnd O - HKLM Run CARPService carpserv exe O - HKLM Run SiS KHooker C WINDOWS System khooker exe O - HKLM Run HPDJ Taskbar Utility C WINDOWS System spool drivers w x hpztsb exe O - HKLM Run HPHUPD C Program Files Hewlett-Packard B B-DCAB- - EE - F hphupd exe O - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run HP Software Update quot C Program Files Hewlett-Packard HP Software Update HPWuSchd exe quot O - HKLM Run HPHmon C WINDOWS System hphmon exe O - HKLM Run Microsoft System Checkup netlogin exe O - HKLM Run NT Logging Service syslog exe O - HKLM Run ccApp quot... Read more

https://forums.techguy.org/threads/warning-spyware-detected-message-problem.308628/
Relevancy 109.22%

Hello. I seem to have a virus/trojan on my computer.

I get a message down in the tray saying "warning! security report. your computer is infected! It is recommended to start spyware cleaner tool."

If I click on it, it does nothing.

I am running windows xp.

When I try to run any type of antispy programs it comes up with further errors such as TFORMAAW or TLVGrouper and closes.

When I try to go to Task Manager it refuses. It states that the Administrator has not allowed. However I am the only adminstrator account.

Please help!!
 

https://forums.techguy.org/threads/trojan-displaying-warning-dangerous-spyware-on-desktop.809719/
Relevancy 109.22%

Hello I seem to have a virus trojan on my computer I on desktop displaying dangerous "warning, Trojan spyware" get a message down in the tray saying quot warning security report your computer Trojan displaying "warning, dangerous spyware" on desktop is infected it is recommended to start spyware cleaner tool quot If I click on it it directs me to real- av org I am running windows xp recently upgraded to SP Here is the Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Acunetix Web Vulnerability Scanner WVSScheduler exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files Kontiki KService exe C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS System svchost exe C Program Files Eset nod krn exe C Program Files Norton Ghost Agent VProSvc exe C WINDOWS system nvsvc exe C WINDOWS system IoctlSvc exe C WINDOWS System svchost exe C WINDOWS system dllhost exe C WINDOWS System dllhost exe C Program Files Norton Ghost Shared Drivers SymSnapService exe C WINDOWS system RUNDLL EXE C Program Files Analog Devices Core smax pnp exe C Program Files ASUS Ai Suite AiNap AiNap exe C Program Files Eset nod kui exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C WINDOWS system frmwrk exe C WINDOWS system ctfmon exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Common Files Nero Lib NMIndexStoreSvr exe C Documents and Settings Sam Local Settings Application Data Google Update GoogleUpdate exe C Program Files Kontiki KHost exe C Program Files Common Files Nero Lib NMIndexingService exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E - - CE - F -BCD EF DBDDB - C WINDOWS system nnnnNFWq dll file missing O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO d ce dc- c d- f - - d c ec - ce c - d - - f -d c cd ec d - C WINDOWS system lfnlzn dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run JMB X IDE Setup C WINDOWS RaidTool xInsIDE exe O - HKLM Run X Raid Configurer C WINDOWS system xRaidSetup exe boot O - HKLM Run Ai Nap quot C Program Files ASUS Ai Suite AiNap AiNap exe quot O - HKLM Run nod kui quot C Program Files Eset nod kui exe quot WAITSERVICE O - HKLM Run NeroFilterCheck C Program Fil... Read more

https://forums.techguy.org/threads/trojan-displaying-warning-dangerous-spyware-on-desktop.789753/
Relevancy 109.22%

My desktop has all turned blue with a background-like warning image It has VIRUS; blue with HELP!! a is My infection" "spyware desktop Solved: back warning-like a message quot SPYWARE INFECTION quot Your system is infected with spyware I cannot change my wallpaper at all I have lost the option Please help get rid of the infection Here are the results of my Hijackthis scan Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS Solved: VIRUS; HELP!! My desktop is blue with a "spyware infection" warning-like back system svchost Solved: VIRUS; HELP!! My desktop is blue with a "spyware infection" warning-like back exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Common Files Real Update OB realsched exe C Program Files QuickTime qttask exe D ANTIVI AVG avgcc exe C WINDOWS system svchost exe E Downloads SpyWareApps Popups and Ads Advertising Killer akiller exe D AVGAntiSpyWare AVG Anti-Spyware guard exe D ANTIVI AVG avgamsvr exe D ANTIVI AVG avgupsvc exe C WINDOWS system inetsrv inetinfo exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system svchost exe C Program Files Canon CAL CALMAIN exe C Program Files MSN Solved: VIRUS; HELP!! My desktop is blue with a "spyware infection" warning-like back Messenger msnmsgr exe C Program Files Internet Explorer iexplore exe D HiJackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page F - REG system ini UserInit C WINDOWS system userinit exe C WINDOWS system winsystem exe O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - D BitComet tools BitCometBHO dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run AVG CC D ANTIVI AVG avgcc exe STARTUP O - HKLM Run Adobe Reader Speed Launcher quot D adobe Reader Reader sl exe quot O - HKLM Run NBKeyScan quot D nero Nero Nero BackItUp NBKeyScan exe quot O - HKLM Run NeroCheck C WINDOWS system NeroCheck exe O - HKCU Run AKiller quot E Downloads SpyWareApps Popups and Ads Advertising Killer akiller exe quot O - HKCU Run NBJ quot D CopySoftware NeroExpress Nero BackItUp NBJ exe quot O - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Nero Lib NMBgMonitor exe quot O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User LOCAL SERVICE O - HKUS S- - - Run AVG Run D ANTIVI AVG avgw exe RUNONCE User LOCAL SERVICE O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User NETWORK SERVICE O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User SYSTEM O - HKUS DEFAULT Run CTFMON EXE C WINDOWS system CTFMON EXE User Default user O - Global Startup Microsoft Office lnk D OfficeXP Office OSA EXE O - Extra context menu item amp D amp ownload amp with BitComet - res D BitComet BitComet exe AddLink htm O - Extra context menu item amp D amp ownload all video with BitComet - res D BitComet BitComet exe AddVideo htm O - Extra context menu item amp D amp ownload all with BitComet - res D BitComet BitComet exe AddAllLink htm O - Extra context menu item E amp xport to Microsoft Excel - res D OfficeXP Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button BitComet Search - CC B-FB E- f - FE -C DB E - D BitComet tools BitCometBHO dll O - Extra button A... Read more

A:Solved: VIRUS; HELP!! My desktop is blue with a "spyware infection" warning-like back

https://forums.techguy.org/threads/solved-virus-help-my-desktop-is-blue-with-a-spyware-infection-warning-like-back.742092/
Relevancy 107.93%

Please help I do not think of myself as my WARNING" has hijacked desktop "SPYWARE a beginner when it comes to computers but this thing has me to the edge I would like to know how to remove the "SPYWARE WARNING" has hijacked my desktop quot Spyware Warning quot from my desktop Here is a copy of "SPYWARE WARNING" has hijacked my desktop my HJT log file Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system Ati evxx exe C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C PROGRA Norton SystemWorks Norton Utilities NPROTECT EXE C WINDOWS system oodag exe C PROGRA Norton SystemWorks Norton Utilities Speed Disk NOPDB EXE C WINDOWS explorer exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system wscntfy exe C WINDOWS SYSTEM USRmlnkA exe C Program Files Common Files AOL ACS AOLDial exe C PROGRA COMMON AOL AOLSPY AOLSP Scheduler exe C WINDOWS SYSTEM USRshutA exe C Program Files Java jre bin jusched exe C WINDOWS SYSTEM USRmlnkA exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Common Files Symantec Shared ccApp exe C WINDOWS system slssystem exe C WINDOWS system wuauclt exe D hijackthis HijackThis exe C Program Files Messenger msmsgs exe R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www worldwinner com F - REG system ini Shell explorer exe quot C Program Files Common Files Microsoft Shared Web Folders ibm exe quot O - Hosts n-glx s-redirect com O - Hosts x full-tgp net O - Hosts counter sexmaniack com O - Hosts autoescrowpay com O - Hosts www autoescrowpay com O - Hosts www awmdabest com O - Hosts www sexfiles nu O - Hosts awmdabest com O - Hosts sexfiles nu O - Hosts allforadult com O - Hosts www allforadult com O - Hosts www iframe biz O - Hosts iframe biz O - Hosts www newiframe biz O - Hosts newiframe biz O - Hosts www vesbiz biz O - Hosts vesbiz biz O - Hosts www pizdato biz O - Hosts pizdato biz O - Hosts www aaasexypics com O - Hosts aaasexypics com O - Hosts www virgin-tgp net O - Hosts virgin-tgp net O - Hosts www awmcash biz O - Hosts awmcash biz O - Hosts buldog-stats com O - Hosts www buldog-stats com O - Hosts fregat drocherway com O - Hosts slutmania biz O - Hosts www slutmania biz O - Hosts toolbarpartner com O - Hosts www toolbarpartner com O - Hosts www megapornix com O - Hosts megapornix com O - Hosts www sp ed biz O - Hosts sp ed biz O - Hosts greg-tut com O - Hosts www greg-tut com O - Hosts nylonsexy com O - Hosts www nylonsexy com O - Hosts vparivalka com O - Hosts www vparivalka com O - Hosts iframeprofit com O - Hosts www iframeprofit com O - Hosts topsearch com O - Hosts www topsearch com O - Hosts statscash biz O - Hosts www statscash biz O - Hosts vxiframe biz O - Hosts www vxiframe biz O - Hosts crazy-toolbar com O - Hosts www crazy-toolbar com O - Hosts topcash biz O - Hosts www topcash biz O - Hosts loadcash biz O - Hosts www loadcash biz O - Hosts txiframe biz O - Hosts www txiframe biz O - Hosts procounter biz O - Hosts www procounter biz O - Hosts advadmin biz O - Hosts www advadmin biz O - Hosts trafficbest net O - Hosts www trafficbest net O - Hosts besthvac com O - Hosts www besthvac com O - Hosts traff com O - Hosts www traff com O - Hosts ambush-script com O - Hosts www ambush-script com O - Hosts beehappyy biz O - Hosts www beehappyy biz O - Hosts tracktraff cc O - Hosts www tracktraff cc O - Hosts allcount net O - Hosts www allcount net O - Hosts onedayoffer biz O - Hosts www onedayoffer biz O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files No... Read more

Relevancy 104.92%

Please help I've tried everything I know of to get this off my desktop Windows Live Onecare Highjackthis Smit RogueR windows defender etc on your has PC" been spyware Warning: threat detected etc can someone please help Thanks Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Safe mode Running processes C WINDOWS System smss Warning: spyware threat has been detected on your PC" exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Microsoft Windows OneCare Live Antivirus MsMpEng exe C WINDOWS system svchost exe C WINDOWS system rxjddnvj exe C WINDOWS Warning: spyware threat has been detected on your PC" Explorer EXE C Program Files Trend Micro HijackThis HijackThis exe Warning: spyware threat has been detected on your PC" R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer provided by Comcast High-Speed Internet F - REG system ini UserInit C WINDOWS system userinit exe C WINDOWS system rxjddnvj exe O - BHO no name - -d e - bc -a bd- d ca be - no file O - BHO no name - - e- aac-afd -eff a dd - no file O - BHO no name - e f -a e - b -b - bf db fb - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - dfedaa- - d -bfc - b a d - no file O - BHO no name - F - D - - AD - C D ADC - no file O - BHO no name - adbcce -cf - e- b -afc a c a - no file O - BHO no name - d cb -cc c- -a e -f b d bcf - no file O - BHO no name - ef - a a- d - -b e cc - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - C D -A AB- B-B D-FD C FEF - no file O - BHO no name - - - - A - F D - no file O - BHO no name - bc-a - a d- cdf-ba c f e - no file O - BHO no name - abc a- e - d -b b-d c f a c - no file O - BHO no name - a - - e - a -a e f f - no file O - BHO no name - a a cf- - d - bd- a - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO no name - b bfe-b - d -bfa - b e bd - no file O - BHO no name - bb - fa- -ba -eca a bc - no file O - BHO no name - c e - - a e- f - a b - no file O - BHO no name - c ca - cf - b - b - a fd - no file O - BHO no name - c af - c - dfb- - ab a - no file O - BHO no name - ca d b - c - d -a - c e b - no file O - BHO no name - d efadf - - d - c - c dc - no file O - BHO no name - e a a-a - -b c-da f - no file O - BHO no name - e - e- e - d - beef c - no file O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run Google Desktop Search quot C Program Files Google Google Desktop Search GoogleDesktop exe quot startup O - HKLM Run readericon C Program Files Digital Media Reader readericon G exe O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run CHotkey zHotkey exe O - HKLM Run Recguard WINDIR SMINST RECGUARD EXE O - HKLM Run Reminder WINDIR Creator Remind XP exe O - HKLM Run MSKDetectorExe C Program Files McAfee SpamKiller MSKDetct exe uninstall O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKLM Run SSBkgdUpdate quot C Program Files Common Files Scansoft Shared SSBkgdUpdate SSBkgdupdate exe quot -Embedding -boot O - HKLM Run PaperPort PTD C Program Files ScanSoft PaperPort pptd nt exe O - HKLM Run IndexSearch C Program Files ScanSoft PaperPort IndexSearch exe O - HKLM Run SetDefPrt C Program Files Brother Brmfl b BrStDvPt exe O - HKLM Run ControlCenter C Program Files Brother ControlCenter brctrcen exe autorun O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot... Read more

A:Warning: spyware threat has been detected on your PC"

Hello and welcome to TSF.

Since you've already started with SmitfraudFix, let's continue with it.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

======================================


Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
? "Security Info"
? "Warning Message"
? "Security Desktop"
? "Warning Homepage"
? "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.
======================================

Also, download HostsXpert.Unzip HostsXpert to it's own folder.
Run HostsXpert.exe
Click "Make Writable?" in the upper left corner.
Click "Restore MS Hosts file" and then click OK.
Close HostsXpert.
Note: If a custom Hosts file was in place, you'll have to edit those entries back in.

===========================

Please post back the rapport.txt and a fresh HijackThis log taken from Normal Mode.

http://www.techsupportforum.com/forums/f284/warning-spyware-threat-has-been-detected-on-your-pc-218186.html
Relevancy 102.77%

This spyware has taken over the whole computer, I cannot access the desktop at all and not in safe mode either.

Blue backround with a red and white box with big words.

I repeat I have no way of getting to the desktop, I need either a flash drive with a bootable os, or a way to clean the virus in cmd or something of that nature.

I need help.

http://www.techsupportforum.com/forums/f284/warning-spyware-is-on-your-computer-cant-post-hj-this-log-288089.html
Relevancy 102.34%

I saw a few other posts for this problem and tried to cut and paste your solution message "Spyware detected Blue computer" on your screen with but it did not work Maybe there are minor differences I don t see I am an amateur and need help please I thought I was downloading an update to Adobe Media Player and this started to happen my wallpaper is gone and replaced by a blue screen with a message telling me I have Spyware and it tries to send me to a site to buy software McAfee did not get rid of it I also tried Blue screen with "Spyware detected on your computer" message Super Antispyware with Blue screen with "Spyware detected on your computer" message no help Here is my Hijack This scan Please help Blue screen with "Spyware detected on your computer" message Thanks Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files McAfee MBK MBackMonitor exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C WINDOWS system nvsvc exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C Program Files SiteAdvisor SAService exe C Program Files Common Files TiVo Shared Beacon TiVoBeacon exe C PROGRA McAfee com Agent mcagent exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Digital Media Reader shwiconem exe C Program Files HP hpcoretech hpcmpmgr exe C WINDOWS system spool drivers w x hpztsb exe C Program Files Hewlett-Packard HP Software Update HPWuSchd exe C Program Files Google Google Talk googletalk exe C Program Files SiteAdvisor SiteAdv exe C Program Files McAfee MBK McAfeeDataBackup exe C WINDOWS system RUNDLL EXE C Program Files Adobe Acrobat Distillr Acrotray exe C Program Files Microsoft ActiveSync WCESCOMM EXE C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Common Files TiVo Shared Transfer TiVoTransfer exe C Program Files TiVo Desktop TiVoNotify exe C Program Files TiVo Desktop TiVoServer exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C PROGRA McAfee VIRUSS mcsysmon exe C WINDOWS system wuauclt exe C PROGRA McAfee VIRUSS mcshield exe C Program Files Mozilla Firefox firefox exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - FD D- B- FC- - AE - C Program Files SiteAdvisor SiteAdv dll O - BHO McAntiPhishingBHO - C E- F E- D C- F-F BD D CF - c PROGRA mcafee msk mcapbho dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files ... Read more

A:Blue screen with "Spyware detected on your computer" message

I tried to follow some of your advice to other members and got rid of the lphcvkwj0eccr.exe

This seemed to work and I can control my wallpaper again. But here is another Hijackthis file... Did I miss anything? Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:24 AM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program F... Read more

https://forums.techguy.org/threads/blue-screen-with-spyware-detected-on-your-computer-message.742473/
Relevancy 102.34%

Ok I know this has been on here before but i seriously need help with it Im getting the quot Your computer is infected Windows has detected spyware infection quot message from a white X in a red circle in my tray and it says click on it to get protection its obviously the virus malware itself that is causing this message but I cant get rid of it Previous forums said it was Spyaxe but I tried the uninstallers from spyaxe to get rid of it spyware has Windows computer detected is infected! infection." "Your but that didnt work "Your computer is infected! Windows has detected spyware infection." I also tried Smitrem and have run Adaware SE which seems to feeze when it gets to the system dllcache part of the scan and it wont cure it I think some rogue programs such as ann exe and winstall exe have come from this malware if this helps but I have tried everything to get rid of it and it just wont go Oh I also had a prob getting to safe mode when i select it from start up i e after pessing F a blace screen with a list of dll files comes up and then it freezes and wont boot up I have to turn off power and restart to normal mode to get rid of it dont know if this is anything to do with it ANY help at all will be so gratefully received Cheers guys nbsp

A:"Your computer is infected! Windows has detected spyware infection."

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into a new thread in the Security and the Web forum, only after doing the above.
 

http://www.techspot.com/community/topics/your-computer-is-infected-windows-has-detected-spyware-infection.66509/
Relevancy 102.34%

I'm getting a warning image on my desktop which reads Warning Spyware detected on your computerInstall an antivirus or spyware remover to clean your computer quot Also when I look at the desktop properties there is no tab for either desktop or screen saverIf I leave the computer idle for a while without touching it it starts to warn me that windowns has detected a problem and is restarting and although it looks like this is what is happening I'm not sure it is because if I click the mouse the desktop comes up again so is probably a screen saver made to look like it's restarting Could you please advise me how to remove this Thanks Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v On Your Warning: Detected Desktop: Spyware Computer Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system CTsvcCDA exeC Program Files Network Associates Common Framework FrameworkService exeC Program Files Network Associates VirusScan Mcshield exeC Program Files Network Associates VirusScan VsTskMgr exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC Program Files Creative Sound Blaster X-Fi Volume Panel VolPanlu Desktop: Warning: Spyware Detected On Your Computer exeC WINDOWS system Rundll exeC Program Files Network Associates Common Framework UpdaterUI exeC Program Files Common Files Network Associates TalkBack TBMon exeC Desktop: Warning: Spyware Detected On Your Computer Program Files ATI Technologies ATI ACE CLI EXEC Program Files Adobe Adobe Desktop: Warning: Spyware Detected On Your Computer Acrobat Distillr Acrotray exeC Program Files HP HP Software Update HPWuSchd exeC Program Files iTunes iTunesHelper exeC WINDOWS system lphc ocj ecfr exeC WINDOWS system ctfmon exeC Program Files iPod bin iPodService exeC Program Files HP Digital Imaging bin hpqimzone exeC Program Files HP Digital Imaging bin hpqnrs exeC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC WINDOWS system msiexec exeC Program Files Network Associates VirusScan shstat exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Adobe Acrobat ActiveX AcroIEHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Adobe Acrobat Acrobat AcroIEFavClient dllO - HKLM Run VolPanel quot C Program Files Creative Sound Blaster X-Fi Volume Panel VolPanlu exe quot rO - HKLM Run P Helper Rundll SPIRun dll RunDLLEntryO - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE CLIStart exe quot O - HKLM Run ShStatEXE quot C Program Files Network Associates VirusScan SHSTAT EXE quot STANDALONEO - HKLM Run McAfeeUpdaterUI quot C Program Files Network Associates Common ... Read more

A:Desktop: Warning: Spyware Detected On Your Computer

Hi Davighi, welcome to BC.Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Next, please download Malwarebytes' Anti-Malware and save it to your Desktop. Alternate download location Alternate download locationDouble-click mbam-setup.exe to install the application.Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please post that log in your next reply.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.Then, please do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My Computer.This will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.In the drop down box labeled Files of type change the type to Text file.Save the file to your desktop.Copy and paste that information in your next post.In your next response, please be sure to include the logs from MBAM and Kaspersky along with a new HijackThis log.

http://www.bleepingcomputer.com/forums/t/164153/desktop-warning-spyware-detected-on-your-computer/
Relevancy 102.34%

I saw where a similar problem was posted so I followed your advice and ran Malwarebyte s AntiMalware I had to reboot to get rid of a few things The desktop is back to normal but I figure I d post the log just to see if there s something I m missing because I m betting there was a lot On Warning! Detected Spyware Your Computer Desktop of crap on there Here is the log Malwarebytes Anti-Malware Database version Windows Service Pack PM mbam-log- - - - - txt Scan type Quick Scan Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Warning! Spyware Detected On Your Computer Desktop Memory Processes Infected C Documents and Settings Owner My Documents ymantec wuaclt exe Adware PurityScan - gt Unloaded process successfully C Program Files JavaCore JavaCore exe Trojan Insider - gt Unloaded process successfully C Program Files QdrPack QdrPack exe Adware Agent - gt Unloaded process successfully Memory Modules Infected C WINDOWS SYSTEM winpsa dll Dialer - gt Delete on reboot C Program Files Outerinfo FF components FF dll Adware ClickSpring - gt Delete on reboot C Program Files Mozilla Firefox components srff dll Warning! Spyware Detected On Your Computer Desktop Adware SurfAccuracy - gt Delete on reboot C WINDOWS SYSTEM blphccavj et v scr Trojan FakeAlert - gt Delete on reboot Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon Notify winpsa Dialer - gt Quarantined and deleted successfully HKEY CLASSES ROOT browserhelperobject bahelper Trojan BHO - gt Quarantined and deleted successfully HKEY CLASSES ROOT browserhelperobject bahelper Trojan BHO - gt Quarantined and deleted successfully HKEY CLASSES ROOT dyfuca bh bhobj Adware NetOptimizer - gt Quarantined and deleted successfully HKEY CLASSES ROOT dyfuca bh bhobj Adware NetOptimizer - gt Quarantined and deleted successfully HKEY CLASSES ROOT dyfuca bh sinkobj Adware NetOptimizer - gt Quarantined and deleted successfully HKEY CLASSES ROOT dyfuca bh sinkobj Adware NetOptimizer - gt Quarantined and deleted successfully HKEY CLASSES ROOT ncmyb sabho Adware Solutions - gt Quarantined and deleted successfully HKEY CLASSES ROOT ncmyb sabho Adware Solutions - gt Quarantined and deleted successfully HKEY CLASSES ROOT oincs oinanalytics Adware BHO - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID b e -f - - c - e f f Adware BHO - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects b e -f - - c - e f f Adware BHO - gt Quarantined and deleted successfully HKEY CLASSES ROOT oincs oinanalytics Adware BHO - gt Quarantined and deleted successfully HKEY CLASSES ROOT sidefind finder Trojan BHO - gt Quarantined and deleted successfully HKEY CLASSES ROOT sidefind finder Trojan BHO - gt Quarantined and deleted successfully HKEY CLASSES ROOT testcpv bho Trojan Agent - gt Quarantined and deleted successfully HKEY CLASSES ROOT TypeLib - da - b -a - d Trojan Agent - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface e a a -a d- ae-aca - Trojan Agent - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID b - - a -ad -cbf a efaf Trojan Agent - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects b - - a -ad -cbf a efaf Trojan Agent - gt Quarantined and deleted successfully HKEY CLASSES ROOT testcpv bho Trojan Agent - gt Quarantined and deleted successfully HKEY CLASSES ROOT vx vx obj Fake Dropped Malware - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface c d - a - de - bf -a d bdf Adware NetOptimizer - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface d aff- b - -ad - ce a Trojan BHO - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface b - cda- f- ff- c a ... Read more

A:Warning! Spyware Detected On Your Computer Desktop

Your MBAM log indicates some files will be deleted on reboot. If MBAM encounters a file that is difficult to remove, you need to restart the computer so the malware can be fully removed. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. If you have not rebooted, make sure you do this. When done, rescan again with MBAM and check all items found for removal. Then click the Logs tab and copy/paste the contents of the new report in your next reply. If you did reboot, then rescan again anyway and post a new log.

http://www.bleepingcomputer.com/forums/t/169543/warning-spyware-detected-on-your-computer-desktop/
Relevancy 102.34%

By browsing the forums it seems that no "warning! Computer!" Detected Spyware Desktop On Your two cases of this particular "warning! Spyware Detected On Your Computer!" Desktop malware are alike so I thought I would come to you guys for help I think I have attached the correct logs Thanks in advance for your help andrewDeckard's System Scanner main txtDeckard's System Scanner v Run by andrew on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Last good restore point - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as andrew exe ----------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system "warning! Spyware Detected On Your Computer!" Desktop winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files TortoiseSVN bin TSVNCache "warning! Spyware Detected On Your Computer!" Desktop exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS System nvsvc exeC WINDOWS system RUNDLL EXEC Program Files ClamWin bin ClamTray exeC WINDOWS system rundll exeC Program Files iTunes iTunesHelper exeC WINDOWS RTHDCPL EXEC Program Files Adobe Acrobat Acrobat Acrotray exeC WINDOWS system lphcn dj ev c exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files DNA btdna exeC Program Files iPod bin iPodService exeC WINDOWS system wscntfy exeC Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exeC Documents and Settings andrew Desktop dss exeC PROGRA TRENDM HIJACK andrew exeR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO ContributeBHO Class - C DC - - A A- D-C C - C Program Files Adobe Adobe Contribute CS contributeieplugin dllO - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Contribute Toolbar - BDDE -E A - -B E- B B FC - C Program Files Adobe Adobe Contribute CS contributeieplugin dllO - HKLM Run JMB X Configure C WINDOWS System JMRaidTool exe bootO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS System NvMcTray dll NvTaskbarInitO - HKLM Run ClamWin quot C Program Files ClamWin bin ClamTray exe quot --logonO - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run SkyTel SkyTel EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run Acrobat Assistant quot C Program Files Adobe Acrobat Acrobat Acrotray exe quot O - HKLM Run Adobe ID EYTHM C PROGRA COMMON Adobe ADOBEV Server bin VERSIO EXEO - HKLM Run lphcn dj ev c C WINDOWS system lphcn dj ev c exeO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run ctfmon exe C... Read more

A:"warning! Spyware Detected On Your Computer!" Desktop

Hello Andrew and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/151440/warning-spyware-detected-on-your-computer-desktop/
Relevancy 101.05%

Deckard's System Scanner Spyware Computer! Your Detected Desktop Warning! Background -- On v Warning! Spyware Detected On Your Computer! -- Desktop Background Run by Taylor on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's Warning! Spyware Detected On Your Computer! -- Desktop Background System Scanner Restore Point - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint - - UTC - RP - Software Distribution Service -- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup System Drive C has GiB less than free -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode NormalRunning processes C WINDOWS system smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS explorer exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS system spoolsv exeC Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Grisoft AVG avgamsvr exeC Program Files Grisoft AVG avgupsvc exeC Program Files Grisoft AVG avgemc exeC Program Files Bonjour mDNSResponder exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files LogiShrd LVCOMSER LVComSer exeC WINDOWS system PnkBstrA exeC WINDOWS system svchost exeC Program Files Common Files LogiShrd LVCOMSER LVComSer exeC Program Files TortoiseSVN bin TSVNCache exeC Program Files ATI Technologies ATI ACE CLI exeC Program Files Java jre bin jusched exeC Program Files Logitech GamePanel Software LCD Manager LCDMon exeC Program Files Logitech GamePanel Software G-series Software LGDCore exeC WINDOWS system rundll exeC Program Files Creative SBAudigy Surround Mixer CTSysVol exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Xfire xfiremusic exeC Program Files Logitech GamePanel Software LCD Manager Applets LCDClock exeC Program Files Razer DeathAdder razerhid exeC Program Files Logitech GamePanel Software LCD Manager Applets LCDCountdown exeC WINDOWS system ctfmon exeC Program Files Logitech GamePanel Software LCD Manager Applets LCDPop exeC Program Files Logitech GamePanel Software LCD Manager Applets LCDMedia exeC Program Files Razer DeathAdder razerofa exeC Program Files Zone Labs ZoneAlarm MailFrontier mantispm exeC Program Files ATI Technologies ATI ACE CLI exeC Program Files Xfire xfire exeC Program Files Yahoo Messenger YahooMessenger exeC Program Files Grisoft AVG avgcc exeC Program Files Ventrilo Ventrilo exeC WINDOWS system notepad exeC DOCUME Taylor LOCALS Temp Dwpd exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Taylor Desktop dss exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www daemon-search com startpageR - HKCU Software Microsoft Internet Connection Wizard ShellNext iexploreR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook Yahoo u C - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Install... Read more

A:Warning! Spyware Detected On Your Computer! -- Desktop Background

Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: AMD Athlon™ 64 Processor 3200+Percentage of Memory in Use: 28%Physical Memory (total/avail): 3070.42 MiB / 2190.87 MiBPagefile Memory (total/avail): 4445.93 MiB / 3613.46 MiBVirtual Memory (total/avail): 2047.88 MiB / 1915.45 MiBC: is Fixed (NTFS) - 145.96 GiB total, 15.29 GiB free. D: is CDROM (No Media)E: is CDROM (No Media)F: is CDROM (No Media)\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 3 partitions \PARTITION0 - Unknown - 47.03 MiB \PARTITION1 (bootable) - Installable File System - 145.96 GiB - C: \PARTITION2 - Unknown - 3 GiB-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is disabled.FirstRunDisabled is set.AntiVirusDisableNotify is set.FirewallDisableNotify is set.FW: ZoneAlarm Security Suite Firewall v7.0.473.000 (Check Point, LTD.)AV: ZoneAlarm Security Suite Antivirus v7.0.473.000 (Check Point, LTD.) Disabled OutdatedAV: AVG 7.5.524 v7.5.524 (Grisoft)[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe""C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe""C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe""C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe""C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire""C:\\Program Files\\Bonjour\\mDNSResponder... Read more

http://www.bleepingcomputer.com/forums/t/154054/warning-spyware-detected-on-your-computer-desktop-background/
Relevancy 101.05%

Hello About a week ago my computer started running extremely slowly with Computer!" Detected Message: Desktop Spyware Your "warning! On multiple pop-up windows and messages stating that my system was infected with spyware and I needed to download certain anti-spyware products which I avoided of course I have since run Ewido Anti-Malware SDFix SmitfraudFix and ComboFix which seem to have gotten rid of the pop-ups However one problem persists My desktop is now a blue background with a big yellow rectangle in the Desktop Message: "warning! Spyware Detected On Your Computer!" middle of the screen that Desktop Message: "warning! Spyware Detected On Your Computer!" reads quot Warning Spyware detected on your computer quot and underneath that quot Install an antivirus or spyware Desktop Message: "warning! Spyware Detected On Your Computer!" remover to clean your computer quot And whenever I boot up my computer or leave it alone for a few minutes a creepy screensaver -- featuring little black bugs crawling all over the screen -- briefly kicks in I ve been reading about this problem on this and other message boards but have yet to find a solution Any help you could give me would be much appreciated Thanks RT

A:Desktop Message: "warning! Spyware Detected On Your Computer!"

Maybe they're just left behind from the bad program? Have you tried changing your desktop wallpaper/screensaver?

http://www.bleepingcomputer.com/forums/t/152670/desktop-message-warning-spyware-detected-on-your-computer/
Relevancy 101.05%

Hello,

I am really stuck my desktop has been changed to " warning spyware detected" it's a white backround with the warning dialoge box in the center. Thats not the end of my problems as it re-boots before it even fully starts so I cant even run any antispyware utilities. I tried switching it on in safemode and it does work there but there seems to be no internet access there and I cant run live updates on my antispyware utility am trying to use " SUPERANTI SPYWARE Free Edition.

Your help would be greatly appreciated.

Cheers

A:Desktop changed to warning spyware detected on your computer

Hi Kochez and welcome to TSF !

You've got some malware infection. Follow the instructions in this link :
http://www.techsupportforum.com/secu...oval-help.html

Since you can only use the computer in safe mode skip the steps that require an internet access like panda online scan. Use another computer to download and copy the needed tools on an external drive or on CD. Then copy them to your computer and run them in safe mode.

Make sure you reach step 5 and post the HJT log in a new thread with a summary of your problem in the HijackThis Log Help section.

Be very patient since the HJT section is overcrowded. Your thread will be noticed faster if you don't bump it but it can and will probably take several days (the analysts start from the oldest to the newest).

http://www.techsupportforum.com/forums/f10/desktop-changed-to-warning-spyware-detected-on-your-computer-291026.html
Relevancy 101.05%

Thank you so much in advance for any help you are able to provide My computer is currently unusable in normal Computer" "warning Desktop On Your Spyware Wallpaper" Detected mode due to this malware Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe "warning Spyware Detected On Your Computer" Desktop Wallpaper" modeRunning processes G WINDOWS System smss exeG WINDOWS system winlogon exeG WINDOWS system services exeG WINDOWS system lsass exeG WINDOWS system svchost exeG Program Files Common Files Symantec Shared ccSvcHst exeG Program Files Lavasoft Ad-Aware aawservice exeG WINDOWS system svchost exeG Program Files Symantec Symantec Endpoint Protection Rtvscan exeG WINDOWS Explorer EXEG Program Files hijackthis HiJackThis exeR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - G Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - G Program Files AVG AVG avgssie dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - G Program Files Java jre bin ssv dllO - HKLM Run AsioReg quot REGSVR EXE quot S CTASIO DLLO - HKLM Run NvCplDaemon quot RUNDLL EXE quot G WINDOWS system NvCpl dll NvStartupO - HKLM Run NvMediaCenter RUNDLL EXE G WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run SunJavaUpdateSched quot G Program Files Java jre bin jusched exe quot O - HKLM Run LXSUPMON G WINDOWS system LXSUPMON EXE RUNO - HKLM Run AVG TRAY G PROGRA AVG AVG avgtray exeO - HKLM Run ZoneAlarm Client quot G Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run ccApp quot G Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run lphclojj ea G WINDOWS system lphclojj ea exeO - HKCU Run ctfmon exe G WINDOWS system ctfmon exeO - HKCU Run NBJ quot G Program Files Ahead Nero BackItUp NBJ exe quot O - HKCU Run SVCHOST EXE G WINDOWS system drivers svchost exeO - HKCU Run xrt Shell G Documents and Settings Pain-One xrt mofr exeO - HKUS S- - - Run DWQueuedReporting quot g PROGRA COMMON MICROS DW dwtrig exe quot -t User 'SYSTEM' O - HKUS DEFAULT Run DWQueuedReporting quot g PROGRA COMMON MICROS DW dwtrig exe quot -t User 'Default user' O - Extra button no name - B E C - FCB- CF-AAA - C - G Program Files Java jre bin ssv dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - G Program Files Java jre bin ssv dllO - Extra button AIM - AC E - - d -BC D- B D A DE - G Program Files aim Copy of aim exeO - Extra button no name - e e dd -d - - b -f ba - G WINDOWS Network Diagnostic xpnetdiag exeO - Extra 'Tools' menuitem xpsp res dll - - e e dd -d - - b -f ba - G WINDOWS Network Diagnostic xpnetdiag exeO - Extra button Messenger - FB F -F - d -BB E- C F - G Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - G Program Files Messenger msmsgs exeO - DPF bdsripcab - https media bdsrealtime com components bdsripcab cabO - DPF -C A- E-A -C C BBF Windows Genuine Advantage Validation Tool - http go microsoft com fwlink linkid O - DPF B - - - A - A DE AD Snapfish Activia - http photos walmart com WalmartActivia cabO - DPF E A- D- EE - C-DC FA D FC MUWebControl Class - http update microsoft com microsoftupdat b O - Protocol linkscanner - F C- F - D -A D -FBDDE F D - G Program Files AVG AVG avgpp dllO - AppInit DLLs avgrsstx dllO - Winlogon Notify SASWinLogon - G Program Files SUPERAntiSpyware SASWINLO DLLO - Service Ad-Aware Service aawservice - Lavasoft - G Program Files Lavasoft Ad-Aware aawservice exeO - Service AVG E-mail Scanner avg emc - AVG Technologies CZ s r o - G PROGRA AVG AVG avgemc exeO - Service AVG WatchDog avg wd - AVG Technologies CZ s r o - G PROGRA AVG AVG avgwdsvc exeO - Service Bonjour Service - Apple Inc - G Program Fi... Read more

A:"warning Spyware Detected On Your Computer" Desktop Wallpaper"

So far I have confirmed that lphclojj0ea33.exe and xrt_mofr.exe are the source of the malware, but I am afraid to delete them as they may be the key to fixing the problems. Additionally, the image displayed on my desktop depicts a white screen with a blue border and a large red warning. The warning reads:

Warning! Win32/adware.virtumonde detected on your computer DANGER!

Warning! Win32/privacyremover.m64 detected on your computer DANGER!

Multiple files have been created in the system32 folder, once of which being an XML file referring to multiplayer game exe's (I do not own any of these games, but I assume the virus is made for gamers).

http://www.bleepingcomputer.com/forums/t/169340/warning-spyware-detected-on-your-computer-desktop-wallpaper/
Relevancy 101.05%

My desktop image was changed automatically and replaced with a white background with a dialog box in the center saying my PC spyware warning on changed detected your Desktop to computer was infected with spyware and that I needed to sort it or something along those lines When I start up and log into windows it runs ok for a short while but before it fully starts Desktop changed to warning spyware detected on your computer up it begins to re-boot again The only way I can run the PC is in safe mode I followed instructions given to me by one of the Tech experts and please find below a copy of the Hijackthis log that I ran in safemode Thanks for all your help so far Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe mode Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C Program Files Trend Micro HijackThis HijackThis exe C Program Files Microsoft Office Office WINWORD EXE R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www google ie R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E A - - D F-BEAE-D A C - C Program Files Common Files Symantec Shared coShared Browser NppBho dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - BHO BiblePro Toolbar Helper - A EBAF -C - E - D -DB E B - C Program Files BiblePro Toolbar v BiblePro Toolbar dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - Toolbar Show Norton Toolbar - -F - -B -FBEE C B DF - C Program Files Common Files Symantec Shared coShared Browser UIBHO dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - Toolbar BiblePro Toolbar - D - CF- F-B - DCF EBF C - C Program Files BiblePro Toolbar v BiblePro Toolbar dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run High Definition Audio Property Page Shortcut HDAShCut exe O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run SkyTel SkyTel EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run ATICCC quot C Program Files... Read more

A:Desktop changed to warning spyware detected on your computer

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If you are unable to use Safe Mode with Networking, you will have to download ComboFix and the Microsoft file on another computer and transfer them to the desktop of the infected computer via USB drive, floppy disk, or CD.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

http://www.microsoft.com/downloads/d...displaylang=en

Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Please continue as follows:
Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
Please click Yes to continue scanning for malware.
When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
new HijackThis log
Add-Remove Programs.txt

If you have any questions along the way...STOP and ask them before proceeding.

http://www.techsupportforum.com/forums/f100/desktop-changed-to-warning-spyware-detected-on-your-computer-291265.html
Relevancy 101.05%

I encountered this on a pop-up Your Computer!" Detected "warning! Shows On Desktop Spyware window that Desktop Shows "warning! Spyware Detected On Your Computer!" prompted an activeX control After trying to close it here is what I noticed on my desktop When I go to quot display properties quot many of the tabs such as desktop are gone I have looked at the other threads on this topic and they all seem to indicate that the problem be solved on a case-by-case basis I greatly appreciate any help My logfile is as follows Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC WINDOWS system nvsvc exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS system svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS Explorer EXEC Program Files Apoint K Apoint exeC WINDOWS system ctfmon exec Program Files Common Files Symantec Shared Security Center SymWSC exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Apoint K Apntex exeC Program Files Internet Explorer iexplore exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a n amp pf laptopR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dllO - HKLM Run HPHUPD c Program Files HP B B-DCAB- - EE - F hphupd exeO - HKLM Run Apoint C Program Files Apoint K Apoint exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run lphccegj ejql C WINDOWS system lphccegj ejql exeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run BackupNotify C Program Files HP Digital Imaging bin backupnotify exeO - Global Startup Bluetooth lnk O - Extra context menu item Send to amp Bluetooth Device - C Program Files WIDCOMM Bluetooth Software btsendto ie ctx htmO - Extra context menu item Send To Bluetooth - C Program Files WIDCOMM Bluetooth Software btsendto ie htmO - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLLO - Extra button btrez dll - - CCA CA-C - ef- - C D F - C Program Files WIDCOMM Bluetooth Software btsendto ie htmO - Extra 'Tools' menuitem btrez dll - - CCA CA-C - ef- - C D F - C Program Files WIDCOMM Bluetooth Software btsendto ie htmO - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exeO - Extra 'Tools' menuite... Read more

A:Desktop Shows "warning! Spyware Detected On Your Computer!"

Hello CJustinWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

http://www.bleepingcomputer.com/forums/t/169188/desktop-shows-warning-spyware-detected-on-your-computer/
Relevancy 101.05%

Hello I am ssonu This is my first mail here on Bleepingcomputer com I am in trouble My computer got infected by deadly spyware called Antivirus XP It captured by desktop screen and when I connect my PC to the internet it terrorize me by showing a popup message as quot Trojan spy HTML BankFroud dp is trying to steal information and sending on the internet Every half an hour or so the computer shows black screen with message quot KMODE EXCEPTION NOT HANDLED quot It also says something like memory trap and tries to restart When I press escape it goes off and the previous screen is presented back When the computer is started and booted completely it shows a message saying quot database log is not found quot I have used SuperAntispyware to remove some spyware and then I have used Hijackthis and removed two viruses which were indicated by my Macffee virus scan Then I scanned using Hijackthis and save a log Below is that scan log Please go through that and help me please Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System Detected Spyware Computer...blue Your Desktop! Warning! On smss exe C WINDOWS system csrss exe Warning! Spyware Detected On Your Computer...blue Desktop! C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin Warning! Spyware Detected On Your Computer...blue Desktop! S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Apache Software Foundation Apache bin httpd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C Program Files TortoiseSVN bin TSVNCache exe C Program Files Network Associates Common Framework FrameworkService exe C Program Files Apache Software Foundation Apache bin httpd exe C Program Files Network Associates VirusScan Mcshield exe C Program Files Network Associates VirusScan VsTskMgr exe C Program Files Network Associates Common Framework naPrdMgr exe C Documents and Settings All Users Application Data jclibmpq lizwrozi exe c Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Intel Wireless Bin ifrmewrk exe C WINDOWS stsystra exe C Warning! Spyware Detected On Your Computer...blue Desktop! WINDOWS system WLTRAY exe C Program Files ATI Technologies ATI ACE cli exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files Java jre bin jusched exe C Program Files Network Associates VirusScan SHSTAT EXE C Program Files Network Associates Common Framework UpdaterUI exe C Program Files Common Files Network Associates TalkBack TBMon exe C Program Files Comcast Desktop Doctor bin sprtcmd exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Common Files LogiShrd LComMgr Communications Helper exe C Program Files Common Files Real Update OB realsched exe C Program Files Comcast Desktop Doctor bin sprtsvc exe C WINDOWS system svchost exe C Program Files Logitech QuickCam Quickcam exe C Program Files iTunes iTunesHelper exe C Program Files Google Google Talk googletalk exe C Program Files FlashGuard FlashGuard exe C Program Files Enigma Software Group SpyHunter SpyHunter exe C PROGRA Yahoo MESSEN YAHOOM E... Read more

A:Warning! Spyware Detected On Your Computer...blue Desktop!

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

http://www.bleepingcomputer.com/forums/t/162290/warning-spyware-detected-on-your-computerblue-desktop/
Relevancy 101.05%

So I ve managed to contract the infamous quot Warning Spyware Detected on Your Computer quot "warning! Spyware Your Computer" Desktop Detected Malware On Malware and I have no clue "warning! Spyware Detected On Your Computer" Desktop Malware how to return things to normal My desktop has been replaced with a blue background with "warning! Spyware Detected On Your Computer" Desktop Malware a yellow symbol in the middle displaying the quot warning quot message but my ability to change my desktop background has been removed from the control panel I need your help Here is what I have done First I ran the ol quot look bin quot and got this output Windows Registry Editor Version HKEY CURRENT USER Software Microsoft Windows CurrentVersion Policies HKEY CURRENT USER Software Microsoft Windows CurrentVersion Policies Explorer quot NoDriveTypeAutoRun quot dword HKEY CURRENT USER Software Microsoft Windows CurrentVersion Policies System quot NoDispBackgroundPage quot dword quot NoDispScrSavPage quot dword Windows Registry Editor Version HKEY CURRENT USER Control Panel Desktop quot ActiveWndTrkTimeout quot dword quot AutoEndTasks quot quot quot quot CaretWidth quot dword quot CoolSwitch quot quot quot quot CoolSwitchColumns quot quot quot quot CoolSwitchRows quot quot quot quot CursorBlinkRate "warning! Spyware Detected On Your Computer" Desktop Malware quot quot quot quot DragFullWindows quot quot quot quot DragHeight quot quot quot quot DragWidth quot quot quot quot FontSmoothing quot quot quot quot FontSmoothingType quot dword quot ForegroundFlashCount quot dword quot ForegroundLockTimeout quot dword d quot GridGranularity quot quot quot quot HungAppTimeout quot quot quot quot LowPowerActive quot quot quot quot LowPowerTimeOut quot quot quot quot MenuShowDelay quot quot quot quot PaintDesktopVersion quot dword quot Pattern quot quot None quot quot PowerOffActive quot quot quot quot PowerOffTimeOut quot quot quot quot ScreenSaverIsSecure quot quot quot quot ScreenSaveTimeOut quot quot quot quot ScreenSaveActive quot quot quot quot SCRNSAVE EXE quot quot C WINDOWS system blphcjccj e t scr quot quot TileWallpaper quot quot quot quot UserPreferencesMask quot hex e e quot WaitToKillAppTimeout quot quot quot quot Wallpaper quot quot C WINDOWS system phcjccj e t bmp quot quot WallpaperStyle quot quot quot quot OriginalWallpaper quot quot C WINDOWS system phcjccj e t bmp quot quot WheelScrollLines quot quot quot quot ConvertedWallpaper quot quot C WINDOWS system phcjccj e t bmp quot HKEY CURRENT USER Control Panel Desktop WindowMetrics quot BorderWidth quot quot quot quot CaptionFont quot hex f ff ff ff bc d quot CaptionHeight quot quot - quot quot CaptionWidth quot quot - quot quot IconFont quot hex f ff ff ff f d quot IconSpacing quot quot - quot quot IconTitleWrap quot quot quot quot IconVerticalspacing quot quot - quot quot MenuFont quot hex f ff ff ff f d quot MenuHeight quot quot - quot quot MenuWidth quot quot - quot quot MessageFont quot hex f ff ff ff f d quot ScrollHeight quot quot - quot quot ScrollWidth quot quot - quot quot Shell Icon BPP quot quot quot quot SmCaptionFont quot hex f ff ff ff bc f d quot SmCaptionHeight quot quot - quot quot SmCaptionWidth quot quot - quot quot StatusFont quot hex f ff ff ff f d quot AppliedDPI quot dword quot Shell Icon Size quot quot quot quot MinAnimate quot quot quot Windows Registry Editor Version HKEY CURRENT USER Software Microsoft Internet Explorer Desktop Components quot DeskHtmlVersion quot dword quot DeskHtmlMinorVersion quot dword quot Settings quot dword quot GeneralFlags quot dword HKEY CURRENT USER Software Microsoft Internet Explorer Desktop Components quot Source quot quot About Home quot quot SubscribedURL quot quot About Home quot quot FriendlyName quot quot My Current Home Page quot quot Flags quot dword quot Position quot hex c e a quot CurrentState quot hex quot OriginalStateInfo quot hex ff ff ff ff ff ff ff ff ff ff ff ff quot R... Read more

A:"warning! Spyware Detected On Your Computer" Desktop Malware

Are you running XP? Let's start with this scan from normal mode.For Vista users,Run As AdministratorPlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/150296/warning-spyware-detected-on-your-computer-desktop-malware/
Relevancy 100.19%

Hello I just recently had this message appear as my desktop on my computer Could someone please help I was searching for Warning! On Your - Spyware Computer! Blue Detected Desktop Background some honeymoon destinations for my future Blue Desktop Background - Warning! Spyware Detected On Your Computer! bride and myself and unfortunately I got this message instead Here is a copy of my hijackthis log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared AppCore AppSvc exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Bonjour mDNSResponder exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC Program Files Dell Support Center bin sprtsvc exeC WINDOWS Explorer EXEC WINDOWS system wuauclt exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Java jre bin jusched exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system WLTRAY exeC WINDOWS stsystra exeC Program Files Dell QuickSet quickset exeC WINDOWS system dla tfswctrl exeC Program Files Real RealPlayer RealPlay exeC PROGRA MUSICM MUSICM mm tray exeC Program Files Blue Desktop Background - Warning! Spyware Detected On Your Computer! Common Files Symantec Shared ccApp exeC Program Files iTunes iTunesHelper exeC Program Files Dell Support Center bin sprtcmd exeC WINDOWS system igfxsrvc exeC WINDOWS system lphc utj e r exeC Program Files NetWaiting netWaiting exeC WINDOWS system ctfmon exeC PROGRA MUSICM MUSICM MMDiag exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files DellSupport DSAgnt exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Digital Line Detect DLG exeC Program Files MUSICMATCH Musicmatch Jukebox mim exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exeC Program Files Trend Micro HijackThis HijackThis exeC PROGRA Symantec LIVEUP LUCOMS EXEC Program Files Symantec LiveUpdate AUPDATE EXER - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - E A - - D F-BEAE-D A C - C Program Files Common Files Symantec Shared coShared Browser NppBho dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - c Program Files BAE BAE dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Show Norton Toolbar - -F - -B -FBEE C B DF - C Program Files Common Files Symantec Shared coShared Browser UIBHO dllO - HKLM Run igfxtray C W... Read more

A:Blue Desktop Background - Warning! Spyware Detected On Your Computer!

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.Close all other windows before proceeding.Double-click on dss.exe and follow the prompts.Please let your firewall allow the scanning/downloading process.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.If you are using Vista, you need to right-click at dss.exe icon and choose Run as AdministratorRegardsfenzodahl512

http://www.bleepingcomputer.com/forums/t/158687/blue-desktop-background-warning-spyware-detected-on-your-computer/
Relevancy 100.19%

Hello,
Iam new to the forums and need some help. I recently picked up a spyware that changed my desktop to the following(Blue desktop with yellow writing) "Warning! Spyware Detected on Your Computer!
Please help
DDflash

A:Blue And Yellow ""warning! Spyware Detected On Your Computer! On My Desktop

Welcome to BCPlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/162396/blue-and-yellow-warning-spyware-detected-on-your-computer-on-my-desktop/
Relevancy 98.04%

Please Help I have been receiving pop-ups in IE that say quot Warning possible spyware or adware infection Click here to scan your computer for spyware and adware quot I have run many scans Trend Micro online Avast Spybot SD and although they find and desktop Click Biohazard possible here" and spyware.. Warning: Red pic Pop-up change things this pop-up still occurs I am moderately techno savvy Pop-up Warning: possible spyware.. Click here" and Red Biohazard desktop pic so the thought of reg and dll cleaning is a little beyond me Also I noticed that after a few days of these pop-ups my desktop will be replaced by a red screen with biohazard symbols stating quot Your privacy something quot I have managed to goto a last restore point which gets rid of the red screen but I cannot go far enough back to get tid of the pop-ups Therefore in another couple of days of pop-ups I get the red screen and have to restore again I have just downloaded the Trend Micro HijackThis as I have seen others do with this problem but I do not want to install it yet for feer of running too many anti-virus programs at the same time Please help Any advice would be great nbsp

https://forums.techguy.org/threads/pop-up-warning-possible-spyware-click-here-and-red-biohazard-desktop-pic.688826/
Relevancy 96.75%

Pasted from my notes of today read it and weep too Greetings Been reading and researching all day to get to this point I am asking where to start so as not to get in trouble with powerful tools In a very large nutshell Dell Dimension XP Home tower Has bad reputation but power supply voltages fine all hardware network perfect under PCLOS live CD Could not follow beginning steps here or other forums I E run spybot hijack this logs Taskbar, Icons, No Cmd.exe Locked Your Available. Yellow/blue. Warning! Spyware Detected Or Computer Desktop On etc as desktop locked to blue yellow even in safe mode Right click inop ctrl-alt-del brings up task manger Run from tab gives cli field but no commands Warning! Spyware Detected On Your Computer Yellow/blue. Desktop Locked No Icons, Taskbar, Or Cmd.exe Available. accepted I E cmd exe gives quot module could not be Warning! Spyware Detected On Your Computer Yellow/blue. Desktop Locked No Icons, Taskbar, Or Cmd.exe Available. found quot same with explorer exe sfc exe etc even when typing full path Recovery console from cdrom gives c windows prompt after blank admin password entered CHKDSK worked SFC did not Found but did not clean many viruses with TRK virusscan using AVG F-prot clamav others To add to fun both dvd and cdrom pair would not read my cdr rw discs Would read dell setup disk ok Installed another cdrom on their secondary ide cable for now Ran dell setup using install not recovery as first choice After a few mins it said install fresh or repair I chose repair It went to bsod at minute mark after this dialog box kept popping up quot rundll c documentsandsettings ausername localsettings temp kbitkbilcfe dll could not be found quot BSOD said quot Stop x C BAD POOL CALLER quot error message Googling it I found quot take out modem in Dell Dimensia when running setup quot After that I still got the rundll file complaint many times but it finally installed Left modem out for now will use cat when ready Before reboot ran PCLOS live cd and found all user data ok Boot to XP missed timing of f to start safe it booted to icons taskbar for a second then right to locked up yellow blue malware Rebooted in safe mode I now have black desktop all user s icons right click taskbar and start button I have on usb key spybot s d with latest update files hijackthis autoruns combofix smitfraud and dss Ready to run those and online tools at your advice will start now with Spybot P S I registered yesterday and made your training waiting page my home page I am a hardware and PCLOS geek but so many friends and family ask me to wipe their windows I should help here for others Thanks Tired of windows -- edit update no go burned usb files to cdr as system won t read usb yet spybot wants online access so won t install start run cmd brings up rundll line again c blahblah temp kbitkbilcfe dll as doe most any right mouse click loaded recovery disk to look for recovery installation most clicks on disk buttons bring up the rundll error This happens on safemode or regular mode I tried killing some active processes as soon as seeing the desktop and managed to avoid the locked screen but it mat as well be Now I ask for help I cannot run any tools such as hijack this dss etc unless there is a way to do it from a bootable floppy I am out of luck it seems night

A:Warning! Spyware Detected On Your Computer Yellow/blue. Desktop Locked No Icons, Taskbar, Or Cmd.exe Available.

It would seem to me the best thing is to wipe the drive and reinstall the OS,

http://www.bleepingcomputer.com/forums/t/162442/warning-spyware-detected-on-your-computer-yellowblue-desktop-locked-no-icons-taskbar-or-cmdexe-available/
Relevancy 95.89%

We are running EMET on Windows Enterprise LTSB -bit Whenever we open IE or open detected ASR iexplore.exe @ Opening IE VBScript" warning produces Microsoft mitigation Component: in "EMET a new tab in IE we see the warning referenced in the title and the event listed below is logged We have applied a slew of recommended security settings from the DISA STIGs I see several people complain about this but they have worked around the issue by either adding a site to trusted sites or disabling ASR completely Unfortunately when I try to disable ASR I still get the warning and I am assuming that is because of the policy settings we have enforced Either way disabling a security feature is never the right answer so I'd really like to figure out what is causing this The default homepage is set to about blank Even if we change the homepage to something Opening IE produces "EMET detected ASR mitigation in iexplore.exe Component: Microsoft @ VBScript" warning in Trusted Sites the warning still nbsp appears Like previously mentioned it also appears when opening a new tab which isn't opening any page so it seems the settings for ASR for iexplore exe are not behaving correctly Can anyone offer any guidance Thanks Log Name nbsp nbsp nbsp nbsp nbsp Application Source nbsp nbsp nbsp nbsp nbsp nbsp Opening IE produces "EMET detected ASR mitigation in iexplore.exe Component: Microsoft @ VBScript" warning nbsp EMET Date nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp PM Event ID nbsp nbsp nbsp nbsp nbsp Opening IE produces "EMET detected ASR mitigation in iexplore.exe Component: Microsoft @ VBScript" warning Task Category None Level nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp Warning Keywords nbsp nbsp nbsp nbsp nbsp Classic User nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp N A Computer nbsp nbsp nbsp nbsp nbsp DESKTOP-J FAL Description EMET version EMET detected ASR mitigation in iexplore exe ASR check failed nbsp Application nbsp C Program Files Internet Explorer iexplore exe nbsp User Name nbsp DESKTOP-J FAL nbsp Session ID nbsp nbsp PID nbsp nbsp xFF nbsp TID nbsp nbsp x nbsp Module nbsp VBScript dll Event Xml lt Event xmlns quot http schemas microsoft com win events event quot gt nbsp lt System gt nbsp nbsp nbsp lt Provider Name quot EMET quot gt nbsp nbsp nbsp lt EventID Qualifiers quot quot gt lt EventID gt nbsp nbsp nbsp lt Level gt lt Level gt nbsp nbsp nbsp lt Task gt lt Task gt nbsp nbsp nbsp lt Keywords gt x lt Keywords gt nbsp nbsp nbsp lt TimeCreated SystemTime quot - - T Z quot gt nbsp nbsp nbsp lt EventRecordID gt lt EventRecordID gt nbsp nbsp nbsp lt Channel gt Application lt Channel gt nbsp nbsp nbsp lt Computer gt DESKTOP-J FAL lt Computer gt nbsp nbsp nbsp lt Security gt nbsp lt System gt nbsp lt EventData gt nbsp nbsp nbsp lt Data gt EMET version EMET detected ASR mitigation in iexplore exe ASR check failed nbsp Application nbsp C Program Files Internet Explorer iexplore exe nbsp User Name nbsp DESKTOP-J FAL nbsp Session ID nbsp nbsp PID nbsp nbsp xFF nbsp TID nbsp nbsp x nbsp Module nbsp VBScript dll lt Data gt nbsp lt EventData gt lt Event gt

https://social.technet.microsoft.com/Forums/en-US/f6836992-2e15-46cc-9623-3f586b187af7/opening-ie-produces-quotemet-detected-asr-mitigation-in-iexploreexe-component-microsoft-?forum=emet
Relevancy 95.03%

I'm trying to fix my brother's computer after he opened a trojan attached to an email The email was the one saying your credit card had been charged Mode screen detected" "Spyware and "Black Screen" Safe for airline tickets The computer is a Dell Dimension running Windows XP SP The first problem is that after normal login there is a blue screen with a yellow window in the window with the message quot Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer quot There are no icons visible The only action I can perform is CTL-ALT-DEL to bring up the Windows Task Manager I told my brother to start in Safe Mode from which he scanned the computer using AVG Free Edition which was installed before the infection This did not fix the problem Starting Safe Mode I now get a black screen with Safe Mode "Black Screen" and "Spyware detected" screen Safe Mode in the corners and the operating system name at top The blue login screen then comes up with Administrator and my brothers account I click on Administrator and I get the same black screen as before with Safe Mode in the corners and the writing at top My brothers account does the same There are no icons or Start button visible Again the only program I can bring up is the Windows Task Manager Using that I managed to install and run SmitfraudFix which was given as a solution to quot Spyware detected quot screen After rebooting this did not fix the problem I also installed SpyHunter which found Zlob Trojan Rogue AntivirusXP plus some other spyware cookies and files These were removed from the computer Unfortunately this did not remove the Start Mode black screen and quot Spyware detected quot screens The only thing I can find to do next is a Windows XP repair using the Windows XP install CDROM However before I try that is there anything else you could recommend to get rid of these screens

A:Safe Mode "Black Screen" and "Spyware detected" screen

Anyone want to answer this?

http://www.techsupportforum.com/forums/f284/safe-mode-black-screen-and-spyware-detected-screen-282897.html
Relevancy 92.88%

I have searched the forum and tried many things but still could not get rid of this blinking quot Blinking PassCapture Dangerous horse, "Warning, etc" spyware...Trojan Warning - Dangerous spyware - Following viruses were found Blinking "Warning, Dangerous spyware...Trojan horse, PassCapture etc" on your computer Trojan horse PassCapture and etc quot Please Help H W amp OS Dell laptop D - XP Pro SP Symptom Got many pop ups in IE and Firefox Desktop screen gone black with a box with blinking quot Warning quot and text listed below quot Warning - Dangerous spyware - Following viruses were found on your computer Trojan horse PassCapture and etc Your private information may be potentially transferred to third parties Please check your computer using advanced software Thanks quot Actions taken so far - Ran Spybots and Malwarebytes several times deleted infected objects and rebooted laptop - Ran McAfee OnDemand scan few times and found no virus - Tried System Restore but does not work even in Safe Mode Command Line just can t click Next to restore any restore points - Ran Kaspersky s Online Scanner found objects infected - Ran McAffe again and cleaned those infected object Rebooted the laptop and the message still there Nothing works so far Please help Here are the logs Malwarebytes Anti-Malware Short scan found infected objects Removed amp rebooted Malwarebytes Anti-Malware Database version Windows Service Pack PM mbam-log- - - - - txt Scan type Full Scan C Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected Long scan indicated that quot The scan has completed successfully No malicous items were detected quot But the Black Screen and pop up quot Warning Dangerous Spy Ware quot still there HijackThis Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Broadcom ASFIPMon AsfIpMon exe C Program Files LANDesk Shared Files residentagent exe C Program Files Intel Wireless Bin EvtEng exe C Program Files LANDesk LDClient LocalSch EXE C WINDOWS system CBA pds exe C Program Files LANDesk LDClient tmcsvc exe C PROGRA LANDesk LDClient issuser exe C Program Files LANDesk LDClient policy client invoker exe C Program Files McAfee VirusScan Enterprise EngineServer exe C Program Files McAfee Common Framework FrameworkService exe C Program Files McAfee VirusScan Enterprise VsTskMgr exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system mfevtps exe C Program Files Dell QuickSet NICCONFIGSVC exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files LANDesk LDClient softmon exe C WINDOWS system StacSV exe C PROGRA LANDesk LDClient collector exe C PROGRA LANDesk LDClient LDregwatch exe C Program Files Wave Systems Corp Trusted Drive Manager TdmService exe C WINDOWS system dllhost exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system dllhost exe C PROGRA LANDesk LDClient rcgui exe C WINDOWS Explorer EXE C WINDOWS system wscntfy exe C WINDOWS system ctfmon exe C Program Files Apoint Apoint exe C WINDOWS system rundl... Read more

A:Blinking "Warning, Dangerous spyware...Trojan horse, PassCapture etc"

It got worse. I ran virus scan and Malwarebytes' Anti-Malware, Spybots again and it found adn removed about 8 more infected objects / trojan horse. Rebooted the laptop and now I cannot logon. It logs me out immediately from both user account and Administrator account.
Any suggestions beside reinsatll XP is appreciated.
 

https://forums.techguy.org/threads/blinking-warning-dangerous-spyware-trojan-horse-passcapture-etc.827720/
Relevancy 92.88%

Help I keep on Regular Operation!" Solved: - popups "Warning! Potential Spyware getting a quot Windows Security Alert quot popup appearing that says quot Warning Potential Spyware Operation Your computer is making unauthorised copies of your system and Internet files Run full scan now to prevent any unauthorised access to your files Click YES to download spyware remover quot This is currently appearing about every minutes Also I ran Spybot S amp D and it detected and removed Smitfraud C I just checked in my startup folder and found programs that I think shouldn t be Solved: Regular popups - "Warning! Potential Spyware Operation!" there Solved: Regular popups - "Warning! Potential Spyware Operation!" quot autorun exe quot and quot system exe quot What s going on here Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C SUPERVOC PROGRAM PICPMON EXE C Program Files Raxco PerfectDisk PDAgent exe C Program Files Analog Devices SoundMAX SMAgent exe C WINDOWS system svchost exe C Program Files UPHClean uphclean exe C WINDOWS system ZoneLabs vsmon exe C Program Files Intel Intel R Active Monitor imonnt exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS Explorer exe C WINDOWS system wuauclt exe C WINDOWS system printer exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS AGRSMMSG exe C WINDOWS System spool DRIVERS W X E S I K EXE C WINDOWS system taskswitch exe C Program Files Windows Defender MSASCui exe C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Java jre bin jusched exe C Program Files Intel Intel R Active Monitor imontray exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Messenger msmsgs exe C Program Files ATI Multimedia main ATIDtct EXE C WINDOWS system ctfmon exe C Program Files palmOne Hotsync exe C Program Files LG PC Suite LG PC Sync LGSyncManager exe C Program Files ATI Technologies ATI ACE Core-Static MOM EXE C Program Files Logitech SetPoint SetPoint exe C Program Files Silicon Image SiICfg SiICfg exe C PROGRA Webshots webshots scr C Program Files Common Files Logitech KHAL KHALMNPR EXE C PROGRA INCRED bin IMApp exe C Program Files ATI Technologies ATI ACE Core-Static ccc exe C Program Files MSN Messenger usnsvc exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www bom gov au cgi-bin wrap fwo pl IDQ txt R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http F - REG system ini Shell Explorer exe C WINDOWS system printer exe O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run AGRSMMSG AGRSMMSG exe O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run EPSON Stylus Photo RX C WINDOWS System spool DRIVERS W X E S I K EXE P quot EPSON Stylus Photo RX quot O quot USB quot M quot Stylus Photo RX quot O - HKLM Run CoolSwitch C WINDOWS system taskswitch exe O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hide O - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run Z... Read more

A:Solved: Regular popups - "Warning! Potential Spyware Operation!"

https://forums.techguy.org/threads/solved-regular-popups-warning-potential-spyware-operation.639199/
Relevancy 92.88%

Hey folks It looks like I've got a medley of virii Prior to finding this forum I attempted to fix the problem using several anti virus spyware applications While they found and apparently fixed some problems the System Window entitled quot Critical System Warning quot was not fixed nor were the balloons that popped up from the system tray Here's what the System Window had to say Critical System Warning Your system is probably infected with Warning!" Spyware.cyberlog-x System "Critical Popup the lastest version of Spyware Cyberlog-X Type Spyware Infected Length bytes Risk High Affected Systems Windows NT Server Windows XP Behavior Cyberlog-X is a spyware program that monitors user activity logs keystrokes and track Web sites visited Symptims Low Internet connection speed Low System Performance Secyrity center alerts Strange pop up windows Protection Click OK to download antispyware software After reading several posts I ran ComboFix and it appeared to fix the obvious Spyware.cyberlog-x "Critical System Warning!" Popup problems Would someone mind looking at my logs to see if there are any processes running in the background Is there any script that I can drag and drop into ComboFix or any other solution that would remove these processes HijackThis Log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system Ati evxx exe C WINDOWS system spoolsv exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C WINDOWS eHome ehRecvr exe C WINDOWS RTHDCPL EXE C WINDOWS eHome ehSched exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS system ctfmon exe C PROGRA McAfee VIRUSS mcshield exe C Program Files WIDCOMM Bluetooth Software BTTray exe C WINDOWS system svchost exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files iPod bin iPodService exe C WINDOWS system dllhost exe C WINDOWS explorer exe C WINDOWS system wuauclt exe C Documents and Settings Owner Desktop HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page C WINDOWS system spywarewarning mht R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - c Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - F C D - - - CD- D F CE - C WINDOWS system pmnKabbY dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - E A - AC - D B- F- D CFFF - C WINDOWS system iifgEvwV dll file missing O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run isCfgWiz quot C Program Files Co... Read more

http://www.techsupportforum.com/forums/f284/spyware-cyberlog-x-critical-system-warning-popup-255579.html
Relevancy 92.88%

I was recently the victim of a virus spyware trojan probably all programme which did a number of obvious things Changed my background my Spyware detected?" 'ahtn.html' now is background "warning: to a black screen with quot warning Spyware detected quot 'ahtn html' is now my background Caused me to receive warning messages every few minutes pretending to have run a scan on the computer little red quot X quot next to the clock Took me to an internet page to download some virus fixing software don't worry I didn't do anything else stupid like downloading it Disabled Task Manager Keeps disabling resident scan on Avast Probably much more "warning: Spyware detected?" 'ahtn.html' is now my background Since the malicious software installed itself I have disabled my network card rebooted the machine to 'safe mode without networking' and performed a quick and now doing thorough scan of all hard drives using Avast should be up to date since it's "warning: Spyware detected?" 'ahtn.html' is now my background always telling me it's done a database update Although it claims to have found a series of Trojans I am not convinced it's on top of things and haven't ventured back into 'Normal Windows' or onto the www yet I have downloaded to a USB stick on second PC laptop the following which I could run this evening when I return home from work dds scr from sticky link on this forum Malwarebytes Anti-Malware Spybot Search amp Destroy Ad-Aware and ComboFix already read http www techsupportforum com f ml post so not going to run it if at all until instructed to I used the qualified quot could run quot on the basis that someone here might tell me that's a silly thing to do I am in the gathering of information stage so I am prepared this evening to clean the system So what's the first step I should perform knowing the above when I arrive home Also I have a number of hard drives installed into this system the avast scan is taking an age since it goes through them all am I best going inside the box and disconnecting them before starting this I suppose the query is if the malicious software moves between drives or just stays on my main C-drive Thank you in advance for your advice I've read a number of posts from this board and everybody seems very helpful I'm hoping to tap into this helpful knowledge and fix my PC then kill my son for infecting

A:"warning: Spyware detected…" 'ahtn.html' is now my background

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/warning-spyware-detected-ahtn-html-is-now-my-background-360479.html
Relevancy 92.88%

I was recently the victim of a virus spyware trojan probably all programme which did a number of obvious things Changed my background to a black screen with quot warning Spyware detected quot 'ahtn html' is now my background Caused me to receive warning messages every few minutes pretending to have background now my is 'ahtn.html' Spyware "warning: detected?" run a scan on the computer little red quot "warning: Spyware detected?" 'ahtn.html' is now my background X quot "warning: Spyware detected?" 'ahtn.html' is now my background next to the clock Took me to an internet page to download some virus fixing software don't worry I didn't do anything else stupid like downloading it Disabled Task Manager Keeps disabling resident scan on Avast Probably much more Since the malicious software installed itself I have disabled my network card rebooted the machine to 'safe mode without networking' and performed a quick and now doing thorough scan of all hard drives using Avast should be up to date since it's always telling me it's done a database update Although it claims to have found a series of Trojans I am not convinced it's on top of things and haven't ventured back into 'Normal Windows' or onto the www yet Also I have a number of hard drives installed into this system the avast scan is taking an age since it goes through them all am I best going inside the box and disconnecting them before starting this I suppose the query is if the malicious software moves between drives or just stays on my main C-drive Thank you in advance for your advice I've read a number of posts from this board and everybody seems very helpful I'm hoping to tap into this helpful knowledge and fix my PC then kill my son for infecting Anyway here is the DDS file GMER didn't find anything apparently so the log file was empty i have attched the attach txt file still though DDS Ver - - - NTFSx MINIMAL Run by craig at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV avast antivirus VPS - On-access scanning enabled Updated Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS system svchost exe -k netsvcs C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C Documents and Settings craig Desktop Virus USB dds scr Pseudo HJT Report uStart Page hxxp www google co uk BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c program files microsoft office office GrooveShellExtensions dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll uRun ctfmon exe c windows system ctfmon exe uRun PC Suite Tray quot c program files nokia nokia pc suite PCSuite exe quot -onlytray uRun BitTorrent DNA quot c program files dna btdna exe quot uRun BgMonitor E - C C- d f- C - D A B AA quot c program files common files ahead lib NMBgMonitor exe quot uRun kdx c program files kontiki KHost exe -all uRun ZFG -F - SF-K P- N ER H L c recycler s- - - - - - - service exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun nwiz nwiz exe install mRun HDAudDeck c program files via viaudioi hdadeck HDeck exe mRun avast c progra alwils avast ashDisp exe mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun NeroFilterCheck c program files common files ahead lib NeroCheck exe mRun oD quot c program files kontiki KHost exe quot -all mRun GrooveMonitor quot c program files microsoft office office GrooveMonitor exe quot mRun nmctxth quot c program files common fil... Read more

A:"warning: Spyware detected…" 'ahtn.html' is now my background

By the way; this is all being run from within 'Safe Mode without Networking'.
I have not read anywhere that this isn't ok so I hope it is.

Thanks for reading.

http://www.techsupportforum.com/forums/f100/warning-spyware-detected-ahtn-html-is-now-my-background-360622.html
Relevancy 92.88%

I am infected with this crap and have used the following tools to try to get rid of it Windows Defender Unible PowerSuite SpeedUpMyPC Registry Booster amp Spyware Protector and Norton's - "Error Worm-Popups-The Icons Netsky Cleaner" Protector" "Spyware..." Three "Privacy One Button Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..." Checkup and WinDoctor Not sure if it's related but my DISPLAY is locked at X Atempted the Step Process before posting and Panda ActiveScan froze and crashed after scanning files but not before identifying spyware files Here's my extra txt log from Deckard's Deckard's System Scanner v Extra logfile - please post Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..." this as an attachment with your post -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition build SP Architecture X Language English CPU Intel R Pentium R CPU GHz Percentage of Memory in Use Physical Memory total avail MiB MiB Pagefile Memory total avail MiB MiB Virtual Memory total avail MiB MiB A is Removable No Media C is Fixed NTFS - GiB total GiB free D is CDROM CDFS PHYSICALDRIVE - ST A - GiB - partition PARTITION - Unknown - MiB PARTITION bootable - Installable File System - GiB - C -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install Windows Internal Firewall is disabled AntiVirusDisableNotify is set FirewallDisableNotify is set FW Norton Internet Security v Symantec Corporation AV Norton Internet Security v Symantec Corporation HKLM System CurrentControlSet Services SharedAccess Parameters FirewallPolicy DomainProfile AuthorizedApplications List quot windir system sessmgr exe quot quot windir system sessmgr exe enabled xpsp res dll - quot quot C Program Files Logitech Logitech Harmony Remote Software HarmonyRemote exe quot quot C Program Files Logitech Logitech Harmony Remote Software HarmonyRemote exe Enabled Logitech Harmony Remote Software quot quot windir Network Diagnostic xpnetdiag exe quot quot windir Network Diagnostic xpnetdiag exe Enabled xpsp res dll - quot quot C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe quot quot C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe Enabled Logitech Desktop Messenger quot HKLM System CurrentControlSet Services SharedAccess Parameters FirewallPolicy StandardProfile AuthorizedApplications List quot windir system sessmgr exe quot quot windir system sessmgr exe enabled xpsp res dll - quot quot C WINDOWS system LEXPPS EXE quot quot C WINDOWS system LEXPPS EXE Enabled LEXPPS EXE quot quot C Program Files Logitech Logitech Harmony Remote Software HarmonyRemote exe quot quot C Program Files Logitech Logitech Harmony Remote Software HarmonyRemote exe Enabled Logitech Harmony Remote Software quot quot windir Network Diagnostic xpnetdiag exe quot quot windir Network Diagnostic xpnetdiag exe Enabled xpsp res dll - quot quot C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe quot quot C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe Enabled Logitech Desktop Messenger quot quot C Program Files LimeWire LimeWire exe quot quot C Program Files LimeWire LimeWire exe Enabled LimeWire quot quot C Program Files Yahoo Messenger YahooMessenger exe quot quot C Program Files Yahoo Messenger YahooMessenger exe Enabled Yahoo Messenger quot quot C Program Files Yahoo Messenger YServer exe quot quot C Program Files Yahoo Messenger YServer exe Enabled Yahoo FT Server quot quot C Program Files Messenger msmsgs exe quot quot C Program Files Messenger msmsgs exe Enabled Windows Messenger quot quot C Program Files Veoh Networks Veoh VeohCli... Read more

A:Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..."

Bump.

http://www.techsupportforum.com/forums/f284/netsky-worm-popups-the-three-icons-error-cleaner-privacy-protector-spyware-207223.html
Relevancy 92.88%

Hi unaccessible Spyware Potential and Operation!" Panel Control messagebox "Warning! I am trying to fix my friend s computer the key word here is trying and I ran across some things that I have no idea how to fix First off I "Warning! Potential Spyware Operation!" messagebox and unaccessible Control Panel used Spybot Search and Destroy in Normal mode and Safe mode to try and get rid of as much as possible Even after doing this I am still getting the world s most annoying messagebox with the title of quot Windows Security Alert quot The body of the messagebox reads as follows quot Warning Potential Spyware Operation Your computer is making unauthorized copies of your system and Internet files Run full scan now to pervent any unauthorised access to your files Click YES to download spyware remover quot I have no idea how to get rid of this Also when trying to go to Add Remove Programs in Control Panel I find that i can no longer access Control Panel it says that the operation is cancelled due to restrictions on this computer but there is only one account and it is admin Now Control Panel no longer shows up anywhere Posted below is my HijackThis file I would appreciate any help with this matter Thanks Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C WINNT System svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C WINNT Explorer exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINNT system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files LEAD Technologies Inc LEADTOOLS ePrint Bin LPSVS N EXE C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Microsoft SQL Server MSSQL RETSDATA Binn sqlservr exe C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus IWP NPFMntor exe C WINNT System svchost exe C Program Files Webroot Spy Sweeper WRSSSDK exe C WINNT system printer exe C Program Files Webroot Spy Sweeper SpySweeper exe C Program Files Common Files Symantec Shared ccApp exe C Program Files iTunes iTunesHelper exe C PROGRA MI AA wcescomm exe C PROGRA MI AA rapimgr exe C Program Files Sony Corporation Picture Package Picture Package Menu SonyTray exe C Program Files Sony Corporation Picture Package Picture Package Applications Residence exe C Program Files iPod bin iPodService exe C Program Files Common Files Symantec Shared Security Console NSCSRVCE EXE C WINNT system ctfmon exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Office OFFICE WINWORD EXE C Program Files Common Files Microsoft Shared Speech sapisvr exe C Program Files Messenger msmsgs exe C Program Files Trend Micro HijackThis HijackThis exe F - REG system ini Shell Explorer exe C WINNT system printer exe O - Toolbar AdwareFilter - F - E - B-A -E CAD A C - C Program Files AdwareFilterToolBar AdwareFilter dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar Norton AntiVirus - C E A- F - E-B E- B - C Program Files Norton AntiVirus NavShExt dll O - HKLM Run SpySweeper quot C Program Files Webroot Spy Sweeper SpySweeper exe quot startintray O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run QuickTime Task quot C Program Files Q... Read more

A:"Warning! Potential Spyware Operation!" messagebox and unaccessible Control Panel

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
==============================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me regardless of what it finds with a new HijackThis log.

This will take some time!!!!!!!!
 

https://forums.techguy.org/threads/warning-potential-spyware-operation-messagebox-and-unaccessible-control-panel.632542/
Relevancy 92.45%

A box with the error quot Operation" Spyware Potential spyware "Warning! Warning Potential Spyware Operation quot and a yes or no option to take me to an "Warning! Potential Spyware Operation" spyware infected website pops up every min It also has blocked my desktop background my "Warning! Potential Spyware Operation" spyware control panel and my task manager Here goes my HJT log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Arquivos de programas Arquivos comuns Symantec Shared ccSetMgr exe C Arquivos de programas Arquivos comuns Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C WINDOWS Explorer exe C WINDOWS system proper exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C Arquivos de programas Synaptics SynTP SynTPLpr exe C Arquivos de programas Synaptics SynTP SynTPEnh exe C Arquivos de programas Launch Manager QtZgAcer EXE C Arquivos de programas Java j re bin jusched exe C Arquivos de programas CyberLink PowerDVD PDVDServ exe C Arquivos de programas QuickTime qttask exe C Arquivos de programas Arquivos comuns Symantec Shared ccApp exe C ARQUIV SYMANT VPTray exe C WINDOWS VM STI EXE C Arquivos de programas HP HP Software Update HPWuSchd exe C Arquivos de programas Messenger msmsgs exe C WINDOWS system ctfmon exe C Arquivos de programas SUPERAntiSpyware SUPERAntiSpyware exe C Arquivos de programas Spybot - Search amp Destroy TeaTimer exe C Arquivos de programas HP Digital Imaging bin hpqtra exe C Acer eManager anbmServ exe C Arquivos de programas Symantec AntiVirus DefWatch exe C Arquivos de programas Arquivos comuns Microsoft Shared VS Debug mdm exe C WINDOWS system svchost exe C Arquivos de programas Symantec AntiVirus Rtvscan exe C Arquivos de programas HP Digital Imaging bin hpqSTE exe C Arquivos de programas HP Digital Imaging Product Assistant bin hprblog exe C WINDOWS system wscntfy exe C Arquivos de programas Palm HOTSYNC EXE C Arquivos de programas HP Digital Imaging bin hpqimzone exe C WINDOWS system wuauclt exe C Arquivos de programas Internet Explorer IEXPLORE EXE C Arquivos de programas Trend Micro HijackThis HijackThis exe F - REG system ini Shell Explorer exe C WINDOWS system proper exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Arquivos de programas Adobe Acrobat Acrobat ActiveX AcroIEHelper dll O - BHO CompSegIB - E C -B C- DD -A - EC E AF - C Arquivos de programas Scpad scpsssh dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C ARQUIV SPYBOT SDHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c arquivos de programas google googletoolbar dll O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Arquivos de programas Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO no name - D B - - DE -AE - B B F - C WINDOWS system bronto dll file missing O - Toolbar amp Google - C B - - d - B - A CD F - c arquivos de programas google googletoolbar dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Arquivos de programas Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run SynTPLpr C Arquivos de programas Synaptics SynTP SynTPLpr exe O - HKLM Run SynTPEnh C Arquivos de programas Synaptics SynTP SynTPEnh exe O - HKLM Run LManager C Arquivos de programas Launch Manager QtZgAcer EXE O - HKLM Run SunJavaUpdateSched C Arquivos de programas Java j re bin jusched exe O - HKLM Run RemoteControl quot C Arquivos de programas CyberLink PowerDVD PDVDServ exe quot O - HKLM Run QuickTime Task quot C Arquivos de programas QuickTime qttask exe quot -atboottime O - HKLM Run ccApp quot C Arquivos de programas Arquivos comuns Symantec Shared ... Read more

A:"Warning! Potential Spyware Operation" spyware

I runned the Smitfraudfix and also the Fdfix. Neither of them helped.
 

https://forums.techguy.org/threads/warning-potential-spyware-operation-spyware.646513/
Relevancy 92.45%

normal removal programs dont work adware search destroy spy subtract I have a desktop that is black with quot WARNING YOU RE IN DANGER ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK WHEN YOU VISIT SITES SEND "WARNING!"..spyware has task manager disabled EMAILS ALL YOUR "WARNING!"..spyware has disabled task manager ACTIONS ARE LOGGED AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS YOUR DATA IS STILL AVAILABLE FOR FORENSICS AND IN SOME CASES FOR YOUR BOSS YOUR FRIENDS YOUR WIFE YOUR CHILDREN quot Also It has disabled the "WARNING!"..spyware has disabled task manager use of task manager I get quot task manager was disabled by your admin quot Many programs ask for IE to be fully closed and I cant get at the background image window to close Please any help would be great My log is Logfile of HijackThis v Scan saved at PM on Platform Windows XP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer exe C Program Files NETGEAR WG Utility WG WLU exe C Program Files QuickTime qttask exe "WARNING!"..spyware has disabled task manager C Program Files Winamp winampa exe C WINDOWS System kernels exe C WINDOWS System ctfmon exe C Program Files Messenger msmsgs exe C Program Files interMute SpySubtract SpySub exe C WINDOWS System nvsvc exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS System wuauclt exe C WINDOWS System wuauclt exe C hijakthis HijackThis exe F - REG system ini Shell Explorer exe C WINDOWS System kernels exe O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dll file missing O - BHO no name - F C C - E- - -E BD A F - C WINDOWS System hfobc dll file missing O - HKLM Run WG WLU C Program Files NETGEAR WG Utility WG WLU exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run WinampAgent C Program Files Winamp winampa exe O - HKLM Run System C WINDOWS System kernels exe O - HKCU Run CTFMON EXE C WINDOWS System ctfmon exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Global Startup SpySubtract lnk C Program Files interMute SpySubtract SpySub exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger MSMSGS EXE O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger MSMSGS EXE O - DPF E E DD-FB - -A E- A DB CodeBabyObject Object - http www codebaby com cb new core codebaby cab O - DPF B-B - D-A D -FCFDF E C WUWebControl Class - http v windowsupdate microsoft c ls en x client wuweb site cab O - Service NVIDIA Driver Helper Service - NVIDIA Corporation - C WINDOWS System nvsvc exe nbsp

A:"WARNING!"..spyware has disabled task manager

Print this out and boot to safe mode

Fix these entries

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

O2 - BHO: (no name) - {F93C90C4-039E-4461-8139-E41BD3A7327F} - C:\WINDOWS\System32\hfobc.dll (file missing)

O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe

View Hidden
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Delete this file making SURE that it is the one with the S in it

C:\WINDOWS\System32\kernels32.exe

Boot and post a new log
 

https://forums.techguy.org/threads/warning-spyware-has-disabled-task-manager.320263/
Relevancy 92.45%

I keep getting a popup banner near the top of possible adware spyware "warning: [SOLVED] or infection!....." my screen and I cant get it to go away It says quot warning possible spyware or adware infection quot I am knew to this Hijackthis stuff but here is what it tells me Running processes C WINDOWS [SOLVED] "warning: possible spyware or adware infection!....." System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Norton SystemWorks Norton AntiVirus navapsvc exe C Program Files Norton SystemWorks Norton Utilities NPROTECT EXE C Program Files Common Files Symantec Shared ccApp exe C PROGRA NORTON SPEEDD nopdb exe C WINDOWS System svchost exe C WINDOWS system devldr exe C Documents and Settings Shane Salley Desktop Downloads HiJackThis v exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer iexplore exe C Program Files Messenger msmsgs exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton SystemWorks Norton AntiVirus NavShExt dll O - BHO no name - c c d - dd - b - -e ecdd f - C WINDOWS bmzalihc dll O - BHO XTN Monitor - CB BCBE - B - B -BD F- FD A EB - C WINDOWS ddwlxtqlmr dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton SystemWorks Norton AntiVirus NavShExt dll O - Toolbar The enqvwkp - A CE - A - - -A B A C - C WINDOWS enqvwkp dll file missing O - HKLM Run ccApp C Program Files Common Files Symantec Shared ccApp exe O - HKLM Run ccRegVfy C Program Files Common Files Symantec Shared ccRegVfy exe O - HKUS S- - - Run MySpaceIM C Program Files MySpace IM MySpaceIM exe User 'SYSTEM' O - HKUS DEFAULT Run MySpaceIM C Program Files MySpace IM MySpaceIM exe User 'Default user' O - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra 'Tools' menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLL O - Extra button AIM - AC E - - d -BC D- B D A DE - C Program Files AIM aim exe O - Extra button no name - e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe file missing O - Extra 'Tools' menuitem xpsp res dll - - e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe file missing O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF - E - D - - ED Support com Configuration Class - http www activation rr com install ds tgctlcm cab O - DPF BF D - C - B -BC -D ABDDC B QuickTime Object - http a g akamai net x qtplugin cab O - DPF A -ED - F B-A E- BD D E - http dl filekicker com send file L PhPSetup cab O - DPF FCCDF -A E - A-A D- BF B D BA C AOL Pictures Uploader Class - http o aolcdn com pictures ap Reso s cab O - DPF - f - bb - d -fa d f a ab YInstStarter Class - C Program Files Yahoo Common yinsthelper dll O - DPF DD - - F - F D-D MySpace Uploader Control - http lads myspace com upload MySpaceUploader cab O - DPF F E B A- A - CA- - D CB MSN Photo Upload Tool - http by fd bay hotmail msn co s MsnPUpld cab O - DPF BCB- D A- D -A B- DA DE - http software-dl real com a p RdxIE cab O - DPF B-B - D-A D -FCFDF E C WUWebControl Class - http www update microsoft com wind O - DPF E A- D- EE - C-DC FA D FC MUWebControl Class - http www update microsoft com micr O - DPF F - - -A - DE D C Kodak Gallery Easy Upload Manager Class - http www kodakga... Read more

A:[SOLVED] "warning: possible spyware or adware infection!....."

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:


Quote:




type "C:\boot.ini">C:\look.txt
Start notepad C:\Look.txt
del peek.bat




Save this as peek.bat Choose to "Save type as - All Files"
It should look like this:
Double click on peek.bat & allow it to run. A notepad file will open. Post the contents of that file in your next reply, and close the file.

http://www.techsupportforum.com/forums/f284/solved-warning-possible-spyware-or-adware-infection-212484.html
Relevancy 92.45%

I have several pop-ups that repeatedly show up and my desktop background is plagued with quot Warning Spyware threat detected on your pc quot with a hyperlink to fake live security center I have no idea what to do and thank you so background Please!: threat" Help and Spyware AntiSpyStorm "Warning: much Help Please!: AntiSpyStorm and "Warning: Spyware threat" background in advance for any help you may be able to provide Here is my main txt but extra txt will not show up Deckard's System Scanner v Run by Mike on - - Computer is in Normal Mode -------------------------------------------------------------------------------- Percentage of Memory in Use more than Total Physical Memory MiB MiB recommended System Drive C has GiB less than free -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode Normal Running processes C WINDOWS SYSTEM smss exe C WINDOWS SYSTEM winlogon exe C WINDOWS SYSTEM services exe C WINDOWS SYSTEM lsass exe C WINDOWS SYSTEM svchost exe C WINDOWS SYSTEM svchost exe C WINDOWS SYSTEM svchost exe C Program Files Verizon Verizon Internet Security Suite Fws exe C Program Files Common Files Symantec Shared CCSVCHST EXE C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS SYSTEM LEXBCES EXE C WINDOWS SYSTEM LEXPPS EXE C WINDOWS SYSTEM spoolsv exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Authentium AntiVirus dvpapi exe C Program Files CA PPRT bin ITMRTSVC exe C WINDOWS SYSTEM LxrJD s exe C WINDOWS winself exe C Program Files Raxco PerfectDisk PDAgent exe C WINDOWS SYSTEM ZuneBusEnum exe C WINDOWS SYSTEM fxssvc exe C WINDOWS SYSTEM wmsdkns exe C Documents and Settings All Users Application Data ngfkxqda hyhqvyhu exe C WINDOWS SYSTEM hkcmd exe C WINDOWS BCMSMMSG exe C Program Files Dell Media Experience PCMService exe C Program Files Dell AIO Printer A dlbkbmgr exe C Program Files Common Files Microsoft Shared Works Shared WkUFind exe C Program Files Yahoo browser ybrwicon exe C Program Files Yahoo YOP yop exe C Program Files Java jre bin jusched exe C Program Files Syncrosoft POS H O cledx exe C Program Files iTunes iTunesHelper exe C Program Files Verizon VSP VerizonServicepoint exe C Program Files Verizon McciTrayApp exe C WINDOWS SYSTEM regsvr exe C WINDOWS SYSTEM ctfmon exe C Program Files Common Files Symantec Shared CCSVCHST EXE C WINDOWS SYSTEM sks winlogon exe C Program Files Dell AIO Printer A dlbkbmon exe C WINDOWS SYSTEM vwhkxkbm exe C Program Files Yahoo browser ycommon exe C Program Files Raxco PerfectDisk PDEngine exe C Program Files iPod bin iPodService exe C Program Files Yahoo YOP SSDK exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Yahoo browser ybrowser exe C Program Files Java jre bin jucheck exe C WINDOWS explorer exe C WINDOWS SYSTEM rundll exe C WINDOWS SYSTEM svchost exe C WINDOWS notepad exe C Documents and Settings Mike Desktop dss exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cust search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com cust www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http verizon yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Default Page URL http verizon yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http www google com ie R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cust search ie html R - HKLM Software Microsoft Internet Explorer Main Search Page http red clientapps... Read more

A:Help Please!: AntiSpyStorm and "Warning: Spyware threat" background

Hello!

Welcome to forums!

I am sorry for the delayed response but forums been busy lately!

I have bad news for you ):

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

http://www.techsupportforum.com/forums/f284/help-please-antispystorm-and-warning-spyware-threat-background-240665.html
Relevancy 91.59%

It seems that someone has stolen from the developers of adaware and spybot. Check the link below for details.
http://www.lavasoftsupport.com/index.php?act=ST&f=1&t=3912
 

Relevancy 91.59%

Yesterday I started getting a popup claiming to be from quot Security Center quot and telling me that I have "Security Center: and on Warning" desktop links porn Fasle no antivirus software I have AVG and instructiong me to download certain files to Fasle "Security Center: Warning" and porn links on desktop fix the problem The files are named Antivirus Security Package MS Antivirus The Spybot Antivirus Spyshredder Professional Antispyware Suite At the same time I got a series of warnings which I ignored and icons kept appearing on my desktop that gave links to porn websites I ran AVG and Ad-Aware both cleaned up a number of issues that were not there the day before The porn links are gone but the so-called Fasle "Security Center: Warning" and porn links on desktop security center warning continues I ran Hijack This yesterday and again today and found a number of suspicious entries I m tempted to just get rid of them but I would rather have someone take a look so that I can do this the right way I have other minor issues that bug me but I want to take care of the major stuff first Note there are three other people who use this PC all of whom claim innocence Yeah right Thanks for your help Here is the HJT log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgfws exe C Program Files Bonjour mDNSResponder exe C Program Files Netscape Internet Service ncupdatesvc exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system wodUpdSv exe C PROGRA AVG AVG avgam exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C PROGRA AVG AVG avgemc exe C WINDOWS Explorer EXE C Program Files America Online waol exe C Program Files iPod bin iPodService exe C Program Files America Online shellmon exe C WINDOWS system wuauclt exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www rosenet org R - HKLM Software Microsoft Internet Explorer Main Start Page http www gatewaybiz com R - URLSearchHook AOLSearchHook Class - EB EA-E BE- CFD- F F-C A C EAFA - C Program Files AIM Search AOLSearch dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO PBlockHelper Class - B- FF- DD - -F BEDE EB - C PROGRA NETSCA NETSCA pbhelper dll O - BHO XML module - BCA - A - eaf- - C B D - C WINDOWS system msxml dll file missing O - BHO AOL Search Enhancement - EB EA-E BE- CFD- F F-C A C EAFA - C Program Files AIM Search AOLSearch dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL O - Toolbar AOL Toolbar - D A-C B- -B B-B B E D C - C Program Files AOL Toolbar toolbar dll O - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXE O - HKLM Run SunKistEM C Program Files Digital Media Reader shwiconem exe ... Read more

https://forums.techguy.org/threads/fasle-security-center-warning-and-porn-links-on-desktop.746530/
Relevancy 90.73%

I'm trying to fix my brother's computer after he opened a trojan Mode Login "Spyware Black detected" Safe & Screens attached to an email The email was the one saying your credit card had been charged for airline tickets The computer is a Dell Dimension running Windows XP SP The first problem is that after normal login there is a blue screen with a yellow window in the window with the message quot Warning Spyware detected on your computer Install an Safe Mode Black & Login "Spyware detected" Screens antivirus or spyware remover to clean your computer quot There are no icons visible The only action I can perform is CTL-ALT-DEL to bring up the Windows Task Manager I told my brother to start in Safe Mode from which he scanned the computer using AVG Free Edition which was installed before the infection This did not fix the problem Starting Safe Mode I now get a black screen with Safe Mode in the corners and the operating system name at top The blue login screen then comes up with Administrator and my brothers account I click on Administrator and I get the same black screen as before with Safe Mode in the corners and the writing at top My brothers account does the same There are no icons or Start button visible Again the only program I can bring up is the Windows Task Manager Using that I managed to install and run SmitfraudFix which was given as a solution to quot Spyware detected quot screen After rebooting this did not fix the problem I also installed SpyHunter which found Zlob Trojan Rogue AntivirusXP plus some other spyware cookies and files These were removed from the computer Unfortunately this did not remove the Start Mode black screen and quot Spyware detected quot screens The only thing I can find to do next is a Windows XP repair using the Windows XP install CDROM However before I try that is there anything else you could recommend to get rid of these screens

A:Safe Mode Black & Login "Spyware detected" Screens

Hello etssp and welcome to TSF...
Since you have attacked by trojan better make a new thread to Security Center...
Also before you do anything, read this:

http://www.techsupportforum.com/secu...oval-help.html

Hope you will clean your PC...
Good luck...

http://www.techsupportforum.com/forums/f10/safe-mode-black-and-login-spyware-detected-screens-282575.html
Relevancy 90.73%

I ve posted this across at "Windows has other Balloon and spyware popup detected infection!" problems the VirtualDR forums too here http discussions virtualdr com showthread php p post Similar to a few other posts there I started with a popup pretending to be from microsoft telling me I had a virus on my computer and trying to get me to download Antiviruspro a fake antivirus program From there it stopped me visiting any websites that might help me remove it anti spyware sites etc even google by changing the address of any site I typed so that they wouldn t work It somehow managed to close my antivirus software and prevents any exe s in its blacklist e g any anti virus programs - including the setup exes of other "Windows has detected spyware infection!" Balloon popup and other problems anti virus software so you couldn t install a new one from running Here are a few threads that I ve found where the user has had similar experiences as me http discussions virtualdr com showthread php t http discussions virtualdr com showthread php t http forums techguy org malware-r locking-removal-malware-antimalwarebytes html I ve been following the advice in the second thread renaming a few of the exes has allowed me to run most of the requested programs and I now have some logs which I hope you can help me with SuperAntiSpyware Log SUPERAntiSpyware Scan Log http www superantispyware com Generated at PM Application Version Core Rules Database Version Trace Rules Database Version Scan type Complete Scan Total Scan Time Memory items scanned Memory threats detected Registry items scanned Registry threats detected File items scanned File threats detected Trojan Vundo-Variant Packed-GEN C WINDOWS SYSTEM IIFDASQN DLL C WINDOWS SYSTEM IIFDASQN DLL C WINDOWS SYSTEM RQRHATJJ DLL C WINDOWS SYSTEM RQRHATJJ DLL HKLM Software Microsoft Windows CurrentVersion Explorer Browser Helper Objects DF C- EE - F -AE - D HKCR CLSID DF C- EE - F -AE - D HKCR CLSID DF C- EE - F -AE - D InprocServer HKCR CLSID DF C- EE - F -AE - D InprocServer ThreadingModel HKLM Software Microsoft Windows CurrentVersion Explorer Browser Helper Objects F F F- E- C - B E-C F C ED HKCR CLSID F F F- E- C - B E-C F C ED HKCR CLSID F F F- E- C - B E-C F C ED InprocServer HKCR CLSID F F F- E- C - B E-C F C ED InprocServer ThreadingModel HKLM Software Microsoft Windows CurrentVersion Explorer ShellExecuteHooks F F F- E- C - B E-C F C ED Software Microsoft Windows NT CurrentVersion WinLogon Notify iifdAsqN C WINDOWS SYSTEM DDCYSSMC DLL Trojan Dropper Gen-NV brastk C WINDOWS SYSTEM BRASTK EXE C WINDOWS SYSTEM BRASTK EXE brastk C WINDOWS SYSTEM BRASTK EXE brastk C WINDOWS SYSTEM BRASTK EXE C WINDOWS BRASTK EXE Unclassified Unknown Origin HKLM Software Classes CLSID E EC A- C - - E -FC BCDAF HKCR CLSID E EC A- C - - E -FC BCDAF HKCR CLSID E EC A- C - - E -FC BCDAF HKCR CLSID E EC A- C - - E -FC BCDAF InprocServer HKCR CLSID E EC A- C - - E -FC BCDAF InprocServer ThreadingModel HKCR CLSID E EC A- C - - E -FC BCDAF ProgID HKCR CLSID E EC A- C - - E -FC BCDAF Programmable HKCR CLSID E EC A- C - - E -FC BCDAF TypeLib HKCR CLSID E EC A- C - - E -FC BCDAF VersionIndependentProgID HKCR HTASS HTDP HKCR HTASS HTDP CLSID HKCR HTASS HTDP HKCR HTASS HTDP CLSID HKCR HTASS HTDP CurVer HKCR TypeLib FF F- - a c- F E-E A E HKCR TypeLib FF F- - a c- F E-E A E HKCR TypeLib FF F- - a c- F E-E A E HKCR TypeLib FF F- - a c- F E-E A E win HKCR TypeLib FF F- - a c- F E-E A E FLAGS HKCR TypeLib FF F- - a c- F E-E A E HELPDIR C WINDOWS HTASS DLL Adware Vundo Variant Rel HKLM SOFTWARE Microsoft FCOVM HKLM SOFTWARE Microsoft RemoveRP HKLM SOFTWARE Microsoft MS Juan HKLM SOFTWARE Microsoft MS Juan RID HKLM SOFTWARE Microsoft contim HKLM SOFTWARE Microsoft contim SysShell HKLM SOFTWARE Microsoft MS Track System HKLM SOFTWARE Microsoft MS Track System Uid HKLM SOFTWARE Microsoft rdfa HKLM SOFTWARE Microsoft rdfa F HKLM SOFTWARE Microsoft rdfa N Rogue XP AntiSpyware HKU S- - - - - - - Control Panel don t lo... Read more

A:"Windows has detected spyware infection!" Balloon popup and other problems

HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:30, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Trend Micro\HijackThis\hjtnothing.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [88a8b302] rundll32.exe "C:\WINDOWS\system32\drjwlwxb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bleh Obj] C:\DOCUME~1\Hugh\APPLIC~1\INFOHE~1\Readme Flap.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hugh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFM... Read more

https://forums.techguy.org/threads/windows-has-detected-spyware-infection-balloon-popup-and-other-problems.768649/
Relevancy 90.73%

Hi;

I used a couple of scans (Panda and Ad-Aware) to determine the existance of "Real Spy" spyware, but neither program capable of removing- also included a current Hijack scan as well- can someone spot the source of the spyware in the hijack scan, or suggest a method of removing it?

Many thanks in advance for the assist-
Webz
 

A:"Real Spy" spyware detected (hijack scan attached)...how to remove?

https://forums.techguy.org/threads/real-spy-spyware-detected-hijack-scan-attached-how-to-remove.335713/
Relevancy 90.73%

Hi I tried to find info on this and couldn t and I don t have much time since I m using someone else s computer and I am really scared I was on google today and this message and virtumonde sys32.privacyremover "Spyware Message detected" Window's about quot Antivirus SP Install quot came up and I tried to cancel it but Window's Message "Spyware detected" sys32.privacyremover and virtumonde I m not sure what happened and then everything froze When I rebooted my desktop was white with a message saying quot Window s warning Spyware Detected on your Computer and the names were something like sys privacyremoverms and another one I am scared to turn my computer on again so I cannot get the exact names I tried running Norton and it found something but then shut down and when I tried to reboot the next time I could not do anything there is just an hourglass so I turned it off again and left it off I had a virus a few years ago that someone on here helped me fix thank you but I don t remember anything including how to put my computer in safe mode I m in med school and in the middle of studying for boards so this is the worst possible timing and I don t know what to do If noone can help me on here maybe there is a suggestion of where I could take my computer nbsp

A:Window's Message "Spyware detected" sys32.privacyremover and virtumonde

Is this the same machine?
http://forums.techguy.org/windows-nt-2000-xp/743355-please-help-spyware-message-desktop.html
 

https://forums.techguy.org/threads/windows-message-spyware-detected-sys32-privacyremover-and-virtumonde.743363/
Relevancy 90.73%

The programs that I can't run include Spybot, GMER Rootkit Scanner and Hijackthis. I can click and attempt to open all I want but nothing happens.

Unfortunately, since I can't run any of these, I can't (as yet) provide any logs.

Thank you for your time.

A:"Windows has detected spyware infection!" and an inability to run some programs

Hi
Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

http://www.techsupportforum.com/forums/f50/windows-has-detected-spyware-infection-and-an-inability-to-run-some-programs-310368.html
Relevancy 90.73%

my comp is infected with amalware and a popup keeps on apearing on my screen warning me of some malware and asks me to download some anti spyware it gives a list of anti spywares out of which one is BESTSELLERANTIVIRUS im attaching dss files the hjt log is containd in this message Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system S EvMon exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Common Files Symantec Shared AppCore AppSvc exe C WINDOWS system popups - download "spyware bestsellerantivirus" constant detected, ZCfgSvc exe C WINDOWS system spoolsv exe C WINDOWS system XConfig exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system RegSrvc exe C Program Files SigmaTel SigmaTel AC Audio Drivers stacmon exe C Program Files Apoint Apoint exe C WINDOWS BCMSMMSG exe C Program Files Common Files Symantec Shared ccApp exe C WINDOWS system rundll exe C Program Files Adobe Acrobat Distillr Acrotray exe C Program Files Windows Defender MSASCui exe C WINDOWS system ctfmon exe C Program Files Apoint Apntex exe C WINDOWS System svchost exe C Program Files VideoLAN VLC vlc exe C Program Files Internet Explorer iexplore exe C WINDOWS explorer exe C Program Files HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www defaulthomepage info R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run SigmaTel StacMon C Program Files SigmaTel SigmaTel AC Audio Drivers stacmon exe O - HKLM Run Apoint C Program Files Apoint Apoint exe O - HKLM Run BCMSMMSG BCMSMMSG exe O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run osCheck quot C Program Files Norton AntiVirus osCheck exe quot O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run Acrobat Assistant quot C Program Files Adobe Acrobat Distillr Acrotray exe quot O - HKLM Run Windows constant popups - "spyware detected, download bestsellerantivirus" Defender quot C Program constant popups - "spyware detected, download bestsellerantivirus" Files Windows Defender MSASCui exe quot -hide O - HKLM Run Symantec PIF AlertEng quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe quot a m quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A AlertEng dll quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Global Startup Adobe Acrobat Speed Launcher lnk O - Extra context menu item Convert link target to Adobe PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIECapture html O - Extra context menu item Convert link target to existing PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIEAppend html O - Extra context menu item Convert selected links to Adobe PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIECaptureSelLinks html O - Extra context menu item Convert selected links to existing PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIEAppendSelLinks html O - Extra context menu item Convert selection to Adobe PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIECapture html O - Extra context menu item Convert selection to existing PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIEAppend html O - Extra co... Read more

A:constant popups - "spyware detected, download bestsellerantivirus"

Hello and welcome to TSF.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

http://www.techsupportforum.com/forums/f284/constant-popups-spyware-detected-download-bestsellerantivirus-217728.html
Relevancy 90.73%

Hello I m new here thanks for having me I just now executed a hygienic implant of Windows XP after cannonading my HD with a pulchritudinous software specimen publicezed under the moniker quot Dariks Boot and Nuke quot which fortuitously writes overtop then extirpates the HD compilation or quot poop quot scupulously and in conformity with the department of defense Clearing and Sanitization Matrix DOD Redundant to pronounce my data accumulator was HJTlog spyware has "Windows included detected infection!" as pure as the new-fallen snow and my new user interface was as clean and fresh as the rushing water from icy streams and brisk as a climb up a frozen glacier And then my colleagues and countrymen misadventure and bad fortune struck like a knife in my arse Struck like a viper fast biting Struck like a dominant boar faced with a pack of mangy dogs quot Your computer is infected quot quot Windows "Windows has detected spyware infection!" HJTlog included has detected spyware infection quot quot It is recommended to use special antispyware tools to prevent data loss Windows will now download and install the most up-to-date antispyware for you quot quot Click here to protect your computer from spyware quot The text bubble BOUNDS from my taskbar leering sneering staring and mocking in his usual snide lip-curled nasty no-class greasy long hair manner insulting my intelligence Can someone help me to asphyxiate this archfiend militant monomaniac suffering imp of infernal regions miscreant hellhound of the sacrilegious ------------------------- Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS inet winlogon exe C Program Files Common Files AOL ACS AOLDial exe C Program Files Real RealPlayer RealPlay exe C PROGRA COMMON AOL AOLSPY AOLSP Scheduler exe C WINDOWS System cmd exe C WINDOWS System ctfmon exe C winstall exe C WINDOWS System sywsvcs exe C Program Files InterVideo Common Bin WinCinemaMgr exe C Program Files America Online waol exe C Program Files America Online shellmon exe C Program Files Common Files Aol aoltpspd exe C Documents and Settings The Eastons Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar C WINDOWS System search html R - HKCU Software Microsoft Internet Explorer Main Search Page C WINDOWS System search html R - HKCU Software Microsoft Internet Explorer Main Start Page C WINDOWS System search html R - HKLM Software Microsoft Internet Explorer Main Default Page URL C WINDOWS System search html R - HKLM Software Microsoft Internet Explorer Main Default Search URL C WINDOWS System search html R - HKLM Software Microsoft Internet Explorer Main Search Page C WINDOWS System search html R - HKLM Software Microsoft Internet Explorer Main Start Page C WINDOWS System search html R - HKCU Software Microsoft Internet Explorer Main Local Page C WINDOWS System search html R - HKLM Software Microsoft Internet Explorer Main First Home Page C Program Files AOL Toolbar welcome html R - HKLM Software Microsoft Internet Explorer Main Local Page C WINDOWS System search html R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www smart-projects net buyisobusternow F - REG win ini run C WINDOWS inet winlogon exe O - BHO no name - E -FFAD- - C - CA F B - no file O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar AOL Toolbar - D A-C B- -B B-B B E D C - C Program Files AOL Toolbar toolbar dll O - HKLM Run AOLDialer C Program Files Common Files AOL ACS AOLDial exe O - HKLM Run RealTray C Program Files Real RealPlayer RealPlay exe SYSTEMBOOTHIDEPLA... Read more

A:"Windows has detected spyware infection!" HJTlog included

All that cutsie crap does not tell a normal person what happenend

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log – If the Ewido log is too large attach it.
 

https://forums.techguy.org/threads/windows-has-detected-spyware-infection-hjtlog-included.420965/
Relevancy 90.73%

Hello, nice peoples that provide so many fixes to make Windows suck less.

I've been looking for hours, but the terms are so general I can't find anything. When I open up Windows Explorer, the "Computer", my profile folder, and the Recycle Bin all appear under "Desktop". Which makes finding things a pain in the butt.

Is there any way to set those items as their own icons, outside of Desktop, and remove them from under Desktop? Basically, I want to see this:

-Computer
└C:\
└Folder
└Folder
└...
└D:\

-Desktop
└Folder
└...

-senselocke
└Downloads
└Favorites
└...

-Recycle Bin


I know you guys have found a ton of tweaks for Windows 7, but this one has bugged me for a while now. Has anyone found a way to get something sort of like that?

A:Move "Computer" and "[username]" out from under Desktop in Explorer?

Hello Senselocke,

You could use the tutorial below to add the User Folder (ex: senselocke) as a separate group in the navigation pane.User Folder - Add or Remove from Navigation Pane
You could use the tutorial below to add the Recycle Bin as a separate group in the navigation pane.Recycle Bin - Add or Remove from Navigation Pane
You might also see if unchecking the Show all folders option in the navigation pane may help get you closer.

Hope this helps some,
Shawn

http://www.sevenforums.com/customization/178441-move-computer-username-out-under-desktop-explorer.html
Relevancy 90.73%

I recently noticed that I no longer have a "My Computer" icon or a "My Documents" icon on my desktop. I tried to restore by right clicking on desktop, clicking Properties, clicking Desktop tab, and clicking Customize desktop. The problem is once there, both the my computer and my documents are greyed and can't be selected. I'm clueless as to how they disappeared although I was also missing the calculator and the recycle bin. Fortunately, I've found a way to get those back but I'm at a loss as to resolving the missing my computer and my documents icons.

All help will be most gratefully appreciated.

Thanks.
 

A:Lost "My Computer" and "My Documents" icons from desktop

Try a System Restore point.
 

https://forums.techguy.org/threads/lost-my-computer-and-my-documents-icons-from-desktop.958171/
Relevancy 90.3%

HI I was strolling along the internet yesterday and something started downloading to the computer. Now I get a blue screen with this message at the top; "Detected SPYware! System error #384" and constant pop-ups, no MSN sign in, a slow slow slow system and a CPU constantly running at 100%. I don't think this is a new type of spyware but I'm not sure excactly how to go about fixing it. Any help would be appriciated.

Thanks! Andy
 

A:Solved: "Detected SPYware! System error #384" Can anyone help!!?

https://forums.techguy.org/threads/solved-detected-spyware-system-error-384-can-anyone-help.428994/
Relevancy 90.3%

Hi I have a spyware of somesort where my desktop is black with a message saying quot Warning You're in danger quot where you can proceed ..." danger! help! popup need in You're "Warning! desktop to click a removal button which takes you to some antivirus website I have searched online and found that it is "Warning! You're in danger! ..." desktop popup need help! some sort of spyware virus "Warning! You're in danger! ..." desktop popup need help! here is my hijackthis log thanks Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe "Warning! You're in danger! ..." desktop popup need help! C WINDOWS system spoolsv exe C Program Files Norton AntiVirus navapsvc exe C WINDOWS System nvsvc exe C Program Files Norton AntiVirus SAVScan exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS Explorer EXE C WINDOWS System shnlog exe C WINDOWS AGRSMMSG exe C Program Files MSN Apps Updater en-us msnappau exe C Program Files MUSICMATCH MUSICMATCH Jukebox mm tray exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Java jre bin jusched exe C WINDOWS System winnook exe C Program Files MUSICMATCH MUSICMATCH Jukebox MMDiag exe C WINDOWS System intmon exe C Program Files MUSICMATCH MUSICMATCH Jukebox mim exe C WINDOWS System wuauclt exe C Program Files Messenger msmsgs exe C WINDOWS System wuauclt exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL about blank R - HKCU Software Microsoft Internet Explorer Main Default Search URL http www updatesearches com search php qq R - HKCU Software Microsoft Internet Explorer Main Search Bar http www updatesearches com bar html R - HKCU Software Microsoft Internet Explorer Main Search Page http www updatesearches com search php qq R - HKCU Software Microsoft Internet Explorer Search SearchAssistant http www updatesearches com search php qq R - HKCU Software Microsoft Internet Explorer Search CustomizeSearch http www updatesearches com search php qq R - HKCU Software Microsoft Internet Explorer SearchURL Default http www updatesearches com search php qq R - HKCU Software Microsoft Internet Explorer Main Local Page http www updatesearches com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com F - REG system ini Shell explorer exe msmsgs exe O - BHO VMHomepage Class - FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA - C WINDOWS System hpC D tmp O - Toolbar MSN - BDAD DAD-C - A -ADC - B B FF D - C Program Files MSN Apps MSN Toolbar en-us msntb dll file missing O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll file missing O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - HKLM Run AGRSMMSG AGRSMMSG exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run msnappau quot C Program Files MSN Apps Updater en-us msnappau exe quot O - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot r O - HKLM Run MMTray C Program Files MUSICMATCH MUSICMATCH Jukebox mm tray exe O - HKLM Run SSC UserPrompt C Program Files Common Files Symantec Shared Security Center UsrPrmpt exe O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run MimBoot C Program Files MUSICMATCH MUSICMATCH Jukebox mimboot exe O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe Consumer O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HK... Read more

A:"Warning! You're in danger! ..." desktop popup need help!

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

http://www.techsupportforum.com/forums/f284/warning-youre-in-danger-desktop-popup-need-help-56173.html
Relevancy 90.3%

Hello I am trying to fix a desktop that a friend uses in his small business The problem aside from various little spyware infections i found which I can deal with is the desktop background has that awful quot Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer quot Now normally i would just format based on the amount of problems but he has important files and I'm in a bind I've followed steps - already on your faq these are my scan results Windows detected on warning desktop Spyware XP v with SP DSS results Deckard's System Scanner v Run by StefanosP on Spyware detected warning on desktop - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Installed Ad-Aware - - UTC - RP - Last good restore point - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup -- HijackThis run as StefanosP exe ------------------------------------------- Unable to find log file not found running clone -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode Normal Running processes C WINDOWS system smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS explorer exe C Program Files HP HP Software Update hpwuSchd exe C WINDOWS system ctfmon exe C Program Files SAGEM CONN-X SAGEM Fast dslmon exe C WINDOWS system spoolsv exe C Program Files IncrediMail bin ImApp exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system HPZipm exe C WINDOWS system svchost exe C WINDOWS system UStorSrv exe C WINDOWS system alg exe C Program Files Mozilla Firefox firefox exe C Documents and Settings StefanosP Desktop dss exe R - HKCU Software Microsoft Internet Explorer SearchURL Default http home microsoft com access autosearch asp p s R - HKLM Software Microsoft Internet Explorer Search Default Search URL http www microsoft com isapi redir ie amp ar iesearch O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exe O - HKLM Run lphcrnoj ev C WINDOWS system lphcrnoj ev exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKCU Run CTFMON EXE C WINDOWS system ctfmon exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run IncrediMail C Program Files IncrediMail bin IncMail exe c O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE C WINDOWS system CTFMON EXE User 'Default user' O - Global Startup DSLMON lnk C Program Files SAGEM CONN-X SAGEM Fast dslmon exe O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS network diagnostic xpnetdiag exe O - Extra 'Tools' menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS network diagnostic xpnetdiag exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -B... Read more

http://www.techsupportforum.com/forums/f284/spyware-detected-warning-on-desktop-274923.html
Relevancy 90.3%

hello i have had this problem for quite some time my desktop background states 'warning spyware has been detected on your pc your computer has several fatal errors due to spyware activity ' it then has a hyperlink to some antispyware site that of which i definitely dont spyware on has been detected your warning, desktop: pc trust can you help me my computer is running slow ive downloaded spybot- search and destroy windows defender webroot spy sweeper desktop: warning, spyware has been detected on your pc and spyware blaster all of these have not detected anything at all i dont know much about running computers or winzip files- amateur at most help Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Microsoft Windows OneCare Live Antivirus MsMpEng exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system svchost exe C Program Files Webroot Spy Sweeper SpySweeper exe C Program Files Microsoft Windows OneCare Live Firewall msfwsvc exe C Program Files Microsoft Windows OneCare Live winss exe C Program Files Hewlett-Packard Shared hpqwmiex exe C WINDOWS system Ati evxx exe C Program Files Microsoft Windows OneCare Live winssnotify exe C WINDOWS Explorer EXE C Program Files HP HP Software Update HPWuSchd exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C Program Files Java jre bin jusched exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Common Files Real Update OB realsched exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files iTunes iTunesHelper exe C Program Files Webroot Spy Sweeper SpySweeperUI exe C Program Files Messenger msmsgs exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Nikon PictureProject NkbMonitor exe C Program Files Verizon Wireless V CAST Music Manager MEMonitor exe C Program Files Nikon PictureProject In Touch PictureProjectInTouch exe C PROGRA hpq Shared HPQTOA EXE C Program Files HP Digital Imaging bin hpqimzone exe C Program Files iPod bin iPodService exe C Program Files HP Digital Imaging bin hpqSTE exe C PROGRA Mozilla Firefox firefox exe C Program Files Java jre bin jucheck exe C Program Files Webroot Spy Sweeper SSU EXE C Program Files SpywareBlaster spywareblaster exe C Program Files SpywareBlaster spywareblaster exe C Documents and Settings sara ludwig Local Settings Temp ZonedOut ZonedOut ZonedOut exe C Documents and Settings sara ludwig Desktop dss exe C DOCUME SARALU Desktop sara ludwig exe R - HKCU Software Microsoft Internet Explorer Main Start Page http wapp verizon net bookmarks bm amp bm ho central R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY lion amp pf laptop R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook no name - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLL F - REG system ini Shell O - BHO no name - e f -a e - b -b - bf db fb - no file O - BHO Ask Search Assistant BHO - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLL O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D... Read more

A:desktop: warning, spyware has been detected on your pc

Hi saraelizanne,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Please run DSS.exe again, and post the results from the main.txt

Thanks

http://www.techsupportforum.com/forums/f284/desktop-warning-spyware-has-been-detected-on-your-pc-233789.html
Relevancy 89.87%

hello This site helped me cure my Laptop in the past and now I am in the process of aiding a friend whose IE is being hijacked to a suspected Anti-malware site for a product known as quot Ultimate Cleaner quot He also keeps getting repetative pop-ups for an alleged virus known as quot Worm Win NetSky quot which redirects you again to an unknown site here is his HJT log Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe Cleaner "Ultimate HJT and warning for "Worm.Win32.NetSky" hijacking browser log 2007" C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system HJT log for "Ultimate Cleaner 2007" browser hijacking and "Worm.Win32.NetSky" warning lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system wscntfy exe C WINDOWS Explorer EXE C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files Java jre bin jusched exe C Program Files HPQ HP Wireless Assistant HP Wireless Assistant exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files iPod bin iPodService exe C Program Files HPQ shared hpqwmi exe C WINDOWS system wuauclt exe C Documents and Settings Chris Desktop Hijacked HiJackThis v HiJackThis v exe R - HKCU Software Microsoft Internet Explorer Main Start Page http softwarereferral com jump php wmid amp mid MjI Ojg amp lid R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf laptop R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - Toolbar no name - BF - F - - - FE E AA - no file O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar The sdrmod - DACEEB- BAE- D - B-D C B A - C WINDOWS sdrmod dll O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNC O - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMEName O - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run eabconfg cpl C Program Files HPQ Quick Launch Buttons EabServr exe Start O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run hpWirelessAssistant quot ProgramFiles HPQ HP Wireless Assistant HP Wireless Assistant exe quot O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system ... Read more

A:HJT log for "Ultimate Cleaner 2007" browser hijacking and "Worm.Win32.NetSky" warning

Welcome to TSG

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

https://forums.techguy.org/threads/hjt-log-for-ultimate-cleaner-2007-browser-hijacking-and-worm-win32-netsky-warning.650795/
Relevancy 89.87%

I found this in a previous thread that pertains to the problem I'm seeing:

Yellow and blue box says: Warning Spyware Detected...
The box appears in the middle of the screen. I can run limited programs because the computer thinks it needs an administrator. The desk top has just turned red and there is a red circle with a white X in the middle of it located in the task bar. Please help.....
I did not see a reply to the thread that mentions how to help remove it. Is there a way to get rid of this? Is this a known, removable entity?

Also, this malware disables my ability to pull up task manager and shut it down that way.

Any help you can provide would be appreciated.

Thanks
 

https://forums.techguy.org/threads/warning-spyware-malware.775964/
Relevancy 89.44%

Hello all I'll try to follow the steps as best I can forgive me if I detected" NT19F32.exe - popup "Spyware miss something Any help is much appreciated I was just visiting a web page that I always visit and all of a sudden my PC reboots It turns back on and straight away I get a message from AVG regarding two infections the first one called quot NT F exe quot keeps coming back up after I move it to the virus "Spyware detected" popup - NT19F32.exe vault under a different name so not the same file I suppose just different numbers the second of which I cannot recall because it hasn't come up since Furthermore my desktop background turned into a blue screen with the message quot Warning Spyware Detected quot or something along those lines before a popup came up saying quot Attention Adware W SpyShredder spyware detected quot It goes on about how it can steal credit cards etc and then says quot Click yes to get all available antispyware software quot Obviously I clicked no but it continues to come up every minutes or so Okay so here is my log from Deckards Deckard's System Scanner v Run by User on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Software Distribution Service - - UTC - RP - Software Distribution Service - - UTC - RP - Last good restore point - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup -- HijackThis run as User exe ------------------------------------------------ Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Grisoft AVGFRE avgemc exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C Program Files lg fwupdate fwupdate exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files Windows Defender MSASCui exe C WINDOWS system RUNDLL EXE C Documents and Settings LocalService Local Settings Application Data spooll exe C WINDOWS system ctfmon exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS TEMP winlogon exe C Program Files Windows Live Messenger usnsvc exe C WINDOWS TEMP scan exe C PROGRA MOZILL FIREFOX EXE C Program Files Windows Live Messenger msnmsgr exe C Documents and Settings User Desktop dss exe C WINDOWS system NOTEPAD EXE C DOCUME User Desktop OTHERS User exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO bho gr Class - FF D- A - A-A EF- BA A E - C Program Files GetRight xx gr dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run JMB X Configure C WINDOWS system JMRaidTool exe boot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run LGODDFU quot C Program Files lg fwupdate fwupdate exe quot blrun O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hide O - HKLM Run AceGain LiveUpdate C Program... Read more

Relevancy 89.44%

so there s this web page desktop problem i m having where my #384"? "Detected SPYware! System error desktop has turned into some warning for spyware and it has a hyperlink right in the center of it also when i open internet explorer the first web page is this Detected SPYware System error Your IP address is Using this address a remote computer has gained anaccess to your computer and probably is collecting the information about the sites you ve visited and the files contained in the folder Temporary Internet Files Attention Ask for help or install the software for deleting secret information about the sites you visited Your computer is full of evidences ISP of transmission CHARTER Your IP address "Detected SPYware! System error #384"? They know you re using Mozilla compatible MSIE Windows NT Your computer is Windows XP Risk status for further investigation VERY HIGH RISK To protect from the Spyware - click here To prevent information transmission - click here To delete the history of your activity click here and if i go to a different web address a bunch of pop ups pop up now i ve downloaded Hijack This and deleted some things that looked like i didn t want but i m not sure if i should have done that because i don t really know what i m doing and i don t know what i m suppose to send to you experts either So i would be greatly appreciative of any help nbsp