Search:

I believe my windows7 system might be affected by FakeAlert!grb and smart_hdd.

I had to boot into safe mode to do anything.

I've backed up the registry with erunt.

Thanks!

Here's what's...

Ran through the night without an issue. Thanks again for all your help. Let me know if there's anything else you'd like me to upload.

Regards -
John

I deleted the temporary internet files under C:\. I will also review the websites you recommended. Thanks.

I did have explorer.exe die on me (but it restarted fine) once in between our last...

Finished Kaspersky Scan.
I'll copy just the line of the one virus found.

Scan Statistics:
Total number of scanned objects: 131205
Number of viruses found: 1
Number of infected objects: 1...

I completed the steps you requested. The system seems fine for now but it sometimes takes a couple hours to restart with popups and such. I will start the Kaspersky run after uploading this and...

Thank you for the understanding.

I went into safe mode and ran SmitfraudFix as recommended. When I ran it, windows popped up a message saying that VACFix had encoutered a problem and had to...

Greetings -
First of all, my apologies regarding the archived topic. I didn't realize there'd been an update, but it was my responsibility to check that.

Please note that this is a different...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 06, 2008 5:20:41 PM
Operating System: Microsoft Windows XP...

Been trying to clean up my computer from Smitfraud & Downloader. I've used Ad-Aware and S&D to clean it up, but I must be missing something because it returns!

I've run Kaspersky, S&D and HJT. ...

ogfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:50:22 AM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:...

R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfcom.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program...

Sorry for the delay.

I didn't find any of the three in Add/Remove progs...

I couldn't find any of the three files in TEMP folder so I couldn't verify them in VirusTotal.

I did not create...

Here's HiJackThis output. Thanks for checking it out.

John

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:31:42 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)...

Part 2 of Combofix...

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


Contents of the 'Scheduled Tasks' folder
2007-07-12 12:51:03...

Part 1 of the Combofix output...

ComboFix 07-08-09.3 - "localuser" 2007-08-12 10:30:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.132 [GMT -5:00]

...

Greetings -

I'm struggling with
PurityScan
Starware Toolbar
WhenU.SaveNow and others...

I've run S&D from safe-mode and still need some assistance. Below is my HijackThis output.

One of...

Logfile of HijackThis v1.99.1
Scan saved at 7:57:51 AM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:...

Removed then updated JRE. Removed temporary content and ran GMER.

The system is running very well. No pop-ups at all. Thank you! Looking forward to patching this thing when you've signed-off....

It is looking better! Thanks!

Here's avenger output after running it:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:...

Thank you for your reply. Sorry for the delay as I was gone for the weekend.

I ran Combofix and it bluescreened the firsttime with a winlogon error. I ran it again and it went through fine.

I...

Greetings - Having problems cleaning up my friend's machine. Can't get rid of look2me Qoologic.bj and HacDef.fv. I've used Ad-Aware, Ewido, Spybot S&D and Symantec Anti-Virus. I also can't run...

Greetings -
The file you asked me to search for is not on my system and spybot is clean. Everything looks great. Thanks to both of you who helped. I'll make sure to donate to the cause. Thanks!

Not sure if I ran it from the correct directory (maybe one subdirectory below), but here's the output... I'm going to restart now. Thanks -



Running from C:\Documents and...

Things are very good. Thank you. I haven't had any pop-ups after leaving Firefox and IE open all day. My only remaining concern is that Spybot still finds three registry keys for "Command Service"...

+ IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys

+ IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys

+...

+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe
...

Thanks for all your assistance. I followed your plan.

The following is the output of Autoruns and Ewido log as you requested.

---------------------------------------------------------
ewido...

Greetings - I need assistance with removing spyware and getting rid of popups. I've been working on my computer for two days using Ad-Aware, Ewido, Spybot S&D, Symantec Anti Virus. I've followed...