Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35

Thread: Is this legit?

  1. #1
    Member
    Join Date
    Feb 2006
    Posts
    195
    Points
    3

    Default Is this legit?

    I'm always wary when emails,etc are sent claiming they're from Windows Explorer because it's not always the case. Twice now, I've clicked on a link to two reputable sites only to have a box pop up that says it's Spy-Shredder from Windows Internet Explorer and that my computer might be infected with spyware and even before I can intercept this, it's running through a scan saying that I have "1 item detected and several issues found" . Below that it says it's also scanning memory and open ports. When I click on "cancel" another box pops up that says it's from Windows Explorer and it says " Your PC is still infected with spyware. Return to xyz.spy-shredder.com and download spyware remover tool." The address at the top says it's from Windows Internet Explorer. It also asks that I install an Active X control in order to "repair the computer."
    I have this thing,at present, in limbo. Is this whole thing legitimate or not? I have had Windows for quite awhile now and it's never done this before, didn't know this was one of its features. If this isn't legitimate, was any damage done(has something entered the ports, or ?) while I delayed in doing anything to stop it. I have Search and Destroy and it hasn't detected anything. Any help on dealing with this would be appreciated. Thanks.

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    No, this is not a windows (Microsoft) item.

    IF you still have the email, please send it to me at:

    BasementgeekAThelp2go.com.

    (Change the "AT" to "@" )

    Suggest that you run through these and then post a HJT log:

    http://www.help2go.com/article217.html

    BG

  3. #3
    Member
    Join Date
    Feb 2006
    Posts
    195
    Points
    3

    Default

    Thank you for your reply,Basementgeek. It wasn't an email that I received, it was a pop- up that occurred clear out of the blue and started running itself. Usually, to run a program, etc, it asks "do you want to run this program" but it started to run the moment it popped up. I intercepted it and tried to cancel it but, as I said, it said that, under the guise of coming from Windows Internet Explorer, that I had spyware on my computer. It also indicated that it was going to check my open ports next which sent off a warning signal. I left it in a limbo, and while waiting for a reply from this forum, I did a search on Spyshredder, and have since found that SpyShredder is a rogue anti-spyware application that may install itself on one's computer(feigning to be a security tool and feigning to be a legitimate application such as Windows Internet Explorer) by exploiting certain browser security holes . I hope I stopped it in time, it was 17 % into its process before I hit the pause then the delete button. I hope it didn't have time to do any damage. I'm wondering too if I have enough spyware/malware/trojan horse protection in place. I have Spybot Search and Destroy, Outpost Firewall, Adware, and Hijack This. Is this enough? How was Spyshredder allowed to pop up on my computer if I have enough security in place? Do I need to install more security programs? Thanks for any info.

  4. #4
    Member
    Join Date
    Feb 2006
    Posts
    195
    Points
    3

    Default

    I am having difficulty posting a HJT log. When I click on "open" it says " do you want to run this software?" and when I click on "run" it says "WinZip Self-Extractor head corrupt. Possible cause: bad disk or file transfer error." It says the same thing each time I try to open it. If I click on "Scan for spyware" nothing happens. I don't know what to do next. Also, I tried running Housecalls and it's been "updating and starting Housecalls" for the last two hours, and it doesn't progress from that point.

  5. #5
    Member
    Join Date
    Feb 2006
    Posts
    195
    Points
    3

    Default

    I reinstalled HiijackThis and it worked. Here is the log file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:19:10 AM, on 12/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\progra~1\yahoo!\YCentral\YahooCentral.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\AGRSMMSG.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dumps_startup
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
    O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Compaq Organize.lnk = ?
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37590.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
    O23 - Service: SymWMI Service (SymWSC) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

    --
    End of file - 12972 bytes

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    What you were describing in your first post is a scam ...

    Forget the Housecall on-line scan & do this :-

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

    THEN ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    Please remember to post :-


    1. SUPERAntiSpyware Scan Log
    2. C:\ComboFix.txt


    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member
    Join Date
    Feb 2006
    Posts
    195
    Points
    3

    Default

    Thank you, steamwiz, the directions were clear, concise( a boon for a novice like me) and proceeded exactly as outlined. Here is the superantispyware log (an excellent program, BTW).

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/03/2007 at 06:36 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3353
    Trace Rules Database Version: 1352

    Scan type : Complete Scan
    Total Scan Time : 00:52:13

    Memory items scanned : 499
    Memory threats detected : 0
    Registry items scanned : 5628
    Registry threats detected : 0
    File items scanned : 40911
    File threats detected : 50

    Adware.Tracking Cookie
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@a.websponsors[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[3].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@xiti[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.zanox[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[4].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.screensavers[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clicksor[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@click.cybertvpartner[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.revsci[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@richmedia.yahoo[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@qnsr[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adcentriconline[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@hypertracker[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.churchmedia[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@azjmp[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@anad.tacoda[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@i.screensavers[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.veoh[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.belstat[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@precisionclick[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@islamedia[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@toplist[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www4.addfreestats[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@try.screensavers[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats2.clicktracks[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www2.addfreestats[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.mtvnservices[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@affiliatetracking[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adecn[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statsgod[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@counter.surfcounters[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@exitexchange[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmmedia[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaonenetwork[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.cnn[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.churchmedia[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[5].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@forums.realmmedia[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats.thescripts[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pubmatic[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@churchmedia[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@linkstattrack[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@lstat.youku[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@interclick[2].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[1].txt
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.cdcmedia[1].txt

  8. #8
    Member
    Join Date
    Feb 2006
    Posts
    195
    Points
    3

    Default

    I am unable to post a log from download.bleepingcomputer.com. When it gets to the point of cutting and pasting the log, when I try to transfer it to this site where I already have signed in, suddenly the site disappears and the page says

    Internet Explorer cannot display the webpage.

    Most likely causes:
    - you are not connected to the Internet
    - the website is encountering problems
    - there might be a typing error in the address

    None of the above is the case. When I enter the address of this site in the browser, the same message comes up. If I try to bring up any webpage, even Yahoo, there's the same message. I can't even sign into my email account because there's the same message. It only stops if I shut the computer down, start it up again, and don't run download.bleepingcomputer.com. I've tried it several times and it always does the same thing.

    I don't know if this is related but I find, today, that when I try to sign in to Yahoo, a pop-up box says

    Security Alert: You are able to leave a secure Internet connection. It will be possible for others to view information you send . Do you want to continue?"

    If I click, "Yes", the sign-in page comes up and again, the same pop-up box. If I click on "Yes" again, then I'm able to sign in.
    I had a hotmail account that expired because I couldn't sign in. It kept saying "Internet Explorer cannot display the webpage.......". I contacted MSN Hotmail many times and their answer was to go to the Help section and email them about the problem. When I did, they sent me an email back saying that I could get my question answered if I went to the Help section and emailed them about the problem,etc.etc.etc. After repeated emails to them saying the same thing, the 30 days of having an inactive email account came and that was that.
    I also find the message "Internet Explorer cannot display the webpage" happens to about 60 percent of any webpage I try to reach.

  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Quote Originally Posted by rio143
    I am unable to post a log from download.bleepingcomputer.com. When it gets to the point of cutting and pasting the log, when I try to transfer it to this site where I already have signed in, suddenly the site disappears...
    Did you save the Combofix.exe file to your desktop
    Quote Originally Posted by steamwiz
    Please download Combofix: http://download.bleepingcomputer.com/sUBs/Beta/ComboFix .exe
    and save to the desktop.
    If you did have it downloaded then you will find the log here :-

    C:\ComboFix.txt

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  10. #10
    Member
    Join Date
    Feb 2006
    Posts
    195
    Points
    3

    Default

    [quote="steamwiz"]
    Did you save the Combofix.exe file to your desktop
    Quote Originally Posted by steamwiz
    If you did have it downloaded then you will find the log here :-

    C:\ComboFix.txt

    steam
    Thank you for your reply, steamwhiz.

    I must be missing a step somewhere because I clicked on Save to desktop and it indicates that combo.fix is in desktop but I can't find the C:\ComboFix.txt you mentioned. Everytime I click on either the combo.fix in desktop, or the download.bleepingcomputer.com link I have to shut the computer down because every page that comes up after that says "Internet cannot display the webpage"etc and it will keep saying that for every page I bring up until I shut the computer down and start all over again. Could you please tell me where the C:\ComboFix.txt is? I'm running out of places to look.
    Thanks again for your help(and your patience).

Page 1 of 4 123 ... LastLast