Hi folks. In recent weeks our e-mail has been flooded by returned mail that we never sent (Mailer Daemon, Failure Notice, Delivery Status Notification, etc.). Now we’re getting hundreds of them a day, and they’re replying to our e-mail address, but we never sent e-mails out for them to fail. Know what I mean? Note: I keep a very clean machine, with McAfee resident and updated at all times, twice-weekly scans with Ad-Aware, once a week cleaning with C-Cleaner, etc.
Is this another form of spam, or is my computer really sending something out to hundreds of non-existing addresses based on the instruction of a hidden worm or something? I would value any input from the pros. In advance, thanks.

Please don’t give me a list of anti-virus programs, because I already have an effective one.

I apprehend that practically ALL anti-spyware programs have their own pros and cons, but maybe you should recommend me a good one that you’ve ever come across……

The last anti-spyware programs I used was Ad-aware and Spyware Terminator……….
is there one which has real-time shield or protection?

Can anyone help?
Last week, I had a malicious virus on my laptop that resulted in my laptop having to be rebuilt and rebooted from scratch. (I’m running WinXP Pro)

Since then, i’ve been getting a sporadic error message saying ‘Generic host process for Win32 service has encountered a problem and needs to close’. The Error signature is szAppName: svchost.exe.

As soon as that message closes I lose wireless connectivity (the router in the house is working perfectly for other computers), I lose my sound driver and I lose XP theme luna (the computer looks like its running Win 95).

I can get the sound driver and the luna theme back by using the run command ‘services.msc’ and then restarting the sound and luna theme. The only way i can get the connectivity back is via a system restart (and that has failed to fix it today).

I also have found, since the rebuild/reboot that my google searches are hijacked. Ie, the regular search results show up, but when i click one, it redirects me to a random site (usually 4 times) before allowing me to go to the link i actually want. I don’t let the hijack page load.

I am running Avg Free 9, ad aware and windows malicious software remover. All of these show no results on full system scans of both the laptop and the portable hard drive that I used to restore my files to the laptop after getting it back clean.

Any advice? Or reccs for a kick ass virus tool? at this stage anything would be helpful.

I’ve been having major issues with everything on my computer loading, particularly online. Even my igoogle homepage won’t load more than 50% of the time. I just got this computer running again, and I’m aware that I need to upgrade some parts, but the issues I’m having are too great to simply be a hardware issue.
I have XP Pro, and my virus programs are:
AVG
Spybot
Avast Cleaner
All are fully updated, and other than a couple cookies from Spybot nothing is found.
I regretfully haven’t gotten a malware program, but I am currently downloading Malware Bytes and Ad-Aware. I used to have Spyware Dr, but I don’t have my key.
So I looked at my running processes and noticed teatimer.exe.1f57e47a.pf using up a crapload of memory and sitting in my prefetch folder. I don’t have a teatimer.exe file in Spybot anywhere, and I’ve searched and searched but can’t find a direct answer as to whether or not this could be part of my problem.
So..the question is: what is this file, and any more programs recommended for downloading?
Before posting I ended the process, and everything began running better. I just checked to see if it restarted, and it hasn’t. The reason I never downloaded malware protection is that I have no need for it personally. My mistake lies in that my husband knows nothing about computers, and has incidentally clicked on ads and downloaded several programs without “paying attention.”

Also, I did google it, but like I said couldn’t find a direct answer as to what the file is. I suppose with my post I was mostly hoping to catch someone who was familiar with that particular file, or any information that could help me prevent a reinstall.

Google did show me that there is a teatimer.exe file that is supposed to be in the Spybot folder, but like I said there isn’t one. It appears from my searches that this file isn’t associated with Spybot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:16 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 – BHO: AVG Security Toolbar – {A057A204-BACC-4D26-9990-79A187E2698E} – C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 – Toolbar: AVG Security Toolbar – {A057A204-BACC-4D26-9990-79A187E2698E} – C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe”
O4 – HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 – HKLM\..\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -h
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra ‘Tools’ menuitem: Spybot – Search & Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) – http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208700590359
O16 – DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) – http://www.systemrequirementslab.com/sysreqlab2.cab
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG8\avgpp.dll
O20 – AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
O23 – Service: Ad-Aware 2007 Service (aawservice) – Lavasoft – C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVG8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 – Service: COMODO Firewall Pro Helper Service (cmdAgent) – Unknown owner – C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 – Service: PDAgent – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 – Service: PDEngine – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

–
End of file – 5878 bytes

I am running WinXP Pro. I’m connected to the internet via Sprint-aircard that I have plugged into a Linksys WRT54G3G-ST router. I have Norton Internet Security installed, but I’m about to dump for the free version of Avast Anti-virus. For a firewall, I have been considering Comodo or ZoneAlarm.

But, do I really need a software firewall? Could manage with Avast’s resident scanner? The router has a hardware firewall also. (I also use Ad-aware and Spybot for malware)

Could all this be enough?

Hi All,
I just wondered if there was anyone out there who could help me with an issue I have got with my Acer Netbook. I recently encountered a Hoax Virus which installed a program called “Anti-Virus Pro 2010″ onto my computer which I have now managed to remove. The problem I’m getting now is everytime I go onto the Internet It navigates the transfering data to which I beleive to be Advertising sites before getting to what I want to look at (Example “Facebook”). Hence this slows down my computer somewhat. I have tried ” Lavasoft Ad-aware” “Spyware Doctor” and Reg-Cure but they haven’t seemed to of worked. If someone could help me I would be really grateful!

Best Regards,

Mark
I have already re-set the computer back to the Acer factory settings. But when I first got rid of “Anti-Virus Pro 2010″ but it’s still really slow!
Ran Malwarebytes and it didn’t detect a problem?
Malwarebytes’ Anti-Malware 1.41
Database version: 2987
Windows 5.1.2600 Service Pack 3

19/10/2009 18:46:47
mbam-log-2009-10-19 (18-46-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 121148
Time elapsed: 42 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Ran Malwarebytes, Superspyware and IO Security 360 and they have not detected a problem does anyone have anymore ideas because I’m ready to throw it through the window……. LOL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:28, on 2008-11-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: AskBar BHO – {201f27d4-3704-41d6-89c1-aa35e39143ed} – (no file)
O2 – BHO: McAfee Phishing Filter – {27B4851A-3207-45A2-B947-BE8AFE6163AB} – c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 – BHO: scriptproxy – {7DB2D5A0-7241-4E79-B68D-6309F01C5231} – c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 – BHO: McAfee SiteAdvisor BHO – {B164E929-A1B6-4A06-B104-2CD0E90A88FF} – c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 – BHO: (no name) – {FFFFFEF0-5B30-21D4-945D-000000000000} – (no file)
O3 – Toolbar: McAfee SiteAdvisor Toolbar – {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} – c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 – HKLM\..\Run: [mcagent_exe] “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
O4 – HKLM\..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘Default user’)
O8 – Extra context menu item: Download with Star Downloader – C:\PROGRA~1\Star Downloader\sdie.htm
O8 – Extra context menu item: Translate with &Babylon – res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\Spybot – Search & Destroy\SDHelper.dll
O9 – Extra ‘Tools’ menuitem: Spybot – Search & Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\Spybot – Search & Destroy\SDHelper.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) – http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 – DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) – http://68.56.199.118/WinWebPush.cab
O18 – Protocol: sacore – {5513F07E-936B-4E52-9B00-067394E9

A one year license of LimeWire Pro (you can learn more about LimeWire at http://www.limewire.com/)
- A fully-licensed version of Movie Collector or Music Collector (you can learn more about this software at http://www.collectorz.com/)
- A one year license of AVG Anti-Virus 9.0 (you can learn more about this software at http://www.avg.com/us-en/customer-support)
- A one year license of Ad-Aware Plus (you can learn more about this software at http://www.lavasoft.com/)
I’m 13, and i didn’t get this product I wanted, so I can pick any of these.

So I got the virus protect pro virus. I am convinced that this virus is completely impossible to remove. Any program that I tried to open once I got the virus such as ad-aware and regedit, were immediately closed by the virus. When I restarted my computer, I got an error that said “”A Disk Read Error Occured. Press CTRL+ALT+DEL to restart”

So what is the cheapest way to get my computer running again? Do I have to buy a new hard drive and a new version of windows? (I didn’t get a windows cd when I bought the computer)
Safe mode doesn’t work, I’ll try Ubuntu, thanks