Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PopUp on shut down


  • This topic is locked This topic is locked
42 replies to this topic

#1 ee_athome

ee_athome

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 06 April 2009 - 03:23 PM

Hi...

I have been in the forum "Am I Infected? What do I do?" for some time getting a lot of help and fixing a lot of things. However, we have not been
able to fix this problem. (topic: 3 viruses, not sure what to do) Topic referenced is here: http://www.bleepingcomputer.com/forums/t/214414/3-viruses-not-sure-what-to-do/ ~ OB

When I shut down, I get a box with the "End Task Now" message. Usually it is for a programme called "Security Services UI Handler", though
on occasion, it is for SuperAntiSpyware. I used to get a flash of a full-screen that had the heading UIPopUpHidden, but that seems to not
happen anymore. Now I just get this small box with the text and the green dots showing how far along it is in the shutdown process of the named
programme. It slows down the whole shutdown process quite a bit (well, I click on the "end task now" button and it closes it immediately).

I have done the DDS report (below) and notice that there are still Symantec files, though I have tried to remove that programme. I don't use
Norton for security, I use Telus' security system, so I don't know if that is part of the problem or if it is something else entirely. I also noticed
when going through the StartUp files (autoruns) that there are some files that say they are missing. Again, not sure if that is the problem or
not.

I have attached the Attach.txt file as per the instructions in the Preparation Guide. If you need anything else, let me know.
I am not particularly well-versed in computers, so I do appreciate any and all help you can give me.

I thank you in advance!
ee


DDS (Ver_09-03-16.01) - NTFSx86
Run by Elizabeth Edward at 12:58:11.71 on Mon 04/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.56 [GMT -7:00]

AV: TELUS security services Anti-Virus *On-access scanning enabled* (Updated)
FW: TELUS security services Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TELUS\TELUS security services\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TELUS\TELUS security services\rps.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\TELUS\TELUS security advisor\TsaComHandler.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Elizabeth Edward\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
BHO: AutorunsDisabled - No File
BHO: 1 (0x1) - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\telus\telus security services\pkR.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [WeatherEye] c:\program files\theweathernetwork\weathereye\WeatherEye.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [TELUS_McciTrayApp] c:\program files\telus\telus support centre\bin\McciTrayApp.exe
mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRunOnce: [SRUUninstall] "c:\windows\system32\msiexec.exe" /x {CACE0C9D-9EF7-4F3B-9C64-88FBA245BA9C} /qn REBOOT=ReallySuppress
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\monitor.lnk - c:\program files\sandisk\sandisk transfermate\SD Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\viarai~1.lnk - c:\program files\via\raid\raid_tool.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,717 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://data6.archives.ca/mrsidi_cab/MrSIDI.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38022.716087963
DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - hxxp://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\elizab~1\applic~1\mozilla\firefox\profiles\mkyhr2g4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll

============= SERVICES / DRIVERS ===============

R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2009-4-1 112144]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-3-9 77056]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-4-1 196368]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R3 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2008-12-9 97520]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-12-25 182528]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [2004-5-5 20864]

=============== Created Last 30 ================

2009-04-02 12:01 --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-02 11:47 --d----- c:\program files\common files\Wise Installation Wizard
2009-04-01 22:38 112,144 a------- c:\windows\system32\drivers\kl1.sys
2009-04-01 22:38 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-04-01 22:37 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-04-01 22:37 --d----- c:\program files\Raxco
2009-04-01 22:24 --d----- c:\program files\Windows Installer Clean Up
2009-04-01 22:23 --d----- c:\program files\MSECACHE
2009-04-01 22:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-01 22:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 22:19 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-28 11:56 552 a------- c:\windows\system32\d3d8caps.dat
2009-03-28 11:17 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-28 11:17 --d----- c:\program files\SUPERAntiSpyware
2009-03-28 11:17 --d----- c:\docume~1\elizab~1\applic~1\SUPERAntiSpyware.com
2009-03-27 22:05 --d----- c:\windows\system32\IOSUBSYS
2009-03-27 13:39 --d----- c:\docume~1\elizab~1\applic~1\Malwarebytes
2009-03-27 13:39 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-23 15:14 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-23 15:14 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-23 15:14 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-23 15:14 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-23 15:14 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-23 15:14 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-23 15:14 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-03-23 15:14 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-23 15:14 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-23 15:14 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-23 15:14 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-23 15:12 687,999 ac------ c:\windows\system32\dllcache\usrwdxjs.sys
2009-03-23 15:11 30,688 ac------ c:\windows\system32\dllcache\sym_u3.sys
2009-03-23 15:10 252,032 ac------ c:\windows\system32\dllcache\sis300iv.dll
2009-03-23 15:09 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys
2009-03-23 15:08 61,696 ac------ c:\windows\system32\dllcache\ohci1394.sys
2009-03-23 15:07 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-03-23 15:06 1,158,818 ac------ c:\windows\system32\dllcache\korwbrkr.lex
2009-03-23 15:05 471,102 ac------ c:\windows\system32\dllcache\imskdic.dll
2009-03-23 15:04 28,288 ac------ c:\windows\system32\dllcache\grserial.sys
2009-03-23 15:03 25,159 ac------ c:\windows\system32\dllcache\elnk3.sys
2009-03-23 15:02 20,928 ac------ c:\windows\system32\dllcache\defpa.sys
2009-03-23 15:01 1,677,824 ac------ c:\windows\system32\dllcache\chsbrkr.dll
2009-03-23 15:00 66,082 ac------ c:\windows\system32\dllcache\c_1141.nls
2009-03-23 14:59 104,832 ac------ c:\windows\system32\dllcache\atiraged.dll
2009-03-23 14:58 23,552 ac------ c:\windows\system32\dllcache\abp480n5.sys
2009-03-23 14:58 462,848 ac------ c:\windows\system32\dllcache\a3dapi.dll
2009-03-23 14:58 48,128 ac------ c:\windows\system32\dllcache\61883.sys
2009-03-23 14:58 38,400 ac------ c:\windows\system32\dllcache\8514a.dll
2009-03-23 14:58 12,288 ac------ c:\windows\system32\dllcache\4mmdat.sys
2009-03-23 14:58 148,352 ac------ c:\windows\system32\dllcache\3dfxvsm.sys
2009-03-23 14:58 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys
2009-03-23 14:58 689,216 ac------ c:\windows\system32\dllcache\3dfxvs.dll
2009-03-23 14:58 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys
2009-03-23 14:58 53,376 ac------ c:\windows\system32\dllcache\1394bus.sys
2009-03-23 14:58 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-22 22:20 --d----- c:\program files\Spybot - Search & Destroy
2009-03-22 22:20 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2009-04-06 12:58 415,008 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-06 12:55 13,307,424 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-06 06:06 179,180 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-06 06:06 39,908 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-02-21 16:22 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-04-01 19:43 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-09-05 15:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 12:58:50.32 ===============

Edited by Orange Blossom, 06 April 2009 - 09:48 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:37 PM

Posted 18 April 2009 - 12:12 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 ee_athome

ee_athome
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 18 April 2009 - 01:48 PM

Hi...Thank you for getting back to me on this.
Below are the results from the DDS scan. I don't know how to zip the other file, sorry. If I zipped it the last time, I don't know what I did. :thumbup2:
Regards,
ee


DDS (Ver_09-03-16.01) - NTFSx86
Run by Elizabeth Edward at 11:23:31.70 on Sat 04/18/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.286 [GMT -7:00]

AV: TELUS security services Anti-Virus *On-access scanning enabled* (Updated)
FW: TELUS security services Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TELUS\TELUS security services\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TELUS\TELUS security services\rps.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\TELUS\TELUS security advisor\TsaComHandler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Elizabeth Edward\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
BHO: AutorunsDisabled - No File
BHO: 1 (0x1) - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\telus\telus security services\pkR.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [WeatherEye] c:\program files\theweathernetwork\weathereye\WeatherEye.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [TELUS_McciTrayApp] c:\program files\telus\telus support centre\bin\McciTrayApp.exe
mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRunOnce: [SRUUninstall] "c:\windows\system32\msiexec.exe" /x {CACE0C9D-9EF7-4F3B-9C64-88FBA245BA9C} /qn REBOOT=ReallySuppress
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\monitor.lnk - c:\program files\sandisk\sandisk transfermate\SD Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\viarai~1.lnk - c:\program files\via\raid\raid_tool.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,717 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://data6.archives.ca/mrsidi_cab/MrSIDI.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38022.716087963
DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - hxxp://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\elizab~1\applic~1\mozilla\firefox\profiles\mkyhr2g4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll

============= SERVICES / DRIVERS ===============

R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2009-4-1 112144]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-3-9 77056]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-4-1 196368]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R3 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2008-12-9 97520]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-12-25 182528]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [2004-5-5 20864]

=============== Created Last 30 ================

2009-04-15 05:53 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-02 12:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-02 11:47 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-01 22:38 112,144 a------- c:\windows\system32\drivers\kl1.sys
2009-04-01 22:38 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-04-01 22:37 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-04-01 22:37 <DIR> --d----- c:\program files\Raxco
2009-04-01 22:24 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-04-01 22:23 <DIR> --d----- c:\program files\MSECACHE
2009-04-01 22:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-01 22:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 22:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-28 11:56 552 a------- c:\windows\system32\d3d8caps.dat
2009-03-28 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-28 11:17 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-28 11:17 <DIR> --d----- c:\docume~1\elizab~1\applic~1\SUPERAntiSpyware.com
2009-03-27 22:05 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-03-27 13:39 <DIR> --d----- c:\docume~1\elizab~1\applic~1\Malwarebytes
2009-03-27 13:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-23 15:14 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-23 15:14 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-23 15:14 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-23 15:14 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-23 15:14 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-23 15:14 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-23 15:14 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-03-23 15:14 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-23 15:14 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-23 15:14 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-23 15:14 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-23 15:12 687,999 ac------ c:\windows\system32\dllcache\usrwdxjs.sys
2009-03-23 15:11 30,688 ac------ c:\windows\system32\dllcache\sym_u3.sys
2009-03-23 15:10 252,032 ac------ c:\windows\system32\dllcache\sis300iv.dll
2009-03-23 15:09 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys
2009-03-23 15:08 61,696 ac------ c:\windows\system32\dllcache\ohci1394.sys
2009-03-23 15:07 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-03-23 15:06 1,158,818 ac------ c:\windows\system32\dllcache\korwbrkr.lex
2009-03-23 15:05 471,102 ac------ c:\windows\system32\dllcache\imskdic.dll
2009-03-23 15:04 28,288 ac------ c:\windows\system32\dllcache\grserial.sys
2009-03-23 15:03 25,159 ac------ c:\windows\system32\dllcache\elnk3.sys
2009-03-23 15:02 20,928 ac------ c:\windows\system32\dllcache\defpa.sys
2009-03-23 15:01 1,677,824 ac------ c:\windows\system32\dllcache\chsbrkr.dll
2009-03-23 15:00 66,082 ac------ c:\windows\system32\dllcache\c_1141.nls
2009-03-23 14:59 104,832 ac------ c:\windows\system32\dllcache\atiraged.dll
2009-03-23 14:58 23,552 ac------ c:\windows\system32\dllcache\abp480n5.sys
2009-03-23 14:58 462,848 ac------ c:\windows\system32\dllcache\a3dapi.dll
2009-03-23 14:58 48,128 ac------ c:\windows\system32\dllcache\61883.sys
2009-03-23 14:58 38,400 ac------ c:\windows\system32\dllcache\8514a.dll
2009-03-23 14:58 12,288 ac------ c:\windows\system32\dllcache\4mmdat.sys
2009-03-23 14:58 148,352 ac------ c:\windows\system32\dllcache\3dfxvsm.sys
2009-03-23 14:58 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys
2009-03-23 14:58 689,216 ac------ c:\windows\system32\dllcache\3dfxvs.dll
2009-03-23 14:58 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys
2009-03-23 14:58 53,376 ac------ c:\windows\system32\dllcache\1394bus.sys
2009-03-23 14:58 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-22 22:20 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-22 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2009-04-18 11:23 482,336 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-18 11:22 15,706,912 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-18 08:46 210,980 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-18 08:46 46,196 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-21 16:22 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2008-04-01 19:43 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-09-05 15:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 11:24:12.23 ===============

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:37 PM

Posted 18 April 2009 - 01:50 PM

Hang on. An HJT tech should be over viewing within a day or so.
They will provide other instructions.

Good luck.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:37 PM

Posted 18 April 2009 - 06:21 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!


For the Norton problem, you can try running the Norton Removal Tool . About the shutdown problem, I need you to go to the administration tools in XP. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side and click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#6 ee_athome

ee_athome
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 19 April 2009 - 02:23 PM

Hi Hoov:

Thank you for your help with this.

I am indeed only posting to one forum. I received enormous assistance in the "Am I infected" forum, but we couldn't figure out this pop-up on shut-down.
So this is what I have done previously:

First: ran MBAM
Then: ATF and SAS
Followed by: a Kaspersky Scan

Cleaned up lots of adware and spyware with these.

Ran autoruns and started taking things out of my start-up in the hopes this would speed that up. It did enormously and I almost made it through the whole list before it was suggested I do nothing else until someone in this forum was able to take a look at my situation. I was going through this list before and after the de-installation and re-installation of my Telus Security.

Ran the Norton Removal Tool. It may have taken away some of the files, but I saw some Symantec folders still lurking in my system after I'd finished this.

Then went to my internet provider re: the pop-up and they said to uninstall my security service and then re-install it. I did this. This seemed to stop the
pop-up for about two days, then it returned.

I did another big scan -- can't remember the name, but it scanned my system with a whole bunch of different security systems. It came up blank.

I think this is the correct order of everything.

So then it was suggested that I post the problem in this forum.

I then did the DDS and attached the one part.

I have followed your instructions and will now try to zip and attach the files. Hope this works.

Thanks!
ee

Edited by Hoov, 27 May 2009 - 11:42 PM.


#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:37 PM

Posted 19 April 2009 - 03:44 PM

OK, I have looked thru the log files and have found where both FireFox and IE have hung. Mostly it appears to be IE. Do you have problems with IE freezing up? If not a reset of IE may help the problem.

1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

The Reset Internet Explorer Settings feature restores the following items to their default settings:

* Home pages
* Search scopes
* Browsing history
* Form data
* Passwords
* Appearance settings
* Toolbars
* ActiveX controls

Additionally, the Reset Internet Explorer Settings feature disables all add-ins. However, it does not remove the add-ins.


IF IE does freeze up occasionally, can you tell me, do you know how to edit the registry?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#8 ee_athome

ee_athome
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 21 April 2009 - 01:03 AM

Hi Hoov:

We don't have a problem with IE freezing up, but I did the reset anyway. That seemed to work for a couple of sign-outs and log offs, then I tried to send a zipped file to a friend, it froze my computer completely, and the next time I logged in and then out, I got the End Program box again. Most recently, on logging out of my husband's side of the computer, the header in the small box said: End Program - DDE Server Window. I've never seen this one before.

I don't think I know how to edit the registry.

Thanks,
ee

#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:37 PM

Posted 21 April 2009 - 01:50 PM

OK, send me those two logs again, from the event viewer.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#10 ee_athome

ee_athome
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 22 April 2009 - 12:28 PM

Here they are.
Thanks,
ee

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:37 PM

Posted 22 April 2009 - 02:44 PM

Did you ever have something installed called perfectdisk? There seems to be a problem with that program. Can you stop it from starting, and then reboot with it not running and see if you get the same popup?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 ee_athome

ee_athome
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 25 April 2009 - 10:58 PM

I found it -- it seems to come with my security system, though it's a defragmentation programme, or so it would seem.

How do I stop it from starting?

Thanks,
ee

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:37 PM

Posted 26 April 2009 - 10:33 AM

The first place I would look is in the security system. The second place I would look would be in the Admin tools in the Services section. If there is a service, you will have to double click on it, select stop, and then select disabled under startup type.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#14 ee_athome

ee_athome
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 26 April 2009 - 01:44 PM

hmmmm....interesting. I found it and stopped and disabled it.

It appears that now the UISecurity Services/Security Handler one is not popping up on shut-down, but the SUPER Anti-Spyware is still doing it. (They were both popping up before)

Thanks,
ee

#15 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:37 PM

Posted 26 April 2009 - 02:34 PM

what does the Superantispyware popup say?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users