|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-24-2008, 04:32 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: XP
|
Constant pop ups alerts
I have Windows XP with explorer and Mozilla. I use AVG 7.5 and update it oftenly. I use the firewall of windows (now I know that is not good enough). I try to keep to clean websites, but I was surfing and suddenly all my programs went off and the computer went off. When I turned on again it show an alert (on the right part of the bar) that Windows has detected spyware on my computer. I've imagined that was a virus and unplugged the modem but accidentaly click on the alert. Right now I'm connected hoping to solve the problem with you. The alert wrote the word 'prevent' wrongly (it said 'pervent'), maybe that help.
here is the log MAIN Deckard's System Scanner v20071014.68 Run by Principal on 2008-06-25 00:41:15 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 35: 2008-06-25 03:41:41 UTC - RP303 - Deckard's System Scanner Restore Point 34: 2008-06-25 03:08:29 UTC - RP302 - Software Distribution Service 3.0 33: 2008-06-24 22:24:16 UTC - RP301 - Removed MSN Messenger 7.5 32: 2008-06-23 23:00:46 UTC - RP300 - Punto de control del sistema 31: 2008-06-22 03:31:50 UTC - RP299 - Punto de control del sistema -- First Restore Point -- 1: 2008-03-28 15:08:52 UTC - RP269 - Punto de control del sistema Backed up registry hives. Performed disk cleanup. System Drive C: has 0.89 GiB (less than 15%) free. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-25 00:44:49 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Archivos de programa\Grisoft\AVG Free\avgupsvc.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe C:\Archivos de programa\Winamp\winampa.exe C:\Archivos de programa\QuickTime\qttask.exe C:\Archivos de programa\iTunes\iTunesHelper.exe C:\Archivos de programa\HP\HP Software Update\hpwuSchd2.exe C:\WINDOWS\system32\braviax.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Skype\Phone\Skype.exe C:\Archivos de programa\VoipDiscount.com\VoipDiscount\VoipDiscount.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe C:\Archivos de programa\palmOne\HOTSYNC.EXE C:\Archivos de programa\iPod\bin\iPodService.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Archivos de programa\Grisoft\AVG Free\avgamsvr.exe C:\Archivos de programa\Grisoft\AVG Free\avgemc.exe C:\Archivos de programa\Grisoft\AVG Free\avgcc.exe C:\Documents and Settings\Principal\Mis documentos\Lionel\Software\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071908 serial=DR12WEX-1504397-KTY lang=ES O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [VoipDiscount] "C:\Archivos de programa\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Default user') O4 - Startup: HotSync Manager.lnk = ? O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214362933277 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{84D2332D-C12F-422F-B367-DE36AD5D6DC3}: NameServer = 212.143.212.143 194.90.1.5 O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG Free\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG Free\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG Free\avgemc.exe O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - C:\Archivos de programa\Microsoft Visual Studio -- End of file - 9548 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 EverestDriver (Lavalys EVEREST Kernel Driver) - d:\everest\kerneld.wnt (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 aspimgr (Microsoft ASPI Manager) - c:\windows\system32\aspimgr.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-05-25 and 2008-06-25 ----------------------------- 2008-07-03 12:26:46 0 d-------- C:\Archivos de programa\palmOne 2008-07-02 23:03:07 8704 --a------ C:\WINDOWS\pretbias64.bin <Not Verified; Waitech; Cracker> 2008-06-25 00:09:10 0 d-------- C:\WINDOWS\system32\PreInstall 2008-06-25 00:09:07 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-06-25 00:03:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-06-24 23:44:47 0 d-------- C:\agnis-sites 2008-06-24 23:37:15 0 d-------- C:\Archivos de programa\SpywareBlaster 2008-06-24 19:59:27 0 d-------- C:\Archivos de programa\Panda Security 2008-06-24 19:59:25 0 d-------- C:\WINDOWS\LastGood 2008-06-22 23:04:48 114 --a------ C:\WINDOWS\system32\delself.bat 2008-06-22 23:04:47 6656 --a------ C:\WINDOWS\system32\braviax.exe 2008-06-18 22:45:42 0 d-------- C:\Archivos de programa\Mission Research 2008-06-18 22:44:06 0 d-------- C:\WINDOWS\Downloaded Installations 2008-06-04 22:30:37 0 d-------- C:\Archivos de programa\Audacity 2008-06-03 23:05:27 0 d-------- C:\Archivos de programa\NCH Software 2008-06-03 23:04:06 0 d-------- C:\Archivos de programa\NCH Swift Sound 2008-06-01 22:13:01 0 d-------- C:\Archivos de programa\VoipDiscount.com 2008-05-31 23:52:14 1188 --a------ C:\WINDOWS\mozver.dat 2008-05-31 23:40:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-31 23:37:01 0 d-------- C:\Archivos de programa\Skype 2008-05-31 23:37:00 0 d-------- C:\Archivos de programa\Archivos comunes\Skype 2008-05-31 23:35:30 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-28 22:17:36 98892 --a------ C:\WINDOWS\system32\drivers\PPPoEWin.sys 2008-05-28 22:17:35 98892 --a------ C:\WINDOWS\system32\PPPoEWin.sys 2008-05-28 22:17:35 11456 -r------- C:\WINDOWS\system32\PPPoENdi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System> 2008-05-28 22:17:35 11456 -r------- C:\WINDOWS\system32\drivers\PPPoENdi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System> 2008-05-28 22:17:28 0 d-------- C:\Archivos de programa\wow250 2008-05-25 23:59:00 16384 --a------ C:\WINDOWS\system32\Server.exe <Not Verified; Pppp; Server> -- Find3M Report --------------------------------------------------------------- 2008-07-03 13:55:02 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Arcsoft 2008-07-03 12:42:05 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Leadertech 2008-06-25 00:31:54 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Skype 2008-06-24 19:36:10 0 d--h----- C:\Archivos de programa\InstallShield Installation Information 2008-06-24 19:36:10 0 d-------- C:\Archivos de programa\CyberLink 2008-06-24 19:22:31 0 dr-h----- C:\Documents and Settings\Principal\Datos de programa\yahoo! 2008-06-24 19:22:04 0 d-------- C:\Archivos de programa\Yahoo! 2008-06-24 19:17:38 0 d-------- C:\Documents and Settings\Principal\Datos de programa\skypePM 2008-06-23 00:38:15 0 d-------- C:\Documents and Settings\Principal\Datos de programa\AVG7 2008-06-20 13:43:31 0 d-------- C:\Documents and Settings\Principal\Datos de programa\U3 2008-06-18 23:14:11 0 d-------- C:\Documents and Settings\Principal\Datos de programa\MissionResearch.GiftWorks.3 2008-06-12 20:48:27 0 d-------- C:\Documents and Settings\Principal\Datos de programa\AdobeUM 2008-06-11 12:57:13 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Adobe 2008-06-03 23:21:25 0 d-------- C:\Documents and Settings\Principal\Datos de programa\NCH Swift Sound 2008-06-01 22:18:17 0 d-------- C:\Documents and Settings\Principal\Datos de programa\VoipDiscount 2008-05-31 23:37:00 0 d-------- C:\Archivos de programa\Archivos comunes 2008-05-31 23:35:22 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Mozilla 2008-05-28 15:33:22 0 d-------- C:\Archivos de programa\Java 2008-05-28 13:38:10 0 d-------- C:\Archivos de programa\Incomplete 2008-05-28 13:36:49 0 d-------- C:\Archivos de programa\LimeWire 2008-05-22 22:28:41 0 d-------- C:\Documents and Settings\Principal\Datos de programa\HPAppData 2008-05-18 17:14:52 1536 --a------ C:\WINDOWS\system32\TrueSoft.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe" [24/06/2008 11:11 p.m.] "SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 03:43 a.m.] "WinampAgent"="C:\Archivos de programa\Winamp\winampa.exe" [25/10/2006 02:37 a.m.] "QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [16/02/2007 10:54 a.m.] "iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [14/03/2007 07:05 p.m.] "CorelDRAW Graphics Suite 11b"="C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe" [28/11/2003 01:52 a.m.] "HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 09:34 p.m.] "braviax"="C:\WINDOWS\system32\braviax.exe" [22/06/2008 11:04 p.m.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.exe" [] "ares"="C:\Archivos de programa\Ares\Ares.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 03:42 p.m.] "amva"="C:\WINDOWS\system32\amvo.exe" [] "Skype"="C:\Archivos de programa\Skype\Phone\Skype.exe" [23/04/2008 05:45 p.m.] "VoipDiscount"="C:\Archivos de programa\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [31/05/2007 04:22 p.m.] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "braviax"=C:\WINDOWS\system32\braviax.exe C:\Documents and Settings\Principal\Men£ Inicio\Programas\Inicio\ HotSync Manager.lnk - C:\Archivos de programa\palmOne\HOTSYNC.EXE [04/03/2004 05:25:28 p.m.] PowerReg Scheduler.exe [03/07/2008 12:42:36 p.m.] C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\ Adobe Reader Speed Launch.lnk - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 p.m.] HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 09:26:24 p.m.] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE] pctspk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0791f144-8357-11dc-89df-00022d7cb7a4}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d34df0-fb5a-11dc-8ab1-00022d7cb7a4}] AutoRun\command- 3wcxx91.cmd explore\Command- 3wcxx91.cmd open\Command- 3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95e04880-6c53-11dc-89b4-00022d7cb7a4}] AutoRun\command- D:\3wcxx91.cmd explore\Command- D:\3wcxx91.cmd open\Command- D:\3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99de17b0-8353-11dc-89de-00022d7cb7a4}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6e8900-f1e5-11dc-8aa5-00022d7cb7a4}] AutoRun\command- D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6e8901-f1e5-11dc-8aa5-00022d7cb7a4}] AutoRun\command- 3wcxx91.cmd explore\Command- 3wcxx91.cmd open\Command- 3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1250f50-ae5f-11dc-8a33-00022d7cb7a4}] AutoRun\command- F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d41fefd8-57dc-11dc-899b-00022d7cb7a4}] AutoRun\command- 3wcxx91.cmd explore\Command- 3wcxx91.cmd open\Command- 3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d64ba050-a910-11dc-8a28-00022d7cb7a4}] AutoRun\command- D:\3wcxx91.cmd explore\Command- D:\3wcxx91.cmd open\Command- D:\3wcxx91.cmd *Newly Created Service* - RKPAVPROC -- End of Deckard's System Scanner: finished at 2008-06-25 00:45:44 ------------ |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-24-2008, 05:11 PM
|
#2 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: XP
|
Re: Constant pop ups alerts
Hi, there is more info that could help. Panda told me that I had some viruses that he could not remove because I don't paid (i registered for free). And I have one more question, should I stop using my PC? Or can I use it the minimum to access this forum? Should I access this forum from another PC?
Thanks |
|
|
|
|
06-24-2008, 07:03 PM
|
#3 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,911
OS: WinXP and Vista
|
Re: Constant pop ups alerts
Hello lwajsberg and welcome,
Yes, keep this system disconnected from the internet except to carry out these instructions and to post the information, and check for replies from me. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3   -------------------------------------------------------------------- Do not run it yet..... Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System  Download the file & save it as it's originally named, next to ComboFix.exe.  Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix. **Insert your removable drive that is typically your D: drive. Most likely a flash drive.
|
|
|
|
|
06-28-2008, 02:50 PM
|
#4 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: XP
|
Re: Constant pop ups alerts
Hi Ried, thanks for answering, I check for 3 days but I just didnt know how to check for replies well. Now I know, and I see you replied almost inmediatly, really thanks.
Ok. I ran everything that you told me and the popup stopped. Now I had an apparently legit popup from windows that tell me that my system is not secure, maybe because I deactivated the AV and SpyBluster, do I click on the alert? Im just afraid. Another thing is that I realize that for 3 weeks there is a program that tries to instalate but failed, its call "SolutionCenter" and i think is from the printer HP but ... Ok, here is the ComboFix log ComboFix 08-06-20.4 - Principal 2008-06-28 23:09:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.243 [GMT -3:00] Se ejecuta desde: C:\Documents and Settings\Principal\Escritorio\Combo-Fix.exe Command switches used :: C:\Documents and Settings\Principal\Escritorio\WindowsXP-KB310994-SP2-Home-BootDisk-ESN.exe * Creado un nuevo punto de restauración . (((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\s32.txt C:\WINDOWS\system32\AutoRun.inf C:\WINDOWS\system32\braviax.exe C:\WINDOWS\system32\DelSelf.bat C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\server.exe C:\WINDOWS\ws386.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASPIMGR -------\Service_aspimgr (((((((((((((((((( Archivos creados desde 2008-05-28 - 2008-06-29 ))))))))))))))))))))))))))))))))) . 2008-07-03 13:55 . 2008-07-03 13:55 <DIR> d-------- C:\Documents and Settings\Principal\Datos de programa\Arcsoft 2008-07-03 12:42 . 2008-07-03 12:42 <DIR> d-------- C:\Documents and Settings\Principal\Datos de programa\Leadertech 2008-07-03 12:26 . 2008-06-05 21:22 <DIR> d-------- C:\Archivos de programa\palmOne 2008-07-02 23:03 . 2005-06-18 23:35 8,704 --a------ C:\WINDOWS\pretbias64.bin 2008-06-29 09:00 . 2007-08-31 13:39 145 --a------ C:\WINDOWS\SPDCLICK.INI 2008-06-25 00:40 . 2008-06-25 00:40 <DIR> d-------- C:\Deckard 2008-06-25 00:09 . 2008-06-25 00:09 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-06-25 00:09 . 2005-02-25 00:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-06-25 00:03 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-06-25 00:03 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-06-25 00:03 . 2007-07-30 19:18 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-06-25 00:03 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-06-25 00:03 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-06-24 23:44 . 2008-06-28 23:00 <DIR> d-------- C:\agnis-sites 2008-06-24 23:37 . 2008-06-28 23:04 <DIR> d-a------ C:\Documents and Settings\All Users\Datos de programa\TEMP 2008-06-24 23:37 . 2008-06-24 23:40 <DIR> d-------- C:\Archivos de programa\SpywareBlaster 2008-06-24 19:59 . 2008-06-24 19:59 <DIR> d-------- C:\Archivos de programa\Panda Security 2008-06-18 23:14 . 2008-06-18 23:14 <DIR> d-------- C:\Documents and Settings\Principal\Datos de programa\MissionResearch.GiftWorks.3 2008-06-18 22:45 . 2008-06-18 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\MissionResearch.GiftWorks.3 2008-06-18 22:45 . 2008-06-18 22:45 <DIR> d-------- C:\Archivos de programa\Mission Research 2008-06-18 22:44 . 2008-06-18 22:44 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-06-15 00:58 . 2008-06-20 13:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-15 00:58 . 2008-06-15 00:58 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-04 22:30 . 2008-06-04 22:30 <DIR> d-------- C:\Archivos de programa\Audacity 2008-06-04 21:25 . 2008-06-23 17:11 7,168 --ahs---- C:\WINDOWS\Thumbs.db 2008-06-03 23:05 . 2008-06-10 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\NCH Swift Sound 2008-06-03 23:05 . 2008-06-03 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\NCH Software 2008-06-03 23:05 . 2008-06-03 23:05 <DIR> d-------- C:\Archivos de programa\NCH Software 2008-06-03 23:04 . 2008-06-03 23:21 <DIR> d-------- C:\Documents and Settings\Principal\Datos de programa\NCH Swift Sound 2008-06-03 23:04 . 2008-06-10 21:38 <DIR> d-------- C:\Archivos de programa\NCH Swift Sound 2008-06-01 22:16 . 2008-06-01 22:18 <DIR> d-------- C:\Documents and Settings\Principal\Datos de programa\VoipDiscount 2008-06-01 22:13 . 2008-06-01 22:13 <DIR> d-------- C:\Archivos de programa\VoipDiscount.com 2008-05-31 23:52 . 2008-05-31 23:52 1,188 --a------ C:\WINDOWS\mozver.dat 2008-05-31 23:40 . 2008-06-28 22:05 <DIR> d-------- C:\Documents and Settings\Principal\Datos de programa\skypePM 2008-05-31 23:40 . 2008-05-31 23:40 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-31 23:37 . 2008-06-27 17:09 <DIR> d-------- C:\Documents and Settings\Principal\Datos de programa\Skype 2008-05-31 23:37 . 2008-05-31 23:37 <DIR> d-------- C:\Archivos de programa\Skype 2008-05-31 23:37 . 2008-05-31 23:37 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Skype 2008-05-31 23:36 . 2008-05-31 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Skype 2008-05-31 23:35 . 2008-05-31 23:35 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((((((( Reporte Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-25 23:34 --------- d-----w C:\Documents and Settings\Principal\Datos de programa\AVG7 2008-06-24 22:36 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information 2008-06-24 22:36 --------- d-----w C:\Archivos de programa\CyberLink 2008-06-24 22:22 --------- d--h--r C:\Documents and Settings\Principal\Datos de programa\yahoo! 2008-06-24 22:22 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Yahoo! 2008-06-24 22:22 --------- d-----w C:\Archivos de programa\Yahoo! 2008-06-20 16:43 --------- d-----w C:\Documents and Settings\Principal\Datos de programa\U3 2008-06-12 23:48 --------- d-----w C:\Documents and Settings\Principal\Datos de programa\AdobeUM 2008-06-11 01:43 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\avg7 2008-05-29 01:17 --------- d-----w C:\Archivos de programa\wow250 2008-05-28 18:33 --------- d-----w C:\Archivos de programa\Java 2008-05-28 16:38 --------- d-----w C:\Archivos de programa\Incomplete 2008-05-28 16:36 --------- d-----w C:\Archivos de programa\LimeWire 2008-05-28 10:23 --------- d-----w C:\Documents and Settings\1\Application Data\U3 2008-05-23 01:28 --------- d-----w C:\Documents and Settings\Principal\Datos de programa\HPAppData . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" [ ] "ares"="C:\Archivos de programa\Ares\Ares.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:42 15360] "Skype"="C:\Archivos de programa\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792] "VoipDiscount"="C:\Archivos de programa\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-06-24 23:11 579584] "SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "WinampAgent"="C:\Archivos de programa\Winamp\winampa.exe" [2006-10-25 02:37 35328] "QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088] "CorelDRAW Graphics Suite 11b"="C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe" [2003-11-28 01:52 733184] "HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:42 15360] "AVG7_Run"="C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe" [2008-05-28 22:50 219136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2003-08-12 21:10 335872 C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE] --a------ 2002-07-18 16:58 163840 C:\WINDOWS\system32\pctspk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Archivos de programa\\Grisoft\\AVG Free\\avginet.exe"= "C:\\Archivos de programa\\Grisoft\\AVG Free\\avgamsvr.exe"= "C:\\Archivos de programa\\Grisoft\\AVG Free\\avgcc.exe"= "C:\\Archivos de programa\\Grisoft\\AVG Free\\avgemc.exe"= "C:\\StubInstaller.exe"= "C:\\Archivos de programa\\LimeWire\\LimeWire.exe"= "C:\\Archivos de programa\\iTunes\\iTunes.exe"= "C:\\Archivos de programa\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"= "C:\\Archivos de programa\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP) S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\EVEREST\kerneld.wnt [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95e04880-6c53-11dc-89b4-00022d7cb7a4}] \Shell\AutoRun\command - D:\3wcxx91.cmd \Shell\explore\Command - D:\3wcxx91.cmd \Shell\open\Command - D:\3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6e8900-f1e5-11dc-8aa5-00022d7cb7a4}] \Shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6e8901-f1e5-11dc-8aa5-00022d7cb7a4}] \Shell\AutoRun\command - 3wcxx91.cmd \Shell\explore\Command - 3wcxx91.cmd \Shell\open\Command - 3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1250f50-ae5f-11dc-8a33-00022d7cb7a4}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d41fefd8-57dc-11dc-899b-00022d7cb7a4}] \Shell\AutoRun\command - 3wcxx91.cmd \Shell\explore\Command - 3wcxx91.cmd \Shell\open\Command - 3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d64ba050-a910-11dc-8a28-00022d7cb7a4}] \Shell\AutoRun\command - D:\3wcxx91.cmd \Shell\explore\Command - D:\3wcxx91.cmd \Shell\open\Command - D:\3wcxx91.cmd . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-28 23:17:39 Windows 5.1.2600 Service Pack 2 NTFS escaneando procesos ocultos ... escaneando entradas ocultas de autostart ... escaneando archivos ocultos ... el escaneo se completo con exito archivos ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\D:\EVEREST\kerneld.wnt" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wdfmgr.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe C:\Archivos de programa\palmOne\HOTSYNC.EXE C:\WINDOWS\system32\wscntfy.exe C:\Archivos de programa\iPod\bin\iPodService.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe C:\WINDOWS\system32\msiexec.exe C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\msiexec.exe . ************************************************************************** . Tiempo completado: 2008-06-28 23:27:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-29 02:27:06 14 dirs 875,147,264 bytes libres 20 dirs 851,795,968 bytes libres WindowsXP-KB310994-SP2-Home-BootDisk-ESN.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2 [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 205 And here is the new deckard log Deckard's System Scanner v20071014.68 Run by Principal on 2008-06-28 23:35:40 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 0.92 GiB (less than 15%) free. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-28 23:36:10 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Grisoft\AVG Free\avgamsvr.exe C:\Archivos de programa\Grisoft\AVG Free\avgupsvc.exe C:\Archivos de programa\Grisoft\AVG Free\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Grisoft\AVG Free\avgcc.exe C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe C:\Archivos de programa\Winamp\winampa.exe C:\Archivos de programa\QuickTime\qttask.exe C:\Archivos de programa\iTunes\iTunesHelper.exe C:\Archivos de programa\HP\HP Software Update\hpwuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Skype\Phone\Skype.exe C:\Archivos de programa\VoipDiscount.com\VoipDiscount\VoipDiscount.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe C:\Archivos de programa\palmOne\HOTSYNC.EXE C:\WINDOWS\system32\wscntfy.exe C:\Archivos de programa\iPod\bin\iPodService.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe C:\WINDOWS\system32\msiexec.exe C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Principal\Mis documentos\Lionel\Software\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071908 serial=DR12WEX-1504397-KTY lang=ES O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [VoipDiscount] "C:\Archivos de programa\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: HotSync Manager.lnk = ? O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214362933277 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG Free\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG Free\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG Free\avgemc.exe O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - C:\Archivos de programa\Microsoft Visual Studio -- End of file - 8828 bytes -- Files created between 2008-05-28 and 2008-06-28 ----------------------------- 2008-07-03 12:26:46 0 d-------- C:\Archivos de programa\palmOne 2008-07-02 23:03:07 8704 --a------ C:\WINDOWS\pretbias64.bin <Not Verified; Waitech; Cracker> 2008-06-28 23:27:23 0 d-------- C:\Documents and Settings\Principal\Configuraci¾n local 2008-06-28 23:08:22 0 d-------- C:\cmdcons 2008-06-28 23:04:59 68096 --a------ C:\WINDOWS\zip.exe 2008-06-28 23:04:59 49152 --a------ C:\WINDOWS\VFind.exe 2008-06-28 23:04:59 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-06-28 23:04:59 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-06-28 23:04:59 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-06-28 23:04:59 98816 --a------ C:\WINDOWS\sed.exe 2008-06-28 23:04:59 80412 --a------ C:\WINDOWS\grep.exe 2008-06-28 23:04:59 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-06-25 00:09:10 0 d-------- C:\WINDOWS\system32\PreInstall 2008-06-25 00:09:07 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-06-25 00:03:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-06-24 23:44:47 0 d-------- C:\agnis-sites 2008-06-24 23:37:15 0 d-------- C:\Archivos de programa\SpywareBlaster 2008-06-24 19:59:27 0 d-------- C:\Archivos de programa\Panda Security 2008-06-18 22:45:42 0 d-------- C:\Archivos de programa\Mission Research 2008-06-18 22:44:06 0 d-------- C:\WINDOWS\Downloaded Installations 2008-06-04 22:30:37 0 d-------- C:\Archivos de programa\Audacity 2008-06-03 23:05:27 0 d-------- C:\Archivos de programa\NCH Software 2008-06-03 23:04:06 0 d-------- C:\Archivos de programa\NCH Swift Sound 2008-06-01 22:13:01 0 d-------- C:\Archivos de programa\VoipDiscount.com 2008-05-31 23:52:14 1188 --a------ C:\WINDOWS\mozver.dat 2008-05-31 23:40:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-31 23:37:01 0 d-------- C:\Archivos de programa\Skype 2008-05-31 23:37:00 0 d-------- C:\Archivos de programa\Archivos comunes\Skype 2008-05-31 23:35:30 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-28 22:17:36 98892 --a------ C:\WINDOWS\system32\drivers\PPPoEWin.sys 2008-05-28 22:17:35 98892 --a------ C:\WINDOWS\system32\PPPoEWin.sys 2008-05-28 22:17:35 11456 -r------- C:\WINDOWS\system32\PPPoENdi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System> 2008-05-28 22:17:35 11456 -r------- C:\WINDOWS\system32\drivers\PPPoENdi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System> 2008-05-28 22:17:28 0 d-------- C:\Archivos de programa\wow250 -- Find3M Report --------------------------------------------------------------- 2008-07-03 13:55:02 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Arcsoft 2008-07-03 12:42:05 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Leadertech 2008-06-28 22:05:34 0 d-------- C:\Documents and Settings\Principal\Datos de programa\skypePM 2008-06-27 17:09:15 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Skype 2008-06-25 20:34:53 0 d-------- C:\Documents and Settings\Principal\Datos de programa\AVG7 2008-06-24 19:36:10 0 d--h----- C:\Archivos de programa\InstallShield Installation Information 2008-06-24 19:36:10 0 d-------- C:\Archivos de programa\CyberLink 2008-06-24 19:22:31 0 dr-h----- C:\Documents and Settings\Principal\Datos de programa\yahoo! 2008-06-24 19:22:04 0 d-------- C:\Archivos de programa\Yahoo! 2008-06-20 13:43:31 0 d-------- C:\Documents and Settings\Principal\Datos de programa\U3 2008-06-18 23:14:11 0 d-------- C:\Documents and Settings\Principal\Datos de programa\MissionResearch.GiftWorks.3 2008-06-12 20:48:27 0 d-------- C:\Documents and Settings\Principal\Datos de programa\AdobeUM 2008-06-11 12:57:13 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Adobe 2008-06-03 23:21:25 0 d-------- C:\Documents and Settings\Principal\Datos de programa\NCH Swift Sound 2008-06-01 22:18:17 0 d-------- C:\Documents and Settings\Principal\Datos de programa\VoipDiscount 2008-05-31 23:37:00 0 d-------- C:\Archivos de programa\Archivos comunes 2008-05-31 23:35:22 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Mozilla 2008-05-28 15:33:22 0 d-------- C:\Archivos de programa\Java 2008-05-28 13:38:10 0 d-------- C:\Archivos de programa\Incomplete 2008-05-28 13:36:49 0 d-------- C:\Archivos de programa\LimeWire 2008-05-22 22:28:41 0 d-------- C:\Documents and Settings\Principal\Datos de programa\HPAppData 2008-05-18 17:14:52 1536 --a------ C:\WINDOWS\system32\TrueSoft.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe" [24/06/2008 11:11 p.m.] "SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 03:43 a.m.] "WinampAgent"="C:\Archivos de programa\Winamp\winampa.exe" [25/10/2006 02:37 a.m.] "QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [16/02/2007 10:54 a.m.] "iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [14/03/2007 07:05 p.m.] "CorelDRAW Graphics Suite 11b"="C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe" [28/11/2003 01:52 a.m.] "HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 09:34 p.m.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.exe" [] "ares"="C:\Archivos de programa\Ares\Ares.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 03:42 p.m.] "Skype"="C:\Archivos de programa\Skype\Phone\Skype.exe" [23/04/2008 05:45 p.m.] "VoipDiscount"="C:\Archivos de programa\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [31/05/2007 04:22 p.m.] C:\Documents and Settings\Principal\Men£ Inicio\Programas\Inicio\ HotSync Manager.lnk - C:\Archivos de programa\palmOne\HOTSYNC.EXE [04/03/2004 05:25:28 p.m.] PowerReg Scheduler.exe [03/07/2008 12:42:36 p.m.] C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\ Adobe Reader Speed Launch.lnk - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 p.m.] HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 09:26:24 p.m.] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE] pctspk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95e04880-6c53-11dc-89b4-00022d7cb7a4}] AutoRun\command- D:\3wcxx91.cmd explore\Command- D:\3wcxx91.cmd open\Command- D:\3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6e8900-f1e5-11dc-8aa5-00022d7cb7a4}] AutoRun\command- D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6e8901-f1e5-11dc-8aa5-00022d7cb7a4}] AutoRun\command- 3wcxx91.cmd explore\Command- 3wcxx91.cmd open\Command- 3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1250f50-ae5f-11dc-8a33-00022d7cb7a4}] AutoRun\command- F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d41fefd8-57dc-11dc-899b-00022d7cb7a4}] AutoRun\command- 3wcxx91.cmd explore\Command- 3wcxx91.cmd open\Command- 3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d64ba050-a910-11dc-8a28-00022d7cb7a4}] AutoRun\command- D:\3wcxx91.cmd explore\Command- D:\3wcxx91.cmd open\Command- D:\3wcxx91.cmd -- End of Deckard's System Scanner: finished at 2008-06-28 23:36:59 ------------ I wait here for orders. And thank you again. |
|
|
|
|
06-28-2008, 09:27 PM
|
#5 (permalink) | ||||
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,911
OS: WinXP and Vista
|
Re: Constant pop ups alerts
Hi lwajsberg. Nice work in that first round.
 Quote:
Quote:
Quote:
-------------------------------------------------------------- Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. *************************************************** Close any open browsers. -------------------------------------------------------------------- Open notepad and copy/paste the entire text in the quote box below: (don't forget to copy and paste that very first line, REGEDIT4) Quote:
Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files" It should look like this:  Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. -------------------------------------------------------------------- It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan ------------------------------------------------------------ Run a new scan with dss.exe. ------------------------------------------------------------ Please include the following in your next reply: Panda results new main.txt Update on system behavior |
||||
|
|
|
|
06-29-2008, 03:09 PM
|
#6 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: XP
|
Re: Constant pop ups alerts
Hi Ried! About that security alert, it doesnt popup but the shield (icon) is there in the bar. The system is running a little bit slower than normal but it seems ok. I attach the panda results but it said that he couldnt remove everything because I didnt pay. Should I consider to pay?
Ok. Here is the dss log Deckard's System Scanner v20071014.68 Run by Principal on 2008-06-29 23:52:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 0.85 GiB (less than 15%) free. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-29 23:54:09 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Archivos de programa\Grisoft\AVG Free\avgamsvr.exe C:\Archivos de programa\Grisoft\AVG Free\avgupsvc.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Grisoft\AVG Free\avgcc.exe C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe C:\Archivos de programa\Winamp\winampa.exe C:\Archivos de programa\QuickTime\qttask.exe C:\Archivos de programa\iTunes\iTunesHelper.exe C:\Archivos de programa\HP\HP Software Update\hpwuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Skype\Phone\Skype.exe C:\Archivos de programa\VoipDiscount.com\VoipDiscount\VoipDiscount.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe C:\Archivos de programa\palmOne\HOTSYNC.EXE C:\Archivos de programa\iPod\bin\iPodService.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Principal\Mis documentos\Lionel\Software\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071908 serial=DR12WEX-1504397-KTY lang=ES O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [VoipDiscount] "C:\Archivos de programa\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: HotSync Manager.lnk = ? O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214362933277 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG Free\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG Free\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG Free\avgemc.exe O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - C:\Archivos de programa\Microsoft Visual Studio -- End of file - 8666 bytes -- Files created between 2008-05-29 and 2008-06-29 ----------------------------- 2008-07-03 12:26:46 0 d-------- C:\Archivos de programa\palmOne 2008-07-02 23:03:07 8704 --a------ C:\WINDOWS\pretbias64.bin <Not Verified; Waitech; Cracker> 2008-06-29 20:33:03 0 d-------- C:\WINDOWS\LastGood 2008-06-28 23:27:23 0 d-------- C:\Documents and Settings\Principal\Configuraci¾n local 2008-06-28 23:08:22 0 d-------- C:\cmdcons 2008-06-28 23:04:59 68096 --a------ C:\WINDOWS\zip.exe 2008-06-28 23:04:59 49152 --a------ C:\WINDOWS\VFind.exe 2008-06-28 23:04:59 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-06-28 23:04:59 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-06-28 23:04:59 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-06-28 23:04:59 98816 --a------ C:\WINDOWS\sed.exe 2008-06-28 23:04:59 80412 --a------ C:\WINDOWS\grep.exe 2008-06-28 23:04:59 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-06-25 00:09:10 0 d-------- C:\WINDOWS\system32\PreInstall 2008-06-25 00:09:07 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-06-25 00:03:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-06-24 23:44:47 0 d-------- C:\agnis-sites 2008-06-24 23:37:15 0 d-------- C:\Archivos de programa\SpywareBlaster 2008-06-24 19:59:27 0 d-------- C:\Archivos de programa\Panda Security 2008-06-18 22:45:42 0 d-------- C:\Archivos de programa\Mission Research 2008-06-18 22:44:06 0 d-------- C:\WINDOWS\Downloaded Installations 2008-06-04 22:30:37 0 d-------- C:\Archivos de programa\Audacity 2008-06-03 23:05:27 0 d-------- C:\Archivos de programa\NCH Software 2008-06-03 23:04:06 0 d-------- C:\Archivos de programa\NCH Swift Sound 2008-06-01 22:13:01 0 d-------- C:\Archivos de programa\VoipDiscount.com 2008-05-31 23:52:14 1188 --a------ C:\WINDOWS\mozver.dat 2008-05-31 23:40:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-31 23:37:01 0 d-------- C:\Archivos de programa\Skype 2008-05-31 23:37:00 0 d-------- C:\Archivos de programa\Archivos comunes\Skype 2008-05-31 23:35:30 0 --a------ C:\WINDOWS\nsreg.dat -- Find3M Report --------------------------------------------------------------- 2008-07-03 13:55:02 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Arcsoft 2008-07-03 12:42:05 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Leadertech 2008-06-29 20:22:13 0 d-------- C:\Documents and Settings\Principal\Datos de programa\skypePM 2008-06-27 17:09:15 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Skype 2008-06-25 20:34:53 0 d-------- C:\Documents and Settings\Principal\Datos de programa\AVG7 2008-06-24 19:36:10 0 d--h----- C:\Archivos de programa\InstallShield Installation Information 2008-06-24 19:36:10 0 d-------- C:\Archivos de programa\CyberLink 2008-06-24 19:22:31 0 dr-h----- C:\Documents and Settings\Principal\Datos de programa\yahoo! 2008-06-24 19:22:04 0 d-------- C:\Archivos de programa\Yahoo! 2008-06-20 13:43:31 0 d-------- C:\Documents and Settings\Principal\Datos de programa\U3 2008-06-18 23:14:11 0 d-------- C:\Documents and Settings\Principal\Datos de programa\MissionResearch.GiftWorks.3 2008-06-12 20:48:27 0 d-------- C:\Documents and Settings\Principal\Datos de programa\AdobeUM 2008-06-11 12:57:13 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Adobe 2008-06-03 23:21:25 0 d-------- C:\Documents and Settings\Principal\Datos de programa\NCH Swift Sound 2008-06-01 22:18:17 0 d-------- C:\Documents and Settings\Principal\Datos de programa\VoipDiscount 2008-05-31 23:37:00 0 d-------- C:\Archivos de programa\Archivos comunes 2008-05-31 23:35:22 0 d-------- C:\Documents and Settings\Principal\Datos de programa\Mozilla 2008-05-28 22:17:36 0 d-------- C:\Archivos de programa\wow250 2008-05-28 15:33:22 0 d-------- C:\Archivos de programa\Java 2008-05-28 13:38:10 0 d-------- C:\Archivos de programa\Incomplete 2008-05-28 13:36:49 0 d-------- C:\Archivos de programa\LimeWire 2008-05-22 22:28:41 0 d-------- C:\Documents and Settings\Principal\Datos de programa\HPAppData 2008-05-18 17:14:52 1536 --a------ C:\WINDOWS\system32\TrueSoft.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe" [24/06/2008 11:11 p.m.] "SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 03:43 a.m.] "WinampAgent"="C:\Archivos de programa\Winamp\winampa.exe" [25/10/2006 02:37 a.m.] "QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [16/02/2007 10:54 a.m.] "iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [14/03/2007 07:05 p.m.] "CorelDRAW Graphics Suite 11b"="C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe" [28/11/2003 01:52 a.m.] "HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 09:34 p.m.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.exe" [] "ares"="C:\Archivos de programa\Ares\Ares.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 03:42 p.m.] "Skype"="C:\Archivos de programa\Skype\Phone\Skype.exe" [23/04/2008 05:45 p.m.] "VoipDiscount"="C:\Archivos de programa\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [31/05/2007 04:22 p.m.] C:\Documents and Settings\Principal\Men£ Inicio\Programas\Inicio\ HotSync Manager.lnk - C:\Archivos de programa\palmOne\HOTSYNC.EXE [04/03/2004 05:25:28 p.m.] PowerReg Scheduler.exe [03/07/2008 12:42:36 p.m.] C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\ Adobe Reader Speed Launch.lnk - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 p.m.] HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 09:26:24 p.m.] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE] pctspk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6e8900-f1e5-11dc-8aa5-00022d7cb7a4}] AutoRun\command- D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1250f50-ae5f-11dc-8a33-00022d7cb7a4}] AutoRun\command- F:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2008-06-29 23:56:15 ------------ Thanks for everything so far, and I hope to solve the problem. |
|
|
|
|
06-29-2008, 03:12 PM
|
#7 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: XP
|
Re: Constant pop ups alerts
Hi, maybe the problem with the security alert is because I use AVG Free and now they dont let me update it unless I buy it. Maybe I should buy it? Or another AV that you recommend? It would be a shortcut to solution? Or we discuss it at the end?
Thanks anyway!! |
|
|
|
|
06-29-2008, 10:17 PM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,911
OS: WinXP and Vista
|
Re: Constant pop ups alerts
Hi lwajsberg,
Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** I'll have another excellent free Anti Virus for you to use. I'll give you that information shortly. 1. Download ATF Cleaner by Atribune. Do not run it yet. 2. Download Flash_Disinfector.exe and save it to your desktop. ------------------------------------------------------------- Insert your flash drive--the one that was inserted while you performed the online scan at Panda. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
---------------------- Go to Start->Run and type in regedit and hit OK. Open notepad and copy/paste the entire text in the code box below: (don't forget to copy and paste REGEDIT4) Code:
REGEDIT4 [-hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch] It should look like this: Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. -------------------------------------------------------------------- Double-click ATF-Cleaner.exe to run the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu. -------------------------------------------------------- You can replace your AVG Free with this excellent Anti Virus: Download Avira AntiVir PersonalEdition Classic. Do NOT install it yet.
-------------------------------------------------------- Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links: The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? Think Prevention HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. **Kindly respond one more time and let me know if we may consider this thread resolved. Last edited by Ried; 06-29-2008 at 10:19 PM. |
|
|
|
|
06-29-2008, 11:53 PM
|
#9 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: XP
|
Re: Constant pop ups alerts
Im not finished yet with the last orders, but I wanted to ask again:
What about that SolutionCenter that fails to install everytime I turn on my PC? It is worth to buy an AV (like Panda or AVG 8)? |
|
|
|
|
06-29-2008, 11:55 PM
|
#10 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: XP
|
Re: Constant pop ups alerts
And another question, the Panda Active Scan told that i was pretty infected and he didnt remove everything, we are sure i am clean? Im sorry, its just i m a little afraid of not being safe.
Thanks a lot for your time. |
|
|
|
|
06-30-2008, 03:47 PM
|
#11 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: XP
|
Re: Constant pop ups alerts
Ok. I've finished the orders and it seems everything is ok, unless that the shield on the right bar is still there and i dont know if i cant click on it or not. The second question is what to do with SolutionCenter, remember? and third, i feel something strange happend because I just scanned from Panda Active Scan and after a scanning of 10 seconds (that usually takes 3 hours) said that I am virus free, how come??!!
 But everything else it seems good. Thank you for the million time, I have to tell you that you guys are amazing. |
|
|
|
|
06-30-2008, 08:51 PM
|
#12 (permalink) | ||
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,911
OS: WinXP and Vista
|
Re: Constant pop ups alerts
Quote:
Quote:
Regarding Solution Center failing to install, I'm afraid I've not been able to find out anything useful. My suggestion is to contact HP since it's their program. |
||
|
|
|
|
07-01-2008, 03:11 PM
|
#15 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: XP
|
Re: Constant pop ups alerts
It is not yellow, is red and take a look to the attachment to see what it looks like. When i place the mouse on it says in spanish:
"Alertas de Seguridad de Windows" It means "Windows Security Alerts" i think |
|
|
|
|
07-02-2008, 08:05 AM
|
#16 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,911
OS: WinXP and Vista
|
Re: Constant pop ups alerts
Open your Security Center and see what it is warning you about.
Click Start>Control Panel>Security Center |
|
|
|
|
07-04-2008, 08:34 AM
|
#17 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: XP
|
Re: Constant pop ups alerts
Hi, Ried, I opened it from the Control Panel (as you said) and it says that I have not a firewall, so I download Sygate and the icon dissapear. I think that I'm clean now, and I want to thank you for everything you did.
Thanks!!! Lionel |
|
|
|
|
07-04-2008, 08:39 AM
|
#18 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,911
OS: WinXP and Vista
|
Re: Constant pop ups alerts
You're welcome, Lionel.
You also could have just enabled the Windows Firewall, but having a third party firewall does afford you more protection as it will also control outbound traffic from your PC, which helps prevent anything that may have made it past your protection from calling out for it's payloads. Windows XP SP2 has a built-in firewall, but it does not monitor outbound traffic. Take care. 
|
|
|
|
| Thread Tools | |
|
|
