Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VirusLab2009 System Alert PopUp from Taskbar - Pls help


  • Please log in to reply
7 replies to this topic

#1 raziel

raziel

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 11 October 2008 - 02:27 PM

Hello,

I'm new here and this is the first i've joined a computer forum. I'm looking forward to resolving a possible infection issue, but let me apologize ahead of time if i'm a little slow or asking obvious questions.

Here is some background info for you (sorry if it's long, not sure what's worthwhile editing with these processes)

Since Saturday, i've noticed a new icon on my systems task bar. My partner had selected the button, which looked like an
ad that claimed to remove malware, etc. Suspiciously, I typed in the name 'VirusLab2009' and eventually found bleeping YOU. :-)

But before finding YOU, I first headed over to the uninstall programs on my computer, looking for the culprit, my attention swayed to removing old programs rarely used, laptop games, etc. So the 'cleaning' mode kicked in. I digress. Thought I could put a band-aid on the problem (oh silly me) and get rid of the taskbar icons, perhaps to not tempt my partner from clicking on random pop-ups and system alerts while i'm away. Realized I didn't want to wipe out/hide all my taskbar items with msconfig/start-up feature. But my attention diverted once again & I began to uncheck items on the start up tab that were unnecessary and things that may have slowed down my computer start-up function, ie: color pantone, java and then found an interesting items: NvCpl. I looked this up and felt guided to 'uncheck' this items as it may have been a potential link to an infection.

Anyhoo...

Before looking at your site, I downloaded several free anti-spy softwares based on credible reviews. Some suggested combinations of free programs to get at the nasty malwares (the site Stopbadware.org was very helpful, I think this is where I eventually found you).

They are:

AVG free 8.0 (found 1 infection, 1 infected object, 7 spyware found & removed)

SpywareBlaster (had a problem using this, giving me an error notice "Error Connecting to Update Server"

last, I ended up downloading:

Malwarebytes (quarantined 48 items, many with the name 'Trojan.Zlob')

I had Nortons Utility already on my computer; however, it required updating...hmmm where was I?

After using all of this, there were infections found, quarantined. Malwarebytes was the one that found the most, even after
scanning with AVG. Malwarebytes required me to reboot, but informed me that some items couldn't be removed.


Posted Image

Thought I was good to go...but continued the search, since I still received 'system alert' pop-ups from my task bar & occasional
RonLiveMedia pop ups, occasional voices out of nowhere without a pop-up screen haunting, 'congratulations...'
So finally, I found you and downloaded HiJack this, per your instructions.

Since I had already had downloaded free programs and was concerned with my privacy issues going to so many free download sites, I just used the HiJack this app. This is what I found, and so I selected, 'scan this'

Posted Image


Still I had the same pop-ups, etc. So we thought that buying the best reviewed spyware product would help things.
So we picked up, 'Spydoctor'

I ran a scan, and it quarantined this:

Posted Image

Blocks were created, and I tightened up the secty on Firefox browser.

However, I still experienced the same behavior & HiJack continuously picked up the mxlivemedia process.
And just yesterday, my computer began to freeze and I was unable to use the ctrl,alt delete function to reboot.
This happened at least 6 times in attempt to reboot. At this point, I was finally frustrated with my *%$ bleepingcomputer!
And now i'm looking for help. Please help. Thank you.

Here are my specific concerns:

1. Am I so far beyond getting this infection off my computer? If so, what are my options? A new computer?

2. If not, please help and let me know what steps to take to make my computer a no-viral infection/pop-up, freeze, slow start-up zone.

3. Can I remove the Icon that originates the 'systems alert' pop-up on the taskbar so that others using this computer aren't tempted to 'click' unaware?

Let me know what I can provide you to help.

Thank you so much!!

Best to you.

-R

BC AdBot (Login to Remove)

 


#2 raziel

raziel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 11 October 2008 - 02:36 PM

One more question....

Is it beneficial to have so many anti-spyware programs on my computer? If not, how many is the general rule (if there is one)
and what's the best practice? Does it slow up the system?

Thanks again!

;-)

-R

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 11 October 2008 - 02:38 PM

:trumpet: :thumbsup: Pleases try running both these scans as per these instructions and post the resultant logs for checking by the Team; please do NOT post any HJT log here else the thread will have to be closed per forum rules

malawarebytes
http://www.bleepingcomputer.com/forums/ind...st&p=959453

superantispyware

http://www.bleepingcomputer.com/forums/ind...st&p=959604

once you have run each and posted their reports the Team can check out how to guide you further

Good hunting :flowers:

#4 raziel

raziel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 11 October 2008 - 08:05 PM

Hello,

Thank you for the warm and fuzzy welcome!

I ran both scans per your instructions:

1. MalwareBytes

Here's the log:

Malwarebytes' Anti-Malware 1.28
Database version: 1258
Windows 5.1.2600 Service Pack 2

10/11/2008 1:04:25 PM
mbam-log-2008-10-11 (13-04-25).txt

Scan type: Quick Scan
Objects scanned: 55868
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 14
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\oanlvs.dll (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\virusrl2009 (Rogue.AVLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\w123.w123mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\w123.w123mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vrlwarning.warningbho (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vrlwarning.warningbho.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ba3e00d-b660-46e6-a2db-2672ee82dc98} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0ba3e00d-b660-46e6-a2db-2672ee82dc98} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Software Licensors\Antispyware PRO XP (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\590075 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\oanlvs.dll (Trojan.Zlob) -> Delete on reboot.



2. HERE'S THE SUPERAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/11/2008 at 04:31 PM

Application Version : 4.21.1004

Core Rules Database Version : 3555
Trace Rules Database Version: 1543

Scan type : Complete Scan
Total Scan Time : 01:29:34

Memory items scanned : 266
Memory threats detected : 0
Registry items scanned : 6634
Registry threats detected : 0
File items scanned : 120936
File threats detected : 41

Adware.Tracking Cookie
C:\Documents and Settings\frys\Cookies\frys@imediablast[1].txt
C:\Documents and Settings\frys\Cookies\frys@servedby.onlinemediadiva[2].txt
C:\Documents and Settings\frys\Cookies\frys@harrenmedianetwork[1].txt
C:\Documents and Settings\frys\Cookies\frys@ads.react2media[2].txt
C:\Documents and Settings\frys\Cookies\frys@adopt.euroclick[2].txt
C:\Documents and Settings\frys\Cookies\frys@adserver[1].txt
C:\Documents and Settings\frys\Cookies\frys@ad[1].txt
C:\Documents and Settings\frys\Cookies\frys@advertising[2].txt
C:\Documents and Settings\frys\Cookies\frys@sixapart.adbureau[2].txt
C:\Documents and Settings\frys\Cookies\frys@ads.realtechnetwork[1].txt
C:\Documents and Settings\frys\Cookies\frys@visicommedia[2].txt
C:\Documents and Settings\frys\Cookies\frys@interclick[2].txt
C:\Documents and Settings\frys\Cookies\frys@specificmedia[1].txt
C:\Documents and Settings\frys\Cookies\frys@atwola[1].txt
C:\Documents and Settings\frys\Cookies\frys@ads4.blastro[1].txt
C:\Documents and Settings\frys\Cookies\frys@scan.antispyware-free-scanner[1].txt
C:\Documents and Settings\frys\Cookies\frys@www.burstbeacon[1].txt
C:\Documents and Settings\frys\Cookies\frys@tacoda[1].txt
C:\Documents and Settings\frys\Cookies\frys@banner_js[1].txt
C:\Documents and Settings\frys\Cookies\frys@revsci[2].txt
C:\Documents and Settings\frys\Cookies\frys@apmebf[1].txt
C:\Documents and Settings\frys\Cookies\frys@realmedia[2].txt
C:\Documents and Settings\frys\Cookies\frys@media6degrees[1].txt
C:\Documents and Settings\frys\Cookies\frys@clickbooth[2].txt
C:\Documents and Settings\frys\Cookies\frys@statcounter[2].txt
C:\Documents and Settings\frys\Cookies\frys@adserver.adtechus[1].txt
C:\Documents and Settings\frys\Cookies\frys@atlas.entrepreneur[1].txt
C:\Documents and Settings\frys\Cookies\frys@eas.apm.emediate[1].txt
C:\Documents and Settings\frys\Cookies\frys@pub.visicommedia[1].txt
C:\Documents and Settings\frys\Cookies\frys@ads3.blastro[2].txt
C:\Documents and Settings\frys\Cookies\frys@cgm.adbureau[1].txt
C:\Documents and Settings\frys\Cookies\frys@media.ntsserve[1].txt
C:\Documents and Settings\frys\Cookies\frys@insightexpressai[1].txt
C:\Documents and Settings\frys\Cookies\frys@adbrite[2].txt
C:\Documents and Settings\frys\Cookies\frys@sevenloadgmbh.112.2o7[2].txt
C:\Documents and Settings\frys\Cookies\frys@ad.us-ec.adtechus[1].txt
C:\Documents and Settings\frys\Cookies\frys@azjmp[1].txt
C:\Documents and Settings\frys\Cookies\frys@adecn[2].txt
C:\Documents and Settings\frys\Cookies\frys@mediaservices.myspace[2].txt
C:\Documents and Settings\frys\Cookies\frys@ads.widgetbucks[2].txt

Adware.Media-Codec/ZLob
C:\Program Files\Applications


********************************************************************

No haunting pop-ups during safe mode. What a nice relief, but as soon as I rebooted, maybe after
about 10-15 minutes, the Ron LiveMedia pop up reared it's ugly head again. :thumbsup:

Thank you so far. Looking forward to your reply.

Happy Saturday!
-R

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 PM

Posted 11 October 2008 - 11:14 PM

Hello ,please reboot the PC if you haven't done so after the scan. Then check for an update to the MBam scanner. Rescan and post a new log.

Next please run this. SmitFraudFix by S!Ri
Also post it's scan log. The report can be found at the root of the system drive, usually at C:\rapport.txt .
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 raziel

raziel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 16 October 2008 - 04:07 PM

Hello, thank you.

Mal scan log:

Malwarebytes' Anti-Malware 1.28
Database version: 1258
Windows 5.1.2600 Service Pack 2

10/16/2008 1:38:47 PM
mbam-log-2008-10-16 (13-38-47).txt

Scan type: Quick Scan
Objects scanned: 55982
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*******

SmitFraudFix v2.362

Scan done at 13:54:02.04, Thu 10/16/2008
Run from C:\Documents and Settings\frys\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Pantone, Inc\PANTONE® colorist\PANTONE® colorist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\frys


C:\Documents and Settings\frys\Application Data


Start Menu


C:\DOCUME~1\frys\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


RK



DNS

EDIT DNS INFO/SEARCH ORDER

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport



Scanning for wininet.dll infection


End



For the SmitfraudFix, I selected 1 - search to post this scan log. Also, I've omiited the DNS info at the bottom.
Still intermittenly, I receive RonAd pop ups and haunting voices with an eventual screen. My computer freezes, and does not respond
to ctrl alt delete. When the computer is rebooted, scan doctor's icon is working prompting me that it's scanning (although I didn't see this selected for start-up) and then I receive Norton Anti-virus notifications of item alerts to review. I think I have too many anti-viral scanning cooks in the kitchen. Is it wise to disable Norton Anti-virus if it's old? What ones can I get rid of? (I have AVG/SpyBlaster/Hi-Jack This/Super Anti-spyware/Norton, that came with the computer but is not updated). I like Malware & have already bought SpyDoctor. Please let me know what I can safely eliminate (this or something better) so my computer is clean, protected and runs at it's optimum.

Thank you. I appreciate your help!

-R

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 PM

Posted 16 October 2008 - 04:23 PM

OK remove the Norton then..Download and run the Norton Removal Tool. The Key mentioned is only needed for a reinstall. Remove the Smitfrau tool now. Do you have AVG paid or Free?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 raziel

raziel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 18 October 2008 - 11:30 AM

Thank you.

Since re-booting my computer has not received any pop-ups in the last 24 hrs. Pretty cool. :thumbsup:


I believe AVG was dowloaded free??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users