Author Topic: fake windows security alert....control panel is gone  (Read 45610 times)

0 Members and 1 Guest are viewing this topic.

Lava25

  • Guest
Re: fake windows security alert....control panel is gone
« Reply #60 on: December 17, 2007, 03:12:30 AM »
0 bytes size received / Se ha recibido un archivo vacio
 This is how the last one came up.  Not sure why it is different but I am sure you are.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: fake windows security alert....control panel is gone
« Reply #61 on: December 17, 2007, 03:39:59 AM »
Let me know of any problems after you do this

Use OTMOVEIT TO BANISH THESE

C:\WINDOWS\system32\spoolc.exe
C:\WINDOWS\derc32xz.exe
C:\WINDOWS\xnnnav.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\wsystmp_usl.exe
C:\Documents and Settings\Owner\Application Data\wklnhst.dat


Post the results and a new DSS log.  Thanks

Lava25

  • Guest
Re: fake windows security alert....control panel is gone
« Reply #62 on: December 17, 2007, 03:43:43 AM »
C:\WINDOWS\system32\spoolc.exe moved successfully.
C:\WINDOWS\derc32xz.exe moved successfully.
C:\WINDOWS\xnnnav.exe moved successfully.
C:\WINDOWS\system32\dllgh8jkd1q8.exe moved successfully.
C:\WINDOWS\wsystmp_usl.exe moved successfully.
C:\Documents and Settings\Owner\Application Data\wklnhst.dat moved successfully.
File/Folder  not found.
 
Created on 12-17-2007 20:41:26
DSS log next........

Lava25

  • Guest
Re: fake windows security alert....control panel is gone
« Reply #63 on: December 17, 2007, 03:45:36 AM »
Deckard's System Scanner v20071014.68
Run by Owner on 2007-12-17 20:42:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42, on 2007-12-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Launchpad.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

Lava25

  • Guest
Re: fake windows security alert....control panel is gone
« Reply #64 on: December 17, 2007, 03:46:19 AM »
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103922804920
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

Lava25

  • Guest
Re: fake windows security alert....control panel is gone
« Reply #65 on: December 17, 2007, 03:47:17 AM »
End of file - 8953 bytes

-- Files created between 2007-11-17 and 2007-12-17 -----------------------------

2007-12-17 15:23:35     60416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2007-12-17 14:46:52         0 d-------- C:\Program Files\Trend Micro
2007-12-14 10:44:46         0 d-------- C:\Program Files\iWin
2007-12-13 20:04:41         0 d------c- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-13 20:04:06         0 d--h---c- C:\Documents and Settings\Administrator\NetHood
2007-12-13 20:04:06         0 dr-----c- C:\Documents and Settings\Administrator\My Documents
2007-12-13 20:04:06         0 d--h---c- C:\Documents and Settings\Administrator\Local Settings
2007-12-13 20:04:06         0 dr-----c- C:\Documents and Settings\Administrator\Favorites
2007-12-13 20:04:06         0 d------c- C:\Documents and Settings\Administrator\Desktop
2007-12-13 20:04:06         0 d--hs--c- C:\Documents and Settings\Administrator\Cookies
2007-12-13 20:04:06         0 dr-h---c- C:\Documents and Settings\Administrator\Application Data
2007-12-13 20:04:06         0 d------c- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-12-13 20:04:06         0 d------c- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-13 20:04:06         0 d------c- C:\Documents and Settings\Administrator\Application Data\Sun
2007-12-13 20:04:06         0 d---s--c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-13 20:04:06         0 d------c- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-13 20:04:06         0 d------c- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-12-13 20:04:06         0 d------c- C:\Documents and Settings\Administrator\Application Data\AOL
2007-12-13 20:04:05         0 d--h---c- C:\Documents and Settings\Administrator\Templates
2007-12-13 20:04:05         0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2007-12-13 20:04:05         0 dr-h---c- C:\Documents and Settings\Administrator\SendTo
2007-12-13 20:04:05         0 dr-h---c- C:\Documents and Settings\Administrator\Recent
2007-12-13 20:04:05         0 d--h---c- C:\Documents and Settings\Administrator\PrintHood
2007-12-13 20:04:05   1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-13 16:20:59         0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-13 16:19:45         0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-13 16:19:45         0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-13 16:18:57         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-12 20:13:58         0 d-------- C:\Program Files\Common Files\xing shared
2007-12-12 20:10:27         0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-12-10 20:28:02         0 d-------- C:\WINDOWS\pss
2007-12-10 19:58:09         0 d-------- C:\Program Files\RogueRemover FREE
2007-12-10 19:34:52         0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-10 13:52:26         0 d-------- C:\Program Files\Windows Defender
2007-12-10 13:42:34         0 d-------- C:\Program Files\Microsoft Silverlight
2007-12-10 09:30:12         0 d-------- C:\Program Files\Alwil Software
2007-12-09 23:33:04    291328 --a------ C:\WINDOWS\system32\libcurl.dll <Not Verified; The cURL library, http://curl.haxx.se/; The cURL library>
2007-12-08 18:36:29    237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-12-06 17:57:41         0 d-------- C:\Program Files\Common Files\SupportSoft
2007-12-06 17:57:16         0 d-------- C:\Program Files\CHARTER


-- Find3M Report ---------------------------------------------------------------

2007-12-17 10:26:45         0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-15 22:21:46         0 d-------- C:\Program Files\BigFix
2007-12-15 18:24:30         0 d-------- C:\Program Files\Common Files
2007-12-13 15:47:47         0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-12-12 20:13:38         0 d-------- C:\Program Files\Common Files\Real
2007-12-10 13:52:06         0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-12-06 17:50:09         0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-13 09:57:06         0 d-------- C:\Program Files\Apple Software Update
2007-11-13 01:28:47         0 d-------- C:\Program Files\iTunes
2007-11-13 01:28:17         0 d-------- C:\Program Files\iPod
2007-11-13 01:25:30         0 d-------- C:\Program Files\QuickTime
2007-11-06 10:40:20         0 d-------- C:\Program Files\MMKids


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 16:18]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-01-29 20:13]
"msnappau"="C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe" [2005-06-09 13:56]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 10:01 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-12 20:12]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 00:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 11:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Launchpad.lnk - C:\Program Files\IC Media Corp.\ICM532\Launchpad.exe [2004-12-26 12:12:08]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-12-17 20:43:03 ------------


Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: fake windows security alert....control panel is gone
« Reply #66 on: December 17, 2007, 04:34:22 AM »
Okay.it looks good.

Can you rename catchme.zip to something else.zip? I'll let you know what to do with it.

If you are not experiencing any problems, we'll start cleaning up. If you are having problems let me know now before proceding.


1.Click start button, click run, copy and paste this line into the box and click ok

combofix /u

2. double-click OTMoveIt.exe to run it, then click the Clean Up button. You may get prompted by your firewall that OTMoveIt wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.


3.Clean out some old restore points.

Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point

4.Remove old restore points

Disk Cleanup
- Go to Start - All Programs - Accessories, Launch the Disk Cleanup tool let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.



5.Your java is way out of date,

Open an Internet Explorer (only) window and go to http://www.java.com/en/download/manual.jsp > In the middle of the page, click on the Download button to the right of Java Runtime Environment (JRE) 6u3 > If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content.

 You do not have to install the Java Web Start ActiveX Control


Accept the license agreement > Click on Windows (XP,Vista, .etc) Offline Installation, Multi-language and Save the file jre-6u3-windows-i586-p.exe to your desktop; do not Run it.

When the download is complete, close all browser windows and double-click on the saved file to install the update.

Delete the downloaded installation file after completing the above procedure  and reboot if not prompted to do so.

Open Control Panel > Add/Remove Programs:

Uninstall anything that says Sun Java, Java JRE, or similar except Java TM 6 Update 3 which you just installed.

Close Add/Remove Programs.

In Windows Explorer, navigate to C:\Program Files\Java <=this folder, if found. Delete any subfolders except the subfolder jre1.6.0_03 which was just created by the installation above.

Do NOT delete C:\Program Files\JavaVM <=this folder, if found!


6.I didn't see a firewall besides windows firwall, you may want to check out this link for a good free firewall that provides outbound protection.

A discussion on free firewalls can be found here.

http://forum.avast.com/index.php?topic=30808.0


7.And this is good all perpose cleaner if you don't all ready have one. When first run, it is in demo mode to show you what it will remove. When you run it the second time make sure it's not still in demo mode.

CleanUp


« Last Edit: December 17, 2007, 04:44:45 AM by oldman »

Lava25

  • Guest
Re: fake windows security alert....control panel is gone
« Reply #67 on: December 17, 2007, 05:57:55 AM »
OK I changed the file name to workingitout.zip and when I went to run the cleanup it says that it is unable to contact the internet and that cleanup failed, even though I am connnected.  Ever had that before?  I tried to restart and try again and the same happened.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: fake windows security alert....control panel is gone
« Reply #68 on: December 17, 2007, 03:03:51 PM »
Yes you have to allow otmoveit to connect to the internet, though with windows firewall, that shouldn't be a problem as windows firewall doesn't moniter out bound traffic. do you have a router with a firewall?

Lava25

  • Guest
Re: fake windows security alert....control panel is gone
« Reply #69 on: December 17, 2007, 03:26:13 PM »
I really don't know, I only know of the windows firewall.  Unless something that you had me install is blocking it?  I doubt it.  I'll look around and do a search and see if I find anything.

Lava25

  • Guest
Re: fake windows security alert....control panel is gone
« Reply #70 on: December 17, 2007, 03:43:49 PM »
I just don't know what to look for. I searched for firewalls and routers and I did get two files for router but I didn't touch them.  Router.dsp and IARouter.dll  I don't think that is what you are looking for but I guess you would know more than me.  I'm practically a blank slate when it comes to computers as you have seen.  Let me know if you think of anything.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: fake windows security alert....control panel is gone
« Reply #71 on: December 18, 2007, 02:55:32 PM »
Hi Lava25, sorry about the delay

If you still can't get the OTMOVEIT cleanup button to work

uninstall HJT via add/remove programs

delete these folders

C:\Deckard
C:\OTMOVEIT
C:\Qoobox (if present)

That zip file can be deleted, empty the recycle bin after

Lava25

  • Guest
Re: fake windows security alert....control panel is gone
« Reply #72 on: December 18, 2007, 04:55:30 PM »
The above tasks are completed!  I can't thank you enough, you saved my sanity!  Is my computer done with the nightmare now?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: fake windows security alert....control panel is gone
« Reply #73 on: December 18, 2007, 05:33:25 PM »
As far as I can tell, you are good to go.  :)  Are you having any problems?

Lava25

  • Guest
Re: fake windows security alert....control panel is gone
« Reply #74 on: December 18, 2007, 05:46:31 PM »
Nope, I don't see anything wrong right now!  Good as new!  Thanks again!!! ;D