Unneccesary POP-UPS!

[Angelfire777]

So can i have Avast in my system & also install AVG? Both softwares at a time wont affect my PC will it????? And What abt spybot, thats also a spyware right? So let that also be there with those 2 softwares??????

Yes. 2 Antispywares are ok. AVG has the real time monitoring and spybot is only for scanning. Avast and AVG AS have different functions so you don't have to worry if they're running both at the same time.

Limewire i have difinately uninstalled.... If its showing in any particular folder please let me know ......

You just need to delete the folder, it was probably a leftover..

I have Emule installed in my system and i download most of my files from there, is it a good P2P or its risky? If so how risky is it and how often i should use it?

All p2p programs are VERY risky.. Did you read my reason for uninstalling limewire? It's the same for emule and other p2p programs..

 

[ravishing_gal]

Logs

Hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 7:23:53 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\angelfire777.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Smart Evrox] G:\DATA\RUHI\SETUPS\Antivirus\Ewido anti-spyware\crack\evrox.exe e
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6800B23A-11CF-4B1B-9469-B6721BC82D03}: NameServer = 202.63.174.250 202.63.164.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{1230EB6C-9F75-485A-BCE8-3CFED8756E34}: NameServer = 202.63.174.250,203.115.71.66
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

AVG AntSpyware:
In result preview it shows 2 files :-
Not-A-Virus.RemoteAdmin.Win32.RAdmin20 - Risk - Low
Not-A-Virus.RemoteAdmin.Win32.RAdmin21 - Risk - Low
I have installed this Radmin myself, shall i still delete these 2 files?
It shows 7 infected objects but doesnt give there names in Result preview & there is no report also to save for the log. What should i do?

Rest my PC is performing well ... POP-UPS have stopped but get only this one pop-up i.e. Help & Support center.

The error i used to get after restarting my PC has stopped completely.
Does all this mean my PC has almost safe now!

 

[ravishing_gal]

Forgt to mention earlier... I have done the scanning of AVG Anti-virus in safe mode itself.

 

[Angelfire777]

I have installed this Radmin myself, shall i still delete these 2 files?
It shows 7 infected objects but doesnt give there names in Result preview & there is no report also to save for the log. What should i do?

No please don't delete them. Were the infections cleaned in the scan?

Also, did you delete this file: C:\windows\system32\r_server.exe ?

 

[ravishing_gal]

Yes i deleted r_server.exe as you had directed me. I followed all your instructions properly uptill now.

There was nothing showing other than those 2 RAdmin files in AVG scan. So nothing was there to be scanned. It did show 7 infected files but not their names in the preview list. So couldnt select it to take any action. Any solution ????

What about that pop-up i still get in between about Help & support ???

Is everything done to fix my PC as u havent given any instructions this time????

 

[Angelfire777]

Yes i deleted r_server.exe as you had directed me. I followed all your instructions properly uptill now.

Can you check if you're RAdmin is still working? If not, you may need to reinstall it.

There was nothing showing other than those 2 RAdmin files in AVG scan. So nothing was there to be scanned. It did show 7 infected files but not their names in the preview list. So couldnt select it to take any action. Any solution ????

Can you please run the scan again in safe mode and this time please take time to go through the instructions for running the scan...

What about that pop-up i still get in between about Help & support ???

Can you take a screenshot of it and upload it to photobucket or imageshack, I want to take a look at it..

Is everything done to fix my PC as u havent given any instructions this time????

Most of it is done but we are not completely done since you are still having minor issues..


Post back with a fresh HijackThis log and AVG Antispyware log please.

 

[ravishing_gal]

Pop-ups!

I scanned with AVG again in safe mode going through your instructions properly but nothing was found & so there was no log report as well.

That Help & support pop-up comes some times, very rare. When it'll come i'll surely take the screen shot.

Hijackthis log:-

Logfile of HijackThis v1.99.1
Scan saved at 12:07:35 PM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\angelfire777.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Smart Evrox] G:\DATA\RUHI\SETUPS\Antivirus\Ewido anti-spyware\crack\evrox.exe e
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6800B23A-11CF-4B1B-9469-B6721BC82D03}: NameServer = 202.63.174.250 202.63.164.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{1230EB6C-9F75-485A-BCE8-3CFED8756E34}: NameServer = 202.63.174.250,203.115.71.66
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

 

[Angelfire777]

You didn't tell me if RAdmin is working right..The reason I asked was because I accidentally had you delete r_server.exe.. In case it doesn't work, just reinstall a new copy..

Congratulations! Your log looks clean!

This is a good time to clear your existing system restore points and establish a new clean restore point:

• Go to Start > All Programs > Accessories > System Tools > System Restore
  
• Select Create a restore point, and Ok it.
  
• Next, go to Start > Run and type in cleanmgr
  
• Select the More options tab
  
• Choose the option to clean up system restore and OK it.
  
  This will remove all restore points except the new one you just created.

______________________
Here are some free programs I recommend that could help you improve your pc's security.

Firewall Application - Although Windows Xp comes with a firewall, you should not rely on it because the Windows Firewall can only filter incoming data; outgoing traffic is not controlled, meaning that malware/viruses that are present in your computer can access the internet with no restrictions. There are several other Firewall that can protect you better by filtering incoming and outgoing data. Make sure you get only one of these.

» ZoneAlarm
» Kerio

Install SpyWare Blaster
~You can download it from here
~You can read the tutorial on how to use Spyware Blaster here

Install WinPatrol
~You can download it from here
~You can get some information about how WinPatrol works here

IESpyAds
~You can download it from here
~If you want to know how IEspyads work you can take a look at it here
~Please note that IESpyAds only works with Internet Explorer.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Happy safe surfing!

 

[ravishing_gal]

I'll check on the RAdmin later. I may uninstall it as i am not using it much. Is it safe to use it thou ???

Please tell me what all anti-virus/spy-wares shall i keep installed in my PC to be on the safer side or better performance? And which ones to use on long term basis....

And all the setups i have installed uptill now asked by you... out of that what all to keep and what to uninstall?

One important thing, if P2P is not safe to use then where shall i get all my applications & other stuff from??????

 

[Angelfire777]

I'll check on the RAdmin later. I may uninstall it as i am not using it much. Is it safe to use it thou ???

It's not VERY safe but it is safe enough. Some malware tend to use it to gain access to other computers...

Please tell me what all anti-virus/spy-wares shall i keep installed in my PC to be on the safer side or better performance? And which ones to use on long term basis....

What you have there is perfect. As long as you follow my recommendations for more protection, your pc will be much secure than it was before..

And all the setups i have installed uptill now asked by you... out of that what all to keep and what to uninstall?

You may delete/uninstall everything except for AVG Antispyware. Personally, I would keep it because of its very good on-demand scanner..It's your choice

One important thing, if P2P is not safe to use then where shall i get all my applications & other stuff from??????

May I ask what applications? You can download applications etc from their main website, that way it'll be safer. You can use P2p as long as you are very careful of what you download..

 

[ravishing_gal]

Thank You Sooooooooo Much .........

Hey AngelFire777 ... THANKS A TONE for your help. You have no idea how much you have eased my work!!!!!!!! I am really very thankful to you....... :2thumb:

Just out of curiosity ... is this your full time job of solving PC probs ? Whats your age and what exactly do you do? :blink:

I am going to Goa tomorrow on a vacation for ten days which is in India if you must have heard of it, so may not be replying to you. But hey i am very happy my problem got solved just in time.... so i can enjoy my vacation without anything on my mind :yahoo: its party time for me now :band: :wink::

Anyways ... hats of to you and :beerbeerb: For now :greeting: TC Thanks again!

 

[Angelfire777]

Hey AngelFire777 ... THANKS A TONE for your help. You have no idea how much you have eased my work!!!!!!!! I am really very thankful to you.......

You're very welcome..

Just out of curiosity ... is this your full time job of solving PC probs ? Whats your age and what exactly do you do?

No, this is not a full time job nor a part time one..In fact, I do not consider this as a "job" at all but somewhat like a hobby. All the helpers at the antimalware forums are volunteers, they use their precious time to help victims like you clean their machines..I'm currently 16 yrs old and I'm a student.

I am going to Goa tomorrow on a vacation for ten days which is in India if you must have heard of it, so may not be replying to you. But hey i am very happy my problem got solved just in time.... so i can enjoy my vacation without anything on my mind its party time for me now

Enjoy your vacation! I never heard of that place before...

Take care too and surf safe!

 

[Angelfire777]

Glad we could be of assistance :bigthumb:

Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.