Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

many false spyware positives by Aluria's Security Center ??

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

many false spyware positives by Aluria's Security Center ??

Unread postby oscar seg » February 3rd, 2007, 1:55 pm

:( :?: I am repeatedly "finding" spyware with Aluria Security Center but not with other programs. -- After finding spyware with Aluria I quarantined them. Other programs did not find (including Norton Internet Security 2007, active at start-up). Today I have scanned (before using Aluria) with AVG Anti-Spyware 7.5, Spybot S&D, and Ad-Aware SE Professional and they did not find anything. Afterwards, Aluria did find (see below). Afterwards, Webroot SpySweeper did not find anything either. Moreover, Spywareblaster 3.5.1 is always active.

Today Aluria has found even more spyware than yesterday :evil: . I attach hijackthis.

Those are the spyware found:

- WinAntiSpyware = C\docs and settings\admin\configuracion
local\temp\~df7872.tmp

and all those at
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\

- WinMoviePlugin: archiviosex.net, linkautomatici.com, redfunny.com
- CoolWebSearch: coolwebsearch.com, searchmeup.com
- PornMagPass: dvdaccess.net, moviecodec.net, playercodec.net, tvcodec.com, videoaccess.net, watchfree.net
- EliteMediaPopup: elitemediagroup.netr, mmohsix.com
- SpywareQuake: free-spy-cam.net, loadcash.biz, trackhits.cc, tracktraff.cc, vparivalka.com
- Transponder.Bolger: media-motor.net
- SearchSquire: searchsquire.com
- SafetyBar: zcodec.com

Thanks

Oscar Alomar
-----------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 18:43:27, on 03/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\AppCore\AppSvc32.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\ALURIA~2\AL_ADS~1.EXE
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Archivos comunes\Command Software\dvpapi.exe
C:\Archivos de programa\Smartcom\EP2005\EpMonitor.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\ARCHIV~1\ALURIA~2\AluriaMsgSrv.exe
C:\Archivos de programa\Norton Save and Restore\Agent\VProSvc.exe
C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Archivos de programa\Canon\CAL\CALMAIN.exe
C:\Archivos de programa\Logitech\iTouch\iTouch.exe
C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe
C:\ARCHIV~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\ARCHIV~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Norton Save and Restore\Agent\NSRTray.exe
C:\Archivos de programa\Telefonica\bin\sprtcmd.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Archivos de programa\Logitech\MouseWare\system\em_exec.exe
C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe
C:\Archivos de programa\WinTV\Ir.exe
C:\Interwise\Student\pull.exe
C:\ARCHIV~1\Dantz\RETROS~1\retrorun.exe
C:\ARCHIV~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Archivos de programa\Webroot\Spy Sweeper\SSU.EXE
C:\ARCHIV~1\ALURIA~2\SecurityCenter.exe
C:\ARCHIV~1\ALURIA~2\AluriaFW.exe
C:\WINDOWS\System32\AuthFw.exe
C:\Archivos de programa\WinTV\WinTV2K.EXE
C:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Pagina%20Inici.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Pagina%20Inici.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Pagina%20Inici.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Pagina%20Inici.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Archivos de programa\Aluria Software\ProtectionToolbar\ElnkScamBlocker.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Archivos de programa\Aluria Software\ProtectionToolbar\ElnkScamBlocker.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Archivos de programa\Archivos comunes\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: HONcode Status - {4340E603-67EE-4A8F-9861-7D79044D9696} - C:\Archivos de programa\HONcode\HONstatus.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O2 - BHO: (no name) - {BF55256A-3B3B-11D2-B05B-000001145917} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: HONcode Status - {4340E603-67EE-4A8F-9861-7D79044D9696} - C:\Archivos de programa\HONcode\HONstatus.dll
O3 - Toolbar: HONcode Search - {E2550E4B-5DD6-4DD7-81BF-B25CD007E324} - C:\Archivos de programa\HONcode\HONBar.dll
O3 - Toolbar: Aluria Toolbar - {3E74382F-E627-4B4C-BE31-C8543FEA784A} - C:\Archivos de programa\Aluria Software\ProtectionToolbar\IeToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O3 - Toolbar: Mostrar la Barra de herramientas de Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Archivos de programa\Archivos comunes\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Archivos de programa\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SBDrvDet] "C:\Archivos de programa\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [RetroExpress] "C:\ARCHIV~1\Dantz\RETROS~1\RetroExpress.exe" /h
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\ARCHIV~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [InCD] "C:\Archivos de programa\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Archivos de programa\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Archivos de programa\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Archivos de programa\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [Telefonica] "C:\Archivos de programa\Telefonica\bin\sprtcmd.exe" /P Telefonica
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [NOMAD Detector] "E:\Cms\Nmjbt2\CTNMRun.exe"
O4 - HKCU\..\Run: [MtdAcq] "C:\Archivos de programa\Creative\Shared Files\Media Sniffer\MtdAcq.EXE" /s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyBrowser] C:\Archivos de programa\SpyBro\SpyBro.exe /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Archivos de programa\WinTV\Ir.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Push Client.LNK = C:\Interwise\Student\pull.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Crear un favorito móvil - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file:///C:/Pagina%20Inici.htm
O14 - IERESET.INF: MS_START_PAGE_URL=file:///C:/Pagina%20Inici.htm
O15 - Trusted Zone: http://es.f281.mail.yahoo.com
O15 - Trusted Zone: http://notepad.mail.yahoo.com
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic.com/sinespias/installer.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pest ... stscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1408.g.akamai.net/7/1408/9955/2 ... sSetup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/file ... isetup.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h ... mDlBrg.cab
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://aeat.es/imagenes/comun/cactivex.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp ... atools.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsup ... veData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81BECFF-0067-4A32-A47C-9D52ACB9D4F0}: NameServer = 80.58.0.33,80.58.32.97
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AL_ADSService - Aluria Software, LLC - C:\ARCHIV~1\ALURIA~2\AL_ADS~1.EXE
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\ARCHIV~1\ALURIA~2\ascserv.exe
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\Archivos de programa\Aluria Software\ASE\ASEserv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Archivos de programa\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Archivos de programa\Archivos comunes\Command Software\dvpapi.exe
O23 - Service: EP2005-SAGEM Usb Switcher (EpMonitor) - Unknown owner - C:\Archivos de programa\Smartcom\EP2005\EpMonitor.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Validación de contraseña de Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Aluria Message Service (MsgSrvService) - Aluria Software, LLC. - C:\ARCHIV~1\ALURIA~2\AluriaMsgSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Archivos de programa\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Archivos de programa\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Retrospect Helper (RetroExp Helper) - Dantz Development Corporation - C:\ARCHIV~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\ARCHIV~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Motor de Spy Sweeper de Webroot (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe
oscar seg
Active Member
 
Posts: 1
Joined: February 3rd, 2007, 1:30 pm
Advertisement
Register to Remove

Unread postby Linkmaster » February 4th, 2007, 1:13 pm

Hi oscar seg, Welcome to MalWare Removal !!

You may wish to print out a copy of these instructions to follow while you complete this procedure

Go to Start, Control Panel, Add/Remove Programs and Uninstall the following : (if present)

SpyBro and/or SpyBrowser

Do Not reboot if it asks

When finished uninstalling close Control Panel

I notice that you have more than one antivirus program running (Aluria Suite and Norton AV) ! This is very dangerous, as multiple AntiVirus Programs can interfere with one another and actually allow MORE viruses to get through.
I strongly recommend you do 1 of the following :

Enable only 1 AntiVirus to run RealTime Scanning, leave the other disabled

Uninstall all but 1 of the AntiVirus programs (Start, ControlPanel, Add/Remove Programs)

Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable SpySweeper:
Open it
Click Shield Settings on the right(or Shields on the left, depending what screen you're on)
Click Internet Explorer and uncheck all items
Click Windows System and uncheck all items
Click Hosts File and uncheck all items
Click Startup Programs and uncheck all items.
Exit Spysweeper

Please disable AVG Anti-Spyware, it may hinder in the fixing of some HJT entries. You can re-enable it after you're clean
Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an S in the system tray.
In the Resident Shield section, toggle the AVG Anti-Spyware active protection off by clicking Change state which will then change the protection status to inactive
If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield
Reply No and set it to inactive for the duration of your cleanup.

I need you to download some programs to aide in our fix :Do Not Run Them Yet

Download ATF (Atribune Temp File) Cleaner© by Atribune

Download ResetProtocolDefaults.reg© by WinHelp2002
Locate ResetProtocolDefaults.reg
Right-click and select Merge
Click Ok to merge with registry

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Right click on DelDomains© by WinHelp2002
Select Save target as (IE) or Save Link as (Firefox)
Save it to your desktop
Right click on DelDomains.inf and select Install (no need to restart)
Note: Because this will remove all entries in both the Trusted Zone and the Restricted Zone, any program, tool, or settings that were previously used to set restrictions will need to be reset :
Examples: (if these are being used),
IE-SPYADS will have to be reinstalled
Spybot's "Immunize" feature is used, you will need to re-immunize
SpywareBlaster's "Enable all protection" feature will have to be re-enabled

Run Kaspersky WebScanner
Click on Kaspersky Online Scanner
NOTE For Internet Explorer 7 Users : If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading t he latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Reboot

Post a fresh HijackThis Log and the Kaspersky Virus Scan Log here
(You may need to use several replies as the logs may be cut off)

Let me know how your system is now running !!

Thank You !!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby NonSuch » February 13th, 2007, 4:23 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware