Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popups saying computer is infected [CLOSED]


  • This topic is locked This topic is locked

#16
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> KernelFaultCheck ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {6ED63687-EB85-4687-A8D0-17E9792B20CA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YY -> xlibgfl254.dll ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> opnlkhi ->
YY -> WgaLogon ->
YY -> winvfe32 ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {13197ace-6851-45c3-a7ff-c281324d5489} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {5fa6752a-c4a0-4222-88c2-928ae5ab4966} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {622cc208-b014-4fe0-801b-874a5e5e403a} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {85DA32C2-9D9B-4DCB-9FBB-35882FC4D2F8} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {8674aea0-9d3d-11d9-99dc-00600f9a01f1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {9c5b2f29-1f46-4639-a6b4-828942301d3e} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {B4E7CAAB-6535-4243-99BD-F12350B584A2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value does not exist or could not be read.]
YN -> {cf021f40-3e14-23a5-cba2-717765728274} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {fc3a74e5-f281-4f10-ae1e-733078684f3c} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {ffff0001-0002-101a-a3c9-08002b2f49fb} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1004\] > -> HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1004\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
YN -> {F4430FE8-2638-42e5-B849-800749B94EED}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [PartyPoker.net]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.]
YN -> CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKEY_LOCAL_MACHINE] -> [PartyPoker.net]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1004\] > -> HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1004\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.]
YN -> CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKEY_LOCAL_MACHINE] -> [PartyPoker.net]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.]
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\printer.exe -> C:\WINDOWS\system32\printer.exe [C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\shell.exe -> C:\WINDOWS\shell.exe [C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\Andre\Start Menu\Programs\Startup\findfast.exe -> C:\Documents and Settings\Andre\Start Menu\Programs\Startup\findfast.exe [C:\Documents and Settings\Andre\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe [C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win1B54.tmp.exe -> C:\WINDOWS\TEMP\win1B54.tmp.exe [C:\WINDOWS\TEMP\win1B54.tmp.exe:*:Enabled:win1B54.tmp]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win2C89.tmp.exe -> C:\WINDOWS\TEMP\win2C89.tmp.exe [C:\WINDOWS\TEMP\win2C89.tmp.exe:*:Enabled:win2C89.tmp]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win5E.tmp.exe -> C:\WINDOWS\TEMP\win5E.tmp.exe [C:\WINDOWS\TEMP\win5E.tmp.exe:*:Enabled:win5E.tmp]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\Andre\LOCALS~1\Temp\RegMech.exe -> C:\DOCUME~1\Andre\LOCALS~1\Temp\RegMech.exe [C:\DOCUME~1\Andre\LOCALS~1\Temp\RegMech.exe:*:Enabled:Enabled]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\winC00.tmp.exe -> C:\WINDOWS\TEMP\winC00.tmp.exe [C:\WINDOWS\TEMP\winC00.tmp.exe:*:Enabled:winC00.tmp]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win1D.exe -> C:\WINDOWS\TEMP\win1D.exe [C:\WINDOWS\TEMP\win1D.exe:*:Enabled:win1D]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Andre\Application Data\printer.exe -> C:\Documents and Settings\Andre\Application Data\printer.exe [C:\Documents and Settings\Andre\Application Data\printer.exe:*:Enabled:@xpsp2res.dll,-22019]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\printer.exe -> C:\WINDOWS\system32\printer.exe [C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\shell.exe -> C:\WINDOWS\shell.exe [C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Andre\Start Menu\Programs\Startup\findfast.exe -> C:\Documents and Settings\Andre\Start Menu\Programs\Startup\findfast.exe [C:\Documents and Settings\Andre\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe [C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YY -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk ->
YY -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk ->
YY -> C:^Documents and Settings^Andre^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk ->
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> build delete remote idol hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
[Files/Folders - Created Within 90 days]
YY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
YY -> A8713B3C918EB1D4.job -> C:\WINDOWS\Tasks\A8713B3C918EB1D4.job
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Also post a new DSS log
  • 0

Advertisements


#17
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP