Jump to content

Malwarebytes didn't fix 'RESTOREFIX / REGRENEW POPUP.


Recommended Posts

This anoying popup wont go away. Can you help me remove it PLS.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:54:36 PM, on 3/6/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Compaq S200 Scanner\S200Btns.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\System32\Suspend.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [buttonMonitor] S200

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot

O4 - Global Startup: Compaq S200 Button Manager.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--

End of file - 5345 bytes

Malwarebytes' Anti-Malware 1.34

Database version: 1815

Windows 5.1.2600 Service Pack 1

4/1/2009 3:09:49 PM

mbam-log-2009-04-01 (15-09-49).txt

Scan type: Quick Scan

Objects scanned: 68055

Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

Malwarebytes didn't fix 'RESTOREFIX / REGRENEW POPUP.
I don't even see what MalwareBytes can do against it, because these popups are generated by the Messenger Service. The Messenger Service is a service that is installed by default on XP.. and is enabled by default till SP1. Once you update to service pack 2/3, it's getting disabled.

The only fix is to disable the Messenger Service. If your Windows was up to date, then you wouldn't get these popups anyway because the Messenger Service gets disabled in Service Pack 2.

So my advise to you is, please update your Windows. You need to update Windows anyway because your version is currently extremely vulnerable.

In case it's not possible to update it (because of an illegal version of XP), then disable the Messenger Service manually.

To disable this service:

*Go to start >run and type: services.msc and click OK

Scroll down in that list until you find the service Messenger

Doubleclick on it. In the window that will appear, click on "Stop" (if not greyed out) and change the Startup Type to disabled.

Click apply and OK and close all open windows.

Also read here for more information about the Messenger service and how to disable it:

http://www.microsoft.com/windowsxp/using/s...e/stopspam.mspx

Also, please uninstall RegTool via software > add & remove programs. I don't recommend it. Read here why: http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html

In case you already deleted/uninstalled it previously, fix the following leftover in HijackThis:

O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot

Link to post
Share on other sites

Hi,

I don't even see what MalwareBytes can do against it, because these popups are generated by the Messenger Service. The Messenger Service is a service that is installed by default on XP.. and is enabled by default till SP1. Once you update to service pack 2/3, it's getting disabled.

The only fix is to disable the Messenger Service. If your Windows was up to date, then you wouldn't get these popups anyway because the Messenger Service gets disabled in Service Pack 2.

So my advise to you is, please update your Windows. You need to update Windows anyway because your version is currently extremely vulnerable.

In case it's not possible to update it (because of an illegal version of XP), then disable the Messenger Service manually.

To disable this service:

*Go to start >run and type: services.msc and click OK

Scroll down in that list until you find the service Messenger

Doubleclick on it. In the window that will appear, click on "Stop" (if not greyed out) and change the Startup Type to disabled.

Click apply and OK and close all open windows.

Also read here for more information about the Messenger service and how to disable it:

http://www.microsoft.com/windowsxp/using/s...e/stopspam.mspx

Also, please uninstall RegTool via software > add & remove programs. I don't recommend it. Read here why: http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html

In case you already deleted/uninstalled it previously, fix the following leftover in HijackThis:

O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot

Thanks for your help. As you can tell, I'm no expert but I'm learning and enjoying it. :D

I followed your advice, did an upgrade, got rid of 'REGTOOL' :D and did the O4 - HKCU fix and all is good. I appreciate your assistance and advice, thanks.

Chears,

Berny

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.