Still getting Windows Service Alert pop-up

I have gone through the Malware removal process. Here are the logs I was able to save, including a HijackThis log. Everything else is great. My control panel is back and a lot of the other problems have been cleared up. I just keep getting that alert every few minutes. For some reason, there was no report to save when I did the AVG process. I hope you can work with what I'm sending.

Anything you can do to help is appreciated.

Thanks.

 

Hi JGGonzoles!
Welcome to MajorGeeks!
I will post some instructions to you in a short while. I wanted to ask you if Spyware Doctor is a trial version. If so, please uninstall it.

Also, please uninstall the following:
- Java 2 Runtime Environment, SE v1.4.2_03
- Viewpoint Media Player

Now REBOOT your computer.

After rebooting, please install the most recent Java version here:
http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html


Thanks.
abri

 

Hi JGGonzales!

After you've completed the instructions in post #2, please continue with the following:

1) If you don't use Windows Messenger (not to be confused with MSN Messenger) please go to the following link and download and run the removal tool:
http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html


2) Now scan with Hijackthis and check the following entries. Do not click fix until exiting ALL browswers INCLUDING THE ONE YOU ARE IN RIGHT NOW!

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\msanton.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\timoty.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\devadwp.exe
O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe
O4 - Startup: setings.exe

Now just exit hijackthis.

3) Now download The Avenger by Swandog469, and save it to your Desktop.

• * Extract avenger.exe from the Zip file and save it to your desktop
  * Run avenger.exe by double-clicking on it.
  * Check the 'Input script manually' box.
  * Click on the magnifying glass icon.
  * Copy everything in the Quote box below, and paste it in the box that opens:

• * Now click the 'Done' button.
  * Click on the traffic light icon and OK the prompt.
  * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
  * A log file from Avenger will be produced at C:\avenger.txt

4) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

5) Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

abri