Ok, my english is bad: What I have tried: 1. enter in safe mode and run DelPSGuard I think this killed the "Security alert!" pop-up. I wanna kill this pop-up on the system tray: "Security Alert! System encountered spyware that collects your personal information without your consent. This information includes paswords, credit card details and other private data. Click the icon to learn more ways to protect your files." And also wanna get rid of: When I open IE, ir gets redirected to: www.syssecuritysite.net and then goes to: www.error404site.net Greetings.

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by "Create a desktop icon" then click "Next" again. Continue to follow the rest of the prompts from there. At the final dialogue box click "Finish" and it will launch Hijack This. Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Hi, ok this is the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 03:57:14 p.m., on 13/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ShellNew\Test.exe C:\Archivos de programa\CA\eTrust Antivirus\InoRpc.exe C:\Archivos de programa\CA\eTrust Antivirus\InoRT.exe C:\Archivos de programa\CA\eTrust Antivirus\InoTask.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\dcomcfg.exe C:\ARCHIV~1\CA\ETRUST~1\realmon.exe C:\Archivos de programa\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Archivos de programa\Archivos comunes\Sonic Shared\CineTray.exe C:\Archivos de programa\Webshots\WebshotsTray.exe C:\Archivos de programa\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WagBHO.WagBHO - {A7DE7922-14CB-11D6-8BCA-0010A48E5285} - C:\webacc\WagBHO.dll O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp100.tmp O4 - HKLM\..\Run: [Realtime Monitor] C:\ARCHIV~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Startup: palmOne Registration.lnk = C:\Archivos de programa\palmOne\register.exe O4 - Startup: Webshots.lnk = C:\Archivos de programa\Webshots\WebshotsTray.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Archivos de programa\Archivos comunes\Sonic Shared\CineTray.exe O4 - Global Startup: Web Adaptation Reset.lnk = ? O9 - Extra button: Valores - {02E998F8-5FF1-4a65-9D1D-99059AFCEC01} - C:\webacc\WagBand.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DIF.JALISCO.GOB.MX O17 - HKLM\Software\..\Telephony: DomainName = DIF.JALISCO.GOB.MX O17 - HKLM\System\CCS\Services\Tcpip\..\{48E24096-2D35-4DCB-908D-845424720D1C}: NameServer = 10.2.3.189,10.2.3.206 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DIF.JALISCO.GOB.MX O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dif.jalisco.gob.mx O17 - HKLM\System\CS1\Services\Tcpip\..\{48E24096-2D35-4DCB-908D-845424720D1C}: NameServer = 10.2.3.189,10.2.3.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dif.jalisco.gob.mx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll (file missing) O23 - Service: BeSoftMonitorTest - Unknown owner - C:\WINDOWS\ShellNew\Test.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\HPQ\Shared\hpqwmi.exe O23 - Service: Servidor de RPC de eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Archivos de programa\CA\eTrust Antivirus\InoRpc.exe O23 - Service: Servidor de tiempo real de eTrust Antivirus (InoRT) - Computer Associates International, Inc. - C:\Archivos de programa\CA\eTrust Antivirus\InoRT.exe O23 - Service: Servidor de tareas de eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Archivos de programa\CA\eTrust Antivirus\InoTask.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Greetings and thank you.

Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Download Ewido Security Suite We will need this later in safe mode Be sure to update Ewido Download SmitRem.exe and save the file to your desktop. Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. Reboot back into Windows normal mode. Do a search for "smitfiles.txt" usually found a C:\smitfiles.txt and post the results of the scan. Reboot into safe mode Run HIjack This, close all windows except Hijack This, place a check to the left of the following items and press "fix checked": O2 - BHO: WagBHO.WagBHO - {A7DE7922-14CB-11D6-8BCA-0010A48E5285} - C:\webacc\WagBHO.dll O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp100.tmp O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll (file missing) Exit Hijack This but remain in safe mode Run Ewido from safe mode and let it delete all that it finds. Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. While still in safe mode navigate to and delete this folder: C:\webacc Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Post a new Hijack This log. Please download SilentRunners from this link Please download SilentRunners from here: http://www.silentrunners.org/Silent%20Runners.zip. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.