System security v4.51 on my PC.

View previous topic View next topic Go down

System security v4.51 on my PC.

Post by alexk2007 on 16th June 2009, 7:54 pm

I AM DESPERATE!!!
My PC is infected with System Security version 4.51 and I cannnot open any file, run any program, go in the internet! I am using another PC right now.
Please help me!!

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Belahzur on 16th June 2009, 10:17 pm

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Does it stay open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 16th June 2009, 10:33 pm

I download ICE Sword on the desktop. But then, system security does noe let me open/extract the files. A message from system security appears saying that WinRar is infected and the application cannot be executed.
Is there anything else I can do?

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 17th June 2009, 12:32 am

I still cannot open the ICE sword files. Any help will be appreciated.

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Belahzur on 17th June 2009, 12:27 pm

Uploaded an unzipped copy for you.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 17th June 2009, 8:40 pm

Ice sword is open. What do I do now?

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Belahzur on 17th June 2009, 9:00 pm

Hello.
There has been new developments in how to beat this. Before we use IceSword, do you have MBAM (MalwareBytes Anti-Malware) installed?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 17th June 2009, 9:39 pm

Yes I do. I tried yesterday to run malwareBytes, but system security did not let me. Should I try to sacn with MBAM again now?
thanks a lot

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Belahzur on 17th June 2009, 9:49 pm

Hello.
Good, we can use MBAM instead. Go to this folder in bold:

C:\Program Files\Malwarebytes' Anti-Malware

Inside there, find mbam.exe, right click and select rename.
Remove mbam from the name, and type winlogon, so it's now called winlogon.exe

See if it will run now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 17th June 2009, 9:56 pm

Sorry if I am beeing stupid...
I go to C, programm files, malwarebytes anit-malware and I see a file mbam that is an application. Is this the same as mbam.exe?
as you see, I 'm clueless.
Thank you

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 17th June 2009, 10:08 pm

ok, ok. I opened it. should I do perform full scan now?

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Belahzur on 17th June 2009, 10:49 pm

Yes. Update the database first.
Go into the update tab and press check for updates.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 17th June 2009, 11:56 pm

I updated mbam and then did a full scan. I got a message that no malicious files or whatever were detected. So, what should I do now?

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 18th June 2009, 12:04 am

Ok, when I click on update in mbam, there is an upadte, but I also get the message from system security that "application cannnot be executed. mbam-setup.exe is infected." I got to mbam in programm files and the winlogon.exe has todays date. So, was mbam updated or not?
Thank you

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Belahzur on 18th June 2009, 12:06 am

Might be.
When you ran the scan, were you able to get a log up? or when you open MBAM, go into the update tab, what does it say next to "Database version:"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 18th June 2009, 12:11 am

mbam update tab, MBAM database version 1632

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Belahzur on 18th June 2009, 12:27 am

That explains why it didn't find anything, that is a very old version you have right there.
We can remove this now, I just needed to test out another removal method without using IceSword since that involves registry editing.


  • Open the Ice Sword folder and then launch IceSword.exe.
  • Then look in the left hand bottom of the program and press "Registry"
  • When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
  • Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  • Now look in the right side pane for two run values that are just random numbers.
  • Once you have found the value(s), right click it and press "Delete"
  • Okay the prompt and close IceSword.

Then reboot. The alerts should have stopped and you should be able to update MBAM now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 18th June 2009, 4:43 pm

today, the virus does not let me run IceSword form rapidshare! any ideas?
thank you for your help

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 18th June 2009, 4:53 pm

ok, icesword is on. I looked where you say and I only find 1 value that is just random number. Should I delete it? I should have seen 2 run values that random numbers, yes? is is bad that I see only one?
Should I look also somewhere else now that IceSword is open and running?
thank you

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 18th June 2009, 6:28 pm

Thank you very very much for your help.
I did what you said and everything seems to be running perfect now.
Do you have a ny recommendations for free antivirus programms?
Thanks again.

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Belahzur on 18th June 2009, 7:57 pm

It seems better because the run values are gone, run MBAM again (update the database first), and run the scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 18th June 2009, 9:16 pm

I emant that I deleted the runs, updated MBAM, run the scan, found the virus, removed it and everything is bak to normal.
thanks for your help.

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Origin on 18th June 2009, 9:18 pm

There might be some leftovers, please do the following:



  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 18th June 2009, 9:30 pm

my antivirus programm (avira) says I should not install this program?
so, what do I do?

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Origin on 18th June 2009, 9:31 pm

I assure you this program is legit, if avira keeps saying not to install it please disable it then try downloading it.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 18th June 2009, 9:35 pm

ok, I opened DDs.scr and it says now:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Alexandra at 14:32:55.32 on Thu 06/18/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.347 [GMT -7:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Alexandra\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW4] "c:\program files\the weather channel fw\desktop weather\DesktopWeather.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [PMX Daemon] ICO.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: []
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [ScanSoft OmniPage SE 4.0-reminder] "c:\program files\scansoft\omnipagese4.0\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipagese4.0\ereg\ereg.ini"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alexan~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - c:\program files\invitrogen\vector nti advance 10\Ncbi.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\detoured.dll,c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 18th June 2009, 9:36 pm

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-18 11608]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-10-3 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-10-3 38528]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-6-4 21605]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-6-4 15668]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2007-6-4 114856]
R1 VETMONNT;VET File and Macro Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-6-4 896472]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-18 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-18 185089]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-18 55640]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-6-18 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-10-27 98304]
R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2009-4-2 266240]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-1-28 172032]
R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2009-4-2 794624]
R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-6-4 372816]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 CAISafe;CA ISafe;c:\windows\system32\zonelabs\isafe.exe [2007-6-4 188416]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-1-24 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-1-24 14336]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-10-27 14976]

=============== Created Last 30 ================

2009-06-18 11:35 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-18 11:35 --d----- c:\program files\Avira
2009-06-18 11:35 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-16 11:38 --d----- c:\docume~1\alluse~1\applic~1\10968124

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-26 08:17 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 08:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-06 10:28 278,528 a------- c:\windows\system32\livesnth.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 22:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 02:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 02:58 1,846,656 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 08:26 583,168 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 08:26 583,168 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 07:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2008-05-29 16:52 104 ---shr-- c:\windows\system32\A70BB4A64B.sys
2008-05-29 16:53 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 14:34:05.14 ===============

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by alexk2007 on 18th June 2009, 9:36 pm

does it look ok?

alexk2007
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Origin on 18th June 2009, 9:39 pm

It looks good Wink



Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System security v4.51 on my PC.

Post by Belahzur on 18th June 2009, 10:59 pm

Hello.
Actually, a few things need to go.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum