please help! anti virus suite hijacker

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

please help! anti virus suite hijacker

Post by lynx5653 on Mon 26 Jul 2010, 3:21 am

First topic message reminder :

I have downloaded malwarebytes and removed infections, however can only run ie explorer in safe mode, everything freezes up, cannot download programs and unable to install any windows updates. Here is copy of OTL scan log:



OTL logfile created on: 7/25/2010 11:56:05 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 723.00 Mb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 1.00 Gb Total Space | 0.90 Gb Free Space | 90.16% Space Free | Partition Type: NTFS
Drive D: | 79.42 Gb Total Space | 71.14 Gb Free Space | 89.57% Space Free | Partition Type: NTFS
Drive E: | 12.70 Gb Total Space | 0.78 Gb Free Space | 6.11% Space Free | Partition Type: FAT32
Drive F: | 0.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIMSTON-DE2D31
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/25 11:53:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/03/18 18:50:30 | 004,363,504 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/25 11:53:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:11:56 | 001,819,997 | ---- | M] () -- D:\WINDOWS\system32\htmlmod.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- D:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- D:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2006/01/06 15:07:26 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- D:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2007/06/12 11:39:38 | 000,508,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/01/24 15:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/02/08 16:44:00 | 003,846,016 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/01/06 15:07:27 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2006/01/06 15:07:27 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2006/01/06 15:07:27 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2006/01/06 15:07:26 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2005/09/28 17:00:22 | 000,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/27 23:46:00 | 001,345,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/03 01:58:06 | 000,007,552 | ---- | M] (Sirius, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\SiriusUSB.sys -- (PortlUSB)
DRV - [2005/08/22 16:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 15:06:14 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/22 15:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/01 19:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/01 18:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/07/13 11:08:20 | 000,033,890 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - D:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Adblock Pro) - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - D:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O4 - HKLM..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHmon04] D:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] D:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe File not found
O4 - HKLM..\Run: [Microsoft Works Portfolio] D:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] D:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WorksFUD] D:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [YMailAdvisor] D:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - D:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - D:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O9 - Extra 'Tools' menuitem : Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - D:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} D:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 199.45.28.3 208.93.13.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dhcpvga: DllName - dhcpvga.dll - D:\WINDOWS\System32\dhcpvga.dll ()
O21 - SSODL: Txtitdde - {C06CBC2B-A080-4A36-92BE-5FA438C6D029} - D:\WINDOWS\system32\sqlepchm.dll ()
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/29 00:43:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - D:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - D:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - D:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: aawservice - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: AppMgmt - D:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: AppMgmt - D:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Visual Basic scripting Support
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - d:\WINDOWS\system32\Rundll32.exe d:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/07/25 11:52:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/25 11:34:32 | 000,000,000 | ---D | C] -- D:\WINDOWS\LastGood
[2010/07/25 11:11:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/07/25 11:11:10 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2010/07/25 11:10:43 | 000,423,656 | ---- | C] (Oracle) -- D:\WINDOWS\System32\deployJava1.dll
[2010/07/25 11:10:43 | 000,153,376 | ---- | C] (Oracle) -- D:\WINDOWS\System32\javaws.exe
[2010/07/25 11:10:43 | 000,145,184 | ---- | C] (Oracle) -- D:\WINDOWS\System32\javaw.exe
[2010/07/25 11:10:43 | 000,145,184 | ---- | C] (Oracle) -- D:\WINDOWS\System32\java.exe
[2010/07/25 11:10:43 | 000,073,728 | ---- | C] (Oracle) -- D:\WINDOWS\System32\javacpl.cpl
[2010/07/25 11:00:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Sun
[2010/07/24 12:26:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/07/24 12:25:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/24 12:25:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/07/24 12:25:54 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010/07/24 12:25:23 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\My Documents\mbam-setup-1.46.exe
[2010/07/24 12:22:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/07/24 12:22:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2010/07/24 12:22:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/24 11:44:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Adobe
[2010/07/24 11:42:42 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/07/24 11:42:42 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\SendTo
[2010/07/24 11:42:42 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\Application Data
[2010/07/24 11:42:42 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Start Menu
[2010/07/24 11:42:42 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Administrator\Cookies
[2010/07/24 11:42:42 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Templates
[2010/07/24 11:42:42 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Recent
[2010/07/24 11:42:42 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\PrintHood
[2010/07/24 11:42:42 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\NetHood
[2010/07/24 11:42:42 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Local Settings
[2010/07/24 11:42:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents
[2010/07/24 11:42:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/07/24 11:42:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Favorites
[2010/07/24 11:42:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop
[2010/07/14 20:10:01 | 000,000,000 | ---D | C] -- D:\Program Files\Ubisoft
[2010/07/10 19:09:14 | 000,006,784 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\serscan.sys
[2010/07/10 19:09:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kousd.dll
[2010/07/10 19:09:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kousd.dll
[2010/07/10 19:09:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\fnfilter.dll
[2010/07/10 19:09:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\fnfilter.dll
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/25 11:57:14 | 000,786,432 | -H-- | M] () -- D:\Documents and Settings\Administrator\ntuser.dat
[2010/07/25 11:53:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/25 11:47:38 | 000,470,194 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/25 11:47:38 | 000,400,946 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/07/25 11:47:38 | 000,061,568 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/07/25 11:43:25 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/07/25 11:43:08 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/07/25 11:42:05 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/07/25 11:30:56 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010/07/25 11:30:53 | 002,656,656 | -H-- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/25 11:10:26 | 000,423,656 | ---- | M] (Oracle) -- D:\WINDOWS\System32\deployJava1.dll
[2010/07/25 11:10:26 | 000,153,376 | ---- | M] (Oracle) -- D:\WINDOWS\System32\javaws.exe
[2010/07/25 11:10:26 | 000,145,184 | ---- | M] (Oracle) -- D:\WINDOWS\System32\javaw.exe
[2010/07/25 11:10:26 | 000,145,184 | ---- | M] (Oracle) -- D:\WINDOWS\System32\java.exe
[2010/07/25 11:10:26 | 000,073,728 | ---- | M] (Oracle) -- D:\WINDOWS\System32\javacpl.cpl
[2010/07/25 09:40:50 | 000,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/24 21:02:24 | 000,001,857 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/07/24 21:02:01 | 000,004,566 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2010/07/24 15:03:54 | 000,262,144 | ---- | M] () -- D:\Documents and Settings\All Users\ntuser.dat
[2010/07/24 14:25:23 | 000,000,716 | ---- | M] () -- D:\WINDOWS\win.ini
[2010/07/24 14:25:23 | 000,000,243 | ---- | M] () -- D:\WINDOWS\SYSTEM.INI
[2010/07/24 12:25:32 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\My Documents\mbam-setup-1.46.exe
[2010/07/15 07:16:37 | 000,250,288 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/30 21:53:28 | 000,001,729 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/25 09:40:50 | 000,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/24 21:02:24 | 000,001,857 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/07/24 15:03:53 | 000,262,144 | ---- | C] () -- D:\Documents and Settings\All Users\ntuser.dat
[2010/07/24 15:03:53 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/07/24 11:42:44 | 000,000,178 | -HS- | C] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010/07/24 11:42:42 | 000,786,432 | -H-- | C] () -- D:\Documents and Settings\Administrator\ntuser.dat
[2010/07/24 11:42:42 | 000,245,760 | -H-- | C] () -- D:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2010/06/30 21:52:10 | 000,001,729 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/27 07:25:41 | 000,000,034 | ---- | C] () -- D:\WINDOWS\hpfsched.ini
[2009/10/27 07:24:11 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\hpodinet.dll
[2009/10/25 22:19:34 | 000,001,385 | ---- | C] () -- D:\WINDOWS\QfnOnl.ini
[2009/10/25 22:19:34 | 000,000,133 | ---- | C] () -- D:\WINDOWS\QBWCD.INI
[2009/10/25 22:19:28 | 000,000,362 | ---- | C] () -- D:\WINDOWS\QDQICK.INI
[2009/10/25 22:19:28 | 000,000,021 | ---- | C] () -- D:\WINDOWS\QFNOA.INI
[2009/10/25 22:19:27 | 000,000,038 | ---- | C] () -- D:\WINDOWS\ACCWIZ.INI
[2009/02/25 17:01:28 | 000,000,754 | ---- | C] () -- D:\WINDOWS\WORDPAD.INI
[2009/02/21 13:02:38 | 000,000,710 | ---- | C] () -- D:\WINDOWS\wininit.ini
[2009/01/27 18:57:33 | 000,000,000 | ---- | C] () -- D:\WINDOWS\FoneSync.INI
[2008/10/30 12:33:34 | 000,135,168 | ---- | C] () -- D:\WINDOWS\System32\RtlCPAPI.dll
[2008/10/05 22:25:31 | 000,000,408 | ---- | C] () -- D:\WINDOWS\System32\Remover.ini
[2007/06/12 11:08:10 | 000,000,518 | ---- | C] () -- D:\WINDOWS\System32\SP207.ini
[2004/08/04 08:00:00 | 001,819,997 | ---- | C] () -- D:\WINDOWS\System32\htmlmod.dll
[2004/08/04 08:00:00 | 001,282,048 | ---- | C] () -- D:\WINDOWS\System32\logadans.dll
[2004/08/04 08:00:00 | 001,073,152 | ---- | C] () -- D:\WINDOWS\System32\sqlepchm.dll
[2004/08/04 08:00:00 | 000,884,836 | ---- | C] () -- D:\WINDOWS\System32\dhcpvga.dll
[2004/08/04 08:00:00 | 000,366,669 | ---- | C] () -- D:\WINDOWS\System32\olertf.dll
[2004/08/04 08:00:00 | 000,331,299 | ---- | C] () -- D:\WINDOWS\System32\odbcmfc.dll
[2004/08/04 08:00:00 | 000,155,518 | ---- | C] () -- D:\WINDOWS\System32\dlgildev32.dll
[2004/08/04 08:00:00 | 000,119,756 | ---- | C] () -- D:\WINDOWS\System32\seroknet.dll
[1997/07/11 01:00:00 | 000,031,232 | ---- | C] () -- D:\WINDOWS\System32\XLREC.DLL
[1997/07/11 01:00:00 | 000,025,600 | ---- | C] () -- D:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- D:\WINDOWS\System32\DOCOBJ.DLL

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/10/16 16:38:34 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtmsft.dll
[2008/10/16 16:38:34 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtrans.dll
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/10/28 18:29:21 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2008/10/28 18:29:21 | 000,634,880 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2008/10/28 18:29:21 | 000,884,736 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 08:00:00 | 000,009,029 | ---- | M] () -- D:\WINDOWS\system32\ansi.sys
[2004/08/04 08:00:00 | 000,027,097 | ---- | M] () -- D:\WINDOWS\system32\country.sys
[2004/08/04 08:00:00 | 000,004,768 | ---- | M] () -- D:\WINDOWS\system32\himem.sys
[2004/08/04 08:00:00 | 000,042,809 | ---- | M] () -- D:\WINDOWS\system32\key01.sys
[2004/08/04 08:00:00 | 000,042,537 | ---- | M] () -- D:\WINDOWS\system32\keyboard.sys
[2004/08/04 08:00:00 | 000,027,866 | ---- | M] () -- D:\WINDOWS\system32\ntdos.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- D:\WINDOWS\system32\ntdos404.sys
[2004/08/04 08:00:00 | 000,029,370 | ---- | M] () -- D:\WINDOWS\system32\ntdos411.sys
[2004/08/04 08:00:00 | 000,029,274 | ---- | M] () -- D:\WINDOWS\system32\ntdos412.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- D:\WINDOWS\system32\ntdos804.sys
[2004/08/04 08:00:00 | 000,033,840 | ---- | M] () -- D:\WINDOWS\system32\ntio.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- D:\WINDOWS\system32\ntio404.sys
[2004/08/04 08:00:00 | 000,035,648 | ---- | M] () -- D:\WINDOWS\system32\ntio411.sys
[2004/08/04 08:00:00 | 000,035,424 | ---- | M] () -- D:\WINDOWS\system32\ntio412.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- D:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\watchdog.sys
[2008/09/15 08:12:56 | 001,846,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\win32k.sys
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\adv11nt5.dll
[2005/09/27 22:51:00 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- D:\WINDOWS\system32\drivers\ati2erec.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- D:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/07/25 11:19:42 | 000,006,709 | ---- | M] () -- D:\JavaRa.log
[2010/07/25 11:42:59 | 1610,612,736 | -HS- | M] () -- D:\pagefile.sys

< %PROGRAMFILES%\*. >
[2009/01/25 16:38:44 | 000,000,000 | ---D | M] -- D:\Program Files\Abrosoft
[2009/06/20 07:33:18 | 000,000,000 | ---D | M] -- D:\Program Files\Adblock Pro
[2010/06/30 21:51:50 | 000,000,000 | ---D | M] -- D:\Program Files\Adobe
[2010/01/15 08:56:27 | 000,000,000 | ---D | M] -- D:\Program Files\Apple Software Update
[2008/12/28 16:33:55 | 000,000,000 | ---D | M] -- D:\Program Files\ArcSoft
[2008/10/30 14:25:09 | 000,000,000 | ---D | M] -- D:\Program Files\ATI Technologies
[2008/10/29 14:53:59 | 000,000,000 | ---D | M] -- D:\Program Files\Broadcom
[2010/07/24 14:30:26 | 000,000,000 | ---D | M] -- D:\Program Files\CA Yahoo! Anti-Spy
[2010/07/25 11:11:10 | 000,000,000 | ---D | M] -- D:\Program Files\Common Files
[2008/10/29 00:39:43 | 000,000,000 | ---D | M] -- D:\Program Files\ComPlus Applications
[2008/10/29 20:38:44 | 000,000,000 | ---D | M] -- D:\Program Files\CONEXANT
[2009/05/27 18:25:31 | 000,000,000 | ---D | M] -- D:\Program Files\FoneSync
[2009/08/23 23:37:18 | 000,000,000 | ---D | M] -- D:\Program Files\GAMES
[2009/02/21 12:55:14 | 000,000,000 | ---D | M] -- D:\Program Files\Hewlett-Packard
[2008/10/30 14:33:43 | 000,000,000 | ---D | M] -- D:\Program Files\HP
[2009/02/21 13:23:23 | 000,000,000 | ---D | M] -- D:\Program Files\hp deskjet 990c series
[2009/10/27 07:24:29 | 000,000,000 | ---D | M] -- D:\Program Files\HP Photosmart 11
[2009/06/05 20:38:55 | 000,000,000 | -H-D | M] -- D:\Program Files\InstallShield Installation Information
[2009/01/28 19:49:01 | 000,000,000 | ---D | M] -- D:\Program Files\Intel
[2010/07/24 15:28:49 | 000,000,000 | ---D | M] -- D:\Program Files\Internet Explorer
[2009/11/06 07:20:46 | 000,000,000 | ---D | M] -- D:\Program Files\Java
[2008/12/15 18:07:09 | 000,000,000 | ---D | M] -- D:\Program Files\Lavasoft
[2010/07/25 09:40:50 | 000,000,000 | ---D | M] -- D:\Program Files\Malwarebytes' Anti-Malware
[2008/11/20 19:07:26 | 000,000,000 | ---D | M] -- D:\Program Files\Messenger
[2009/01/24 21:04:17 | 000,000,000 | ---D | M] -- D:\Program Files\microsoft frontpage
[2009/03/21 07:14:00 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Office
[2010/07/12 19:41:52 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Picture It! PhotoPub
[2009/01/25 13:40:37 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Works
[2009/01/25 13:35:42 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Works Suite 2001
[2008/11/20 19:04:09 | 000,000,000 | ---D | M] -- D:\Program Files\Movie Maker
[2010/07/24 21:02:27 | 000,000,000 | ---D | M] -- D:\Program Files\MSN
[2008/10/29 00:38:52 | 000,000,000 | ---D | M] -- D:\Program Files\MSN Gaming Zone
[2009/03/18 20:31:34 | 000,000,000 | ---D | M] -- D:\Program Files\MyDSC2
[2008/11/20 19:02:29 | 000,000,000 | ---D | M] -- D:\Program Files\NetMeeting
[2008/11/05 19:05:05 | 000,000,000 | ---D | M] -- D:\Program Files\NOS
[2010/07/24 21:01:56 | 000,000,000 | ---D | M] -- D:\Program Files\Online Services
[2008/11/20 19:02:24 | 000,000,000 | ---D | M] -- D:\Program Files\Outlook Express
[2008/10/05 22:25:26 | 000,000,000 | ---D | M] -- D:\Program Files\PC Camer@
[2008/12/11 11:50:02 | 000,000,000 | ---D | M] -- D:\Program Files\PortalPlayer
[2010/01/15 08:57:14 | 000,000,000 | ---D | M] -- D:\Program Files\QuickTime
[2009/01/12 21:55:12 | 000,000,000 | ---D | M] -- D:\Program Files\Realtek AC97
[2009/10/16 07:40:39 | 000,000,000 | ---D | M] -- D:\Program Files\Realtime-Spy
[2008/12/11 11:52:51 | 000,000,000 | ---D | M] -- D:\Program Files\Sirius
[2008/12/11 11:49:19 | 000,000,000 | ---D | M] -- D:\Program Files\sirius_studio_installer
[2009/01/23 11:22:41 | 000,000,000 | ---D | M] -- D:\Program Files\TIVistadriver
[2009/01/31 08:03:12 | 000,000,000 | ---D | M] -- D:\Program Files\TurboTax
[2010/07/14 20:10:37 | 000,000,000 | ---D | M] -- D:\Program Files\Ubisoft
[2008/10/29 00:49:24 | 000,000,000 | -H-D | M] -- D:\Program Files\Uninstall Information
[2009/01/05 10:58:42 | 000,000,000 | ---D | M] -- D:\Program Files\Wal-Mart
[2009/01/12 21:55:16 | 000,000,000 | ---D | M] -- D:\Program Files\Windows Media Player
[2008/11/20 19:02:24 | 000,000,000 | ---D | M] -- D:\Program Files\Windows NT
[2008/10/29 00:41:55 | 000,000,000 | -H-D | M] -- D:\Program Files\WindowsUpdate
[2008/10/29 00:43:24 | 000,000,000 | ---D | M] -- D:\Program Files\xerox
[2010/07/24 15:03:53 | 000,000,000 | ---D | M] -- D:\Program Files\Yahoo!
[2009/07/11 21:22:14 | 000,000,000 | ---D | M] -- D:\Program Files\Yahoo! Companion

< %appdata%\*.* >
[2008/10/28 18:31:23 | 000,000,062 | -HS- | M] () -- D:\Documents and Settings\Administrator\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/20 18:55:28 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/20 18:55:28 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/20 18:55:28 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/20 18:55:28 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/20 18:55:28 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/11/20 18:55:28 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- D:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- D:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- D:\WINDOWS\system32\dllcache\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- D:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- D:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- D:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- D:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- D:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- D:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- D:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/20 18:55:28 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/11/20 18:55:28 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- D:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- D:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- D:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-01-13 21:21:57
< End of report >




lynx5653

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-26
Operating System : xp home

View user profile

Back to top Go down


Re: please help! anti virus suite hijacker

Post by lynx5653 on Thu 29 Jul 2010, 12:43 pm

chris,
we seem to have another problem,whenever i open my yahoo mail it opens with internet explorer instead of firefox. i have set firefox as default browser, however when explorer opens i check the settings for firefox and i have to reset it as default. also exploerer opens duplicate pages. in remove programs i unchecked explorer.

lynx5653

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-26
Operating System : xp home

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by Crush on Thu 29 Jul 2010, 12:49 pm

Do you just have a link to Yahoo mail on your desktop? Combofix resets the default browser to IE so, you'll have to change it back once.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by lynx5653 on Thu 29 Jul 2010, 12:52 pm

no i open through messenger. ok ill reset it and see how it goes. other than that all seems ok.

we still would like you recommendation for anti virus software.

thank you for all your time and help

lynx5653

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-26
Operating System : xp home

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by Crush on Fri 30 Jul 2010, 4:00 am

we still would like you recommendation for anti virus software.

Sure. When we do the cleanup I'll give you a list . How's that scan coming?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by lynx5653 on Fri 30 Jul 2010, 12:43 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=897a4c3ff01dc94994ec8cdeff89aca1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-29 12:36:19
# local_time=2010-07-29 08:36:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=44196
# found=4
# cleaned=4
# scan_time=1315
D:\Program Files\Realtime-Spy\medford.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Program Files\Realtime-Spy\medford1.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{3B1DD35C-6472-43A6-B7AD-4AFBD28916E3}\RP7\A0005795.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{3B1DD35C-6472-43A6-B7AD-4AFBD28916E3}\RP7\A0005796.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

lynx5653

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-26
Operating System : xp home

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by Crush on Fri 30 Jul 2010, 12:45 pm

Perfect. How are things running now?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by lynx5653 on Fri 30 Jul 2010, 12:47 pm

good except explorer still opens 2 pages one with content one blank. close one it closes the other also. dont know what thats all about?
for the most part all seems good.

lynx5653

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-26
Operating System : xp home

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by Crush on Fri 30 Jul 2010, 2:29 pm

What version of IE? 8?

Try this:
[You must be registered and logged in to see this link.]

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by lynx5653 on Fri 30 Jul 2010, 10:31 pm

version 6

lynx5653

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-26
Operating System : xp home

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by Crush on Sat 31 Jul 2010, 11:09 am

Hi lynx,

Do you need 6 for a reason? Can you update to the latest version please?

All updates for windows can be found here:
[You must be registered and logged in to see this link.]

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by lynx5653 on Sat 31 Jul 2010, 12:10 pm

Hi Chris,
Do I detect a smirk in your question? I have now upgraded to ie 8. Only opened one page, and appears to do everything it's supposed to!
Please advise,
thanks, David

lynx5653

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-26
Operating System : xp home

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by Crush on Sat 31 Jul 2010, 4:02 pm

Knew it!

Death to IE6!

I mean...*ahem* how are things running now?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by lynx5653 on Sat 31 Jul 2010, 11:26 pm

all seems fine, thanks to you. where do we go from here? any other updates you want .

lynx5653

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-26
Operating System : xp home

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by Crush on Sun 01 Aug 2010, 5:20 am

Congratulations!! Your PC is all clean!

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

Cleaning

Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

ATF Cleaner
CCleaner

Defragmenting Your Hard Disk

Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
right-click My Computer, choose Manage, Storage, Disk Defragmenter.

In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

Repeat for multiple partitions/hard disks.

System Restore Cleanup Instructions

If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
You can find instructions on how to disable and re-enable system restore here:

Windows ME System Restore Guide

Windows XP System Restore Guide

Reading Tip:
Computer Health
Keep Your System Updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update

Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

1. Go to Start > Control Panel > Automatic Updates
2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
2. Never open emails from unknown senders.
3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many security exploits on websites are directed to users of Internet Explorer and Firefox.

If you use Firefox, try the No-script Add On - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft Article to learn how to backup. Follow This Article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
Bleeping Computer

Avoid P2P

I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Prevent A Re-infection

1. Winpatrol

Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features Here

You can get a Free Copy of Winpatrol or use the Plus Version for more features.

You can read Win Patrol FAQ if you run into problems.

2. Hosts File

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:
MVPS Hosts File
Blue Tack’s Hosts File
Blue Tack’s Hosts Manager

3. Spybot Search and Destroy

Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

Spybot Search & Destroy can be downloaded from here.

If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

4. SiteHound Toolbar

SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

====

Stand Up and Be Counted ---> Malware Complaints<--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
============================================================
See [You must be registered and logged in to see this link.] for more info about malware and prevention.
Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site.
Before the thread is archived, do you have any more questions?

Happy surfing and stay clean!

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by lynx5653 on Sun 01 Aug 2010, 11:02 am

what p2p software did you see, we are unsure what they may be. we dont do file sharing that we are aware of. maybe you forgot but what about anti virus software.we have tried norton,kasperkey,avg,mcaffee,all seem to slow pc down to a crawl.

thank you so much,
David & Gail

lynx5653

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2010-07-26
Operating System : xp home

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by Crush on Sun 01 Aug 2010, 11:40 am

I should have omitted that part of my post . I don't see any.

As for anti-virus, personally, I use Avast. You can get it from here:
[You must be registered and logged in to see this link.]

I was a long time of AVG until it went south on my machine.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: please help! anti virus suite hijacker

Post by Sponsored content Today at 11:22 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum