System TOols 2011 hijacked my PC

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 11:24 am

I can't open any programs and everytime I disable it it'll just reinstall itself...

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Wed 22 Dec 2010, 11:46 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 11:53 am

I managed to disable it now and did a OTL scan.

OTL Extras logfile created on: 12/21/2010 6:33:23 PM - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\gap\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 596.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 19.04 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
Drive D: | 592.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ELLENS | User Name: gap | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56476:TCP" = 56476:TCP:*:Enabled:Pando Media Booster
"56476:UDP" = 56476:UDP:*:Enabled:Pando Media Booster
"56980:TCP" = 56980:TCP:*:Enabled:Pando Media Booster
"56980:UDP" = 56980:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56476:TCP" = 56476:TCP:*:Enabled:Pando Media Booster
"56476:UDP" = 56476:UDP:*:Enabled:Pando Media Booster
"56980:TCP" = 56980:TCP:*:Enabled:Pando Media Booster
"56980:UDP" = 56980:UDP:*:Enabled:Pando Media Booster
"57917:TCP" = 57917:TCP:*:Enabled:Pando Media Booster
"57917:UDP" = 57917:UDP:*:Enabled:Pando Media Booster
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- (THQ Canada Inc.)
"C:\Program Files\Unreal Tournament 2004\System\UT2004.exe" = C:\Program Files\Unreal Tournament 2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Documents and Settings\gap\Desktop\postal2\Postal2STP\System\Postal2.exe" = C:\Documents and Settings\gap\Desktop\postal2\Postal2STP\System\Postal2.exe:*:Enabled:Postal2 -- ()
"C:\Nexon\DFO\DFO.exe" = C:\Nexon\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online -- (neople)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe" = C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun -- (Westwood Studios)
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe" = C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars(R): Empire at War(TM): Forces of Corruption(TM) -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01AF4645-78E6-46C4-B528-54863679CC40}" = VAIO SLIT-C Screen Saver
"{09F4655B-C804-4AD0-B7DF-078E338F8F85}" = League of Legends
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D490016-5D01-4CB3-A037-55814AC63D2E}" = Giga Pocket Hardware Library 5.5
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{266AEE68-5718-4A31-BDD3-D356B1250C70}" = VAIO SLIT Pattern Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{36B662F5-0CE3-4B5D-96D1-B9218109DED1}" = Kodak EasyShare printer dock 6000
"{38B39865-D988-4945-9A22-6107B8B40953}" = C4200
"{394DC0BC-5476-4260-B52C-BDE1BDEFA958}" = Unreal Tournament 2004
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48820099-ED7D-424B-890C-9A82EF00656C}" = VAIO Update 2
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}" = VAIO Remote Commander Utility 6.2
"{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{64F8B9AF-983F-48CE-ABBB-F62BEC02C5A0}" = System Requirements Lab
"{657DD6DA-B07B-40FF-9DBD-2116F7E83CF6}" = OpenMG Secure Module 3.4.00
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.02
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.0
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 2.0.02
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{979F6A6B-4CB0-424E-8E70-AA2ED38B4CCC}" = Giga Pocket Demo Movie
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98A3A654-3AEF-42D9-BA91-DE5815EA5897}" = Click to DVD 2.0 Menu Data
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6BFDF60-FD08-4EF9-8D26-B762A19DB9A0}" = Giga Pocket 5.5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min
"{B7CAB3A0-0C18-42A5-A783-0E3FFF172935}" = MapleStory
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D84E40A2-380A-46E9-A750-6F55D398D973}" = ATI Catalyst Control Center
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CobBackup8" = Cobian Backup 8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"DFO" = DFOLauncher
"Diablo II" = Diablo II
"Driver Genius Professional Edition 2007_is1" = Driver Genius Professional Edition 2007
"Fallout 2 Restoration Project_is1" = FO2 Restoration Project 2.1.2b
"Fallout 2 Unofficial Patch_is1" = Fallout 2 Unofficial Patch 1.02.27.3
"Fallout2" = Fallout2
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Lexmark X83" = Lexmark X83
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miro" = Miro
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"MSN Music Assistant" = MSN Music Assistant
"MSN Toolbar" = MSN Toolbar
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NavNet_is1" = NavNet
"Netscape (7.02)" = Netscape (7.02)
"Netscape Online Setup" = Netscape Internet Service Setup
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix3.4-03-12-16-01" = OpenMG Limited Patch 3.4-03-12-16-01
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Starsiege TRIBES" = Starsiege TRIBES 1.8
"System Tool2011" = System Tool2011
"SystemRequirementsLab" = System Requirements Lab
"Tribes 2" = Tribes 2
"Tyranid_Mod_v04" = Dawn of War - Tyranid Mod v0.45DC
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Welcome to VAIO life" = Welcome to VAIO life
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2010 8:53:36 AM | Computer Name = ELLENS | Source = Google Update | ID = 20
Description =

Error - 9/1/2010 9:53:36 AM | Computer Name = ELLENS | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 12:33:43 PM | Computer Name = ELLENS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/11/2010 12:33:43 PM | Computer Name = ELLENS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/6/2010 10:53:36 AM | Computer Name = ELLENS | Source = Google Update | ID = 20
Description =

Error - 10/6/2010 11:53:37 AM | Computer Name = ELLENS | Source = Google Update | ID = 20
Description =

Error - 12/21/2010 7:19:35 PM | Computer Name = ELLENS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 12/21/2010 7:19:45 PM | Computer Name = ELLENS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 12/21/2010 7:19:52 PM | Computer Name = ELLENS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 12/21/2010 7:28:47 PM | Computer Name = ELLENS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

[ Application Events ]
Error - 9/1/2010 8:53:36 AM | Computer Name = ELLENS | Source = Google Update | ID = 20
Description =

Error - 9/1/2010 9:53:36 AM | Computer Name = ELLENS | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 12:33:43 PM | Computer Name = ELLENS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/11/2010 12:33:43 PM | Computer Name = ELLENS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/6/2010 10:53:36 AM | Computer Name = ELLENS | Source = Google Update | ID = 20
Description =

Error - 10/6/2010 11:53:37 AM | Computer Name = ELLENS | Source = Google Update | ID = 20
Description =

Error - 12/21/2010 7:19:35 PM | Computer Name = ELLENS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 12/21/2010 7:19:45 PM | Computer Name = ELLENS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 12/21/2010 7:19:52 PM | Computer Name = ELLENS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 12/21/2010 7:28:47 PM | Computer Name = ELLENS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

[ System Events ]
Error - 12/21/2010 7:57:15 PM | Computer Name = ELLENS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Fax service to connect.

Error - 12/21/2010 7:57:15 PM | Computer Name = ELLENS | Source = Service Control Manager | ID = 7000
Description = The Fax service failed to start due to the following error: %%1053

Error - 12/21/2010 7:57:16 PM | Computer Name = ELLENS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Fax service to connect.

Error - 12/21/2010 7:57:16 PM | Computer Name = ELLENS | Source = Service Control Manager | ID = 7000
Description = The Fax service failed to start due to the following error: %%1053

Error - 12/21/2010 7:58:14 PM | Computer Name = ELLENS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
to connect.

Error - 12/21/2010 7:58:14 PM | Computer Name = ELLENS | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 12/21/2010 8:27:01 PM | Computer Name = ELLENS | Source = Service Control Manager | ID = 7000
Description = The Genesys Logic USB Scanner Controller NT 5.0 service failed to
start due to the following error: %%2

Error - 12/21/2010 8:27:01 PM | Computer Name = ELLENS | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 12/21/2010 8:27:24 PM | Computer Name = ELLENS | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 12/21/2010 8:27:43 PM | Computer Name = ELLENS | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).


< End of report >

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 11:56 am

SOrry it was far too large and i can't attach it apparently

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Wed 22 Dec 2010, 11:57 am

Please post the main OTL.txt as well.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 12:00 pm

I can't it won't let me. I try to upload it and it gives me an error I try to post it and it says too large.

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Wed 22 Dec 2010, 12:02 pm

Can you attach the log?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 12:04 pm

I tried it gives me an error. But it's not on my end, because I can attach it to other forums too.

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 12:08 pm

Now Hnl.exe is using up 60% of my CPU...its coming back.

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Wed 22 Dec 2010, 12:15 pm

Okay please upload the log at [You must be registered and logged in to see this link.] and post the share URL.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 12:17 pm

[You must be registered and logged in to see this link.]

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Wed 22 Dec 2010, 12:22 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKCU..\Run: [JP595IR86O] C:\Documents and Settings\gap\Local Settings\temp\Hnl.exe ()
    O4 - HKCU..\Run: [YRUvoXXeDU.exe] C:\Documents and Settings\All Users\Application Data\YRUvoXXeDU.exe File not found
    [2010/12/21 18:28:25 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2010/12/21 18:27:35 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 12:26 pm

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JP595IR86O deleted successfully.
C:\Documents and Settings\gap\Local Settings\temp\Hnl.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YRUvoXXeDU.exe deleted successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.

OTL by OldTimer - Version 3.2.18.0 log created on 12212010_192509

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Wed 22 Dec 2010, 12:29 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 12:30 pm

I already have MBam installed but I have stuff in Quarantine from years ago. Is it safe to unstall and reinstall

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 12:30 pm

Also, Hpodia.exe appeared

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Thu 23 Dec 2010, 11:17 am

Okay.
Please install the newest version of MBAM anyway.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Fri 24 Dec 2010, 3:45 am

Is this normal whenever I do a google search it redirects me back to googls homepage

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Fri 24 Dec 2010, 7:39 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Fri 24 Dec 2010, 10:52 am

Sorry if im late with the replies.

Do you want me to go ahead with the mbam scan or just not do it?

Okay heres the deal, whenever O open IE i get a pop up from my anti virus about sshnas21 from ssytem 32 trying to access my PC

How badly am I infected now? I want to believe it's not so bad since my PC is useable.

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Sat 25 Dec 2010, 1:57 am

ALso, my antivirus isn't starting.


EDIT: it turned on again -__-.

Go on ahead with Combofix?

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Sat 25 Dec 2010, 10:42 am

Do the Combofix scan please.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Mon 27 Dec 2010, 1:55 am

I can't disable my antivirus...

I clicked on the AntiVir and disabled it and made sure but ComboFix is still saying it's active

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Mon 27 Dec 2010, 8:58 am

Also, to open any browser I have to disable my antivirus. yet in my task manager I still see it's processes running and i can't end them because it says access denied. I also have 2 rundll32.exes running, which is odd since I've never had them running in my task list before (i know what they are and they are vital to my PC).



LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Tue 28 Dec 2010, 8:35 am

Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Run Combofix now please.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Sponsored content Today at 2:52 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum