System TOols 2011 hijacked my PC

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

System TOols 2011 hijacked my PC

Post by LordZet on Wed 22 Dec 2010, 11:24 am

First topic message reminder :

I can't open any programs and everytime I disable it it'll just reinstall itself...

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down


Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 29 Dec 2010, 6:02 am

i did the combofix in safe mode and it still said AntiVir was still running yet I didnt see it in the task list. SHould i just ignore it and go ahead with combofix?

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Wed 29 Dec 2010, 9:22 am

Yes please.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Thu 30 Dec 2010, 3:58 am

When I loged in I got an error that rundll32-
c:\windows\sgavd32.dll encountered an error

Then hpodia.exe popped up from my anti virus and I sent it to quarintine

ComboFix 10-12-25.03 - gap 12/29/2010 9:40.11.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.795 [GMT -6:00]
Running from: c:\documents and settings\gap\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\gap\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\gap\Application Data\Adobe\plugs
c:\documents and settings\gap\Application Data\Adobe\plugs\KB835915468.exe
c:\documents and settings\gap\Application Data\Adobe\plugs\KB835955750.exe
c:\documents and settings\gap\Start Menu\Programs\System Tool
c:\windows\sgavd32.dll
c:\windows\system32\Oeminfo.ini
c:\windows\system32\sshnas21.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
.

2010-12-22 01:25 . 2010-12-22 01:25 -------- d-----w- C:\_OTL
2010-12-22 00:06 . 2010-12-22 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\New Folder
2010-12-21 23:16 . 2010-12-21 23:16 126464 --sha-r- c:\windows\system32\netui2B.dll
2010-12-21 23:16 . 2010-12-21 23:16 215040 ----a-w- c:\windows\Hpodia.exe
2010-12-20 00:53 . 2010-12-20 00:57 159867409 ----a-w- C:\F2_Restoration_Project_2.1.2b.exe
2010-12-20 00:48 . 2010-12-20 00:48 8140792 ----a-w- C:\unofficialFO2patch.exe
2010-12-18 01:28 . 2010-12-18 01:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-12-18 01:28 . 2010-12-18 01:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-18 01:28 . 2010-12-18 01:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-12-12 02:10 . 2010-12-12 02:10 -------- d-----w- c:\program files\iPod
2010-12-12 02:10 . 2010-12-12 02:11 -------- d-----w- c:\program files\iTunes
2010-12-12 02:10 . 2010-12-12 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-12 02:07 . 2010-12-12 02:07 -------- d-----w- c:\program files\Apple Software Update
2010-12-12 02:04 . 2010-12-12 02:04 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23 . 2010-10-07 18:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-20 05:34 . 2010-02-20 05:09 576000 ----a-w- c:\program files\ISSetup.dll
2010-02-20 05:33 . 2010-02-20 05:09 473 ----a-w- c:\program files\layout.bin
2001-06-20 21:19 . 2001-06-19 21:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-25 2937528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-01 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remocon Driver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk
backup=c:\windows\pss\Remocon Driver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^gap^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\gap\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-05-23 18:43 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2005-08-05 20:08 67160 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-31 19:22 50480 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 22:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-05-13 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-19 18:42 133104 ----atw- c:\documents and settings\gap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 07:07 114688 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 02:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 07:19 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 02:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
2001-06-14 17:42 53248 ----a-w- c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
2001-10-18 15:25 40960 ----a-w- c:\progra~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2002-06-27 08:47 36864 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-09-01 02:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-01-17 11:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Sony TV Tuner Manager"=3 (0x3)
"Sony TV Tuner Controller"=3 (0x3)
"Giga Pocket Hardware Detector"=2 (0x2)
"SymWSC"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"iPodService"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"VAIOMediaPlatform-VideoServer-UPnP"=2 (0x2)
"VAIOMediaPlatform-VideoServer-HTTP"=2 (0x2)
"VAIOMediaPlatform-VideoServer-AppServer"=2 (0x2)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-HTTP"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-AppServer"=2 (0x2)
"VAIO Entertainment UPnP Client Adapter"=3 (0x3)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"VAIO Entertainment File Import Service"=2 (0x2)
"VAIO Entertainment Aggregation and Control Service"=3 (0x3)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\gap\\Desktop\\postal2\\Postal2STP\\System\\Postal2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56476:TCP"= 56476:TCP:Pando Media Booster
"56476:UDP"= 56476:UDP:Pando Media Booster
"56980:TCP"= 56980:TCP:Pando Media Booster
"56980:UDP"= 56980:UDP:Pando Media Booster
"57917:TCP"= 57917:TCP:Pando Media Booster
"57917:UDP"= 57917:UDP:Pando Media Booster
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/15/2009 3:34 PM 108289]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [10/28/2004 8:45 AM 15104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 8:44 PM 136176]
S3 cpuz130;cpuz130;\??\c:\docume~1\gap\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\gap\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [6/26/2004 7:19 PM 86098]
S4 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 02:44]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 02:44]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185701209-1548109994-1205914860-1005Core.job
- c:\documents and settings\gap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 18:42]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185701209-1548109994-1205914860-1005UA.job
- c:\documents and settings\gap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 18:42]

2004-07-25 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-03-31 07:56]

2010-12-28 c:\windows\Tasks\WebReg Photosmart C4200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-11 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\[You must be registered and logged in to see this link.]
Trusted Zone: windowsupdate.com
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\gap\Application Data\Mozilla\Firefox\Profiles\tiz06pr6.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Vista on XP: {07b2a769-ed19-4483-87ce-c643914c81b1} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
FF - Ext: Remove It Permanently: {1dbc4a33-ea62-4330-966c-7bdad3455322} - %profile%\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
FF - Ext: HideTab: {B347DFB4-AC21-11DD-9016-B77D55D89593} - %profile%\extensions\{B347DFB4-AC21-11DD-9016-B77D55D89593}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Firefox 2, the theme, reloaded: {fd2f951f-77ea-4938-9493-0c892c027a13} - %profile%\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}
FF - Ext: Firefox 2.0 Classic: {f74dbf52-80a6-4cb7-84e3-2e506dc4c1f0} - %profile%\extensions\{f74dbf52-80a6-4cb7-84e3-2e506dc4c1f0}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [You must be registered and logged in to see this link.] - c:\documents and settings\gap\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Rsaqifohahur - c:\windows\sgavd32.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-29 10:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService.exe
c:\windows\system32\UAService7.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\fxssvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-12-29 10:54:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-29 16:54
ComboFix2.txt 2010-07-23 19:46
ComboFix3.txt 2009-09-04 23:24

Pre-Run: 19,745,796,096 bytes free
Post-Run: 20,317,396,992 bytes free

- - End Of File - - B133C38C0B4E51568781BC38CA38AB00

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Thu 30 Dec 2010, 4:04 am

I'm still being redirected on google. The site I see in my blocked list is oeogitahgnnr.com but when I go there nothing happens. It only does this on firefox no other browser.

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Thu 30 Dec 2010, 12:27 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\windows\system32\netui2B.dll
    c:\windows\Hpodia.exe

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
    uInternet Settings,ProxyOverride = ;*.local
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Thu 30 Dec 2010, 12:29 pm

Hey i still can't fully disable my AntiVir. Can i just ignore it and go ahead with the scan?

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Tue 04 Jan 2011, 3:47 am

Sorry for the late reply I've been busy lately.

ComboFix 11-01-02.04 - gap 01/03/2011 10:01:18.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.676 [GMT -6:00]
Running from: c:\documents and settings\gap\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\gap\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\Hpodia.exe"
"c:\windows\system32\netui2B.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\netui2B.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2010-12-22 01:25 . 2010-12-22 01:25 -------- d-----w- C:\_OTL
2010-12-22 00:06 . 2010-12-22 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\New Folder
2010-12-20 00:53 . 2010-12-20 00:57 159867409 ----a-w- C:\F2_Restoration_Project_2.1.2b.exe
2010-12-20 00:48 . 2010-12-20 00:48 8140792 ----a-w- C:\unofficialFO2patch.exe
2010-12-18 01:28 . 2010-12-18 01:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-12-18 01:28 . 2010-12-18 01:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-18 01:28 . 2010-12-18 01:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-12-12 02:10 . 2010-12-12 02:10 -------- d-----w- c:\program files\iPod
2010-12-12 02:10 . 2010-12-12 02:11 -------- d-----w- c:\program files\iTunes
2010-12-12 02:10 . 2010-12-12 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-12 02:07 . 2010-12-12 02:07 -------- d-----w- c:\program files\Apple Software Update
2010-12-12 02:04 . 2010-12-12 02:04 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23 . 2010-10-07 18:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-20 05:34 . 2010-02-20 05:09 576000 ----a-w- c:\program files\ISSetup.dll
2010-02-20 05:33 . 2010-02-20 05:09 473 ----a-w- c:\program files\layout.bin
2001-06-20 21:19 . 2001-06-19 21:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-25 2937528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-01 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remocon Driver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk
backup=c:\windows\pss\Remocon Driver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^gap^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\gap\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-05-23 18:43 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2005-08-05 20:08 67160 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-31 19:22 50480 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 22:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-05-13 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-19 18:42 133104 ----atw- c:\documents and settings\gap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 07:07 114688 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 02:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 07:19 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 02:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
2001-06-14 17:42 53248 ----a-w- c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
2001-10-18 15:25 40960 ----a-w- c:\progra~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2002-06-27 08:47 36864 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-09-01 02:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-01-17 11:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Sony TV Tuner Manager"=3 (0x3)
"Sony TV Tuner Controller"=3 (0x3)
"Giga Pocket Hardware Detector"=2 (0x2)
"SymWSC"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"iPodService"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"VAIOMediaPlatform-VideoServer-UPnP"=2 (0x2)
"VAIOMediaPlatform-VideoServer-HTTP"=2 (0x2)
"VAIOMediaPlatform-VideoServer-AppServer"=2 (0x2)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-HTTP"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-AppServer"=2 (0x2)
"VAIO Entertainment UPnP Client Adapter"=3 (0x3)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"VAIO Entertainment File Import Service"=2 (0x2)
"VAIO Entertainment Aggregation and Control Service"=3 (0x3)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\gap\\Desktop\\postal2\\Postal2STP\\System\\Postal2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56476:TCP"= 56476:TCP:Pando Media Booster
"56476:UDP"= 56476:UDP:Pando Media Booster
"56980:TCP"= 56980:TCP:Pando Media Booster
"56980:UDP"= 56980:UDP:Pando Media Booster
"57917:TCP"= 57917:TCP:Pando Media Booster
"57917:UDP"= 57917:UDP:Pando Media Booster
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/15/2009 3:34 PM 108289]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [10/28/2004 8:45 AM 15104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 8:44 PM 136176]
S3 cpuz130;cpuz130;\??\c:\docume~1\gap\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\gap\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [6/26/2004 7:19 PM 86098]
S4 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 02:44]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 02:44]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185701209-1548109994-1205914860-1005Core.job
- c:\documents and settings\gap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 18:42]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185701209-1548109994-1205914860-1005UA.job
- c:\documents and settings\gap\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 18:42]

2004-07-25 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-03-31 07:56]

2011-01-02 c:\windows\Tasks\WebReg Photosmart C4200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-11 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\[You must be registered and logged in to see this link.]
Trusted Zone: windowsupdate.com
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\gap\Application Data\Mozilla\Firefox\Profiles\tiz06pr6.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Vista on XP: {07b2a769-ed19-4483-87ce-c643914c81b1} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
FF - Ext: Remove It Permanently: {1dbc4a33-ea62-4330-966c-7bdad3455322} - %profile%\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
FF - Ext: HideTab: {B347DFB4-AC21-11DD-9016-B77D55D89593} - %profile%\extensions\{B347DFB4-AC21-11DD-9016-B77D55D89593}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Firefox 2, the theme, reloaded: {fd2f951f-77ea-4938-9493-0c892c027a13} - %profile%\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}
FF - Ext: Firefox 2.0 Classic: {f74dbf52-80a6-4cb7-84e3-2e506dc4c1f0} - %profile%\extensions\{f74dbf52-80a6-4cb7-84e3-2e506dc4c1f0}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [You must be registered and logged in to see this link.] - c:\documents and settings\gap\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-01-03 10:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-03 10:44:49
ComboFix-quarantined-files.txt 2011-01-03 16:44
ComboFix2.txt 2010-12-29 16:54
ComboFix3.txt 2010-07-23 19:46
ComboFix4.txt 2009-09-04 23:24

Pre-Run: 19,615,305,728 bytes free
Post-Run: 19,761,963,008 bytes free

- - End Of File - - CA383C788895BCC5A5F333DA3932FD53

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Tue 04 Jan 2011, 12:24 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Thu 06 Jan 2011, 1:30 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b072baad2ad8f248895a58a597658207
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-06 02:28:25
# local_time=2011-01-05 08:28:25 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 53051754 53051754 0 0
# compatibility_mode=768 16777215 100 0 117606332 117606332 0 0
# compatibility_mode=1026 16777214 0 2 56999821 56999821 0 0
# compatibility_mode=1797 16775125 100 100 0 68219282 11456 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=169197
# found=6
# cleaned=6
# scan_time=7789
C:\Documents and Settings\gap\Desktop\Portable SuprerantiS P3.9.0.1008\SUPERAntiSpyware.exe probably a variant of Win32/IRCBot.LHPUSJR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\gap\Desktop\Portable SuprerantiS P3.9.0.1008\Portable SuprerantiS P3.9.0.1008\SUPERAntiSpyware.exe probably a variant of Win32/IRCBot.LHPUSJR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\gap\Desktop\Portable SuprerantiS P3.9.0.1008\Portable SuprerantiS P3.9.0.1008\Thinstall\SUPERAntiSpyware Professional\4000002800002i\SSUPDATE.EXE probably a variant of Win32/IRCBot.NVFXZZI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\gap\Desktop\Portable SuprerantiS P3.9.0.1008\Thinstall\SUPERAntiSpyware Professional\4000002800002i\SSUPDATE.EXE probably a variant of Win32/IRCBot.NVFXZZI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\gap\Desktop\tools\b2\backup-20090908-110929-501.dll Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Driver-Soft\DriverGenius\NvDriverTweak.exe probably a variant of Win32/TrojanDownloader.Adload.KXYLVMS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Fri 07 Jan 2011, 11:02 am

Hello.

Please download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Fri 07 Jan 2011, 11:51 am

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\gap\application data\macromedia\flash player\#sharedobjects\wj8ds34h\crackle.com\cracklesettings.sol
c:\documents and settings\gap\application data\macromedia\flash player\#sharedobjects\wj8ds34h\widgets.cracked.com\clearspring.sol
c:\documents and settings\gap\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\documents and settings\gap\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#widgets.cracked.com\settings.sol
c:\documents and settings\gap\application data\utorrent\age of empires 3 full dvd +crack + serial.iso.torrent
c:\documents and settings\gap\favorites\crackdown - stunt locations - msxbox-world forums.url
c:\documents and settings\gap\my documents\downloads\age of empires 3 full dvd +crack + serial.iso
c:\documents and settings\gap\my documents\my videos\miro\torment\extras\no cd-crack\pstcrack2cd.zip
scanner sequence 3.CE.11
----- EOF -----

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Sat 08 Jan 2011, 9:46 am

Hello.
I see in logs several signs of crack/keygens, these are dangerous, please remove them.

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Sat 08 Jan 2011, 10:00 am

Oh those were stuff I used years ago. I had thought i deleted them.

It's running normally now.

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Sun 09 Jan 2011, 10:05 am

Download Security Check by screen317 and save it to your Desktop.

  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Sun 09 Jan 2011, 12:36 pm

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java DB 10.5.3.0
Java(TM) 6 Update 20
Java(TM) SE Development Kit 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.3.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Mon 10 Jan 2011, 10:27 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.3.2
    Java(TM) 6 Update 20
    Java(TM) SE Development Kit 6 Update 20

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 23.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader X

Download and install VLC Player 1.1.5
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Mon 10 Jan 2011, 12:33 pm

It's running normally. Ugh it installed Mcafee

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Tue 11 Jan 2011, 11:27 am

You can uninstall the security scan plus if you want through add/remove programs.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 12 Jan 2011, 12:36 am

Yeah I did.

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Belahzur on Wed 12 Jan 2011, 10:05 am

Okay, you should be good to go.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

  • Firefox may be downloaded from here: [You must be registered and logged in to see this link.]
  • Opera is available here: [You must be registered and logged in to see this link.]
  • Google Chrome is available here: Google Chrome
  • SRWare Iron is available here: SRWare Iron

Thank you for choosing GeekPolice. [You must be registered and logged in to see this link.]


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by LordZet on Wed 12 Jan 2011, 12:37 pm

Thanks fer helpin

LordZet

Rookie Surfer
Rookie Surfer

Posts : 100
Joined : 2009-08-27
Operating System : XP

View user profile

Back to top Go down

Re: System TOols 2011 hijacked my PC

Post by Sponsored content Today at 11:17 am


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum