[hpsyche]

this is the copy of hijack in my computer pls help me


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:25 PM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\algg.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Intellinet\intelin2.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windowsisearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windowsisearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windowsisearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windowsisearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windowsisearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windowsisearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windowsisearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windowsisearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windowsisearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windowsisearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: 829275 helper - {616F9AB4-A605-48B5-B7AE-B6B68E6C3CAB} - C:\WINDOWS\system32\829275\829275.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe
O4 - HKCU\..\Run: [Intellinet] C:\Program Files\Intellinet\Intelinet.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieprogram...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieprogram...om/redirect.php (file missing)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1219086947937
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intellinet\intelin2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7741 bytes

hope this will be resolved thx

[Advertisements]

Hello hpsyche !

Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

[Egwene]

Hello hpsyche !

Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

[Egwene]

Hello hpsyche,

Let's begin the removal

1) Disable real-time protections :

--> Please disable AVG8 real-time protection, more help here : http://www.bleepingc...opic114351.html

2) Run SmitfraudFix option 2 :

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Reboot into normal mode.

3) Run RSIT :

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

N.B : Please check if you have posted me all the content of the log. If not, please post me what is missing in a other reply

Regards,
Egwene.

[hpsyche]

ive done it , this is my
rapport

SmitFraudFix v2.353

Scan done at 6:40:54.56, Sun 09/21/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\algg.exe Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Antivirus Scan.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Spyware Test.url Deleted
C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Scan.url Deleted
C:\Program Files\Applications\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\system32\829275\829275.dll deleted.
C:\WINDOWS\system32\829275\ deleted.


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{4BB4608B-DE68-4BAF-8DFF-CC6C0FCA3B83}: DhcpNameServer=192.168.3.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

and this is the other one, as ive used rsit tool in
normal mode
Logfile of random's system information tool 1.02 (written by random/random)
Run by Administrator at 2008-09-21 07:09:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (65%) free of 36 GB
Total RAM: 2039 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:09:11, on 9/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [Intellinet] C:\Program Files\Intellinet\Intelinet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1219086947937
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intellinet\intelin2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 5707 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\rpc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-18 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-08-26 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"PowerBar"=C:\WINDOWS\system32\
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-26 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot []
"Intellinet"=C:\Program Files\Intellinet\Intelinet.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-22 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-09-21 06:46:08 ----D---- C:\rsit
2008-09-21 06:41:11 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-21 06:40:54 ----A---- C:\rapport.txt
2008-09-21 06:40:34 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-21 06:40:34 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-21 06:40:34 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-09-21 06:40:34 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-21 06:40:34 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-21 06:40:34 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-21 06:40:34 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-21 06:40:33 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-21 06:36:39 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-21 06:31:14 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-09-21 06:31:14 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-21 06:31:14 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-21 06:31:13 ----A---- C:\WINDOWS\system32\swsc.exe
2008-09-21 06:31:11 ----A---- C:\WINDOWS\system32\swreg.exe
2008-09-21 06:31:10 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-20 12:27:08 ----D---- C:\Program Files\Trend Micro
2008-09-20 12:17:34 ----D---- C:\!KillBox
2008-09-20 12:01:49 ----D---- C:\Program Files\Spyware Doctor
2008-09-20 12:01:49 ----D---- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-09-20 11:53:19 ----D---- C:\Program Files\Intellinet
2008-09-20 06:30:22 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-10 22:01:22 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-10 22:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 22:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 21:05:41 ----A---- C:\WINDOWS\system32\muweb.dll
2008-09-10 21:05:41 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-10 21:05:41 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-09 23:57:28 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-09-09 23:56:51 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-09 23:54:25 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-09 23:54:03 ----D---- C:\Program Files\Windows Live
2008-09-09 23:53:51 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-07 18:17:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-09-07 18:17:37 ----D---- C:\Program Files\Mozilla Firefox
2008-09-06 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-09-06 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-09-06 03:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-09-06 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-09-05 00:19:24 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-05 00:19:23 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-09-05 00:19:05 ----D---- C:\Program Files\Windows Media Connect 2
2008-09-05 00:18:51 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-09-05 00:17:52 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-09-05 00:17:16 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-05 00:17:10 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-09-04 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-03 17:15:37 ----D---- C:\WINDOWS\Prefetch
2008-09-03 17:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-03 17:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-03 17:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-03 17:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-03 17:11:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-03 17:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-03 17:10:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-03 17:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-03 17:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-03 17:01:51 ----D---- C:\WINDOWS\system32\scripting
2008-09-03 17:01:50 ----D---- C:\WINDOWS\l2schemas
2008-09-03 17:01:49 ----D---- C:\WINDOWS\system32\en
2008-09-03 17:01:49 ----D---- C:\WINDOWS\system32\bits
2008-09-03 16:51:47 ----D---- C:\WINDOWS\network diagnostic
2008-09-03 16:49:39 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-03 16:45:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-03 16:36:28 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-03 16:36:24 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-03 16:36:22 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-03 16:36:22 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-03 16:36:20 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-09-03 16:36:17 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-03 16:36:17 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-03 16:36:07 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-03 16:36:05 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-03 16:36:05 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-03 16:36:04 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-03 16:36:04 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-03 16:36:04 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-03 16:36:04 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-03 16:36:03 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-03 16:36:02 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-03 16:35:54 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-03 16:35:54 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-03 16:35:54 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-03 16:35:54 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-03 16:35:53 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-03 16:35:51 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-03 16:35:51 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-03 16:35:36 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-03 16:35:36 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-03 16:35:36 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-03 16:35:35 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-03 16:35:30 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-03 16:35:16 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-03 16:35:16 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-03 16:35:16 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-03 16:35:16 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-03 16:35:15 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-03 16:34:47 ----A---- C:\WINDOWS\003135_.tmp
2008-09-03 16:34:45 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-03 16:34:45 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-03 16:34:45 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-03 16:34:45 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-03 16:34:45 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-03 16:34:45 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-03 16:34:45 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-03 16:34:45 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-03 16:34:44 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-03 16:34:44 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-03 16:34:44 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-03 16:34:44 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-03 16:34:44 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-03 16:34:44 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-03 16:34:44 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-03 16:34:43 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-03 16:34:43 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-03 16:34:43 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-03 16:34:41 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-03 16:34:38 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-03 16:34:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-03 16:34:32 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-26 03:24:16 ----D---- C:\Program Files\Gravity
2008-08-24 03:02:03 ----D---- C:\WINDOWS\ie7updates
2008-08-24 03:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-08-24 00:40:19 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-08-24 00:40:19 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-08-24 00:40:19 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-08-24 00:40:19 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-08-24 00:40:19 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-08-24 00:40:19 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-08-24 00:40:19 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-08-24 00:40:18 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-08-24 00:40:18 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-08-24 00:40:18 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-08-24 00:40:18 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-08-24 00:40:18 ----N---- C:\WINDOWS\system32\px.dll
2008-08-24 00:40:02 ----D---- C:\Program Files\DivX
2008-08-23 20:54:46 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-08-23 20:54:25 ----D---- C:\Program Files\Realtek AC97
2008-08-23 20:54:21 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2008-08-23 20:54:18 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2008-08-23 20:54:18 ----A---- C:\WINDOWS\soundman.exe
2008-08-23 20:54:17 ----A---- C:\WINDOWS\alcupd.exe
2008-08-23 20:54:17 ----A---- C:\WINDOWS\Alcrmv.exe
2008-08-23 20:36:00 ----D---- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-08-23 20:35:07 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-08-23 20:35:07 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-08-23 20:35:07 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-08-23 20:35:07 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-08-23 20:35:04 ----A---- C:\WINDOWS\system32\unrar.dll
2008-08-23 20:35:03 ----A---- C:\WINDOWS\avisplitter.ini
2008-08-23 20:34:59 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-08-23 20:34:58 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-08-23 20:34:58 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-08-23 20:34:56 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-23 20:34:56 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-08-23 20:34:54 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-08-23 20:34:54 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-08-23 20:34:53 ----D---- C:\Program Files\K-Lite Codec Pack
2008-08-23 20:34:53 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2008-08-23 19:45:26 ----D---- C:\swsetup
2008-08-23 19:13:20 ----A---- C:\WINDOWS\HideWin.exe
2008-08-23 15:01:01 ----D---- C:\Program Files\Common Files\Real
2008-08-23 15:00:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Real
2008-08-23 14:19:36 ----D---- C:\WINDOWS\system32\quicktime
2008-08-23 13:58:36 ----D---- C:\Program Files\Free Offers from Freeze.com
2008-08-23 13:58:10 ----A---- C:\WINDOWS\system32\WINUTIL5.DLL
2008-08-23 13:58:10 ----A---- C:\WINDOWS\system32\CapiCom.dll
2008-08-23 13:50:27 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2008-08-23 13:48:09 ----D---- C:\Program Files\VideoLAN
2008-08-23 13:28:43 ----HD---- C:\WINDOWS\msdownld.tmp
2008-08-23 13:28:29 ----D---- C:\WINDOWS\WBEM
2008-08-23 13:28:28 ----D---- C:\WINDOWS\system32\en-US
2008-08-23 13:26:58 ----HDC---- C:\WINDOWS\ie7
2008-08-23 13:26:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-08-23 13:26:23 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-08-23 13:25:35 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-08-23 13:25:23 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-08-23 13:24:21 ----D---- C:\Documents and Settings\Administrator\Application Data\DivX

======List of files/folders modified in the last 1 months======

2008-09-21 07:09:10 ----D---- C:\WINDOWS\Temp
2008-09-21 06:48:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-21 06:45:31 ----D---- C:\WINDOWS\system32\drivers
2008-09-21 06:42:12 ----D---- C:\WINDOWS\system32
2008-09-21 06:41:12 ----RD---- C:\Program Files
2008-09-21 06:36:39 ----D---- C:\WINDOWS
2008-09-21 06:35:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-20 06:31:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-20 06:23:54 ----HD---- C:\$AVG8.VAULT$
2008-09-20 04:48:09 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-19 08:41:22 ----SHD---- C:\WINDOWS\Installer
2008-09-14 12:36:33 ----D---- C:\WINDOWS\system32\DirectX
2008-09-14 12:36:19 ----D---- C:\WINDOWS\WinSxS
2008-09-13 14:43:14 ----D---- C:\Program Files\Warcraft III
2008-09-10 22:01:18 ----HD---- C:\WINDOWS\inf
2008-09-10 22:01:05 ----A---- C:\WINDOWS\imsins.BAK
2008-09-10 00:01:12 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-09-09 23:54:25 ----D---- C:\Program Files\Common Files
2008-09-09 23:54:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-08 03:00:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-07 18:30:35 ----D---- C:\WINDOWS\system32\DllCache
2008-09-05 01:00:57 ----D---- C:\Program Files\Windows Media Player
2008-09-05 00:19:15 ----A---- C:\WINDOWS\win.ini
2008-09-05 00:19:01 ----D---- C:\WINDOWS\Help
2008-09-03 17:17:26 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-03 17:16:03 ----A---- C:\WINDOWS\setuplog.txt
2008-09-03 17:14:56 ----D---- C:\WINDOWS\system32\Setup
2008-09-03 17:14:56 ----D---- C:\Program Files\Messenger
2008-09-03 17:14:55 ----D---- C:\WINDOWS\system32\wbem
2008-09-03 17:14:55 ----D---- C:\WINDOWS\AppPatch
2008-09-03 17:14:53 ----RSD---- C:\WINDOWS\Fonts
2008-09-03 17:11:34 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-03 17:09:45 ----D---- C:\WINDOWS\security
2008-09-03 17:02:12 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-03 17:02:12 ----D---- C:\WINDOWS\ime
2008-09-03 17:01:52 ----D---- C:\WINDOWS\system32\usmt
2008-09-03 17:01:49 ----D---- C:\WINDOWS\PeerNet
2008-09-03 17:01:49 ----D---- C:\Program Files\Movie Maker
2008-09-03 16:55:28 ----D---- C:\WINDOWS\system32\Restore
2008-09-03 16:55:27 ----D---- C:\WINDOWS\system32\npp
2008-09-03 16:55:27 ----D---- C:\WINDOWS\mui
2008-09-03 16:55:25 ----D---- C:\WINDOWS\msagent
2008-09-03 16:55:22 ----D---- C:\WINDOWS\srchasst
2008-09-03 16:55:17 ----D---- C:\Program Files\NetMeeting
2008-09-03 16:55:14 ----D---- C:\WINDOWS\system32\Com
2008-09-03 16:55:08 ----D---- C:\Program Files\Windows NT
2008-09-03 16:55:08 ----D---- C:\Program Files\Outlook Express
2008-09-03 16:55:02 ----D---- C:\Program Files\Common Files\System
2008-09-03 16:54:35 ----D---- C:\WINDOWS\system32\oobe
2008-09-03 16:54:31 ----D---- C:\WINDOWS\system
2008-09-03 16:45:28 ----D---- C:\WINDOWS\ehome
2008-09-03 16:16:19 ----D---- C:\WINDOWS\Debug
2008-08-26 13:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-26 03:24:15 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-24 03:02:33 ----D---- C:\Program Files\Internet Explorer
2008-08-23 19:23:35 ----D---- C:\Program Files\Common Files\InstallShield
2008-08-23 13:58:30 ----SD---- C:\WINDOWS\Tasks
2008-08-23 13:28:21 ----D---- C:\WINDOWS\Media

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-18 26824]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-08-18 76040]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-10-23 170392]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-22 804317]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-25 1077640]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-18 138168]
S3 IntelinetSecure;IntelinetSecure; C:\Program Files\Intellinet\intelin2.exe [2008-09-17 856064]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
by the way when i was finding this one rsit tool
i cant find it because of dr.watson's debugger or something like that (my computer ask me to send an error report)that's why i just repeat the scanning of rsit tool and copy it and paste it in here.


thank you for helping me ..
by the way i i got my homepage back..
hmm what to do next?

[Egwene]

Hello hpsyche,

O4 - HKCU\..\Run: [Intellinet] C:\Program Files\Intellinet\Intelinet.exe

Do you know this program ?

Let's go on

1) Viruscan :

• Please go to VirScan
• Copy and paste the following file path into the Suspicious files to scan box.
  o C:\Program Files\Intellinet\Intelinet.exe
• Click on the Upload button
• Once the Scan has completed, click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

2) Get an uninstall list :

Please open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

3) Run MBAM :

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Regards,
Egwene.

[hpsyche]

done but the first step cannot be done.
it just always stops at anylizing data
as i remember i downloaded it to get rid of the spywares just like what i did when i downloaded spyware doctor.
but, they only scan your computer and tell you that you have viruses and malwares so you should buy their products.
i already unistalled intellinet before so i can erase that easily and i wanted to but ill wait for your commands before ill do anything.
i ldo not unistall the spyware doctor cause it has intelliguard, it says that intelliguard will protect you from upcoming viruses.
but when i started to follow your commands i disabled intelliguard. so should i erase them all? and now i scanned using spyware doctor and it says
3 threats and 6 infections those are: Adware.Advertising 3 infections, Application.TrackingCookies 2 infections, Application.Windows_file_Protection_Disabled those were the problems said . it doesnt changed, even before when i started scanning using it.
should i uninstall it and erase all of it?


Adobe Flash Player ActiveX
AVG Free 8.0
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Solution
FoxyTunes for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
K-Lite Mega Codec Pack 4.1.7
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Multimedia Launcher
Nero OEM
PowerDVD
RagnarokOnline
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Spyware Doctor 6.0
SunlitGreen PhotoEdit 1.3
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Windows Live installer
Windows Live Photo Gallery
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar


mbam\


this is the first scan

Malwarebytes' Anti-Malware 1.28
Database version: 1184
Windows 5.1.2600 Service Pack 3

9/21/2008 8:16:43 PM
mbam-log-2008-09-21 (20-16-43).txt

Scan type: Quick Scan
Objects scanned: 40699
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.


the second scan does not find anything so as the 3rd.

thanks a lot

[Egwene]

Hello hpsyche,

1) Update Java :

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

2) Run Kaspersky Online :

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

And please tell me how your computer is running now.

Regards,
Egwene.

[hpsyche]

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 22, 2008 19:45:04
Records in database: 1250911


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 27100
Threat name 1
Infected objects 3
Suspicious objects 0
Duration of the scan 01:57:42

File name Threat name Threats count
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Administrator\My Documents\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.


thx man its better now

thanks
thx
thnx

[Egwene]

Hello hpsyche,

Congralutations, your log looks clean

1) Run OTcleanIT :

Please Download OTcleanIT (OldTimer) : http://download.blee...r/OTCleanIt.exe

Open it and double-click on the "CleanUp" boutton.

2) Flush your system restore :

Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore.
* Click Apply, and then click OK.


Restart your computer.

Turn ON System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.

3) Update windows :

Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

* Click Start.
* Select Settings and then Control Panel.
* Select Automatic Updates.
* Click Automatic (recommended)
* Choose a day and a time when you know the computer will be on and connected to the internet.
* Click Apply then OK.

4) Prevention/protection :

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• If you haven't a firewall on your computer, I advice you to install one of the following : Kerio / Commodo / ZoneAlarme.
  
• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
• To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
  
• SpywareBlaster protects against bad ActiveX.
  
• IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
  Have a look at this tutorial for IE-Spyad here
  
  Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here

Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Regards,
Egwene.

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.