Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

xp internet security 2010 [Solved]


  • This topic is locked This topic is locked

#16
bo250

bo250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Autoscan: completed 12 minutes ago   (events: 12, objects: 328010, time: 04:05:57) 
19-2-2010 12:45:09 Untreated Trojans Trojan.Win32.Agent.cxkn High Exact File C:\WINDOWS\system32\ 47E Postponed 
19-2-2010 12:12:44 Untreated Trojans Trojan.Win32.Agent.dbjp High Exact File C:\System Volume Information\_restore{BAF2DB4C-9ABF-4536-9F88-8A1A4BFCDB43}\RP344\ A0020903.dll Postponed 
19-2-2010 12:07:03 Untreated Trojans Trojan.Win32.BHO.ext High Exact File C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_vyjsvmkg_.sys.zip/ vyjsvmkg.sys Postponed 
19-2-2010 12:07:03 Untreated Trojans Trojan.Win32.Agent.dbjp High Exact File C:\Qoobox\Quarantine\C\WINDOWS\system32\ mswsock32.dll.vir Postponed 
19-2-2010 10:27:35 Untreated Trojans Trojan.Win32.Agent.ctyx High Exact File C:\Documents and Settings\kim\ l Postponed 
19-2-2010 10:23:28 Task started         
19-2-2010 14:29:25 Task completed         
19-2-2010 12:45:09 Detected Trojans Trojan.Win32.Agent.cxkn High Exact File C:\WINDOWS\system32\ 47E  
19-2-2010 12:12:44 Detected Trojans Trojan.Win32.Agent.dbjp High Exact File C:\System Volume Information\_restore{BAF2DB4C-9ABF-4536-9F88-8A1A4BFCDB43}\RP344\ A0020903.dll  
19-2-2010 12:07:03 Detected Trojans Trojan.Win32.BHO.ext High Exact File C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_vyjsvmkg_.sys.zip/ vyjsvmkg.sys  
19-2-2010 12:07:03 Detected Trojans Trojan.Win32.Agent.dbjp High Exact File C:\Qoobox\Quarantine\C\WINDOWS\system32\ mswsock32.dll.vir  
19-2-2010 10:27:35 Detected Trojans Trojan.Win32.Agent.ctyx High Exact File C:\Documents and Settings\kim\ l  
  • 0

Advertisements


#17
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#18
bo250

bo250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 20-2-2010 8:02:33 - Run 2
OTL by OldTimer - Version 3.1.28.0     Folder = C:\Documents and Settings\kim\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
503,00 Mb Total Physical Memory | 191,00 Mb Available Physical Memory | 38,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 23,32 Gb Free Space | 31,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ARAGORN-F956EB8
Current User Name: kim
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010-02-17 09:08:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kim\Bureaublad\OTL.exe
PRC - [2010-02-04 11:09:18 | 000,062,856 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
PRC - [2010-01-22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010-01-22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-09-13 18:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009-08-28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-07-02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009-05-27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009-01-26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-12-12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008-11-24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008-11-24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-08 15:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005-09-23 21:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005-08-11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005-05-12 00:40:38 | 000,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005-05-11 23:23:26 | 000,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005-01-05 15:40:24 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005-01-05 15:02:46 | 002,750,464 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004-11-02 19:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2004-06-03 09:51:27 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2003-10-29 11:01:02 | 000,524,288 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010-02-17 09:08:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kim\Bureaublad\OTL.exe
MOD - [2006-05-03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2003-04-29 09:41:24 | 000,034,816 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010-01-22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-08-28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-07-02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-05-27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009-05-22 11:24:20 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9dac7846fb912) Google Update Service (gupdate1c9dac7846fb912)
SRV - [2008-12-12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008-11-24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008-11-24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008-11-24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-09-29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003-07-28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.guardian.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
[2009-03-08 14:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\Mozilla\Extensions
 
O1 HOSTS File: ([2010-02-17 18:31:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SmartSoft PDF Printer Agent.lnk = C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com, ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1133177543328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} http://stash.nugs.ne...v/dlControl.CAB (dlControl.UserControl1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.104.196 213.46.228.196
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\syfineio: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\kim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-09-19 14:10:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 14 Days ==========
 
[2010-02-19 10:08:40 | 063,976,656 | ---- | C] (                                                            ) -- C:\Documents and Settings\kim\Bureaublad\setup_9.0.0.722_19.02.2010_10-03.exe
[2010-02-18 12:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kim\Application Data\Malwarebytes
[2010-02-18 12:23:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-02-18 12:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-02-18 12:23:08 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-02-18 12:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-02-18 12:09:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-02-18 12:06:54 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kim\Bureaublad\TFC.exe
[2010-02-17 18:16:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-02-17 18:15:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-02-17 18:15:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-02-17 18:15:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-02-17 18:15:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-02-17 18:13:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-02-17 18:12:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-17 17:37:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-02-17 11:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-02-17 11:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010-02-17 09:08:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kim\Bureaublad\OTL.exe
[2010-02-16 17:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-16 15:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010-02-16 14:36:59 | 000,000,000 | ---D | C] -- C:\e7dacb7c9cb0d8083b35df6976aeb83d
[2010-02-16 12:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kim\Application Data\GetRightToGo
[2010-02-09 12:27:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010-02-08 23:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kim\.idlerc
[2010-02-08 21:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kim\Application Data\Smart PDF Creator Pro
[2010-02-08 21:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2010-02-08 21:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Smart PDF Creator Pro
[2010-02-07 19:22:12 | 000,000,000 | ---D | C] -- C:\Python31
[2010-02-02 14:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009-05-23 09:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009-05-22 11:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009-05-09 07:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009-04-07 18:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\jtblpybt
[2009-04-07 18:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\jtblpybt
[2009-03-08 15:06:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009-03-08 15:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009-03-08 15:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2009-03-08 14:59:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009-03-07 22:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2009-02-11 17:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
 
========== Files - Modified Within 14 Days ==========
 
[2010-02-20 08:00:59 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-02-20 08:00:03 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2010-02-20 07:58:00 | 000,012,674 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-20 07:55:46 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-02-20 07:55:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-20 07:55:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-20 07:55:42 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-19 19:23:13 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\kim\NTUSER.DAT
[2010-02-19 19:23:13 | 000,000,288 | -HS- | M] () -- C:\Documents and Settings\kim\ntuser.ini
[2010-02-19 19:22:45 | 004,322,566 | -H-- | M] () -- C:\Documents and Settings\kim\Local Settings\Application Data\IconCache.db
[2010-02-19 18:51:03 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-02-19 18:29:16 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\iTunes.lnk
[2010-02-19 10:08:44 | 063,976,656 | ---- | M] (                                                            ) -- C:\Documents and Settings\kim\Bureaublad\setup_9.0.0.722_19.02.2010_10-03.exe
[2010-02-19 09:53:28 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010-02-18 12:45:47 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Safari.lnk
[2010-02-18 12:23:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-02-18 12:07:51 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kim\Bureaublad\TFC.exe
[2010-02-17 18:31:55 | 000,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-17 18:31:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-02-17 18:16:42 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-02-17 18:13:27 | 003,860,833 | R--- | M] () -- C:\Documents and Settings\kim\Bureaublad\ComboFix.exe
[2010-02-17 18:01:00 | 000,015,038 | -HS- | M] () -- C:\Documents and Settings\kim\Local Settings\Application Data\JqtER501
[2010-02-17 16:04:31 | 000,000,160 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010-02-17 11:37:28 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\kim\Bureaublad\Spybot - Search & Destroy.lnk
[2010-02-17 09:08:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kim\Bureaublad\OTL.exe
[2010-02-17 09:07:21 | 000,000,063 | ---- | M] () -- C:\Documents and Settings\kim\Bureaublad\OTL.URL
[2010-02-16 17:00:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\kim\Bureaublad\HijackThis.lnk
[2010-02-16 15:00:56 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Microsoft Security Essentials.lnk
[2010-02-16 14:40:22 | 001,267,840 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-02-16 14:40:22 | 000,559,654 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-02-16 14:40:22 | 000,491,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-02-16 14:40:22 | 000,110,520 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-02-16 14:40:22 | 000,090,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-02-16 14:07:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-02-10 10:19:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-02-09 12:34:26 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-08 21:31:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SmartSoft PDF Printer Port
[2010-02-08 21:28:37 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Smart PDF Creator Pro.lnk
[2010-02-08 21:28:36 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SmartSoft PDF Printer Agent.lnk
[2010-02-08 07:20:56 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\kim\Bureaublad\Azureus.lnk
[2010-02-07 11:57:55 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\kim\Bureaublad\MediaCoder.lnk
[2010-02-06 14:57:59 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
 
========== Files Created - No Company Name ==========
 
[2010-02-19 14:43:49 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2010-02-18 13:20:18 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-02-18 12:23:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-02-17 18:16:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-02-17 18:16:40 | 000,261,936 | ---- | C] () -- C:\cmldr
[2010-02-17 18:15:20 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-02-17 18:15:19 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-02-17 18:15:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-02-17 18:15:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-02-17 18:15:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-02-17 18:09:18 | 003,860,833 | R--- | C] () -- C:\Documents and Settings\kim\Bureaublad\ComboFix.exe
[2010-02-17 16:04:22 | 000,000,160 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010-02-17 11:37:28 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\kim\Bureaublad\Spybot - Search & Destroy.lnk
[2010-02-17 09:07:21 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\kim\Bureaublad\OTL.URL
[2010-02-16 17:00:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\kim\Bureaublad\HijackThis.lnk
[2010-02-16 15:00:56 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Microsoft Security Essentials.lnk
[2010-02-16 09:52:00 | 000,015,038 | -HS- | C] () -- C:\Documents and Settings\kim\Local Settings\Application Data\JqtER501
[2010-02-08 21:31:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SmartSoft PDF Printer Port
[2010-02-08 21:28:37 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Smart PDF Creator Pro.lnk
[2010-02-08 21:28:36 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SmartSoft PDF Printer Agent.lnk
[2010-02-08 07:20:56 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\kim\Bureaublad\Azureus.lnk
[2010-02-06 14:57:59 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
[2009-10-20 10:27:17 | 000,000,082 | ---- | C] () -- C:\WINDOWS\VekaRom.INI
[2009-04-01 19:31:19 | 000,004,134 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\B9C38469-2C46-4AD5-832B-343CB8762A1F.txt
[2009-03-07 19:45:20 | 000,004,552 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B9C38469-2C46-4AD5-832B-343CB8762A1F.txt
[2009-03-07 19:43:41 | 000,005,790 | ---- | C] () -- C:\Documents and Settings\kim\Local Settings\Application Data\B9C38469-2C46-4AD5-832B-343CB8762A1F.txt
[2009-01-07 06:17:22 | 000,014,336 | -HS- | C] () -- C:\Program Files\Thumbs.db
[2008-05-16 18:37:27 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-03-03 17:35:41 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\kim\Local Settings\Application Data\fusioncache.dat
[2008-02-16 10:38:38 | 000,060,917 | ---- | C] () -- C:\Documents and Settings\kim\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2008-02-16 10:38:38 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008-02-16 10:20:04 | 000,100,309 | ---- | C] () -- C:\Documents and Settings\kim\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008-02-16 10:20:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007-10-13 10:06:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007-10-13 10:04:29 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007-08-05 12:19:37 | 000,034,126 | ---- | C] () -- C:\Program Files\05-08-07_1319.jpg
[2007-08-05 11:09:29 | 000,055,362 | ---- | C] () -- C:\Program Files\05-08-07_1209.jpg
[2007-01-20 19:28:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2006-05-21 11:15:39 | 000,037,407 | ---- | C] () -- C:\Documents and Settings\kim\Application Data\Microsoft Excel.ADR
[2006-04-13 19:05:33 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006-01-18 21:24:45 | 000,000,152 | RHS- | C] () -- C:\WINDOWS\System32\8A2CFB017D.sys
[2006-01-18 21:18:12 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006-01-06 14:48:26 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005-12-04 18:41:20 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2005-10-06 16:54:43 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005-10-03 22:35:15 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\kim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005-10-03 16:41:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005-09-19 15:29:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005-04-27 21:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004-10-26 23:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004-10-07 18:44:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004-01-23 15:31:15 | 000,001,494 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999-01-22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009-03-08 15:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007-10-15 17:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2005-10-13 18:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010-02-08 21:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2009-11-13 11:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2009-12-24 15:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-11-13 11:30:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2009-03-08 15:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\AVG7
[2010-02-19 19:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\Azureus
[2009-11-24 11:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\Belastingdienst
[2009-12-26 11:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\Broad Intelligence
[2010-02-16 12:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\GetRightToGo
[2009-07-21 21:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\Image Zone Express
[2009-04-07 18:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\jtblpybt
[2006-09-10 09:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\OLYMPUS
[2007-11-22 09:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\Samsung
[2010-02-08 21:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kim\Application Data\Smart PDF Creator Pro
[2010-02-20 08:00:59 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
 
========== Purity Check ==========
 
 
< End of report >
  • 0

#19
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - Winlogon\Notify\syfineio: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#20
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP