WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93117 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer runs super slow

Started by DanielDude , Jan 28 2011 11:26 PM

This topic is locked

25 replies to this topic

#16 DanielDude

Authentic Member

Authentic Member
75 posts

Posted 10 February 2011 - 05:14 AM

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=d962d098b250b74799674a214e6925e8 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-10 08:11:59 # local_time=2011-02-10 03:11:59 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 89079788 89079788 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=125327 # found=26 # cleaned=0 # scan_time=6794 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.39001 Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.96604 a variant of Win32/Adware.Virtumonde.NDM application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\10\653a8b4a-176dbb97 probably a variant of Win32/Agent.FPEXZHL trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\34\6aed6d62-5b221508 a variant of Java/TrojanDownloader.Agent.NAN trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\35\41e8aee3-41f218cd probably a variant of Win32/Agent.HRYTTOE trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\36\6bc2dde4-6d2ec541 probably a variant of Win32/Agent.FQRCZBA trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\37\1765e425-4e14d10b probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\48\4084a7b0-3acd8bf3 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\51\63dff933-77ac42fe probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\52\ca82234-1fda0d23 probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\60\240bc57c-6069107e probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\61\7ae6b8bd-20424db7 probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Application Data\Sun\Java\Deployment\cache\6.0\7\406df447-67805097 probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Desktop\Page\Old kof\mail_system.php PHP/Kryptik.AB trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Desktop\Page\Old kof\Botcon2008\mail_system.php PHP/Kryptik.AB trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Desktop\Page\Old kof\iacon\mail_system.php PHP/Kryptik.AB trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Desktop\Page\Old kof\nes\mail_system.php PHP/Kryptik.AB trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\Desktop\Page\Old kof\protoman\mail_system.php PHP/Kryptik.AB trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\My Documents\D Drive\Neogeo\NeoRAGEx.exe a variant of Win32/Packed.PECrypt32.A application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\My Documents\D Drive\Neogeo\NeoRAGEx.zip a variant of Win32/Packed.PECrypt32.A application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Protoman\My Documents\D Drive\R4 Stuff\imgview0.6 for R4\misc\??IPK?????????.exe probably a variant of Win32/Agent.KYYNECF trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\591fab1\7834.mof.vir Win32/RogueAV.A trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.RF trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{3CF59EC3-8F87-4BC6-99D2-F245E143D3DD}\RP1452\A0146762.exe probably a variant of Win32/Agent.CGKPMYJ trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{3CF59EC3-8F87-4BC6-99D2-F245E143D3DD}\RP1481\A0154166.mof Win32/RogueAV.A trojan (unable to clean) 00000000000000000000000000000000 I

Advertisements

Register to Remove

#17 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 10 February 2011 - 06:23 AM

Hi,

Do you know what does this directory for?
C:\Documents and Settings\Protoman\Desktop\Page\Old kof

===================================================

Go into the Control Panel and double-click the Java Icon.

Under Temporary Internet Files, click the Settings... button
Click the Delete Files button.
There are two options in the window to clear the cache - Leave both Checked
- Applications and Applets
- Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Settings
Click OK to leave the Java Control Panel.

===================================================

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Files
C:\Documents and Settings\Protoman\My Documents\D Drive\Neogeo
C:\Documents and Settings\Protoman\My Documents\D Drive\R4 Stuff\imgview0.6 for R4\misc\??IPK?????????.exe

:Commands
[EMPTYFLASH]
[EMPTYTEMP]
[REBOOT]
[CLEARALLRESTOREPOINTS]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post Fix OTL log as well as a new OTL log and( don't check the boxes beside LOP Check or Purity this time )

===================================================

On your next reply please post :
Fix OTL log
Fresh OTL log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#18 DanielDude

Authentic Member

Authentic Member
75 posts

Posted 10 February 2011 - 08:06 PM

The old kof folder is where my old .com website files are. It's possible some of it might have been infected (stuff that ain't htmls, images and so on)

All processes killed
========== FILES ==========
C:\Documents and Settings\Protoman\My Documents\D Drive\Neogeo\roms folder moved successfully.
C:\Documents and Settings\Protoman\My Documents\D Drive\Neogeo\HISCORES folder moved successfully.
C:\Documents and Settings\Protoman\My Documents\D Drive\Neogeo folder moved successfully.
C:\Documents and Settings\Protoman\My Documents\D Drive\R4 Stuff\imgview0.6 for R4\misc\攋懝IPK僼傽僀儖廋暅僣乕儖.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 56502 bytes

User: LocalService

User: NetworkService

User: Protoman
->Flash cache emptied: 1877841 bytes

Total Flash Files Cleaned = 2.00 mb

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Protoman
->Temp folder emptied: 1624963 bytes
->Temporary Internet Files folder emptied: 1054290898 bytes
->Java cache emptied: 24969197 bytes
->FireFox cache emptied: 97795715 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 111599447 bytes

Total Files Cleaned = 1,231.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.6 log created on 02102011_193350

Files\Folders moved on Reboot...
C:\Documents and Settings\Protoman\Local Settings\Temporary Internet Files\Content.IE5\GOL3M6KI\426008-what-s-a-cpm[1].htm moved successfully.
C:\Documents and Settings\Protoman\Local Settings\Temporary Internet Files\Content.IE5\GOL3M6KI\index[2].htm moved successfully.
C:\Documents and Settings\Protoman\Local Settings\Temporary Internet Files\Content.IE5\GOL3M6KI\like[1].htm moved successfully.
C:\Documents and Settings\Protoman\Local Settings\Temporary Internet Files\Content.IE5\9XQ2T5OW\iframe[2].htm moved successfully.
C:\Documents and Settings\Protoman\Local Settings\Temporary Internet Files\Content.IE5\9XQ2T5OW\unauthenticated[1].htm moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 2/10/2011 8:42:07 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Protoman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 213.00 Mb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 721.38 Gb Free Space | 77.44% Space Free | Partition Type: NTFS

Computer Name: DANIEL | User Name: Protoman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Protoman\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Protoman\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)

========== Driver Services (SafeList) ==========

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (scrcap) -- C:\WINDOWS\system32\drivers\scrcap.sys (ZD Soft)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RT25USBAP) -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PhilCam8116) Logitech QuickCam Pro 3000 (08B0) -- C:\WINDOWS\system32\drivers\CamDrO21.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 19:00:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 01:12:35 | 000,000,000 | ---D | M]

[2008/11/12 22:37:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Protoman\Application Data\Mozilla\Extensions
[2011/01/23 18:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Protoman\Application Data\Mozilla\Firefox\Profiles\0aghlp78.default\extensions
[2009/08/13 21:57:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Protoman\Application Data\Mozilla\Firefox\Profiles\0aghlp78.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/24 00:07:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Protoman\Application Data\Mozilla\Firefox\Profiles\0aghlp78.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/12 20:03:47 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Protoman\Application Data\Mozilla\Firefox\Profiles\0aghlp78.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/01/12 20:04:02 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\Protoman\Application Data\Mozilla\Firefox\Profiles\0aghlp78.default\searchplugins\aim-search.xml
[2011/01/23 18:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/29 16:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 22:29:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/14 23:21:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 04:13:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/03 00:24:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [updateMgr] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1248574052187 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} http://cafeimg.hanma...ersion=1,0,0,10 (Cdmcco Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Protoman\My Documents\rpwallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Protoman\My Documents\rpwallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/11 17:18:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Protoman\Desktop\YunaG031-1[1].mp4.
[2011/02/10 19:33:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/10 19:31:59 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Protoman\Desktop\OTL.exe
[2011/02/10 01:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/10 01:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/02/08 19:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\CyberLink
[2011/02/07 00:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Protoman\Desktop\ontop10
[2011/02/07 00:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MagicCamera
[2011/02/07 00:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\ShiningMorning
[2011/02/07 00:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\webcam 7
[2011/02/06 23:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Protoman\Application Data\ManyCam
[2011/02/06 23:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Protoman\Local Settings\Application Data\MagicCamera
[2011/02/06 22:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Protoman\Desktop\Magic Camera v6.8.0 Software + Crack
[2011/02/06 22:24:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/29 00:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Protoman\Start Menu\Programs\HiJackThis
[2011/01/27 23:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Protoman\Desktop\backups
[2011/01/25 00:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Protoman\Desktop\Proto Post
[2011/01/22 16:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Protoman\Desktop\uk
[2011/01/21 09:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[1 C:\Documents and Settings\Protoman\*.tmp files -> C:\Documents and Settings\Protoman\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Protoman\Desktop\YunaG031-1[1].mp4.
[2011/02/10 20:08:25 | 000,013,758 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/10 20:07:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 19:32:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Protoman\Desktop\OTL.exe
[2011/02/10 03:28:20 | 000,163,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 03:11:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 19:30:06 | 658,987,008 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\blipMP09.mpg
[2011/02/07 21:27:08 | 000,034,945 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\moe.JPG
[2011/02/06 20:57:21 | 177,242,940 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\Pretty_Angels_pride20.zip
[2011/02/06 18:03:38 | 000,243,200 | ---- | M] () -- C:\Documents and Settings\Protoman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/06 13:11:44 | 004,264,054 | R--- | M] () -- C:\Documents and Settings\Protoman\Desktop\ComboFix.exe
[2011/02/04 23:58:06 | 2314,089,564 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\MP09.avi
[2011/02/03 00:24:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/02 18:50:36 | 000,289,430 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\1296664208590.jpg
[2011/01/30 21:25:11 | 005,128,213 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\santafu.zip
[2011/01/30 19:36:21 | 001,097,334 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\guber.bmp
[2011/01/30 14:01:43 | 019,382,731 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\GR_Soundtrack.zip
[2011/01/29 17:49:19 | 001,585,134 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\pogs.bmp
[2011/01/29 17:49:11 | 001,752,966 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\trivia.bmp
[2011/01/29 00:37:32 | 000,442,486 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\prototrash.bmp
[2011/01/29 00:23:47 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\HiJackThis.lnk
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/18 23:13:08 | 000,322,895 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\1295406154261.png
[2011/01/16 00:51:12 | 000,114,890 | ---- | M] () -- C:\Documents and Settings\Protoman\Desktop\20101128.gif
[1 C:\Documents and Settings\Protoman\*.tmp files -> C:\Documents and Settings\Protoman\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/10 01:10:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/08 19:22:56 | 658,987,008 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\blipMP09.mpg
[2011/02/07 21:27:08 | 000,034,945 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\moe.JPG
[2011/02/06 20:56:56 | 177,242,940 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\Pretty_Angels_pride20.zip
[2011/02/06 13:11:31 | 004,264,054 | R--- | C] () -- C:\Documents and Settings\Protoman\Desktop\ComboFix.exe
[2011/02/04 23:46:11 | 2314,089,564 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\MP09.avi
[2011/02/02 18:50:47 | 000,289,430 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\1296664208590.jpg
[2011/01/30 21:25:09 | 005,128,213 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\santafu.zip
[2011/01/30 19:36:20 | 001,097,334 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\guber.bmp
[2011/01/29 17:49:19 | 001,585,134 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\pogs.bmp
[2011/01/29 17:49:10 | 001,752,966 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\trivia.bmp
[2011/01/29 00:37:32 | 000,442,486 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\prototrash.bmp
[2011/01/29 00:21:36 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\HiJackThis.lnk
[2011/01/18 23:14:25 | 000,322,895 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\1295406154261.png
[2011/01/16 00:51:52 | 000,114,890 | ---- | C] () -- C:\Documents and Settings\Protoman\Desktop\20101128.gif
[2009/07/09 22:18:42 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Protoman\Application Data\5eT7WQpJat.gif
[2009/07/09 22:18:42 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Protoman\Application Data\5eT7WQpJzn.gif
[2009/07/09 22:18:42 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Protoman\Application Data\5eT7WQpJby.gif
[2008/11/27 21:45:35 | 000,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2008/07/23 17:43:30 | 000,000,053 | ---- | C] () -- C:\WINDOWS\SIMTOWN.INI
[2008/02/26 01:23:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/16 04:35:35 | 002,293,848 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/01/23 00:47:54 | 000,002,794 | ---- | C] () -- C:\Program Files\Palette.pal
[2006/03/17 00:57:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/14 16:26:58 | 000,000,273 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/05 22:02:03 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/19 23:54:53 | 000,243,200 | ---- | C] () -- C:\Documents and Settings\Protoman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/13 04:37:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/12 09:12:04 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/11/12 01:16:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/11 17:31:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2005/11/11 17:31:57 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/11 17:28:49 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/10/24 10:12:10 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\OIBox.dll
[2005/10/14 05:56:51 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/08/16 08:42:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DaumCrypt.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/25 03:45:04 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\dmvm.dll
[2004/12/20 11:08:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/22 13:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/04 23:42:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#19 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 11 February 2011 - 03:38 AM

Hi,

Thank you

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Files
C:\Documents and Settings\Protoman\Desktop\Page\Old kof\mail_system.php
C:\Documents and Settings\Protoman\Desktop\Page\Old kof\Botcon2008\mail_system.php
C:\Documents and Settings\Protoman\Desktop\Page\Old kof\iacon\mail_system.php
C:\Documents and Settings\Protoman\Desktop\Page\Old kof\nes\mail_system.php
C:\Documents and Settings\Protoman\Desktop\Page\Old kof\protoman\mail_system.php 

:Commands
[REBOOT]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post Fix OTL log as well as a new OTL log and( don't check the boxes beside LOP Check or Purity this time )

===================================================

On your next reply please post :
Fix OTL log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#20 DanielDude

Authentic Member

Authentic Member
75 posts

Posted 14 February 2011 - 01:02 AM

Did the Fix, no OTL log in sight... is it somewhere?

#21 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 14 February 2011 - 02:26 AM

The OTL fix log can be found at C:\_OTL\MovedFiles It will have a file name consisting of numbers that reflect the date and time stamp the fix was ran. It will be something similar to 10102010_111009.log . Please copy and paste the contents into your next reply.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#22 DanielDude

Authentic Member

Authentic Member
75 posts

Posted 15 February 2011 - 01:00 AM

I guess it's this one labeled: 02142011_014514.log (Maybe I am wrong) ========== FILES ========== C:\Documents and Settings\Protoman\Desktop\Page\Old kof\mail_system.php moved successfully. C:\Documents and Settings\Protoman\Desktop\Page\Old kof\Botcon2008\mail_system.php moved successfully. C:\Documents and Settings\Protoman\Desktop\Page\Old kof\iacon\mail_system.php moved successfully. C:\Documents and Settings\Protoman\Desktop\Page\Old kof\nes\mail_system.php moved successfully. C:\Documents and Settings\Protoman\Desktop\Page\Old kof\protoman\mail_system.php moved successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.20.6 log created on 02142011_014514

#23 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 15 February 2011 - 03:16 AM

Yep, that's the right one. Any further outstanding issues that you might want to address it to me?

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#24 DanielDude

Authentic Member

Authentic Member
75 posts

Posted 15 February 2011 - 05:49 PM

Nope everything seems ok now. I think I need more RAM also as you stated for my father's PC , so that's a big help too. Thanks again!

#25 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 16 February 2011 - 03:16 AM

Great

Follow these steps to uninstall Combofix

Click START then RUN
Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix /Uninstall

===================================================

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

===================================================

I'm pleased to let you know that your log is clean! :thumbup:

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

--------------------------------------------------------------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > http://windows.micro....ce-packs?os=xp

Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

How Did I Get Infected In The First Place? by TonyKlein
How to Prevent Malware by miekiemoes
PC Safety and Security--What Do I Need?

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop

WOT has an add-on available for both Firefox and IE.

SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here

MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
Download Host.zip and Save it to your Desktop.
Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
Follow the prompts and click 'Finish'.
This will open the newly created hosts folder on your Desktop.
Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
Once updated you should see another prompt that the task was completed.

Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

Do you have any questions or problems to ask? Please do not hesitate to do so.

**Please respond this one more time to ensure it is resolved and close this topic.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

Advertisements

Register to Remove

#26 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 17 February 2011 - 11:22 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

Body Background

skin color theme

Computer runs super slow

#16 DanielDude

Advertisements

Register to Remove

#17 Conspire

#18 DanielDude

#19 Conspire

#20 DanielDude

#21 Conspire

#22 DanielDude

#23 Conspire

#24 DanielDude

#25 Conspire

Advertisements

Register to Remove

#26 Conspire

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Computer runs super slow

#16 DanielDude

Advertisements Register to Remove

#17 Conspire

#18 DanielDude

#19 Conspire

#20 DanielDude

#21 Conspire

#22 DanielDude

#23 Conspire

#24 DanielDude

#25 Conspire

Advertisements Register to Remove

#26 Conspire

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove