Jump to content

unable to update multiple anti-virus packages or access mcafee.com, msconfig updates not working, ...


Recommended Posts

Hi,

Lavasoft Ad-aware, Norton antivirus, webroot antivirus, and malwarebyte's anti-malware have all pronounced my computer clean. However, I am unable to update any of them, cannot access mcafee.com, cannot access regedit, and cannot get the programs that should be starting automatically (like virus scanners) to start automatically.

A couple of days ago, ad-aware caught (and removed) a trojan package of some sort. Unfortunately, I didn't think to write down the name of it.

Here is the log from malwarebyte's anti-malware, run a little while ago:

Malwarebytes' Anti-Malware 1.36

Database version: 1945

Windows 5.1.2600 Service Pack 3

5/15/2009 11:27:44 PM

mbam-log-2009-05-15 (23-27-44).txt

Scan type: Full Scan (C:\|)

Objects scanned: 287803

Time elapsed: 2 hour(s), 37 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Any suggestions as to what I should be doing to fix this?

Thanks!

Link to post
Share on other sites

Greetings and Welcome :P .

If you're having trouble getting Malwarebytes' and other tools to update or run please review the following tutorials and see if they are helpful:

If you aren't able to use those instructions or there are other issues then please follow the instructions here:

I'm infected - What do I do now?

And post your logs in a new topic here:

Malware Removal - HijackThis Logs

Please be sure not to install any software or use any removal/scanning tools exept those that you are

instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.

I hope I was helpful. Good luck and safe surfing. ;)

Link to post
Share on other sites

Howdy -- thanks for the help, results inline, below, please bear with all of the long pasted inclusions. I'm not comfortable uploading files for others, given the state of my computer, and I'm not literate enough about this stuff to think I wouldn't leave out something important.

Greetings and Welcome :P .

If you're having trouble getting Malwarebytes' and other tools to update or run please review the following tutorials and see if they are helpful:

  • Total-Security (FakeAlert)
    -> this doesn't look like what I have
  • av360 (Fakealert)
    -> this doesn't look like what I have
  • CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC/ovfst
    -> I ran this, and got the following results
    ROOTREPEAL © AD, 2007-2008
    ==================================================
    Scan Time: 2009/05/16 22:23
    Program Version: Version 1.2.3.0
    Windows Version: Windows XP SP3
    ==================================================
    Hidden/Locked Files
    -------------------
    Path: C:\hiberfil.sys
    Status: Locked to the Windows API!
    Path: C:\WINDOWS\tiyshc.vot
    Status: Allocation size mismatch (API: 20480, Raw: 24576)
    Path: C:\Documents and Settings\Keith\Local Settings\Temp\etilqs_1DCSyPioaWwrZYavBfwc
    Status: Allocation size mismatch (API: 65536, Raw: 0)
    Path: C:\Documents and Settings\Keith\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ
    Status: Locked to the Windows API!
    Path: C:\Documents and Settings\Keith\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ
    Status: Locked to the Windows API!
    Ok, per google searching ...
    hiberfil.sys is for hibernation
    tiyshc.vot -- the only .vot extension I could find was for recorded video, which doesn't really make sense for me. When I googled for .vot, one of the links somehow got hijacked to zerocleaner.com, a "virus-cleaner" site which symantec notes as putting viruses ONTO computers rather than removing them.
    etilqs_blahblah -- related to firefox, which I run
    SecuROM -- evil copy protection for a couple of games I have. The funky filenames are so you can't delete the DRMware.

If you aren't able to use those instructions or there are other issues then please follow the instructions here:

I'm infected - What do I do now?

-> I was able to d/l and run the MBAM program last night. The update was blocked. Tonight, it got partway through the run and stopped (4% complete with files, had completed the first couple of categories, finding nothing.)

-> avira d/l and installation successful, update failed -- logfile of attempted update:

Avira AntiVir Personal - Free Antivirus Updater

Creation time: Sat May 16 22:38:29 2009

Operating system:

Windows XP (Service Pack 3) [5.1.2600]

Product information:

Product version: 9.0.0.394

Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 9.0.0.46

Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 9.0.0.6

Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\

Backup folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP\

Installation Directory: C:\Program Files\Avira\AntiVir Desktop\

Updater folder: C:\Program Files\Avira\AntiVir Desktop\

AppData folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\

[uPD] [iNFO] Checking whether newer files are available.

[uPD] [iNFO] Select update server 'http://62.146.66.178/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.183/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://80.190.143.239/update'.

[uPD] [iNFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.239/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.239/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.239/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.179/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.181/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://80.190.143.236/update'.

[uPD] [iNFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.236/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.236/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.236/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.184/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.182/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://80.190.143.235/update'.

[uPD] [iNFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.235/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.235/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.235/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://80.190.143.230/update'.

[uPD] [iNFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.230/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.230/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.230/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.181/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.181/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.183/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.183/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://80.190.143.236/update'.

[uPD] [iNFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.236/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.236/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.236/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://80.190.143.235/update'.

[uPD] [iNFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.235/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.235/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.235/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://80.190.143.230/update'.

[uPD] [iNFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.230/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.230/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.230/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.184/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.179/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.179/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://80.190.143.239/update'.

[uPD] [iNFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.239/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.239/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://80.190.143.239/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.178/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.178/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.182/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.182/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://62.146.66.184/update'.

[uPD] [iNFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager:HTTP status code 403 was obtained when downloading file 'http://62.146.66.184/update/idx/master.idx'

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Select update server 'http://perspeak.avira-update.com/update'.

[uPD] [iNFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPD] [iNFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

[uPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved

[uPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.

[uPDLIB] [ERROR] No other server available.

[uPD] [ERROR] Generation of update structure failed. UpdateLib delivers error 8.

Summary:

********

0 Files downloaded

0 Files installed

22:38:45 The update failed!

Avira AntiVir Personal

Report file date: Saturday, May 16, 2009 22:40

Scanning for 1284893 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : VAIO

Version information:

BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00

AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 16:57:30

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 04:33:26

ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 15:41:14

ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 22:58:20

Engineversion : 8.2.0.100

AEVDF.DLL : 8.1.1.0 106868 Bytes 1/28/2009 01:36:42

AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 04:01:56

AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 19:44:25

AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 02:24:41

AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 21:06:10

AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 04:01:56

AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 23:49:16

AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 04:01:56

AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 21:06:10

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 22:32:40

AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 22:22:44

AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 22:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 18:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10

RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 19:45:45

RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 18:19:48

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Saturday, May 16, 2009 22:40

Starting search for hidden objects.

'115250' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned

Scan process 'taskmgr.exe' - '1' Module(s) have been scanned

Scan process 'AAWTray.exe' - '1' Module(s) have been scanned

Scan process 'unsecapp.exe' - '1' Module(s) have been scanned

Scan process 'AAWService.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'regsvr32.exe' - '1' Module(s) have been scanned

Scan process 'regsvr32.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'ApntEx.exe' - '1' Module(s) have been scanned

Scan process 'Apoint.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'VzFw.exe' - '1' Module(s) have been scanned

Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned

Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned

Scan process 'VCSW.exe' - '1' Module(s) have been scanned

Scan process 'VESMgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'sqlservr.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'cvpnd.exe' - '1' Module(s) have been scanned

Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'a2service.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'WRConsumerService.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

54 processes with 54 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '79' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Documents and Settings\Keith\Local Settings\Temp\is-QI5CJ.tmp\askBarSetup.exe

[DETECTION] Contains recognition pattern of the APPL/AdInstaller.E application

Beginning disinfection:

C:\Documents and Settings\Keith\Local Settings\Temp\is-QI5CJ.tmp\askBarSetup.exe

[DETECTION] Contains recognition pattern of the APPL/AdInstaller.E application

[NOTE] The file was moved to '4a7aa965.qua'!

End of the scan: Saturday, May 16, 2009 23:04

Used time: 24:14 Minute(s)

The scan has been canceled!

5649 Scanned directories

70304 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

70301 Files not concerned

1241 Archives were scanned

2 Warnings

3 Notes

115250 Objects were scanned with rootkit scan

0 Hidden objects were found

-> one thing, though -- even though it says that it finished, it only scanned 41.8%, 70304 files, and I know that there are a -lot- more files than that on my C drive....

And post your logs in a new topic here:

Malware Removal - HijackThis Logs

-> Hijack this log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:09:47 PM, on 5/16/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Avira\AntiVir Desktop\avcenter.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.anderson.ucla.edu/proxy/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"

O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"

O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"

O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"

O4 - HKLM\..\Run: [switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"

O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ssAAD.exe] "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"

O4 - HKLM\..\Run: [setDefPrt] "C:\Program Files\Brother\Brmfl06c\BrStDvPt.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1152933854\ee\AOLHostManager.exe"

O4 - HKLM\..\Run: [brMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O4 - Startup: World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: UCLA Cisco VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games

Link to post
Share on other sites

  • Staff

Hi,

I notice from your log that there's more than 1 Antivirus installed. Avira, McAfee and not sure if you have Spysweeper with Antivirus as well...

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.

Then reboot after uninstalling.

Then,

Navigate to your C:\Windows folder and search for the file regedit.exe

Rightclick it and select to rename the file. Rename it to reg3dit.exe

Then launch the reg3dit.exe in order to open your Registry Editor.

There, browse to the following key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

You'll see on the left that you can expand the keys (they will look like folders). So expand them until you get drivers32

Rightclick the drivers32 key (folder) and select to export:

drivers32b.gif

Give it a name and export it as a txtfile on your desktop.

Then copy and paste the contents of it in your next reply.

If confused, please ask first.

Extra note.. after you have used the renamed regedit.exe (reg3dit.exe), look in your Windows folder if Windows File Protection placed a new regedit.exe there again (it should). If not, then rename reg3dit.exe back to regedit.exe.

Link to post
Share on other sites

Here is the content of the registry area requested.

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

Class Name: <NO CLASS>

Last Write Time: 5/9/2009 - 3:23 AM

Value 0

Name: midimapper

Type: REG_SZ

Data: midimap.dll

Value 1

Name: msacm.imaadpcm

Type: REG_SZ

Data: imaadp32.acm

Value 2

Name: msacm.msadpcm

Type: REG_SZ

Data: msadp32.acm

Value 3

Name: msacm.msg711

Type: REG_SZ

Data: msg711.acm

Value 4

Name: msacm.msgsm610

Type: REG_SZ

Data: msgsm32.acm

Value 5

Name: msacm.trspch

Type: REG_SZ

Data: tssoft32.acm

Value 6

Name: vidc.cvid

Type: REG_SZ

Data: iccvid.dll

Value 7

Name: VIDC.I420

Type: REG_SZ

Data: msh263.drv

Value 8

Name: vidc.iv31

Type: REG_SZ

Data: ir32_32.dll

Value 9

Name: vidc.iv32

Type: REG_SZ

Data: ir32_32.dll

Value 10

Name: vidc.iv41

Type: REG_SZ

Data: ir41_32.ax

Value 11

Name: VIDC.IYUV

Type: REG_SZ

Data: iyuv_32.dll

Value 12

Name: vidc.mrle

Type: REG_SZ

Data: msrle32.dll

Value 13

Name: vidc.msvc

Type: REG_SZ

Data: msvidc32.dll

Value 14

Name: VIDC.UYVY

Type: REG_SZ

Data: msyuv.dll

Value 15

Name: VIDC.YUY2

Type: REG_SZ

Data: msyuv.dll

Value 16

Name: VIDC.YVU9

Type: REG_SZ

Data: tsbyuv.dll

Value 17

Name: VIDC.YVYU

Type: REG_SZ

Data: msyuv.dll

Value 18

Name: wavemapper

Type: REG_SZ

Data: msacm32.drv

Value 19

Name: MSVideo8

Type: REG_SZ

Data: VfWWDM32.dll

Value 20

Name: msacm.msg723

Type: REG_SZ

Data: msg723.acm

Value 21

Name: vidc.M263

Type: REG_SZ

Data: msh263.drv

Value 22

Name: vidc.M261

Type: REG_SZ

Data: msh261.drv

Value 23

Name: msacm.msaudio1

Type: REG_SZ

Data: msaud32.acm

Value 24

Name: msacm.sl_anet

Type: REG_SZ

Data: sl_anet.acm

Value 25

Name: msacm.iac2

Type: REG_SZ

Data: C:\WINDOWS\system32\iac25_32.ax

Value 26

Name: vidc.iv50

Type: REG_SZ

Data: ir50_32.dll

Value 27

Name: msacm.l3acm

Type: REG_SZ

Data: C:\WINDOWS\system32\l3codeca.acm

Value 28

Name: wave

Type: REG_SZ

Data: wdmaud.drv

Value 29

Name: midi

Type: REG_SZ

Data: wdmaud.drv

Value 30

Name: mixer

Type: REG_SZ

Data: wdmaud.drv

Value 31

Name: VIDC.dvsd

Type: REG_SZ

Data: C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

Value 32

Name: vidc.DIVX

Type: REG_SZ

Data: DivX.dll

Value 33

Name: vidc.yv12

Type: REG_SZ

Data: DivX.dll

Value 34

Name: aux

Type: REG_SZ

Data: C:\WINDOWS\system32\..\tiyshc.vot

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server

Class Name: <NO CLASS>

Last Write Time: 3/22/2006 - 12:08 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP

Class Name: <NO CLASS>

Last Write Time: 3/22/2006 - 12:08 PM

Value 0

Name: wave

Type: REG_SZ

Data: rdpsnd.dll

Value 1

Name: mixer

Type: REG_SZ

Data: rdpsnd.dll

Value 2

Name: MaxBandwidth

Type: REG_DWORD

Data: 0x56b9

Value 3

Name: wavemapper

Type: REG_SZ

Data: msacm32.drv

Value 4

Name: EnableMP3Codec

Type: REG_DWORD

Data: 0x1

Value 5

Name: midimapper

Type: REG_SZ

Data: midimap.dll

Thanks for all the help,

-Ridcully

Link to post
Share on other sites

  • Staff

Hi,

Go to this part of the forum: http://www.malwarebytes.org/forums/index.php?showforum=55

Start a new thread there, because I need a file from your computer which you have to attach there.

Browse to the following file:

C:\WINDOWS\tiyshc.vot

Rightclick and select to zip it. This should create a tiyshc.zip folder.

Upload/attach that folder in the thread you started in that other forumpart.

Once you've uploaded that file, * Open hijackthis, click 'config' (bottom right)

Choose the tab 'misc Tools' on top.

Choose 'delete a file on reboot'

In the field, copy and paste next:

C:\WINDOWS\tiyshc.vot

Click open.

Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok

Your system should reboot now.

Then, Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)

REGEDIT4

[KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"aux"="wdmaud.drv"

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Above steps should resolve your problems, so let me know in your next reply. You'll also be able to update malwarebytes then :P

Link to post
Share on other sites

Reply posted in other forum. :P

Hi,

Go to this part of the forum: http://www.malwarebytes.org/forums/index.php?showforum=55

Start a new thread there, because I need a file from your computer which you have to attach there.

Browse to the following file:

C:\WINDOWS\tiyshc.vot

Rightclick and select to zip it. This should create a tiyshc.zip folder.

Upload/attach that folder in the thread you started in that other forumpart.

Once you've uploaded that file, * Open hijackthis, click 'config' (bottom right)

Choose the tab 'misc Tools' on top.

Choose 'delete a file on reboot'

In the field, copy and paste next:

C:\WINDOWS\tiyshc.vot

Click open.

Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok

Your system should reboot now.

Then, Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Above steps should resolve your problems, so let me know in your next reply. You'll also be able to update malwarebytes then ;)

Link to post
Share on other sites

  • Staff

Hi,

To answer your questions... You were infected via a legitimate website as this one spreads via legitimate sites - could be via a malicious script inserted on the website itself or via an infected PDF File - so make sure your PDF reader is up to date.

Also read here for more info about the infection: http://miekiemoes.blogspot.com/2008/10/fak...archengine.html

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.