[cybertech]

Go to Add/Remove programs and remove the Google junk.

Download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[KittKatt]

Thank you cybertech, before I continue I am at the Add remove program list and the google load is Google Toolbar for Internet Explorer is this the junk you are refering to? Have not yet loaded ATF Cleaner

[cybertech]

Yes, if Google toolbar is all you see with Google in the name remove that.

[KittKatt]

The Iolo Anti Virus Program is not working in it's current state, they want me to restart the computer again. Ironically e-mail and virus definitions are on and up to date but not the real time protection. I will copy the MBAM file per your request and then await your response after I try to get Iolo up again. Thank you in advance and looking forward to your feedback.

[KittKatt]

Malwarebytes' Anti-Malware 1.41
Database version: 3060
Windows 5.1.2600 Service Pack 3
10/30/2009 11:50:33 AM
mbam-log-2009-10-30 (11-50-33).txt
Scan type: Quick Scan
Objects scanned: 104022
Time elapsed: 7 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus (Rogue.AntiVirus) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\ WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

[cybertech]

I find it to not be productive having two different people working on the same machine.

When you are finished with Iolo Anti Virus folks let me know.

[KittKatt]

I am not working with Iolo, when I did as your requested/suggested, I followed your directions (well written by the way) to the Letter. When I restarted per computers instructions my Iolo Anti Virus would not load and kept asking me to restart. I tried resolving the problem myself without restarting and whatever I did worked on the 3rd try. What made you think I ask Iolo for help? One of the programs I've had that loaded the Iolo Anti Virus is System Mechanic. I purchased it as a package, which includes the firewall as well. I am not a pro like you, but am VERY GRATEFULL for your help! I have been looking at my Event Viewer to try to understand what is going on. I have a problem with a download as I am set up for auto update with most everything and a problelm KB(53297 with an 0x643 error keeps occuring, I've tried to get help from Microsoft but they do not seem to the answer yet and I'm not the only user having this problem. I pleade for your patience with my ignorance, but again want to assure you that I am looking forward to your feedback. I can not sit at the computer for long periods have extreme back problems ( I know it's not your concern, but need you to understand I'm going through medicine treatments which shorten my alert time.) Once again Thank You very much for your help.

[cybertech]

I have back problems myself so I do understand not sitting at your computer for long periods of time!



Download OTS.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTS on your desktop.

1. Close any open browsers.
2. If your Real protection or Antivirus intervenes with OTS, allow it to run.
3. Open the OTS folder and double-click on OTS.exe to start the program.
4. In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
5. Now click the Run Scan button on the toolbar.
6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
7. When the scan is complete Notepad will open with the report file loaded in it.
8. Save that notepad file

Use the Reply button, scroll down to the attachments section and attach the notepad file here.

NOTE: The only people who can see attachments in the HJT forum are: the thread starter, Admins & Mods, and HJT Helpers & Trainees.

[KittKatt]

Please see the attached file OTS.Txt - Notepad. Hope I have followed your instructions properly. I look forward to your feedback. Once again thank you in advance.

[cybertech]

You have two anti-virus programs running, Authentium Antivirus & iolo AntiVirus, which will cause trouble. Uninstall one of them. Since you paid for iolo I suggest removing Authentium.

Looks like that NET Framework 1.1 update has caused a lot of problems. One of the suggestions I read is to uninstall ALL Microsoft DOT NET packages and then reinstall via Windows update site.

The OTS scan looks fine.

[KittKatt]

I can not find the other anti virus program. I 1st looked in control panel, add/delete programs, nothing, then I looked at the quarantine logs of malware. I hate feeling stupid but not sure how to do or find this Authentime or Rouge files, it looks like Malware may have removed them. I know from looking at the error logs that there is a problem with Net Framework as well as my video viewing, and can not seem to download the latest security update. Any further recommendations, thank you so very much for what you've shared at this point.

[cybertech]

Click on Start, select All Programs. Is there a folder for Authentium Antivirus? If so does it have uninstaller as a selection?

[KittKatt]

I did that after I could not find it in control panel, I ran a search for any file with either name and in more than one location, there is nothing listed any where with authentium AV. perhaps the program you had me load with the quarantine did delete it. But before I re-read the report I did look for the file to no avail with exception of the mention in the quaranteend file. Sorry about spelling. You did I assume fix the problem with my virus program finding the unknown virus as they called it but everyone else thought it malware because I have not had any notification since I deleted the google toolbar. Thank you very much. I assume I must spend much time online trying to find out what is going on with my Net Framework problems (even though I have received all auto updates regarding it) and the problem with no being able to load the KB953297 security file. The icon will not go away, I keep sending reports to Microsoft, but have not tried to go back on line since last week on this. Thank you for helping me to get rid of the annoying Iolo Anti Virus message it is greatly appreciated. Any other views or comments would be great too.

[cybertech]

Did you try uninstalling ALL Microsoft DOT NET packages and then reinstall via Windows update site?

[KittKatt]

No not yet, but I did just find the file Authentium by looking back at this problem with the Hijack This report, it is under program files, then common, then authentium, then antivirus, and I attempted to delete and I have gotten the cannot delete error says css3rde.dll access id denied. Not sure what this means?