Virtumonde.generic

[Jigaman1989]

Hi,

I'm desperate to get rid of this bug. It appears to be fixed after every spybot run , but reappears after a restart of the machine. Ive used AVG, Spybot and Adaware.I understand it embeds in the resident memory, so how do I get rid of it? I've run a scan online and a HJT scan. The HJT log is below. the kaspersky log is in the next log. thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:13, on 18/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\dgtlwayc.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {B7EF9D4A-928E-4B08-8C9A-83C3B1657F57} - C:\WINDOWS\system32\sstqn.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\Monitor.exe
O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\RMC.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ljtcaglu.dll",sitypnow
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1154513299328
O17 - HKLM\System\CCS\Services\Tcpip\..\{925C82B5-536C-489E-90D8-118553927B5A}: NameServer = 62.240.110.198 62.240.110.197
O20 - Winlogon Notify: ddcdaby - ddcdaby.dll (file missing)
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 11580 bytes

[Jigaman1989]

KASPERSKY ONLINE SCANNER REPORT
Thursday, October 18, 2007 3:57:21 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/10/2007
Kaspersky Anti-Virus database records: 438660


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
G:\

Scan Statistics
Total number of scanned objects 71120
Number of viruses found 10
Number of infected objects 24
Number of suspicious objects 0
Duration of the scan process 01:16:54

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\WINDOWS\system32\uefugbrd.exe Infected: not-a-virus:AdWare.Win32.SecToolBar.g skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\hggebab.dll Infected: Trojan-Downloader.Win32.Small.eyx skipped

C:\WINDOWS\system32\vimc.exe/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\WINDOWS\system32\vimc.exe WiseSFX: infected - 1 skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NYFIRX8L\cons_upd[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.id skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Adam\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Adam\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Adam\Local Settings\Temp\urclqecd.exe Infected: not-a-virus:Downloader.Win32.WinFixer.an skipped

C:\Documents and Settings\Adam\Local Settings\Temp\qrjatydi.exe Infected: not-a-virus:Downloader.Win32.WinFixer.an skipped

C:\Documents and Settings\Adam\Local Settings\Temp\mofugclq.exe Infected: not-a-virus:Downloader.Win32.WinFixer.an skipped

C:\Documents and Settings\Adam\Local Settings\Temp\rhvqsuwb.exe Infected: not-a-virus:Downloader.Win32.WinFixer.an skipped

C:\Documents and Settings\Adam\Local Settings\Temp\Perflib_Perfdata_950.dat Object is locked skipped

C:\Documents and Settings\Adam\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Adam\Cookies\index.dat Object is locked skipped

C:\Program Files\Hammer.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped

C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP462\A0030446.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.id skipped

C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP503\A0034776.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qi skipped

C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP538\A0037520.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped

C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037683.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped

C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0038611.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped

C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\change.log Object is locked skipped

G:\Setup Lanchuers\kazaaspeedup.exe/msbb.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped

G:\Setup Lanchuers\kazaaspeedup.exe/SuperBarInstaller.exe Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped

G:\Setup Lanchuers\kazaaspeedup.exe Vise: infected - 2 skipped

G:\Setup Lanchuers\vtp5_5-1.zip/Vista Transformation Pack 5.5.exe/WISE0039.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

G:\Setup Lanchuers\vtp5_5-1.zip/Vista Transformation Pack 5.5.exe/WISE0058.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

G:\Setup Lanchuers\vtp5_5-1.zip/Vista Transformation Pack 5.5.exe/WISE0058.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

G:\Setup Lanchuers\vtp5_5-1.zip/Vista Transformation Pack 5.5.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

G:\Setup Lanchuers\vtp5_5-1.zip ZIP: infected - 4 skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

[tashi]

Hello and sorry for the wait.

For people waiting who have not resolved their problem, we have a sticky topic:
The Waiting Room: Post here if waiting for help longer than four days

However if members waiting for assistance do not post in the waiting room, their topic will be archived.

[random/random]

• Go to Start > My Computer
• Go to Tools > Folder Options
• Click on the View tab
• Untick the following:
  
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
• You will get a message warning you about showing protected operating system files, click Yes
• Make sure this option is selected:
  
  • Show hidden files and folders
• Click Apply and then click OK

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\dgtlwayc.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {B7EF9D4A-928E-4B08-8C9A-83C3B1657F57} - C:\WINDOWS\system32\sstqn.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ljtcaglu.dll",sitypnow
O20 - Winlogon Notify: ddcdaby - ddcdaby.dll (file missing)
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)

Then close all windows except HijackThis and click Fix Checked

Restart

Use windows explorer to find and delete these files:

C:\WINDOWS\system32\uefugbrd.exe
C:\WINDOWS\system32\hggebab.dll
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NYFIRX8L\cons_upd[1]
C:\Documents and Settings\Adam\Local Settings\Temp\urclqecd.exe
C:\Documents and Settings\Adam\Local Settings\Temp\qrjatydi.exe
C:\Documents and Settings\Adam\Local Settings\Temp\mofugclq.exe
C:\Documents and Settings\Adam\Local Settings\Temp\rhvqsuwb.exe
C:\Program Files\Hammer.dll
G:\Setup Lanchuers\kazaaspeedup.exe
C:\WINDOWS\system32\ljtcaglu.dll

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic, along with a new HijackThis log & a description of any remaining problems

[Jigaman1989]

Here the virus scan log:
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2620 (20071027)
# vers_arch_module=1.058 (20070906)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=5319073932c83e4bbce87299e17a6d46
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2007-10-27 08:43:25
# local_time=2007-10-27 10:43:25 (+0200, Egypt Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=365625
# found=18
# scan_time=2941
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk Win32/Adware.SecToolbar application FC05FCC9E579C44737AF688CDB0DCBF9
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk Win32/Adware.SecToolbar application 5B09DC969D662960ECD0166F3DFC81BF
C:\Documents and Settings\Adam\Favorites\Online Security Guide.lnk Win32/Adware.SecToolbar application A9269EBD1F3A040772FA8E26EE095A5D
C:\Documents and Settings\Adam\Desktop\Online Security Guide.lnk Win32/Adware.SecToolbar application 6E32BDF39B22990D971FD3B71825F81E
C:\Documents and Settings\Adam\Desktop\Live Safety Center.lnk Win32/Adware.SecToolbar application 328F5A66B59E23AB71ACA6A053FE3E5A
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP462\A0030446.DLL Win32/Adware.Virtumonde application 5DD7D484827A94696F1AF100D98BF925
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP503\A0034776.exe probably a variant of Win32/Adware.Agent application 6AB275A20AD9583A517302D1D4E8732E
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP538\A0037520.DLL a variant of Win32/Adware.Virtumonde.FP application 0673EFB6F0CA7E6402F1C0EC8812B76D
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037628.lnk Win32/Adware.SecToolbar application B0D2986CC660ECDA3B805437F13C9180
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037629.lnk Win32/Adware.SecToolbar application 073DDE4C083C04117B5597A1441E1832
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037630.lnk Win32/Adware.SecToolbar application 5ED07CB3C2EF051988676C9500B78E89
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037631.lnk Win32/Adware.SecToolbar application 44BCDD8847C9EB76490F8FB67D9DA9E5
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037683.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0038611.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP542\A0038890.lnk Win32/Adware.SecToolbar application 36F56A1C897AAF7381116A0D53E320DB
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP542\A0038892.lnk Win32/Adware.SecToolbar application DE8F96616D805C0CEF24433EBB5E044F
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP550\A0040128.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP550\A0040129.exe Win32/Adware.SecToolbar application D7CE7EB826FE622AF96092EF2FCEE060

and the Hijack log:----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:31, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\Monitor.exe
O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\RMC.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1154513299328
O17 - HKLM\System\CCS\Services\Tcpip\..\{925C82B5-536C-489E-90D8-118553927B5A}: NameServer = 62.240.110.198 62.240.110.197
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 10726 bytes

[random/random]

Right click here and click save link as
Save it as resetteatimer.bat to your desktop

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Double click on resetteatimer.bat and wait for it to finish

Use windows explorer to find and delete these files:

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\Adam\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Adam\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Adam\Desktop\Live Safety Center.lnk

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)

Then close all windows except HijackThis and click Fix Checked

Then post a new HijackThis log and let me know of any remaining problems

[Jigaman1989]

This the new log, thank you so much for everything ,should i turn that resident teatime thing back on?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:26, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\Monitor.exe
O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\RMC.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1154513299328
O17 - HKLM\System\CCS\Services\Tcpip\..\{925C82B5-536C-489E-90D8-118553927B5A}: NameServer = 62.240.110.198 62.240.110.197
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 10484 bytes

[Jigaman1989]

i did another virus scan and still found threats can u help?

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2621 (20071028)
# vers_arch_module=1.058 (20070906)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=5319073932c83e4bbce87299e17a6d46
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2007-10-28 10:47:50
# local_time=2007-10-28 12:47:50 (+0200, Egypt Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=365836
# found=17
# scan_time=2442
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP462\A0030446.DLL Win32/Adware.Virtumonde application 5DD7D484827A94696F1AF100D98BF925
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP503\A0034776.exe probably a variant of Win32/Adware.Agent application 6AB275A20AD9583A517302D1D4E8732E
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP538\A0037520.DLL a variant of Win32/Adware.Virtumonde.FP application 0673EFB6F0CA7E6402F1C0EC8812B76D
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037628.lnk Win32/Adware.SecToolbar application B0D2986CC660ECDA3B805437F13C9180
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037629.lnk Win32/Adware.SecToolbar application 073DDE4C083C04117B5597A1441E1832
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037630.lnk Win32/Adware.SecToolbar application 5ED07CB3C2EF051988676C9500B78E89
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037631.lnk Win32/Adware.SecToolbar application 44BCDD8847C9EB76490F8FB67D9DA9E5
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0037683.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP541\A0038611.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP542\A0038890.lnk Win32/Adware.SecToolbar application 36F56A1C897AAF7381116A0D53E320DB
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP542\A0038892.lnk Win32/Adware.SecToolbar application DE8F96616D805C0CEF24433EBB5E044F
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP550\A0040128.dll Win32/Adware.SecToolbar application 650E83AE6756865B0570EF2C52A2507D
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP550\A0040129.exe Win32/Adware.SecToolbar application D7CE7EB826FE622AF96092EF2FCEE060
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP551\A0040283.lnk Win32/Adware.SecToolbar application 5B09DC969D662960ECD0166F3DFC81BF
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP551\A0040284.lnk Win32/Adware.SecToolbar application FC05FCC9E579C44737AF688CDB0DCBF9
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP551\A0040285.lnk Win32/Adware.SecToolbar application 328F5A66B59E23AB71ACA6A053FE3E5A
C:\System Volume Information\_restore{95DE6D8E-78D7-4A6D-948B-97919F8818B4}\RP551\A0040286.lnk Win32/Adware.SecToolbar application 6E32BDF39B22990D971FD3B71825F81E

[random/random]

Turn teatimer back on

You can delete restteatimer.bat

Everything ESET found was in system restore, which we'll clear now

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented

1. • Turn System Restore off
   • On the Desktop, right click on the My Computer icon.
   • Click Properties.
   • Click the System Restore tab.
   • Check Turn off System Restore.
   • Click Apply, and then click OK.
   Restart
   
   • Turn System Restore on
   • On the Desktop, right click on the My Computer icon.
   • Click Properties.
   • Click the System Restore tab.
   • Uncheck *Turn off System Restore*.
   • Click Apply, and then click OK.
   
   Note: only do this once, and not on a regular basis
2. Make sure that you keep your antivirus updated
   New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
   Bitdefender
   Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
3. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
   Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
   Go here to check for & install updates to Microsoft applications
   Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
4. Keep your non-Microsoft applications updated as well
   Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
5. Make Internet Explorer more secure
   Click Start > Run
   Type Inetcpl.cpl & click OK
   Click on the Security tab
   Click Reset all zones to default level
   Make sure the Internet Zone is selected & Click Custom level
   In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
   Next Click OK, then Apply button and then OK to exit the Internet Properties page.
6. Install SpywareBlaster & make sure to update it regularly
   SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
   If you don't know what activex controls are, see here
   You can download SpywareBlaster from here
7. Install and use Spybot Search & Destroy
   Instructions are located here
   Make sure you update, reimmunize & scan regularly
8. Make use of the HOSTS file included with Spybot Search & Destroy
   Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
   Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
   
   • Run Spybot Search & Destroy
   • Click on Mode, and then place a tick next to Advanced mode
   • Click Yes
   • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
   • Click on Add Spybot-S&D hosts list
   Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
   
   • Click Start > Run
   • Type services.msc & click OK
   • In the list, find the service called DNS Client & double click on it.
   • On the dropdown box, change the setting from automatic to manual.
   • Click OK & then close the Services window
   For a more detailed explanation of the HOSTS file, click here
9. Install a-squared Free & update and scan with it regularly
   a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
   Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
10. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date

[Jigaman1989]

thanks for everything. pc is as good as new