Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44, on 2008-05-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\Documents and Settings\fredrick.BOOMER\Desktop\ATF-Cleaner.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2EDE08E0-3283-4294-8EDE-2342AB336A12} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C11F8E7E-A8DC-48B5-9349-2EB6F4DA51BB} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XPRepairPro2007] "C:\Program Files\2ndXP Repair Pro 2007\XPRepairPro.exe" /r
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8272 bytes


And Malwarebytes
Malwarebytes' Anti-Malware 1.12
Database version: 744

Scan type: Full Scan (C:\|)
Objects scanned: 108234
Time elapsed: 3 hour(s), 11 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\efcyVliG.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc821767-c9bf-46f2-a543-fbd15b9b6dd9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc821767-c9bf-46f2-a543-fbd15b9b6dd9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\XPRepairPro2007 (Rogue.XPRepairPro2007) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\efcyVliG.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\GilVycfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GilVycfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

Cannot get rid of it - it keeps coming back

I should add I'm not that knowledgeable about computers

bump I know you are very busy and it is kind of you to offer this service.

Not sure if you need this as well


--- Report generated: 2008-05-15 23:32 ---

Virtumonde.dll: [SBI $7442D4BC] Library (File, fixed)
C:\WINDOWS\system32\btrqrwyn.dll

Virtumonde.dll: [SBI $7442D4BC] Library (File, fixed)
C:\WINDOWS\system32\ebpjidlj.dll

Virtumonde.dll: [SBI $7442D4BC] Library (File, fixed)
C:\WINDOWS\system32\fncgiplp.dll

Virtumonde.dll: [SBI $7442D4BC] Library (File, fixed)
C:\WINDOWS\system32\jxxteglx.dll

Virtumonde.dll: [SBI $7442D4BC] Library (File, fixed)
C:\WINDOWS\system32\kwfwcvhn.dll

Virtumonde.dll: [SBI $7442D4BC] Library (File, nothing done)
C:\WINDOWS\system32\lakfvqho.dll

Virtumonde.dll: [SBI $7442D4BC] Library (File, nothing done)
C:\WINDOWS\system32\lnbujcqy.dll

AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


Adviva: Tracking cookie (Firefox: default) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed)


AntiSpyWare2007: Bookmark (Opera 7+: fredrick) (Bookmark, nothing done)



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe
2008-05-15 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-05-14 Includes\AdwareC.sbi (*)
2008-05-14 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-14 Includes\DialerC.sbi (*)
2008-05-14 Includes\HeavyDuty.sbi (*)
2008-04-30 Includes\Hijackers.sbi (*)
2008-05-14 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-04-22 Includes\Malware.sbi (*)
2008-05-14 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-14 Includes\PUPSC.sbi (*)
2008-05-14 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-14 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-14 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-14 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-04-30 Includes\Trojans.sbi (*)
2008-05-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Have I done something wrong?

Why are some posters helped and others ignored?

I really am desperate to get rid of vundo could someone please help?

hi,

sorry for delay, no shortage of posters. lets run vundofix first;

download and run vundofix.exe:

http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Thanks so much for getting to me, your efforts are very much appreciated.

I ran the vundo and here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:13, on 2008-05-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2EDE08E0-3283-4294-8EDE-2342AB336A12} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C11F8E7E-A8DC-48B5-9349-2EB6F4DA51BB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\2ndXP Repair Pro 2007\XPRepairPro.exe /r
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{A726A23D-B1E7-40ED-B9FB-8F04F2935931}: NameServer = 193.36.79.101 193.36.79.100
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7671 bytes

hi,

ok thanks, log looks ok--maybe one too many anti-malware apps.
what about vundofix? can you post the log.

Hi

Sorry I forgot to post the vundo log, I've run it again without anything needed to be fixed.


Virtumonde.dll

seems to be the major problem now, I find I cannot search much of the time, visit certain websites or download things.

hi,

thanks for the info, another download to get and run:

Download Combofix from one of these links and save it to your Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Doubleclick the combofix icon and follow the prompts. When its finished it will generate a log. Please post the log in your next reply.

Note: Do not mouse click combofix's window while it's running. That may cause it to stall or freeze.

hi,

here is the log:-

ComboFix 08-05-12.1 - fredrick 2008-05-20 10:45:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.295 [GMT 1:00]
Running from: C:\Documents and Settings\fredrick.BOOMER\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.bat
C:\setup.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afyghwwn.ini
C:\WINDOWS\system32\dcufxkmr.ini
C:\WINDOWS\system32\gpaedabh.ini
C:\WINDOWS\system32\hgjloUvw.ini
C:\WINDOWS\system32\hgjloUvw.ini2
C:\WINDOWS\system32\hgmonyhq.ini
C:\WINDOWS\system32\iRBLlkkj.ini
C:\WINDOWS\system32\iRBLlkkj.ini2
C:\WINDOWS\system32\jRCMUvut.ini
C:\WINDOWS\system32\jRCMUvut.ini2
C:\WINDOWS\system32\JSsYayxx.ini
C:\WINDOWS\system32\JSsYayxx.ini2
C:\WINDOWS\system32\kcqnmqoe.dll
C:\WINDOWS\system32\keslxnwt.dll
C:\WINDOWS\system32\kofrcimb.ini
C:\WINDOWS\system32\kyajhcgx.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\noqmxpie.dll
C:\WINDOWS\system32\qgdxiybf.ini
C:\WINDOWS\system32\tBbJlUtv.ini
C:\WINDOWS\system32\tBbJlUtv.ini2
C:\WINDOWS\system32\tmklqseh.ini
C:\WINDOWS\system32\vmtcgqll.ini
C:\WINDOWS\system32\vnuxsyao.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 10:41 . 2008-05-20 10:41 <DIR> d----c--- C:\327882R2FWJFW
2008-05-19 21:29 . 2008-05-19 21:31 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-19 21:29 . 2008-05-19 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-13 16:32 . 2008-05-17 19:09 <DIR> d-------- C:\safety progs
2008-05-12 22:28 . 2008-05-12 22:28 <DIR> d-------- C:\Documents and Settings\THE BOSS\Application Data\Webroot
2008-05-11 23:34 . 2008-05-11 23:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-11 21:32 . 2008-05-11 21:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-11 21:32 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-05-11 21:32 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-05-11 21:32 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-05-11 21:32 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-05-11 21:31 . 2008-05-11 21:31 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\Webroot
2008-05-11 21:31 . 2008-05-11 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-11 21:31 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-05-11 21:31 . 2008-05-11 21:31 164 --a--c--- C:\install.dat
2008-05-11 15:37 . 2008-05-11 15:37 <DIR> d-------- C:\Documents and Settings\THE BOSS\Application Data\Malwarebytes
2008-05-11 15:18 . 2008-05-11 15:18 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\Sunbelt Software
2008-05-11 12:15 . 2008-05-11 12:16 <DIR> d-------- C:\Program Files\2ndXP Repair Pro 2007
2008-05-11 02:14 . 2008-05-11 02:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 23:50 . 2008-05-10 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-10 22:48 . 2008-05-10 22:48 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\Malwarebytes
2008-05-10 22:45 . 2008-05-11 00:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-10 22:45 . 2008-05-10 22:45 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\PC Tools
2008-05-10 22:45 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-10 22:45 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-10 22:45 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-10 22:45 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-10 22:42 . 2008-05-10 22:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-10 22:42 . 2008-05-10 22:42 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-10 22:42 . 2008-05-10 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 22:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-10 22:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-10 18:54 . 2008-05-10 18:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-10 10:15 . 2008-05-10 10:15 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\Nero
2008-05-09 19:10 . 2008-05-10 18:30 <DIR> d----c--- C:\VundoFix Backups
2008-05-09 03:10 . 2008-05-09 03:10 <DIR> d-------- C:\Documents and Settings\THE BOSS\Application Data\BitDefender
2008-05-09 02:41 . 2008-05-20 11:02 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-08 18:03 . 2008-05-08 18:03 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\BitDefender
2008-05-08 17:52 . 2008-05-08 17:56 <DIR> d-------- C:\Program Files\BitDefender
2008-05-08 17:52 . 2008-05-08 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-08 17:45 . 2008-05-08 17:55 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-08 17:35 . 2008-05-08 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-07 21:28 . 2008-05-07 21:28 <DIR> d-------- C:\Documents and Settings\THE BOSS\Application Data\GlarySoft
2008-05-07 01:17 . 2008-05-07 01:17 <DIR> d-------- C:\Documents and Settings\THE BOSS\Application Data\TuneUp Software
2008-05-07 01:17 . 2008-05-07 01:17 <DIR> d-------- C:\Documents and Settings\THE BOSS\Application Data\Simply Super Software
2008-05-07 01:11 . 2008-05-07 01:11 <DIR> d-------- C:\Documents and Settings\THE BOSS\Application Data\R-Wipe&Clean
2008-05-07 00:45 . 2002-11-18 10:52 <DIR> d-------- C:\Documents and Settings\THE BOSS\WINDOWS
2008-05-07 00:45 . 2008-05-07 00:45 <DIR> d-------- C:\Documents and Settings\THE BOSS
2008-05-07 00:45 . 2008-05-19 21:33 1,024 --ah----- C:\Documents and Settings\THE BOSS\ntuser.dat.LOG
2008-05-06 15:49 . 2008-05-06 15:49 <DIR> d-------- C:\Documents and Settings\KFB.BOOMER.001\Application Data\R-Wipe&Clean
2008-05-06 12:05 . 2008-05-08 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-06 06:52 . 2008-05-13 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-06 06:51 . 2008-05-19 21:33 1,024 --ah----- C:\Documents and Settings\KFB\ntuser.dat.LOG
2008-05-06 06:51 . 2008-05-20 10:44 1,024 --ah----- C:\Documents and Settings\fredrick\ntuser.dat.LOG
2008-05-06 01:24 . 2008-05-06 23:56 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\BullGuard
2008-05-05 22:30 . 2008-05-05 22:30 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\Leadertech
2008-05-05 22:17 . 2008-05-05 22:17 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-05-05 22:16 . 2008-05-13 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-05 20:40 . 2008-05-05 20:40 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\GlarySoft
2008-05-05 18:40 . 2008-05-05 18:40 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\Lavasoft
2008-05-03 08:17 . 2008-05-13 01:20 109,815 --a------ C:\WINDOWS\BM677365d9.xml
2008-05-03 01:56 . 2008-05-05 19:21 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-02 20:30 . 2008-05-04 00:05 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-02 20:30 . 2008-05-04 00:05 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-02 20:30 . 2008-05-04 00:05 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-02 20:30 . 2008-05-04 00:05 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-05-02 20:17 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-02 20:10 . 2008-05-02 20:10 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\Simply Super Software
2008-04-30 12:17 . 2008-04-30 21:51 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\Ahead
2008-04-30 11:35 . 2008-05-16 12:25 162 --ah-c--- C:\~$nore BB1.doc
2008-04-30 00:38 . 2008-05-17 10:34 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\Vso
2008-04-28 17:33 . 2008-04-28 17:33 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\.BitTornado
2008-04-28 16:13 . 2008-04-28 16:13 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\Grisoft
2008-04-28 09:36 . 2008-04-28 09:36 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\TrojanHunter
2008-04-28 00:08 . 2008-05-05 10:48 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\R-Wipe&Clean
2008-04-28 00:06 . 2008-04-28 00:06 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\Application Data\TuneUp Software
2008-04-28 00:05 . 2002-11-18 10:52 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER\WINDOWS
2008-04-28 00:05 . 2008-05-20 11:03 <DIR> d-------- C:\Documents and Settings\fredrick.BOOMER
2008-04-28 00:05 . 2008-05-20 11:11 1,024 --ah----- C:\Documents and Settings\fredrick.BOOMER\ntuser.dat.LOG
2008-04-27 23:59 . 2002-11-18 10:52 <DIR> d-------- C:\Documents and Settings\KFB.BOOMER.001\WINDOWS
2008-04-27 23:59 . 2008-05-10 00:44 <DIR> d-------- C:\Documents and Settings\KFB.BOOMER.001
2008-04-27 23:59 . 2008-05-20 11:05 1,024 --ah----- C:\Documents and Settings\KFB.BOOMER.001\ntuser.dat.LOG
2008-04-25 09:47 . 2007-06-20 14:41 1,554 --a--c--- C:\SpeedTouch Dial-up (2).lnk
2008-04-25 00:46 . 2008-04-25 00:46 19,456 --a--c--- C:\keith.doc
2008-04-25 00:45 . 2008-05-14 19:36 41,472 --a--c--- C:\Ignore BB1.doc
2008-04-25 00:45 . 2008-04-30 11:35 40,960 ---h-c--- C:\~WRL0600.tmp
2008-04-25 00:45 . 2008-04-29 16:21 39,936 ---h-c--- C:\~WRL0003.tmp
2008-04-25 00:45 . 2008-04-30 11:35 39,936 ---h-c--- C:\~WRL0001.tmp
2008-04-25 00:45 . 2008-04-25 00:45 38,400 ---h-c--- C:\~WRL0002.tmp
2008-04-25 00:43 . 2008-04-25 09:46 <DIR> d----c--- C:\New Folder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 01:14 --------- d-----w C:\Program Files\Lavasoft
2008-05-11 01:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 00:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 22:40 --------- d-----w C:\Program Files\Sunbelt Software
2008-05-10 20:43 --------- d-----w C:\Program Files\XP Repair Pro 2007
2008-05-10 20:42 --------- d-----w C:\Program Files\XPRepairPro2006
2008-05-06 05:48 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-05-05 21:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-05 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\R-Wipe&Clean
2008-05-03 23:13 --------- d-----w C:\Program Files\MSN Messenger
2008-05-02 19:18 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-30 22:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-30 22:43 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-04-26 00:32 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-04-24 17:26 --------- d-----w C:\Program Files\Hide IP Platinum
2008-04-12 19:40 --------- d-----w C:\Program Files\DVDFab Platinum 3
2008-03-22 00:06 --------- d-----w C:\Program Files\Common Files\aolback
2008-02-28 22:55 512 -c--a-w C:\ScanSectorLog.dat
2003-10-06 23:07 3,046,064 ----a-w C:\Program Files\ymsgruk.exe
2003-09-02 20:35 8,638,544 -c--a-w C:\Program Files\install.exe
2003-08-13 17:31 1,291,040 ----a-w C:\Program Files\WindowsXP-KB823980-x86-ENU.exe
2003-06-16 18:36 2,375,680 ----a-w C:\Program Files\DivXPlayer21Upgrade.exe
2003-06-03 20:54 841,216 ----a-w C:\Program Files\iview380.exe
2001-08-30 00:19 989 ----a-r C:\Program Files\55A65A4941D45E0868D8B7444C3FF5EA
2005-03-10 02:05 53,323 ----a-w C:\Program Files\opera\program\plugins\PlugDef.dll
.

------- Sigcheck -------

2005-05-25 20:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 17:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2001-08-18 12:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 20:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 02:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 727723537c9bf6baa1fb8799a6839cd4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-01-21 17:47 360064 01307b76a916a8f6d1f1452744ba7ad6 C:\WINDOWS\system32\backup\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo"= o100vc.dll
"vidc.dvsd"= dvc.dll
"vidc.ap41"= apmpg4v1.dll
"vidc.divf"= divx412.dll
"vidc.div3"= divxc32.dll
"vidc.div4"= divxc32f.dll
"vidc.xvid"= xvid.dll
"vidc.hfyu"= huffyuv.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.xivd"= C:\Program Files\StormII\codec\xvidvfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2008-05-05 15:26 1962128 C:\Program Files\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Piracy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPF4"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 Asapi;ASAPI;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R1 cdrdrv;cdrdrv;C:\WINDOWS\system32\drivers\cdrdrv.sys [2002-07-26 14:32]
R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys [2001-10-04 11:53]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2002-08-09 16:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:56]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 BT878;GDI WDM Black Gold Digital Audio;C:\WINDOWS\system32\drivers\gdistrm.sys [2002-10-23 10:12]
S3 GDI848;GDI WDM Black Gold Video;C:\WINDOWS\system32\drivers\gdivcap.sys [2002-10-23 10:12]
S3 GDITUNE;GDI WDM Black Gold TV/Radio Tuner;C:\WINDOWS\system32\drivers\gditune.sys [2002-10-23 10:12]
S3 GDIXBAR;GDI WDM Black Gold Crossbar;C:\WINDOWS\system32\drivers\GDIXBAR.sys [2002-10-23 10:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-02 20:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 10:10:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-05-16 16:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2008-05-20 10:07:08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 11:10:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-05-20 11:20:17 - machine was rebooted [fredrick]
ComboFix-quarantined-files.txt 2008-05-20 10:19:56

Pre-Run: 5,344,706,560 bytes free
Post-Run: 5,297,176,576 bytes free

299 --- E O F --- 2008-05-17 02:07:16

hi Brodie100,

looks good. please repeat the malwarebytes scan. and post anew hjt log. hows it looking on your end now?

hi,

What seems to be happening is the computer seems fine for a short time and then I cannot search and even clicking on links I do not get a response most of the time, I cannot download programs and then later it seems a bit better.

It is as if my protection is allowing things past them to stop me doing things or it is letting another site know I'm online and that stops me using my computer properly if that makes sense? that is what it feels like anyway.

I'll do the malwarebytes scan, btw on the combofix my bitdefender picked up something which said "EICAR this is not a virus", I didn't take any action should I restore it now?

And I've just been doing a bitdefender scan should I post that? Or just Malwarebytes?

Did i download these with the combofix?

Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\fredrick.BOOMER\Desktop\ComboFix(2).exe=](RAR Sfx o)=]327882R2FWJFW\NirCmdC.cfexe Backdoor.Generic.46598 Delete Failed (file was in an archive)
C:\Documents and Settings\fredrick.BOOMER\Desktop\ComboFix.exe=](RAR Sfx o)=]327882R2FWJFW\NirCmdC.cfexe Backdoor.Generic.46598 Delete Failed (file was in an archive)

hi,

thanks for the info. NirCmdC.cfexe is a component of combofix.

you can post the malwarebytes scan please.once it looks good we can attempt to address the other issues which may not be malware related.

Malwarebytes' Anti-Malware 1.12
Database version: 774

Scan type: Full Scan (C:\|)
Objects scanned: 109532
Time elapsed: 2 hour(s), 19 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\XPRepairPro2007 (Rogue.XPRepairPro2007) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------
Seems so much better, thanks so much, it is really appreciated.

hi,

ok good and your welcome. you have to many anti-malware apps. more dosnt increase your protection, they only overlap in what they do and if you have more than one real-time protection running (not all anti-malware have this)it can chew up system resources.

you have or had?

ad aware
antimalwarebytes
a squared
avg antispyware
spy sweeper
spyware doctor

you should remove some of these via the add/remove programs panel. Personally i think two is plenty.
reboot computer after the uninstalls and please post a final hjt log.

shelf life

Hi, yes please tell me which you think are the best, I have found different ones find different things.

BTW what should I do with the objects my bitdefender has blocked as virus's and backdoor objects?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:38, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6842 bytes

hi Brodie100,

you can remove combofix like this:

start>run and type in combofix /u
click ok
note: there is a space after the x and before the /

system restore:
One of the features of Windows ME,XP and Vista is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore folder. Therefore, clearing the restore points is a good idea after malware is removed.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
---------------------------------------------------

what should I do with the objects my bitdefender has blocked as virus's and backdoor objects?


there must be some way to empty/delete whats in quarantine, poke around the interface.

i would keep spybot and malwarebytes, these are free, so are some of the others you have. if you paid for one or more keep them and remove malwarebytes and spybot.

another thing:
Vulnerabilities/exploits in versions of Sun Java may be responsible for some malware installs via your browser.

It is important to keep Sun Java up to date and also to remove older versions which may have vulnerabilites/exploits that can be taken advantage of to possibly introduce malware via your browser.

* 1. Uninstall old versions of Sun Java via Add/Remove Programs.
* 2. Click the Remove or Change/Remove button
* 3. Reboot your PC if prompted.

to check if you have the latest version of Java and to download the latest version:

http://www.java.com/en/download/installed.jsp
--------------------------------------
if all is good;
My Top Ten
The Short Version:

1) Keep your OS, browser and software up to date.
2) Know what you are installing to your computer. Do you trust the source?
3) Install, keep updated: antivirus and one or two anti-malware applications.
4) Dont click on adds/pop ups or offers from websites to install software.
5) Dont click on offers to "scan" your computer.
6) Dont click on links or install files you receive via E-Mail, IM, Chat Rooms or Social Sites. Do you trust the source?
7) Set up and use limited accounts rather than administrator accounts.
8) Consider using an alternate browser and E-mail client.
9) Install and understand the limitations of a third party software firewall.
10) If your habits include warez, cracks/keygens, P2P or visting adult sites you are much more likely to encounter malicious code. Do you trust the source?

longer version in link below. happy safe surfing out there.

Hi Thanks so much for your help, time and advice you really are a top bloke, thanks again.