View Full Version : Virtumonde Removal
waitingfortomorrow
2008-08-10, 03:04
Sorry if I make any mistakes here, as this is my first post at this forum. I ran Spybot S&D yesterday and it informed me that I have Virtumonde on my computer. I scanned like I said, fixed the problem and restarted. When I ran the scan again Virtumonde came back up again. Can anyone help? Hijackthis log is below.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:05 PM, on 8/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\Home\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
O4 - HKLM\..\RunOnce: [SpybotDeletingA613] command /c del "C:\Documents and Settings\Home\Application Data\AdwareAlert\Log\2008 Aug 09 - 02_44_29 PM_634.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1646] cmd /c del "C:\Documents and Settings\Home\Application Data\AdwareAlert\Log\2008 Aug 09 - 02_44_29 PM_634.log"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB816] command /c del "C:\Documents and Settings\Home\Application Data\AdwareAlert\Log\2008 Aug 09 - 02_44_29 PM_634.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9075] cmd /c del "C:\Documents and Settings\Home\Application Data\AdwareAlert\Log\2008 Aug 09 - 02_44_29 PM_634.log"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214353779203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217785267536
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winxtm32 - C:\WINDOWS\SYSTEM32\winxtm32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 8894 bytes
Hello waitingfortomorrow
Welcome to Safer Networking.
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
You have a backdoor trojan on your system, what this does is download other malware while your online, so until your clean outside of posting here.....Stay Off the Internet.
Do this first...Important
Disable the TeaTimer, leave it disabled until we're done,
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
You need to enable windows to show all files and folders, instructions Here (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
O4 - HKLM\..\RunOnce: [SpybotDeletingA613] command /c del "C:\Documents and Settings\Home\Application Data\AdwareAlert\Log\2008 Aug 09 - 02_44_29 PM_634.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1646] cmd /c del "C:\Documents and Settings\Home\Application Data\AdwareAlert\Log\2008 Aug 09 - 02_44_29 PM_634.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB816] command /c del "C:\Documents and Settings\Home\Application Data\AdwareAlert\Log\2008 Aug 09 - 02_44_29 PM_634.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9075] cmd /c del "C:\Documents and Settings\Home\Application Data\AdwareAlert\Log\2008 Aug 09 - 02_44_29 PM_634.log"
O20 - Winlogon Notify: winxtm32 - C:\WINDOWS\SYSTEM32\winxtm32.dll
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SYSTEM32\winxtm32.dll <-- Delete this file
Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, uses system resources and basically is not needed for anything.
Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a New Hijackthis log.
waitingfortomorrow
2008-08-13, 04:33
While waiting for your reply, I did a bit more reading online and deleted most of the stuff for Adware Alert, I had read that that was one of the fixes for Virtumonde, how I was mistaken, next time I think I'll wait for a reply from you guys. Here's the results from the MBAM scan.
Malwarebytes' Anti-Malware 1.24
Database version: 1046
Windows 5.1.2600 Service Pack 3
9:28:26 PM 8/12/2008
mbam-log-8-12-2008 (21-28-26).txt
Scan type: Quick Scan
Objects scanned: 40427
Time elapsed: 8 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:07 PM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\Home\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214353779203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217785267536
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 7910 bytes
Hello,
You have to be real careful what programs you download, the trend right now for malware writers is to mimic a legit program. When we're done , I am going to link you to some FREE programs to install to help keep you more secure, outside of those there is no need outside of a Anti Virus program to purchase anything, Anything that pops up in your browser offering a free scan almost 100% of the time is bad, legitimate companies don't operate like that.
Your log looks fine but there could be more hiding.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorised password and other personal information as removing cookies will temporarily disable the auto-login facility.
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.
In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
waitingfortomorrow
2008-08-13, 05:43
Well I do have Avast Antivirus, Windows Defender, Zonealarm, and Malwarebyte's installed, but you can never be too safe. Thank you by the way, for helping me thus far.
ComboFix 08-08-12.01 - Home 2008-08-12 22:29:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.420 [GMT -4:00]
Running from: C:\Documents and Settings\Home\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 32
pv: No matching processes found
Access is denied.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Home\Application Data\macromedia\Flash Player\#SharedObjects\7CGLKS23\interclick.com
C:\Documents and Settings\Home\Application Data\macromedia\Flash Player\#SharedObjects\7CGLKS23\interclick.com\ud.sol
C:\Documents and Settings\Home\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Home\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.
2008-08-12 17:07 . 2008-08-12 17:14 <DIR> d-------- C:\Program Files\a-squared Free
2008-08-11 20:37 . 2008-08-11 20:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-11 20:37 . 2008-08-11 20:37 <DIR> d-------- C:\Documents and Settings\Home\Application Data\SUPERAntiSpyware.com
2008-08-11 15:52 . 2008-08-11 15:52 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Malwarebytes
2008-08-11 15:52 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-11 15:51 . 2008-08-11 15:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 15:51 . 2008-08-11 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 15:51 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-09 15:11 . 2008-08-09 15:11 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-08-09 15:10 . 2008-08-09 15:12 <DIR> d-------- C:\Documents and Settings\Home\.housecall6.6
2008-08-09 12:37 . 2008-08-09 13:05 96 --a------ C:\index.ini
2008-08-09 02:37 . 2008-08-09 02:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-09 02:32 . 2008-08-09 02:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-09 02:23 . 2008-08-09 02:23 <DIR> d-------- C:\Program Files\Mavis
2008-08-09 01:17 . 2008-08-09 01:17 <DIR> d-------- C:\Program Files\VS Revo Group
2008-08-08 19:18 . 2007-07-11 11:11 888,832 --a------ C:\WINDOWS\SYSTEM32\securenet.dll
2008-08-08 17:23 . 2008-08-08 17:23 <DIR> d-------- C:\Documents and Settings\Home\Application Data\CyberLink
2008-08-03 14:44 . 2008-08-03 14:44 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Windows Search
2008-08-03 14:43 . 2008-08-03 14:43 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Windows Desktop Search
2008-08-03 14:42 . 2008-08-03 14:42 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-08-03 14:42 . 2008-08-03 14:42 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-03 14:40 . 2008-03-07 13:02 192,000 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\offfilt.dll
2008-08-03 14:40 . 2008-03-07 13:02 98,304 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\nlhtml.dll
2008-08-03 14:40 . 2008-03-07 13:02 29,696 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\mimefilt.dll
2008-08-03 13:55 . 2008-08-03 13:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-29 22:15 . 2008-07-29 22:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\Adobe
2008-07-29 13:16 . 2008-08-12 01:23 <DIR> d-------- C:\Documents and Settings\Home\Application Data\skypePM
2008-07-29 13:16 . 2008-07-29 13:16 56 --ah----- C:\WINDOWS\SYSTEM32\ezsidmv.dat
2008-07-29 12:57 . 2008-08-12 01:44 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Skype
2008-07-29 12:53 . 2008-07-29 12:54 <DIR> d-------- C:\Program Files\Skype
2008-07-29 12:53 . 2008-07-29 12:53 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-29 12:53 . 2008-07-29 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-21 19:12 . 2008-07-21 19:47 <DIR> d-------- C:\Documents and Settings\Home\Contacts
2008-07-21 18:47 . 2008-07-21 19:03 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-21 18:46 . 2008-07-21 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-19 01:18 . 2005-06-21 16:43 163,840 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2008-07-18 21:06 . 2008-07-18 21:06 54,945 --a------ C:\lxcgUNST.csv
2008-07-18 18:04 . 2008-07-18 18:04 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Printer Info Cache
2008-07-18 16:39 . 2002-10-16 17:00 778,240 --a------ C:\WINDOWS\SYSTEM32\Petz 5.scr
2008-07-17 19:34 . 2008-07-17 19:34 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-07-17 14:40 . 2008-08-08 15:55 43,520 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2008-07-17 13:15 . 1998-09-02 04:28 38,160 --a------ C:\WINDOWS\SYSTEM32\LMRTREND.dll
2008-07-17 13:14 . 1998-09-02 04:02 194,320 --a------ C:\WINDOWS\SYSTEM32\qcut.dll
2008-07-17 13:14 . 1998-08-27 00:51 182,032 --a------ C:\WINDOWS\SYSTEM32\dxtmsft3.dll
2008-07-17 13:14 . 1998-08-20 07:02 140,800 --a------ C:\WINDOWS\SYSTEM32\tm20dec.ax
2008-07-17 13:14 . 1998-09-02 04:28 63,488 --a------ C:\WINDOWS\SYSTEM32\unam4ie.exe
2008-07-17 13:14 . 1998-08-17 05:21 11,776 --a------ C:\WINDOWS\SYSTEM32\mciqtz.drv
2008-07-17 13:14 . 1998-08-17 05:21 10,240 --a------ C:\WINDOWS\SYSTEM32\vidx16.dll
2008-07-17 13:14 . 1998-08-17 05:21 5,672 --a------ C:\WINDOWS\SYSTEM32\quartz.vxd
2008-07-17 13:14 . 2008-07-17 13:14 4,608 --a------ C:\WINDOWS\SYSTEM32\w95inf32.dll
2008-07-17 13:14 . 2008-07-17 13:14 2,272 --a------ C:\WINDOWS\SYSTEM32\w95inf16.dll
2008-07-17 13:13 . 2008-07-17 13:13 216 --a------ C:\WINDOWS\PowerReg.dat
2008-07-17 13:12 . 2008-07-17 13:12 <DIR> d-------- C:\Program Files\Hasbro Interactive
2008-07-17 02:29 . 2008-07-17 02:29 <DIR> d-------- C:\Documents and Settings\Home\Application Data\SoftwareDetectionScripts
2008-07-17 02:27 . 2008-08-12 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\temp
2008-07-16 23:06 . 2008-07-16 23:06 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-16 23:06 . 1999-04-02 16:37 33,792 -ra------ C:\WINDOWS\NPSExec.exe
2008-07-16 23:06 . 2008-07-16 23:06 0 --a------ C:\WINDOWS\VDM46.tmp
2008-07-16 17:52 . 2008-07-18 22:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
2008-07-16 16:44 . 2008-07-21 19:06 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2008-07-16 15:46 . 2008-08-12 22:34 11,001,888 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-07-16 15:46 . 2008-08-12 21:36 131,612 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-07-16 15:34 . 2008-07-16 16:44 <DIR> d-------- C:\Program Files\Western Digital
2008-07-16 15:34 . 2008-07-16 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-13 01:00 . 2008-07-13 01:00 <DIR> d-------- C:\Documents and Settings\Home\Application Data\wootalyzer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 02:20 --------- d-----w C:\Program Files\Lx_cats
2008-08-13 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-13 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-12 20:35 --------- d-----w C:\Documents and Settings\Home\Application Data\LimeWire
2008-08-12 02:34 --------- d-----w C:\Program Files\Java
2008-08-12 00:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-09 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-09 03:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-09 01:32 --------- d-----w C:\Program Files\Wootalyzer
2008-08-08 21:33 --------- d-----w C:\Documents and Settings\Home\Application Data\U3
2008-07-26 17:45 1,505,179 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-07-18 22:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 21:04 --------- d-----w C:\Program Files\Creative
2008-07-17 04:53 --------- d-----w C:\Program Files\Verizon
2008-07-17 04:49 --------- d-----w C:\Program Files\Common Files\Motive
2008-07-16 20:57 --------- d-----w C:\Program Files\Google
2008-07-15 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-07-12 00:33 557,056 ----a-w C:\Documents and Settings\Home\GoToAssist_phone__317_en.exe
2008-07-11 23:29 --------- d-----w C:\Documents and Settings\Home\Application Data\SiteAdvisor
2008-07-09 13:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 13:05 1,086,952 ----a-w C:\WINDOWS\SYSTEM32\zpeng24.dll
2008-07-08 23:42 --------- d-----w C:\Documents and Settings\Home\Application Data\Creative
2008-07-08 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-07-08 23:34 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}
2008-07-08 20:34 --------- d-----w C:\Program Files\Yahoo!
2008-07-01 03:27 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-07-01 02:36 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-06-29 20:16 --------- d-----w C:\Program Files\LimeWire
2008-06-29 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-26 22:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-26 21:22 --------- d-----w C:\Program Files\Windows Defender
2008-06-26 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 03:34 --------- d-----w C:\Program Files\Lavasoft
2008-06-26 03:21 --------- d-----w C:\Documents and Settings\Home\Application Data\Verizon
2008-06-26 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Verizon
2008-06-26 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-26 02:14 --------- d-----w C:\Documents and Settings\Home\Application Data\Jasc Software Inc
2008-06-26 01:42 1,530,880 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-06-25 17:55 --------- d-----w C:\Documents and Settings\Home\Application Data\FaxCtr
2008-06-25 17:54 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-06-25 17:46 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-06-25 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-06-25 16:03 1,427,456 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-06-25 00:20 --------- d-----w C:\Program Files\Atari
2008-06-25 00:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-24 23:59 --------- d-----w C:\Program Files\Zone Labs
2008-06-24 23:14 --------- d-----w C:\Documents and Settings\Home\Application Data\Jasc
2008-06-24 23:09 --------- d-----w C:\Program Files\Hasbro
2008-06-24 22:34 --------- d-----w C:\Program Files\Alwil Software
2008-06-24 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-24 22:19 --------- d-----w C:\Program Files\AIM6
2008-06-24 22:19 --------- d-----w C:\Documents and Settings\Home\Application Data\acccore
2008-06-24 22:18 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-24 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-24 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-24 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore
2008-06-24 22:02 --------- d-----w C:\Documents and Settings\Home\Application Data\Motive
2008-06-24 21:54 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-06-24 21:47 --------- d-----w C:\Program Files\Microsoft Hardware
2008-06-24 21:42 --------- d-----w C:\Documents and Settings\Home\Application Data\Sonic
2008-06-24 21:42 --------- d-----w C:\Documents and Settings\Home\Application Data\Leadertech
2008-06-24 21:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-24 21:25 --------- d-----w C:\Documents and Settings\Home\Application Data\Corel
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-05-27 02:21 1,582,592 ------w C:\WINDOWS\SYSTEM32\tquery.dll
2008-05-27 02:21 1,418,240 ------w C:\WINDOWS\SYSTEM32\mssrch.dll
2008-05-27 02:19 97,792 ------w C:\WINDOWS\SYSTEM32\UncCplExt.dll
2008-05-27 02:19 273,408 ------w C:\WINDOWS\SYSTEM32\oeph.dll
2008-05-27 02:19 2,048 ------w C:\WINDOWS\SYSTEM32\UncRes.dll
2008-05-27 02:19 143,872 ------w C:\WINDOWS\SYSTEM32\UncDMS.dll
2008-05-27 02:19 131,072 ------w C:\WINDOWS\SYSTEM32\UncPH.dll
2008-05-27 02:19 11,264 ------w C:\WINDOWS\SYSTEM32\oephRes.dll
2008-05-27 02:19 108,032 ------w C:\WINDOWS\SYSTEM32\UncNE.dll
2008-05-27 02:18 71,680 ------w C:\WINDOWS\SYSTEM32\propdefs.dll
2008-05-27 02:18 56,320 ------w C:\WINDOWS\SYSTEM32\xmlfilter.dll
2008-05-27 02:18 44,032 ------w C:\WINDOWS\SYSTEM32\msstrc.dll
2008-05-27 02:18 439,808 ------w C:\WINDOWS\SYSTEM32\searchindexer.exe
2008-05-27 02:18 38,400 ------w C:\WINDOWS\SYSTEM32\rtffilt.dll
2008-05-27 02:18 350,208 ------w C:\WINDOWS\SYSTEM32\mssph.dll
2008-05-27 02:18 231,936 ------w C:\WINDOWS\SYSTEM32\msshsq.dll
2008-05-27 02:18 203,776 ------w C:\WINDOWS\SYSTEM32\mssphtb.dll
2008-05-27 02:18 184,832 ------w C:\WINDOWS\SYSTEM32\searchprotocolhost.exe
2008-05-27 02:17 87,552 ------w C:\WINDOWS\SYSTEM32\searchfilterhost.exe
2008-05-27 02:17 87,552 ------w C:\WINDOWS\SYSTEM32\mssitlb.dll
2008-05-27 02:17 754,176 ------w C:\WINDOWS\SYSTEM32\propsys.dll
2008-05-27 02:17 60,416 ------w C:\WINDOWS\SYSTEM32\msscntrs.dll
2008-05-27 02:17 34,816 ------w C:\WINDOWS\SYSTEM32\msscb.dll
2008-05-27 02:17 32,768 ------w C:\WINDOWS\SYSTEM32\mssprxy.dll
2008-05-27 02:17 301,568 ------w C:\WINDOWS\SYSTEM32\srchadmin.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"SoftAuto.exe"="C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [2008-05-27 22:39 401408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 14:03 2065648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 13:48 73728]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 10:38 78008]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 01:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 22:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 22:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 22:39 455168]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"WD Drive Manager"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 17:12 430080]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2005-08-01 08:05 94208 C:\Program Files\Lexmark 2300 Series\ezprint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 10:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 17:12]
S3 nenum13E;nenum13E;C:\DOCUME~1\Home\LOCALS~1\Temp\nenum13E.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f64abfe-4233-11dd-991a-000f1f75ec6d}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-08-13 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKLM-Run-ISUSPM - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-POINTER - point32.exe
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\y8tymvi0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://forums.spybot.info/showthread.php?p=221609#post221609
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1265.1931\npCIDetect12.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 22:34:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-12 22:37:51
ComboFix-quarantined-files.txt 2008-08-13 02:37:42
Pre-Run: 22,455,652,352 bytes free
Post-Run: 22,501,650,432 bytes free
279 --- E O F --- 2008-06-25 16:14:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:34 PM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214353779203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217785267536
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 7196 bytes
Good Morning,
Well I do have Avast Antivirus, Windows Defender, Zonealarm, and Malwarebyte's installed:bigthumb: You also have Ad-Aware which is a good program also.
I see and entry on your Combofix log for Limewire although I don't see it running, I would like you to read this about P2P (File Sharing Programs) so I would strongly urge you to uninstall it. This forum and most of the other malware forums are requiring that these type of programs be removed before help is offered.
P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
Your logs look fine, how are things running now??
waitingfortomorrow
2008-08-13, 19:28
Everything's running good now, yes I do have limewire, but I have the sharing turned off on everything on my computer, though I do know some of the files you download can be infected. Thanks again for your help.
That's great, glad things are well :bigthumb:
Malwarebytes<-- This is yours to keep, check for updates and run a scan now and then.
ATF Cleaner <-- This is also yours to keep, run it a few times a month to keep your system nice and clean
Combofix <-- This is not a general all purpose cleaning tool, do not download and run it without supervision
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
When shown the disclaimer, Select "2"
The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.
How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
Spybot Search and Destroy 1.5 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Safe Surfn
Ken
waitingfortomorrow
2008-08-13, 20:46
Thanks for all your help, I installed what you recommended so hopefully from now on I'll be more protected. :)
Your very welcome,
Take care,
Ken:)