Virtumonde, Smitfraud... Help Please.

[STN1225]

I saw the dancing Logo so I think Java is working. Below is the list.

Ad-Aware
Adobe Flash Player Plugin
Adobe Reader 8.1.1
America Online (Choose which version to remove)
Apple Software Update
AVG Free 8.0
BitDefender Total Security 2008
Bonjour
CCleaner (remove only)
CDDRV_Installer
CDisplay 1.8
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
DellSupport
DivX Player
DivX Pro Codec Adware
DivX Web Player
DVDSentry
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotspot Shield 1.10
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
Internet Explorer Q903235
InternetGuard
Java(TM) 6 Update 11
KhalSetup
Lexmark X83
Lightning Warrior Raidy
Logitech SetPoint
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Data Access Components KB870669
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.0.5)
MSN Messenger 7.5
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
Nintendo Wi-Fi USB Connector Registration Tool
OpenOffice.org Installer 1.0
PowerDVD
QuickTime
RamBooster
RealPlayer
Spybot - Search & Destroy
Tokimeki Check in!
VideoLAN VLC media player 0.8.6h
Viewpoint Media Player
Wii Video 9 2.15
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR archiver
WordPerfect Office 11

[Bio-Hazard]

Hello!

It is looking good Do you have any problems?



Remove programs

• Click Start
• Go to Control Panel
• Go to Add/Remove Programs
• Find and click Remove for the following (if present):
  
  DivX Pro Codec Adware

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

[STN1225]

Everything is working fine. However, I ran Spybot S&D just now and it found a Smitfraud on my system. I fixed it but I know these things are pervasive and might reemerge. I've added a HJT Log one last time if you don't mind checking.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:19 AM, on 1/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F366278-67BC-481C-AE99-8E3BA17BE039}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F366278-67BC-481C-AE99-8E3BA17BE039}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{3F366278-67BC-481C-AE99-8E3BA17BE039}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6893 bytes

[Bio-Hazard]

Hello!

I would like to see this Spybot entry.

Spybot-S&D Previous Reports

• Go into Spybot
• Click Mode
• Click Advanced mode
• Click Tools
• Click View Reports
• Click View Pervious reports
• Look for the Fixes.yymmdd-hhmm.log file that was produced when you found and fixed the detection you are questioning
• Open it
• To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy.
• Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread

[STN1225]

Hey,

here is the log you requested.


--- Report generated: 2009-01-10 11:34 ---

Smitfraud-C.: [SBI $99619F8C] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3306270314-2952557106-4040418671-1007\Software\Microsoft\instkey


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-11-13 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2008-11-04 Includes\Adware.sbi (*)
2008-12-29 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-29 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2008-12-16 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-12-29 Includes\Trojans.sbi (*)
2008-12-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[Bio-Hazard]

Hello!

It could be a just a leftover entry in registry which is harmless but just to make sure lets run this tool.

random's system information tool (RSIT)

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[STN1225]

Below are the two requested logs.





info.txt logfile of random's system information tool 1.05 2009-01-11 14:27:22

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitDefender Total Security 2008-->MsiExec.exe /I{92098E58-00AD-4F78-AD6E-807BDB323478}
Bonjour-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotspot Shield 1.10-->C:\Program Files\Hotspot Shield\Uninstall.exe
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Explorer Q903235-->C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
InternetGuard-->"C:\Program Files\Internet Explorer\iexplore.exe" "http://notetol.com/uninstall.php"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KhalSetup-->MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Lexmark X83-->C:\Program Files\LexmarkX83\RemoveX83.exe
Lightning Warrior Raidy-->C:\WINDOWS\unvise32.exe C:\Program Files\G-Collections\uninstal.log
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
MGI PhotoSuite 8.1 (Remove Only)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite 8.1\Uninst.isu" -c"C:\Program Files\MGI\PhotoSuite 8.1\CustomUninstall.dll"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nintendo Wi-Fi USB Connector Registration Tool-->C:\Program Files\WiFiConnector\SoftAPUninst.exe
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RamBooster-->C:\Program Files\RamBooster 2.0\Uninst.exe /pid:{ADE3CACC-EC31-480C-83A0-587EE60CE8DF} /asd
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tokimeki Check in!-->C:\WINDOWS\unvise32.exe C:\Program Files\Tokimeki Check in!\uninstal.log
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wii Video 9 2.15-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 11-->MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}

=====HijackThis Backups=====

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O2 - BHO: (no name) - {5D0F915B-3C9F-435A-AF37-7A08A18F6D7E} - C:\WINDOWS\system32\yayxwUmK.dll (file missing)
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Alan\lsass.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O2 - BHO: (no name) - {7ABF2677-E76E-4381-B6FD-9F58DF2BCDF3} - C:\WINDOWS\system32\fcccCutt.dll (file missing)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {EE7FA47C-7245-4AB5-BE02-0575674695D4} - C:\WINDOWS\system32\efcbbYPh.dll (file missing)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: ALANPC
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 4236
Source Name: Service Control Manager
Time Written: 20081113200250.000000-300
Event Type: information
User: ALANPC\Alan

Computer Name: ALANPC
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 4235
Source Name: Service Control Manager
Time Written: 20081113200248.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ALANPC
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 4234
Source Name: Service Control Manager
Time Written: 20081113200248.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ALANPC
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 4233
Source Name: Service Control Manager
Time Written: 20081113200248.000000-300
Event Type: information
User:

Computer Name: ALANPC
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 4232
Source Name: Service Control Manager
Time Written: 20081113200248.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: ALANPC
Event Code: 1
Message:
Record Number: 4154
Source Name: Bonjour Service
Time Written: 20081018084819.000000-300
Event Type: information
User:

Computer Name: ALANPC
Event Code: 1
Message:
Record Number: 4153
Source Name: avg8emc
Time Written: 20081018084631.000000-300
Event Type: information
User:

Computer Name: ALANPC
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 4152
Source Name: SecurityCenter
Time Written: 20081018084626.000000-300
Event Type: information
User:

Computer Name: ALANPC
Event Code: 1
Message:
Record Number: 4151
Source Name: Bonjour Service
Time Written: 20081017130214.000000-300
Event Type: information
User:

Computer Name: ALANPC
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 4150
Source Name: SecurityCenter
Time Written: 20081017130037.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip

-----------------EOF-----------------







Logfile of random's system information tool 1.05 (written by random/random)
Run by Alan at 2009-01-11 14:26:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 17 GB (44%) free of 38 GB
Total RAM: 254 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:13 PM, on 1/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Alan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F366278-67BC-481C-AE99-8E3BA17BE039}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F366278-67BC-481C-AE99-8E3BA17BE039}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{3F366278-67BC-481C-AE99-8E3BA17BE039}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6902 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2008-11-28 204248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2003-08-13 28672]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"Lexmark X83 Button Monitor"=C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe [2001-10-18 40960]
"Lexmark X83 Button Manager"=C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe [2001-06-14 53248]
"PrinTray"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2001-10-25 36864]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-30 1261336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-07 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RamBooster"=C:\Program Files\RamBooster 2.0\Rambooster.exe [2005-11-17 561664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2003-08-09 36953]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
C:\PROGRA~1\WIFICO~1\NINTEN~1.EXE [2006-11-15 1073152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Palm\palm.exe"="C:\Palm\palm.exe:*:Enabled:Palm Desktop"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\WINDOWS\SYSTEM32\fxsclnt.exe"="C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======List of files/folders created in the last 1 months======

2100-04-01 16:22:34 ----AC---- C:\WINDOWS\X83_DS.ini
2100-02-24 13:15:04 ----AC---- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 15:09:06 ----AC---- C:\WINDOWS\system32\LXASUSCI.INI
2009-01-11 14:26:08 ----D---- C:\rsit
2009-01-07 21:32:20 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-07 21:32:20 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-07 21:32:19 ----A---- C:\WINDOWS\system32\java.exe
2009-01-07 21:31:47 ----D---- C:\Program Files\Java
2009-01-07 20:54:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-07 20:38:09 ----SHD---- C:\RECYCLER
2009-01-07 20:17:32 ----D---- C:\WINDOWS\temp
2009-01-07 20:17:22 ----A---- C:\ComboFix.txt
2009-01-07 20:06:21 ----D---- C:\32788R22FWJFW
2008-12-18 08:29:03 ----D---- C:\Program Files\G-Collections
2008-12-18 08:18:17 ----D---- C:\Program Files\MagicISO

======List of files/folders modified in the last 1 months======

2009-01-11 14:26:12 ----D---- C:\WINDOWS\Prefetch
2009-01-11 14:24:25 ----D---- C:\Program Files\Mozilla Firefox
2009-01-11 06:44:22 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2009-01-11 06:43:31 ----AD---- C:\WINDOWS
2009-01-11 06:43:31 ----A---- C:\WINDOWS\ACMonitor_X83.ini
2009-01-10 21:53:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-10 11:37:42 ----D---- C:\Program Files\DivX
2009-01-10 11:37:42 ----AD---- C:\WINDOWS\SYSTEM32
2009-01-07 21:31:54 ----SHD---- C:\WINDOWS\Installer
2009-01-07 21:31:47 ----AD---- C:\Program Files
2009-01-07 20:17:35 ----D---- C:\QooBox
2009-01-07 20:12:15 ----N---- C:\WINDOWS\system.ini
2009-01-07 20:11:01 ----D---- C:\WINDOWS\system32\DRIVERS
2009-01-07 20:11:00 ----D---- C:\WINDOWS\AppPatch
2009-01-07 20:11:00 ----D---- C:\Program Files\Common Files
2009-01-04 18:48:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-04 18:38:01 ----AD---- C:\WINDOWS\system32\CONFIG
2009-01-04 18:36:42 ----D---- C:\WINDOWS\erdnt
2009-01-03 19:00:11 ----AC---- C:\WINDOWS\system32\0bff644e-.txt
2009-01-03 17:30:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-03 12:31:14 ----HD---- C:\$AVG8.VAULT$
2008-12-29 10:02:50 ----D---- C:\Documents and Settings\Alan\Application Data\Mozilla
2008-12-18 08:23:03 ----HD---- C:\WINDOWS\INF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-05 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-05 76040]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\Documents and Settings\Alan\My Documents\Downloads\New Folder (2)\VCdRom.sys []
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0; C:\WINDOWS\System32\Drivers\usbscan.sys [2004-08-04 15104]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2003-08-28 4272]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbscan;Usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-29 611664]
R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2005-11-28 229376]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-11-25 88024]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-07 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-16 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SCAN;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

[Bio-Hazard]

Show All Files And Folders Windows XP

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Show hidden files and folders.
• Uncheck Hide file extensions for known file types
• Uncheck the Hide protected operating system files (recommended) option.
• Click Apply to confirm.
• Click OK.

Delete file

Using Windows Explore by right-clicking the start button and left clicking Explore navigate to and find the following file: if found, delete them (some may not be present after previous steps):

• File:
  C:\WINDOWS\system32\0bff644e-.txt

Firewall

Looking over your log it seems you don't have any evidence of a third party FIREWALL. As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

I would recommend to install install a free firewall for personal use from one of these excellent vendors. Choice is yours:

• Online-Armor Free
• Agnitum
• Sunbelt/Kerio (Free version after 30 days)
• Comodo (Uncheck during installation Install Comodo SafeSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!)

Your log now appears to be clean. Congratulations!

You can get rid of the tools we used:

• RSIT (You can just delete the exe file from your desktop) and the folder C:/rsit
• ATF cleaner (You can just delete the exe file from your desktop)
• Javara (You can just delete the exe file from your desktop)

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

Delete ComboFix and Clean Up
Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)

Please advise if this step is missed for any reason as it performs some important actions.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

• Make sure that you keep your antivirus updated
  New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  NOTE:You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
• Security Updates for Windows, Internet Explorer & Microsoft Office
  Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
  NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
• Update Non-Microsoft Programs
  Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.
• Make Internet Explorer More Secure
  You are using Internet Explorer v.6.
  
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.
  
  

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

• WinPatrol
  As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
• SpywareBlaster
  SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
• Malwarebytes' Anti-Malware
  Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide and Malwarebytes' Anti-Malware Scanning Guide.
• Hosts File
  For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
• Use an alternative Internet Browser
  Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:Firefox or Opera

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Bio-Hazard

[STN1225]

Hey,

Thanks for all your help, I really appreciate it.

I have been going through the list of things you suggested I install, like the firewall, and will definitely be using them.

I also read the part asking what we wanted done to those who infected our machines. To that effect I have a question. My first symptoms (Annoying popups) occured while I was using Hotspot Sheild to stream video from Hulu. I don't live in the US so I need such a program to stream video from those sites. I don't know if it was Hotspot what left me vulnerable. Do you know if Hotspot is safe to use. I have used it scores of times before without being infected and find it difficult to believe it was the cause. If it was though I will of course stop using it. Also, if it was the cause can you recommend another such program I could use in its place?

Once again, thanks for all your help.

[Bio-Hazard]

Hey,

Thanks for all your help, I really appreciate it.

I have been going through the list of things you suggested I install, like the firewall, and will definitely be using them.

I also read the part asking what we wanted done to those who infected our machines. To that effect I have a question. My first symptoms (Annoying popups) occured while I was using Hotspot Sheild to stream video from Hulu. I don't live in the US so I need such a program to stream video from those sites. I don't know if it was Hotspot what left me vulnerable. Do you know if Hotspot is safe to use. I have used it scores of times before without being infected and find it difficult to believe it was the cause. If it was though I will of course stop using it. Also, if it was the cause can you recommend another such program I could use in its place?

Once again, thanks for all your help.

Hello!

It was my pleasure. Hotspot is safe to use in my opinion. It is hard to say when the actual infection came to you.

Any other questions?