Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

IE running invisible in background. voice ads.

This is a discussion on IE running invisible in background. voice ads. within the Resolved HJT Threads forums, part of the Tech Support Forum category. I seem to have caught the virus that runs explorer.exe in the background, playing voice ads and occasional pop ups


 
 
Thread Tools Search this Thread
Old 07-28-2010, 04:04 PM   #1
Registered Member
 
Join Date: Jul 2010
Posts: 8
OS: XP Professional



I seem to have caught the virus that runs explorer.exe in the background, playing voice ads and occasional pop ups from IE, which I dont use.
I see that Im far from alone, seeing a lot of people running all of the big programs like Norton, AVG, Malware Bytes, and all those other good ones to no avail.

Thanks in advance for any help in solving this.

I followed the directions best I could, let me know if something is wrong.

Here is the DDS.txt file:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 13:21:22.81 on Wed 07/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.434 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 100728-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
svchost.exe 4
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe 4
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: @c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Pareto_Update] c:\program files\common files\paretologic\uus2\Pareto_Update.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [3c1807pd] c:\windows\system32\3cmlink.exe runservices \device\3cpipe-3c1807pd
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1363.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212591819218
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233676363234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
TCP: {193A8B94-9793-4C93-919D-1BDBCB6F08C1} = 216.165.129.158,216.170.153.146
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\sa3wzurl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.youtube.com
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-24 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-24 352920]

=============== Created Last 30 ================

2010-07-27 01:01:36 0 d-----w- c:\program files\World of Warcraft
2010-07-18 17:50:09 0 d-----w- c:\program files\common files\Symantec Shared
2010-07-18 17:42:51 0 d-----w- c:\windows\system32\drivers\NSS
2010-07-18 17:42:50 0 d-----w- c:\program files\Norton Security Scan
2010-07-18 17:42:30 0 d-----w- c:\program files\NortonInstaller
2010-07-14 17:47:28 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 02:20:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat

==================== Find3M ====================

2010-05-18 21:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-05-18 17:16:56 7168 --sha-w- c:\program files\Thumbs.db
2009-05-17 17:20:13 7168 --sha-w- c:\program files\common files\Thumbs.db

============= FINISH: 13:22:06.14 ===============
Attached Files
File Type: zip Attach.zip (4.0 KB, 12 views)

__________________
MatthewToads is offline  
Old 07-28-2010, 08:47 PM   #2
TSF Team, Emeritus
 
vpw_pearl's Avatar
 
Join Date: Apr 2009
Location: CGK
Posts: 1,352
OS: XP



Hi MatthewToads and welcome to TSF,

Please subscribe to this thread to get immediate notification of replies (if you haven't already) as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

-------------------------------------------

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

--------------------------------------------

Download ComboFix from here to your desktop.

NEXT
  • Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure of how to do it, please read here and/or here.

  • Double-click on downloaded tool to run it and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware. (Your desktop may go blank, it will return when ComboFix is done, and ComboFix may reboot your machine. This is normal)

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review, but make sure you have re-enabled your anti virus and anti malware programs before you reply.
-------------------------

NEXT

Please download MBRCheck_beta.exe to your desktop.
  • Be sure to disable your security programs prior to running the tool.
  • Double click on MBRCheck.exe to run it. Please allow any prompts popped by Windows in order to run the tool.
    (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A command window will pop open and run. If any unknown MBR Code is found, you will have further options prompted, at this time please press N then press Enter.
  • Press Enter again to exit the program.
  • If nothing unusual is found, you will be shown the machine MBR status. Just press Enter to exit.
  • A text file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please attach that file.

====================

In your next reply, please post the following:
- ComboFix log
- MBRCheck log
- Update of your system behaviour

__________________
vpw_pearl is offline  
Old 07-28-2010, 10:43 PM   #3
Registered Member
 
Join Date: Jul 2010
Posts: 8
OS: XP Professional



Thanks! Took a while to run, but Im sure it was worth it.

explorer.exe is still running in the background, but I havnt heard any more voice ads yet. they seemed to occur about once every 15 minutes earlier today.

I wasnt having any issues with my sound being muted, as I saw some other people were reporting with this issue, or a very similar one, it turned out to be Whistlers virus.
Attached Files
File Type: txt MBRCheck_07.29.10_00.33.18.txt (9.9 KB, 16 views)
File Type: txt ComboFix.txt (17.0 KB, 19 views)
__________________
MatthewToads is offline  
Old 07-28-2010, 11:41 PM   #4
TSF Team, Emeritus
 
vpw_pearl's Avatar
 
Join Date: Apr 2009
Location: CGK
Posts: 1,352
OS: XP



Hi MatthewToads,

Going onwards, you do not need to attach logs unless specifically requested to do so... Thanks.


Quote:
explorer.exe is still running in the background,
Explorer.exe is a must in running processes if you'd like your Windows to load normally in full function. It is a process that handles most of Windows applications.


Quote:
but I havnt heard any more voice ads yet. they seemed to occur about once every 15 minutes earlier today.
Glad to hear that! It sounds and seems like the main infection has been neutralized.


Now, more work to do...

---------------------------------------

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT to carry out the instructions in the sequence listed below.

---------------------------------------

Quote:
c:\documents and settings\Administrator\Application Data\Azureus
I see no evidence of Azureus/Vuze being installed onboard. Have you uninstalled it? If you did, you can safely delete the leftover folder.


NEXT

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure of how to do it, please read here and/or here.

3. Open notepad and copy/paste the text in the quotebox below into it:
Quote:
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
Save this as CFScript.txt, in the same location as ComboFix.exe





Referring to the picture above, drag CFScript into ComboFix.exe

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. But make sure you have re-enabled your anti virus and anti malware programs before you reply.

--------------------------------------------

NEXT

I notice you already have Malwarebytes' Anti-Malware (MBAM) on your machine. Please do a quick scan with it.
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
    ( Should you encounter any problems while downloading the updates, manually download them from here , and just double-click on mbam-rules.exe to install).
  • Once the program has loaded, select "Perform quick scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

---------------------------------------------

Your Java is out of date.

Java(TM) 6 Update 13 can be updated from the Java control panel

Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.


Clear Sun Jave cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
-----------------------

Also, please run GMER once again using the same initial instructions and post the log provided in your next reply, along with another update of your system behaviour.
__________________
vpw_pearl is offline  
Old 07-28-2010, 11:57 PM   #5
Registered Member
 
Join Date: Jul 2010
Posts: 8
OS: XP Professional



I ran into a problem updating Malware Bytes.
And the link you provided leads to a broken page, saying Page not found.
__________________
MatthewToads is offline  
Old 07-29-2010, 02:28 AM   #6
TSF Team, Emeritus
 
vpw_pearl's Avatar
 
Join Date: Apr 2009
Location: CGK
Posts: 1,352
OS: XP



It seems like the link has been updated. Try to download it from here.

--------------------
Quote:
I ran into a problem updating Malware Bytes.
Any error code message?
__________________
vpw_pearl is offline  
Old 07-29-2010, 06:17 PM   #7
Registered Member
 
Join Date: Jul 2010
Posts: 8
OS: XP Professional



Thanks for staying with me.
Yes, I got an error code, 732 I believe. after manually updating Malwarebytes, I could no longer run it, receiving error code 730 this time.

I reinstalled the program, and it updated and ran perfectly.

Here is what Ive done now:

-Removed unneeded Azureus folder.
-Ran ComboFix with the CFScript txt file you gave me.
-Reinstalled, Updated and Ran Malwarebytes.
-Updated Java, cleared Sun Java cache.

The last thing you requested, the GMER log, I suspect to take another several hours to run, I'll do that now and report it later.

I havnt heard any voices and have gotten no IE pop ups all day.

The only odd thing Ive noticed, is that my Avast will not show up in my task bar on restart anymore. It is running, but I have to go find the "AshDisp.exe" file in the Avast folder, to get the icon to show up in the taskbar again.
The "Show Avast! Tray Icon" is checked under Avasts program settings.

Here is the Malwarebytes log, the ComboFix log is attached.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4368

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/29/2010 7:51:00 PM
mbam-log-2010-07-29 (19-51-00).txt

Scan type: Quick scan
Objects scanned: 130137
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Attached Files
File Type: txt ComboFix.txt (15.7 KB, 8 views)
__________________
MatthewToads is offline  
Old 07-29-2010, 08:26 PM   #8
TSF Team, Emeritus
 
vpw_pearl's Avatar
 
Join Date: Apr 2009
Location: CGK
Posts: 1,352
OS: XP



Hi MatthewToads,

Thank you for the thorough and orderly reply.

Quote:
I reinstalled the program, and it updated and ran perfectly.
Good job!

---------------------------------

Quote:
The last thing you requested, the GMER log, I suspect to take another several hours to run, I'll do that now and report it later.
It's okay...anyway, if you haven't started the scan, you do not need to perform the scan anymore.

-------------------------------------------------------------------

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

-------------------------------------------------------------------

The following should resolve your avast! tray icon issue:

Click Start > Run, type Notepad and copy/paste the following code:
Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\alwil software\avast4\ashDisp.exe"
Save as filename fix.reg to your desktop , choose to save as type "All Files". Click OK.

Double click on " fix.reg " and allow it to merge/add into the registry when prompted.
You may delete it afterwards.

Reboot your machine and let me know if your avast! tray icon doesn't load at startup.

-------------------------------

NEXT

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure of how to do it, please read here and/or here.

3. Open notepad and copy/paste the text in the quotebox below into it:
Quote:
RegLock::
[HKEY_USERS\S-1-5-21-746137067-602609370-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
SkipFix::
Save this as CFScript.txt, in the same location as ComboFix.exe





Referring to the picture above, drag CFScript into ComboFix.exe

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. But make sure you have re-enabled your anti virus and anti malware programs before you reply.

------------------------------------

Next is the most time consuming portion, but well worth the peace of mind. :)

Please run this online scan to help look for remnants. This scan can take quite a while, but it's very thorough.

Kaspersky Online Scan
Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
__________________
vpw_pearl is offline  
Old 07-30-2010, 03:26 AM   #9
Registered Member
 
Join Date: Jul 2010
Posts: 8
OS: XP Professional



Alright, thanks again.

ComboFix log is attached.

I didnt see a way of telling whether or not Kaspersky's found threats are already taken care of.
Here is what Kaspersky came up with:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, July 30, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 30, 2010 04:04:26
Records in database: 4199118
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 82508
Threats found: 9
Infected objects found: 20
Suspicious objects found: 0
Scan duration: 02:23:48


File name / Threat / Threats count
C:\System Volume Information\_restore{53CC3322-0176-405C-8793-AB651B1DC154}\RP468\A0101452.exe Infected: not-a-virus:WebToolbar.Win32.Zango.jf 1
C:\System Volume Information\_restore{53CC3322-0176-405C-8793-AB651B1DC154}\RP473\A0102148.exe Infected: Trojan.Win32.Refroso.bozd 1
C:\System Volume Information\_restore{53CC3322-0176-405C-8793-AB651B1DC154}\RP476\A0104059.exe Infected: Trojan-Dropper.Win32.Agent.cmdw 1
F:\Dads Folder\Trouble\Affilate Defender\WAKSetup572.exe Infected: Flooder.Win32.Delf.dl 1
F:\Dads Folder\Trouble\Best Free E Book\casflowsecrets.zip Infected: not-a-virus:Downloader.Win32.Agent.db 1
F:\Dads Folder\Trouble\Best Free E Book\cashcowfile.zip Infected: not-a-virus:Downloader.Win32.Agent.db 3
F:\Dads Folder\Trouble\Best Free E Book\classads.exe Infected: Backdoor.Win32.SdBot.taq 1
F:\Dads Folder\Trouble\IP Message Blaster\kms.zip Infected: not-a-virus:Downloader.Win32.Agent.db 1
F:\Dads Folder\Trouble\IP Message Blaster\onlinemarketertoolkit.zip Infected: Trojan-PSW.Win32.LdPinch.anxg 1
F:\Dads Folder\Trouble\Paylock Generator\se-ebook.zip Infected: not-a-virus:Downloader.Win32.Agent.db 1
F:\Dads Folder\Trouble\The 30 min Marketing Miracle\affiliatepagemaker.zip Infected: not-a-virus:Downloader.Win32.Agent.db 1
F:\Dads Folder\Trouble\The 30 min Marketing Miracle\auctions.exe Infected: Trojan-PSW.Win32.LdPinch.anpl 1
F:\Dads Folder\Trouble\The Affilate Cookbook\dick1.zip Infected: Backdoor.Win32.SdBot.rwe 1
F:\Dads Folder\Trouble\The Affilate Cookbook\ebsg.zip Infected: not-a-virus:Downloader.Win32.Agent.db 1
F:\Dads Folder\Trouble\Web Gold\unlimitedprofits.exe Infected: Trojan-PSW.Win32.LdPinch.anpl 1
F:\Dads Folder\WebSites\WebMaster\950templates.zip Infected: Trojan-PSW.Win32.LdPinch.anpl 3

Selected area has been scanned.
Attached Files
File Type: txt ComboFix.txt (16.8 KB, 7 views)
__________________
MatthewToads is offline  
Old 07-30-2010, 10:12 AM   #10
TSF Team, Emeritus
 
vpw_pearl's Avatar
 
Join Date: Apr 2009
Location: CGK
Posts: 1,352
OS: XP



Hi MatthewToads,

Quote:
...Double click on " fix.reg " and allow it to merge/add into the registry when prompted.
You may delete it afterwards.

Reboot your machine and let me know if your avast! tray icon doesn't load at startup.
Did you do the 'fix.reg' ? Did you do it before/after you ran the CFScript? In your current ComboFix log, I do not see the entry for avast! tray icon to load at startup. Any issue remains?

---------------

Quote:
I didnt see a way of telling whether or not Kaspersky's found threats are already taken care of.
Kaspersky doesn't provide such option as removing the threats found.
Quote:
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Kaspersky flags quite a few files from your Dads Folder, most of which are .zip file (and the rests are .exe file). I suspect that those .zip files are bundled with malwares. I'd delete the threats flagged by Kaspersky as there is no point at all keeping malicious files onboard.

The following batch file should remove those threats:

Click Start > Run, type Notepad and copy/paste the following code:
Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"F:\Dads Folder\Trouble\Affilate Defender\WAKSetup572.exe"
"F:\Dads Folder\Trouble\Best Free E Book\casflowsecrets.zip"
"F:\Dads Folder\Trouble\Best Free E Book\cashcowfile.zip"
"F:\Dads Folder\Trouble\Best Free E Book\classads.exe"
"F:\Dads Folder\Trouble\IP Message Blaster\kms.zip"
"F:\Dads Folder\Trouble\IP Message Blaster\onlinemarketertoolkit.zip"
"F:\Dads Folder\Trouble\Paylock Generator\se-ebook.zip"
"F:\Dads Folder\Trouble\The 30 min Marketing Miracle\affiliatepagemaker.zip"
"F:\Dads Folder\Trouble\The 30 min Marketing Miracle\auctions.exe"
"F:\Dads Folder\Trouble\The Affilate Cookbook\dick1.zip"
"F:\Dads Folder\Trouble\The Affilate Cookbook\ebsg.zip"
"F:\Dads Folder\Trouble\Web Gold\unlimitedprofits.exe"
"F:\Dads Folder\WebSites\WebMaster\950templates.zip"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save as filename fix.bat to your desktop , choose to save as type "All Files". Click OK.
It should look like this:

Double click on " fix.bat ". A command prompt windows will pop open and run. Let me know what it says.

---------------


The other threats are in the system restore cache which can do you no harm unless manually restored.

We'll take care of them shortly in the next round, along with some final housekeeping.
__________________
vpw_pearl is offline  
Old 07-30-2010, 01:52 PM   #11
Registered Member
 
Join Date: Jul 2010
Posts: 8
OS: XP Professional



The fix.bat file ran and said:

Deleted successfully!
Press any key to continue...

I did the fix.reg file after I ran ComboFix last night. The Avast icon still isnt showing up in the tray until I run ashDisp myself.
__________________
MatthewToads is offline  
Old 07-30-2010, 08:12 PM   #12
TSF Team, Emeritus
 
vpw_pearl's Avatar
 
Join Date: Apr 2009
Location: CGK
Posts: 1,352
OS: XP



Quote:
I did the fix.reg file after I ran ComboFix last night. The Avast icon still isnt showing up in the tray until I run ashDisp myself.
Hmmm...strange that it doesn't load at startup. Let's give it a try one more time, shall we?

Click Start > Run, type Notepad and copy/paste the following code (start from REGEDIT4) :
Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\alwil software\avast4\ashDisp.exe"
Save as filename fix2.reg to your desktop , choose to save as type "All Files". Click OK.

Double click on " fix.reg " and allow it to merge/add into the registry when prompted.
You may delete it afterwards.

Reboot your machine and let me know if your avast! tray icon doesn't load at startup.

------------------


Also, please do this:


Click Start > Run, type Notepad and copy/paste the following code:
Code:
@echo off
if exist peek.txt del peek.txt

regedit /a peek.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

notepad peek.txt
del %0
Save as filename look.bat to your desktop , choose to save as type "All Files". Click OK.
It should look like this:

Double click on " look.bat " and copy/paste the log that pops up into your next reply.
__________________
vpw_pearl is offline  
Old 07-30-2010, 11:22 PM   #13
Registered Member
 
Join Date: Jul 2010
Posts: 8
OS: XP Professional



I tried the fix2.reg and it didnt work either.
However, I found the Avast setup interface and repaired the program, rebooted, and it seems to have fixed everything. I guess I probably should have looked for that before reporting it as a tech problem.

Here is the log for the look.bat file.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"3c1807pd"="C:\\WINDOWS\\SYSTEM32\\3cmlink.exe RunServices \\Device\\3cpipe-3c1807pd"
"YSearchProtection"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\""
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\Logitech WebCam Software\\LWS.exe\" /hide"
"Bing Bar"="\"C:\\Program Files\\MSN Toolbar\\Platform\\5.0.1363.0\\mswinext.exe\""
"Microsoft Default Manager"="\"C:\\Program Files\\Microsoft\\Search Enhancement Pack\\Default Manager\\DefMgr.exe\" -resume"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
__________________
MatthewToads is offline  
Old 07-31-2010, 12:53 AM   #14
TSF Team, Emeritus
 
vpw_pearl's Avatar
 
Join Date: Apr 2009
Location: CGK
Posts: 1,352
OS: XP



Hi MatthewToads,

Quote:
I tried the fix2.reg and it didnt work either.
Sorry...my mistake. I am just aware that the path I had you merge in the registry was incorrect, hence no registry entry was merged, at all.

Quote:
However, I found the Avast setup interface and repaired the program, rebooted, and it seems to have fixed everything.
This was exactly what I was thinking to have you do when the fix2.reg failed. Good job!

The batch file result has confirmed the running of avast! tray icon on startup:
Quote:
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
---------------------------

Quote:
C: is FIXED (NTFS) - 37 GiB total, 2.434 GiB free.
Your hard drive is almost full. Having little free space on your hard drive can compromise system performance. Windows XP likes a minimum of 1.5GB free space, but it's better to have 15% of the OS drive free as overhead room. I suggest you move pictures, music, etc. to an external drive or USB stick if you have one or burn them to CDs/DVDs. You might also consider uninstalling any programs that are never or hardly ever used to help free up some space.

=====================


Well done, your logs now appear clean!


Do you still have any other problem or questions? If not, you should be good to go, but please carry out the following final instructions before you do so, and make sure you look into the helpful links:


Please do not skip this step as it will implement some important cleanup procedures, one of which is resetting your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.
  • Disconnect from the internet and disable your AntiVirus temporarily.
  • Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
    ComboFix /Uninstall
  • Re-enable your AntiVirus now, and feel free to reconnect to the internet at your convenience.

You may delete/uninstall the other tools downloaded and/or any logs, files that were created during the fix.

=====================================================================================
This site accepts donations which go towards hosting costs and upgrades.
Should you wish and/or care to contribute any, you may do so by following the link here.
or
Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

=====================================================================================

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - To update Windows, click on Start > Windows Update (or Start > All Programs > Windows Update if you are using the new Vista Start Menu). If the Windows Update is not found there, go to this link - http://update.microsoft.com/ .

    This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Alternative Safer Internet Messenger
    http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • ANTIVIRUS Update
    It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP/Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:
***Kindly respond to this thread one more time and let me know if we may consider this thread resolved.***
__________________
vpw_pearl is offline  
Old 07-31-2010, 01:41 AM   #15
Registered Member
 
Join Date: Jul 2010
Posts: 8
OS: XP Professional



I have no further questions and every problem appears to be taken care of.

Thanks again, really appreciate all the help! :)
__________________
MatthewToads is offline  
Old 07-31-2010, 09:35 AM   #16
TSF Team, Emeritus
 
vpw_pearl's Avatar
 
Join Date: Apr 2009
Location: CGK
Posts: 1,352
OS: XP



You're welcome. Glad we could help!

Stay Safe and Think Prevention

__________________
vpw_pearl is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 01:07 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts