Search Redirects

[chckmgnte]

Hello! First of all, thank you for the work you are doing here! Here's as much info as I can remember at 330am...
I had more serious problems than these redirects, but was able to take care of the main problems. I had a virus that changed my desktop to a black screen with red writing about how horrible viruses were and would start up a supposed AV program at start that urged me to download their software. This program would also block all .exe's that I tried to run, which made it difficult to deal with. I used a combination of Spybot, SuperAntiSpyware, ad-aware and one or two others from my "ultimate boot cd" from dear ol' dad.
Once I got the big problems cleared, I was having trouble playing WoW and realized I needed to update to service pack 3 (ugh). I've updated to SP3 and updated my video driver and now WoW works (although it will still freeze up). Now Team Fortress 2 won't work and I'm getting sneaky redirects when I click on search engine links.
I'm a gamer and work from home as a "search engine evaluator" and really want my pc to run smoother. If I can't get it working right, I might have to spend time with my wife! Please help =)

Thanks in advance!!

(Here are my logs)
--------


DDS (Ver_09-06-26.01) - NTFSx86
Run by Erik at 2:49:30.07 on Mon 06/29/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1614 [GMT -4:00]

FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Erik\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [nwiz] nwiz.exe /install
mRun: [NWEReboot]
mRun: [net] "c:\windows\system32\net.net"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: wildwestonline.com\gunfighter
Trusted Zone: wildwestonline.com\www
Trusted Zone: antimalwareguard.com
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189262821718
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\erik\applic~1\mozilla\firefox\profiles\ui4z4fwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\erik\application data\tenderfoot games\gunfighter\npTFGLaunchPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3132r5.sys [2008-10-9 217128]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\erik\locals~1\temp\superas\sasdifsv.sys --> c:\docume~1\erik\locals~1\temp\superas\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\erik\locals~1\temp\superas\saskutil.sys --> c:\docume~1\erik\locals~1\temp\superas\SASKUTIL.sys [?]
S3 N5SG;Airlink101 SuperG Wireless Network Adapter Service;c:\windows\system32\drivers\N5SG.sys [2006-11-3 467040]
S3 SASENUM;SASENUM;\??\c:\docume~1\erik\locals~1\temp\superas\sasenum.sys --> c:\docume~1\erik\locals~1\temp\superas\SASENUM.SYS [?]

=============== Created Last 30 ================

2009-06-24 13:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-06-24 13:37 <DIR> --d----- c:\program files\Security Task Manager
2009-06-21 00:15 4,984 a------- c:\windows\system32\drivers\nvphy.bin
2009-06-20 21:54 <DIR> --d----- c:\windows\system32\scripting
2009-06-20 21:54 <DIR> --d----- c:\windows\l2schemas
2009-06-20 21:54 <DIR> --d----- c:\windows\system32\en
2009-06-20 21:54 <DIR> --d----- c:\windows\system32\bits
2009-06-20 21:53 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-20 21:52 <DIR> --d----- c:\windows\network diagnostic
2009-06-20 21:50 <DIR> --d----- c:\windows\EHome
2009-06-20 11:25 19,495 a------- c:\windows\system32\nvdisp.nvu
2009-06-19 23:02 <DIR> --d----- c:\docume~1\erik\applic~1\SUPERAntiSpyware.com
2009-06-19 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-19 14:05 <DIR> --d----- c:\program files\NVIDIA
2009-06-19 14:00 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-06-19 13:20 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-19 13:08 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-19 13:08 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-19 13:07 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-19 13:07 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-19 13:07 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-06-19 13:07 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-19 11:09 1,388 a------- c:\windows\system32\tmp.reg
2009-06-19 09:24 <DIR> --d----- c:\windows\system32\wbem\mof
2009-06-19 01:57 1,374 a------- c:\windows\imsins.BAK
2009-06-18 23:39 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-18 23:38 <DIR> --d----- c:\documents and settings\erik\.housecall6.6
2009-06-18 23:01 6,300 a------- c:\windows\system32\uacinit.dll
2009-06-18 19:53 578 a------- c:\windows\wininit.ini
2009-06-18 18:16 <DIR> --d----- c:\program files\Lavasoft
2009-06-18 18:13 66,560 a------- c:\windows\system32\UACyirlcwwspiltbtj.dll
2009-06-18 15:47 <DIR> --d----- c:\program files\SP - S&D
2009-06-18 14:29 1,110,399 a------- c:\windows\system32\UACudofaydernojgko.db
2009-06-18 14:29 23,552 -------- c:\windows\system32\UACcajrusuqmyaedba.dll
2009-06-18 14:29 51,712 -------- c:\windows\system32\drivers\UACexwbapqjewqvrnd.sys
2009-06-15 09:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 235,289 a------- c:\windows\system32\NvApps.xml
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 64,777 a------- c:\windows\system32\NvwsApps.xml
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-08 10:59 <DIR> --d----- c:\program files\Ventrilo
2009-06-08 10:58 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

==================== Find3M ====================

2009-06-20 21:55 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-04 16:39 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 2:51:55.40 ===============

[mas_pogi]

hi.

Welcome to TSF

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------

I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

-------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.
-------------------------------------------------------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

----------------------------------------------------------------------------------------------------------

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. You can find instructions HERE.
  
  
• Double click on Combo-Fix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Let me know in your next reply.

Mark

[chckmgnte]

Hi Mark, thanks for the reply!

I think I read something about uninstalling/removing excess AV programs in the "Before you post" thread and just wanted to get rid of everything extra for the sake of the scan. I just started as a search engine evaluator and before that really only went to trusted sites (I'm pretty good about catching that kind of stuff when I don't do a lot of surfing, and I mostly just game). Money's tight, so the wife and I are looking into AV/backup options (I might just get a second hard drive for work that I can wipe if needed).
I've heard Eset Nod32 is pretty good and doesn't slow a system down (for gaming) which is key for me. Any recommendations for once we clear this up?

I'll post again once I've gone through the steps...
Thanks

[chckmgnte]

Hi Mark-

I've attached my log.

Thank you, =)
Erik

[mas_pogi]

hi.

Quote:

Originally Posted by chckmgnte

Hi Mark, thanks for the reply!
I've heard Eset Nod32 is pretty good and doesn't slow a system down (for gaming) which is key for me. Any recommendations for once we clear this up?

Yeah. ESET is good but we usually recommend Avira here because its free and lightweight. I'll let you install Avira. Though you can change it to ESET later on.

continue..

------------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

----------------------------------------------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/390018-search-redirects.html#post2214016

COLLECT::
c:\windows\system32\UACcajrusuqmyaedba.dll
c:\windows\system32\drivers\UACexwbapqjewqvrnd.sys
c:\windows\system32\UACyirlcwwspiltbtj.dll

DOMAINS::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

If you do not get a message box, please do the following:

There should be a file named [4]-Submit_date@time.zip with today's date, located here:

C:\QooBox\Quarantine\[4]-Submit_date@time.zip

Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4

Please let me know if you successfully submitted the file. Thanks.
------------------------------------------------------------------------

These indicate some settings have been changed

These are "Change the way Security Center Alerts Me" in Control Panel > Security Center.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

This means they are turned off. If that's your choice, that's fine, otherwise tick the boxes to turn the notifications back on.

-------------------------------------------------------------------------

Please uninstall the following. Using windows ADD/REMOVE program at the control panel.

Outdated java runtimes: (Older versions have vulnerabilities that malicious sites can use to exploit and infect your system)

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

Your Java is out of date.

Java(TM) 6 Update 13 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

--------------------------------------------------------------------------

Install this FREE AntiVirus program, update it, and run a full system scan.

Avira AntiVir Personal

When the scan is complete, click on the Report button. A log file will open. Save it to your desktop as Avira.txt. Please attach it in your next reply.

Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
-------------------------------------------------------------------------
How's you computer now?




In your reply, please post

C:\combofix.txt
Avira result result <--attached
Answer to my questions

Mark

[chckmgnte]

Hello =)

Bout 2
Before I got this message, I jumped to a few trusted official sites through google search and didn't get any redirects, so it's looking good (but I know it can be deceiving!)

File submitted to bleepingcomputer link successfully
After dropping CFScript into combofix and combofix loaded, I got a message saying there was an update. I went ahead with the update and combofix ran just fine after, I'm just not 100% clear if it ran with the script (looks like it did because it appeared to collected the UACxxx.xxx files).
I removed the old Java files and checked that I had the latest up to date version (update 13). No prob.
I turned on the windows antivirus notification, but left off the auto-updates. Those update notifications are annoying and I don't want all the updates right now (I do check regularly)
Installed Avira but missed my chance to view the report to send it, so I'm running another scan which I'll attach.

Didn't know how you preferred these logs, but I figured it's safer for me to zip them and send them in. What's the verdict doc?


ComboFix 09-06-29.04 - Erik 06/30/2009 0:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1639 [GMT -4:00]
Running from: c:\documents and settings\Erik\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Erik\Desktop\CFScript.txt
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point

file zipped: c:\windows\system32\drivers\UACexwbapqjewqvrnd.sys
file zipped: c:\windows\system32\UACcajrusuqmyaedba.dll
file zipped: c:\windows\system32\UACyirlcwwspiltbtj.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACexwbapqjewqvrnd.sys
c:\windows\system32\UACcajrusuqmyaedba.dll
c:\windows\system32\UACyirlcwwspiltbtj.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-29 20:01 . 2009-06-29 20:01 -------- d-sh--w- C:\found.000
2009-06-21 04:15 . 2008-07-08 12:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-06-21 01:54 . 2009-06-21 01:54 -------- d-----w- c:\windows\system32\scripting
2009-06-21 01:54 . 2009-06-21 01:54 -------- d-----w- c:\windows\l2schemas
2009-06-21 01:54 . 2009-06-21 01:54 -------- d-----w- c:\windows\system32\en
2009-06-21 01:54 . 2009-06-21 01:54 -------- d-----w- c:\windows\system32\bits
2009-06-21 01:53 . 2009-06-21 01:53 -------- d-----w- c:\windows\ServicePackFiles
2009-06-21 01:50 . 2009-06-21 01:50 -------- d-----w- c:\windows\EHome
2009-06-20 03:02 . 2009-06-21 02:22 117760 ----a-w- c:\documents and settings\Erik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-20 03:02 . 2009-06-20 03:02 -------- d-----w- c:\documents and settings\Erik\Application Data\SUPERAntiSpyware.com
2009-06-20 03:02 . 2009-06-20 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-19 18:05 . 2009-06-19 18:05 -------- d-----w- c:\program files\NVIDIA
2009-06-19 18:00 . 2009-06-19 18:00 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-19 18:00 . 2009-06-19 18:00 290816 ----a-w- c:\documents and settings\Erik\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-19 18:00 . 2009-06-19 18:00 290816 ----a-w- c:\documents and settings\Erik\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-19 18:00 . 2009-06-19 18:00 290816 ----a-w- c:\documents and settings\Erik\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-19 18:00 . 2009-06-19 18:00 290816 ----a-w- c:\documents and settings\Erik\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-19 18:00 . 2009-06-19 18:00 -------- d-----w- c:\documents and settings\Erik\Application Data\SystemRequirementsLab
2009-06-19 17:20 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-19 17:08 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-19 17:08 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-19 17:07 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-19 17:07 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-19 17:07 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-19 17:07 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-06-19 13:24 . 2009-06-19 13:24 -------- d-----w- c:\windows\system32\wbem\mof
2009-06-19 03:39 . 2009-06-19 03:38 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-19 03:38 . 2009-06-19 03:39 -------- d-----w- c:\documents and settings\Erik\.housecall6.6
2009-06-18 22:16 . 2009-06-28 22:57 -------- d-----w- c:\program files\Lavasoft
2009-06-18 22:16 . 2009-06-28 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-18 19:47 . 2009-06-19 16:36 -------- d-----w- c:\program files\SP - S&D
2009-06-15 13:40 . 2009-06-15 13:40 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-15 13:40 . 2009-06-15 13:40 152576 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 22:00 . 2009-06-11 22:00 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\Blizzard Entertainment
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-06-10 10:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2009-06-10 10:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2009-06-10 10:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-06-10 10:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2009-06-10 10:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-08 14:59 . 2009-06-08 14:59 -------- d-----w- c:\program files\Ventrilo
2009-06-06 17:05 . 2009-06-06 17:06 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 06:19 . 2009-06-24 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-29 06:16 . 2006-12-30 09:39 -------- d-----w- c:\program files\BitTorrent
2009-06-21 02:03 . 2006-06-02 06:36 20672 ----a-w- c:\documents and settings\Erik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-21 01:55 . 2006-06-02 06:12 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-20 18:24 . 2008-04-03 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-18 23:02 . 2008-08-15 02:34 -------- d-----w- c:\program files\BFG
2009-06-15 13:40 . 2006-10-08 07:37 -------- d-----w- c:\program files\Java
2009-06-10 10:03 . 2006-06-02 07:56 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:03 . 2005-12-10 09:06 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2005-12-10 09:06 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-04 20:39 . 2006-06-02 07:00 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-26 21:22 . 2006-07-30 21:42 -------- d-----w- c:\documents and settings\Erik\Application Data\AdobeUM
2009-05-26 21:20 . 2006-06-22 18:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 01:46 . 2009-05-26 01:46 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 23:49 . 2009-05-25 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-05-25 23:48 . 2006-06-02 10:05 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-29_17.57.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-30 03:42 . 2009-06-30 03:42 16384 c:\windows\Temp\Perflib_Perfdata_550.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-27 270336]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-30 49152]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Games\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Games\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Games\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Games\\World of Warcraft\\Launcher.exe"=
"c:\\Games\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe"=
"c:\\Games\\Steam\\SteamApps\\chckmgnte\\team fortress 2\\hl2.exe"=
"c:\\Games\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:battle.net
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 8:43 PM 31896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Erik\LOCALS~1\Temp\superas\SASDIFSV.SYS --> c:\docume~1\Erik\LOCALS~1\Temp\superas\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Erik\LOCALS~1\Temp\superas\SASKUTIL.sys --> c:\docume~1\Erik\LOCALS~1\Temp\superas\SASKUTIL.sys [?]
S3 N5SG;Airlink101 SuperG Wireless Network Adapter Service;c:\windows\system32\drivers\N5SG.sys [11/3/2006 6:30 PM 467040]
S3 SASENUM;SASENUM;\??\c:\docume~1\Erik\LOCALS~1\Temp\superas\SASENUM.SYS --> c:\docume~1\Erik\LOCALS~1\Temp\superas\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\ui4z4fwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Erik\Application Data\Tenderfoot Games\Gunfighter\npTFGLaunchPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 00:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2009-06-30 0:07
ComboFix-quarantined-files.txt 2009-06-30 04:07
ComboFix2.txt 2009-06-29 17:59

Pre-Run: 140,328,787,968 bytes free
Post-Run: 140,305,518,592 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4
205 --- E O F --- 2009-06-19 17:42
Upload was successful

[mas_pogi]

hi.

Quote:

File submitted to bleepingcomputer link successfully

Thanks for the submission.

Avira found infection in Qoobox, Qoobox is our tool quarantine folder..so no worries.


After you posted your DDS, did you install bittorent? If yes, please uninstall it using add/remove programs at the Control Panel. Perils of P2P File Sharing


Apart from that, your machine is clean.

------------------------------------------------------------------------

Congratulations! You now appear clean!

We Need to Clean Up Our Mess

1. Uninstall ComboFix
   Remove Combofix now that we're done with it.
   • Click on your Start Menu, then Run....
   • Now copy and paste this one in the runbox. Then HIT enter.
     
     
     Code:

     ComboFix /u

     
     
     
   Uninstalling ComboFix will do the following:
   1. Delete ComboFix and its components from your computer.
   2. Delete other tools commonly used during the malware removal process.
   3. Resets clock settings to standard format.
   4. Re-hides file extensions and hidden/system files.
   5. Clears System Restore cache and creates new restore point.
   
   
2. Please also delete the DDS.scr located at your desktop.

-----------------------------------------------
Recommendations
Below are some recommendations to lower your chances of (re)infection.

1. Install Spyware Blaster and update it regularly
   If you wish, the commercial version provides automatic updating.
   
   
2. Install the MVPs hosts file, and update it regularly
   You can use the HostMan host file manager to do this automaticly if you wish.
   For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
   
   
3. Install an Anti-Spyware program, and update it regularly
   Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
   SUPERAntiSpyware is another good scanner with high detection and removal rates.
   Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
   
   
4. Keep Windows (and your other Microsoft software) up to date!
   I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
   
   Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
   
   
5. Keep your other software up to date as well
   Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
   
   
6. Stay up to date!
   The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Please respond to this thread one more time so we can mark this thread as resolved.

Maraming salamat.

Mark

[chckmgnte]

Woot!
Thank you for the help!

I uninstalled bittorrent just before my first post here per the "before you post" thread.

I've hear it's better to just have one antivirus, should I stick with Avira or get some of the programs mentioned in the Recommendations section?

[mas_pogi]

hi.

Quote:

Originally Posted by chckmgnte

Woot!
Thank you for the help!

I uninstalled bittorrent just before my first post here per the "before you post" thread.

I've hear it's better to just have one antivirus, should I stick with Avira or get some of the programs mentioned in the Recommendations section?

You can stick with Avira. That one is good.

The programs in recommendation are Antispywares, host guard, etc.
They are not the same with Antivirus. They have different function to keep your computer protected.

Mark

[mas_pogi]

Since the problem appears to be resolved, it will now be archived.


Mark