glps.exe infection detected by prevx but not by nod32

[WeirdRose]

Hello everyone, and thanks in advance for your attention.

I am from Argentina and will try to make myself as clear as possible, I hope I can do it. The problem started when I was chatting with a friend on msn, in the middle of the chat, she included a youtube link which I followed. A pop-up window came up requesting me to install "flash-installer-windows.exe" to be able to watch the youtube movie, so I did... I had nod32 up to date and running, but it said nothing or did nothing eventhough my messenger started to act weird. After that, it started sending links to lots of people in my contact list.

I googled my problem and came across prevx 3 free version, I downloaded it, it scanned my computer and detected glps.exe in my c:/recycle (numberslettersnumbersnumbers) plus some registry entries. The problem was that to remove this problem, prevx requests me to purchase the full edition. So after trying every other free recipe on the net, downloading malwarebytes, ccleaner and some other things, with no good results, I lost my patience, saved my important data to a pendrive, and formatted my computer.

I installed windows, nod32, drivers, etc, downloaded prevx3 again, scanned my computer and it was all clear. When I insterted my pendrive to recover my files I got infected again. I actually have uninstalled nod32 again (though i still have a license until december), and downloaded some other malware detectors to see if they found anything, but nothing important came up. In safe mode i get an error in EXPLORER.EXE and if i click either on send report or don't send, it restarts my computer again. I went to msconfig and unticked recycler, it still has the same problem.

I really hope someone can help me out since I do need my data from the pendrive back (I can format my c: again to solve my actual infection, but i wish i didn't have to do it again).

Thanks to all.

Here is my DDS.txt copy:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Rosita at 15:58:37,08 on 04/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.446.192 [GMT -3:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Java\jre6\bin\jucheck.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rosita\Escritorio\Descargas\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\archivos de programa\spybot - search & destroy\TeaTimer.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\archivos de programa\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251745174606
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rosita\datosd~1\mozilla\firefox\profiles\cjlbh170.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
FF - HiddenExtension: Java Console: No Registry Reference - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\archivos de programa\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\archivos de programa\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\archivos de programa\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-4 64160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]

=============== Created Last 30 ================

2009-09-04 15:25 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-04 15:01 <DIR> -cd-h--- c:\docume~1\alluse~1\datosd~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-04 15:00 <DIR> --d----- c:\archivos de programa\Lavasoft
2009-09-04 14:54 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-04 14:43 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\Spybot - Search & Destroy
2009-09-04 14:43 <DIR> --d----- c:\archivos de programa\Spybot - Search & Destroy
2009-09-04 14:33 <DIR> --d----- C:\Program Files
2009-09-04 13:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-09-04 13:46 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-04 12:57 <DIR> --d----- c:\windows\pss
2009-09-04 12:50 <DIR> --d----- c:\archivos de programa\CCleaner
2009-09-04 12:47 <DIR> --d----- c:\docume~1\rosita\datosd~1\Malwarebytes
2009-09-04 12:47 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 12:47 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\Malwarebytes
2009-09-04 12:47 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 12:47 <DIR> --d----- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-09-03 01:08 <DIR> --d----- c:\windows\ie8updates
2009-09-03 00:41 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-03 00:41 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-09-03 00:41 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-09-03 00:41 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-09-03 00:41 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-09-02 23:46 <DIR> --dsh--- c:\documents and settings\rosita\PrivacIE
2009-09-02 21:27 <DIR> --dsh--- c:\documents and settings\rosita\IETldCache
2009-09-02 17:03 <DIR> -cd-h--- c:\windows\ie8
2009-09-01 12:49 268,648 a------- c:\windows\system32\mucltui.dll
2009-09-01 12:49 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-09-01 00:38 97,117 -c------ c:\windows\system32\dllcache\mplayer2.hlp
2009-09-01 00:37 <DIR> --d----- c:\windows\system32\es-es
2009-09-01 00:37 32,866 -------- c:\windows\slrundll.exe
2009-09-01 00:37 <DIR> --d----- c:\windows\l2schemas
2009-09-01 00:37 <DIR> --d----- c:\windows\system32\es
2009-09-01 00:37 <DIR> --d----- c:\windows\system32\bits
2009-09-01 00:27 <DIR> --d----- c:\windows\ServicePackFiles
2009-09-01 00:25 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-09-01 00:20 63,663 -------- c:\windows\system32\drivers\ati1rvxx.sys
2009-09-01 00:15 19,569 a------- c:\windows\002700_.tmp
2009-08-31 22:48 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-08-31 22:47 219,136 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-31 22:34 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-08-31 22:23 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-08-31 22:23 2,191,488 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-31 22:23 286,720 -c------ c:\windows\system32\dllcache\pdh.dll
2009-08-31 22:23 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-08-31 22:23 111,104 -c------ c:\windows\system32\dllcache\services.exe
2009-08-31 22:23 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-08-31 22:23 685,056 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-08-31 22:23 733,696 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-08-31 22:23 739,328 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-08-31 22:23 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-31 22:23 2,147,840 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-31 22:23 2,026,496 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-31 22:18 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-31 22:17 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-31 22:17 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-08-31 22:14 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-08-31 21:13 272,512 -c------ c:\windows\system32\dllcache\bthport.sys
2009-08-31 19:43 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-08-31 19:39 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-31 19:38 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-08-31 19:37 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-08-31 17:43 85,504 -c------ c:\windows\system32\dllcache\avifil32.dll
2009-08-31 16:32 <DIR> --d----- c:\windows\system32\PreInstall
2009-08-31 16:32 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-08-31 16:32 <DIR> --d-h--- c:\windows\$hf_mig$
2009-08-31 16:04 <DIR> --d----- c:\documents and settings\rosita\Contacts
2009-08-31 15:49 <DIR> --dsh--- c:\documents and settings\rosita\UserData
2009-08-31 14:55 65 a------- c:\windows\wininit.ini
2009-08-31 14:35 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-08-31 14:35 <DIR> --d----- c:\archivos de programa\HP
2009-08-31 14:29 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-08-31 14:21 306,560 a------- c:\windows\system32\drivers\rtl8185.sys
2009-08-31 14:18 <DIR> --d----- c:\archivos de programa\ATI Technologies
2009-08-31 14:18 <DIR> --d----- c:\archivos de programa\archivos comunes\InstallShield
2009-08-31 14:17 <DIR> --d----- c:\archivos de programa\SP23455
2009-08-31 14:17 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2009-08-31 14:17 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-08-31 14:16 <DIR> --d----- c:\archivos de programa\CONEXANT
2009-08-31 14:16 1,063,040 a------- c:\windows\system32\drivers\HSF_DP.sys
2009-08-31 14:16 631,296 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-08-31 14:16 258,325 a------- c:\windows\system32\drivers\hpd002x.cty
2009-08-31 14:16 179,712 a------- c:\windows\system32\drivers\HSFHWALI.sys
2009-08-31 14:16 90,112 a------- c:\windows\system32\mdmxsdk.dll
2009-08-31 14:16 65,536 a------- c:\windows\system32\carpdll.dll
2009-08-31 14:16 30,592 a------- c:\windows\system32\drivers\strmdisp.sys
2009-08-31 14:16 27,765 a------- c:\windows\system32\HSFCI006.dll
2009-08-31 14:16 11,043 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-08-31 14:16 4,608 a------- c:\windows\system32\carpserv.exe
2009-08-31 14:16 <DIR> --d----- C:\SWSetup
2009-08-31 13:43 <DIR> --d-hr-- c:\documents and settings\rosita\Datos de programa
2009-08-31 13:43 <DIR> --d-h--- c:\documents and settings\rosita\Plantillas
2009-08-31 13:43 <DIR> --d-h--- c:\documents and settings\rosita\Impresoras
2009-08-31 13:43 <DIR> --d-h--- c:\documents and settings\rosita\Entorno de red
2009-08-31 13:43 <DIR> --d-h--- c:\documents and settings\rosita\Configuración local
2009-08-31 13:43 <DIR> --d--r-- c:\documents and settings\rosita\Mis documentos
2009-08-31 13:43 <DIR> --d--r-- c:\documents and settings\rosita\Menú Inicio
2009-08-31 13:43 <DIR> --d--r-- c:\documents and settings\rosita\Favoritos
2009-08-31 13:43 <DIR> --d----- c:\documents and settings\rosita\Escritorio
2009-08-31 13:43 <DIR> --d----- c:\documents and settings\Rosita
2009-08-31 13:41 <DIR> --ds---- c:\windows\system32\Microsoft
2009-08-31 13:35 8,192 a------- c:\windows\REGLOCS.OLD
2009-08-31 13:32 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-08-31 13:31 6,144 ac------ c:\windows\system32\dllcache\ftlx041e.dll
2009-08-31 13:30 95,744 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-08-31 13:30 <DIR> --d----- c:\windows\system32\xircom
2009-08-31 13:30 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-08-31 13:30 2,909 a------- c:\windows\system32\CONFIG.NT
2009-08-31 13:30 0 a------- c:\windows\control.ini
2009-08-31 13:30 23,392 a------- c:\windows\system32\nscompat.tlb
2009-08-31 13:30 16,832 a------- c:\windows\system32\amcompat.tlb
2009-08-31 13:30 316,640 a------- c:\windows\WMSysPr9.prx
2009-08-31 13:28 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-08-31 13:28 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-08-31 13:28 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-08-31 13:28 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-08-31 13:28 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-08-31 13:28 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-08-31 13:28 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-08-31 13:28 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-08-31 13:28 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-08-31 13:28 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-08-31 13:28 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-08-31 13:28 <DIR> --d-h--- c:\archivos de programa\WindowsUpdate
2009-08-31 13:28 <DIR> --d----- c:\archivos de programa\Servicios en línea
2009-08-31 13:28 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-08-31 13:28 <DIR> --d----- c:\windows\system32\DirectX
2009-08-31 13:27 <DIR> --d----- c:\archivos de programa\archivos comunes\MSSoap
2009-08-31 13:25 <DIR> --d----- c:\archivos de programa\Online Services
2009-08-31 13:25 <DIR> --d----- c:\archivos de programa\Messenger
2009-08-31 13:25 <DIR> --d----- c:\archivos de programa\MSN Gaming Zone
2009-08-31 13:24 <DIR> --d----- c:\archivos de programa\Windows NT
2009-08-31 09:17 <DIR> --d----- c:\archivos de programa\archivos comunes\ODBC
2009-08-31 09:17 <DIR> --d----- c:\archivos de programa\archivos comunes\SpeechEngines
2009-08-31 09:17 <DIR> --d-h--- c:\documents and settings\all users\Plantillas
2009-08-31 09:17 <DIR> --d--r-- c:\documents and settings\all users\Menú Inicio
2009-08-31 09:17 <DIR> --d--r-- c:\documents and settings\all users\Documentos
2009-08-31 09:17 <DIR> --d----- c:\documents and settings\all users\Favoritos
2009-08-31 09:17 <DIR> --d----- c:\documents and settings\all users\Escritorio
2009-08-31 09:17 <DIR> --d-hr-- c:\documents and settings\all users\Datos de programa

==================== Find3M ====================

2009-09-01 12:51 362,442 a------- c:\windows\system32\perfh00A.dat
2009-09-01 12:51 51,266 a------- c:\windows\system32\perfc00A.dat
2009-09-01 00:43 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-31 13:26 21,900 a------- c:\windows\system32\emptyregdb.dat
2009-08-05 06:00 205,312 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 01:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 01:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 16:03 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:57 915,456 a------- c:\windows\system32\wininet.dll
2009-06-15 07:44 78,336 a------- c:\windows\system32\telnet.exe
2009-06-15 07:44 81,920 a------- c:\windows\system32\tlntsess.exe
2009-06-10 11:14 85,504 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:21 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 03:15 132,096 a------- c:\windows\system32\wkssvc.dll

============= FINISH: 15:59:03,91 ===============

[Ried]

Hello WeirdRose,

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Connect your flash drive now


Double click on combofix.exe & follow the prompts.

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

[WeirdRose]

Hello Ried, and thank you very much for your quick response. I did what you said, though i don´t think the recovery console has been installed by combofix, not sure. Anyways, i do have the quick recovery CDs for my machine, and my important data in the pendrive which i have cleaned by erasing all exes, unzipped everyting and erased the zip or rar files, and everything that was not pdf, excell, word, jpg or gif or files I didnt know. I noticed a scr file was in there which i haven't copied and erased it too. Now Prevx says my machine is clean, but I don't quite believe it. Thanks again and here is my ComboFix.txt:

ComboFix 09-09-04.02 - Rosita 05/09/2009 12:37.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.446.192 [GMT -3:00]
Running from: c:\documents and settings\Rosita\Escritorio\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 01:12 . 2008-06-19 20:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-05 01:10 . 2009-09-05 01:10 -------- d-----w- c:\archivos de programa\Panda Security
2009-09-04 15:50 . 2009-09-04 15:50 -------- d-----w- c:\archivos de programa\CCleaner
2009-09-04 15:47 . 2009-09-04 15:47 -------- d-----w- c:\documents and settings\Rosita\Datos de programa\Malwarebytes
2009-09-04 15:47 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 15:47 . 2009-09-04 15:47 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-09-04 15:47 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 15:47 . 2009-09-04 15:47 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-09-03 04:08 . 2009-09-03 04:08 -------- d-----w- c:\windows\ie8updates
2009-09-03 03:41 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-03 03:41 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-03 03:41 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-03 03:41 . 2009-07-03 16:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-03 03:41 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-03 02:46 . 2009-09-03 02:46 -------- d-sh--w- c:\documents and settings\Rosita\PrivacIE
2009-09-03 00:27 . 2009-09-03 00:27 -------- d-sh--w- c:\documents and settings\Rosita\IETldCache
2009-09-02 20:03 . 2009-09-02 20:06 -------- dc-h--w- c:\windows\ie8
2009-09-02 04:09 . 2009-09-02 04:11 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2009-09-01 15:49 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-01 03:39 . 2008-09-10 01:15 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-09-01 03:39 . 2008-09-10 01:15 1307648 ------w- c:\windows\system32\msxml6.dll
2009-09-01 03:39 . 2008-04-14 10:25 90624 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-09-01 03:39 . 2008-04-14 10:25 90624 ------w- c:\windows\system32\msxml6r.dll
2009-09-01 03:39 . 2007-06-26 14:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-09-01 03:39 . 2007-06-26 14:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-09-01 03:37 . 2009-09-03 00:27 -------- d-----w- c:\windows\system32\es-es
2009-09-01 03:37 . 2008-04-14 10:49 32866 ------w- c:\windows\slrundll.exe
2009-09-01 03:37 . 2009-09-01 03:37 -------- d-----w- c:\windows\l2schemas
2009-09-01 03:37 . 2009-09-01 03:37 -------- d-----w- c:\windows\system32\es
2009-09-01 03:37 . 2009-09-01 03:37 -------- d-----w- c:\windows\system32\bits
2009-09-01 03:27 . 2009-09-01 03:39 -------- d-----w- c:\windows\ServicePackFiles
2009-09-01 03:25 . 2008-04-14 10:48 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-09-01 03:20 . 2008-04-14 01:04 63663 ------w- c:\windows\system32\drivers\ati1rvxx.sys
2009-09-01 01:47 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-01 01:34 . 2008-09-04 17:16 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-09-01 01:23 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-01 01:23 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-09-01 01:23 . 2009-02-09 11:24 2191488 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-01 01:23 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-09-01 01:23 . 2009-02-09 10:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-09-01 01:23 . 2009-02-09 10:52 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-09-01 01:23 . 2009-02-09 10:52 685056 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-09-01 01:23 . 2009-02-09 10:52 733696 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-09-01 01:23 . 2009-02-09 10:52 739328 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-09-01 01:23 . 2009-02-09 10:52 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-01 01:23 . 2009-02-09 11:23 2147840 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-01 01:23 . 2009-02-09 11:24 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-01 01:17 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-01 01:17 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-09-01 01:14 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-09-01 00:51 . 2009-09-01 00:52 -------- d-----w- c:\archivos de programa\7-Zip
2009-09-01 00:13 . 2008-06-14 17:33 272512 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-31 22:43 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-08-31 22:39 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-31 22:38 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-31 22:37 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-08-31 20:43 . 2009-06-10 14:14 85504 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-08-31 19:32 . 2009-01-07 21:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-31 19:32 . 2009-09-03 03:41 -------- d--h--w- c:\windows\$hf_mig$
2009-08-31 19:04 . 2009-08-31 19:04 -------- d-----w- c:\documents and settings\Rosita\Contacts
2009-08-31 19:02 . 2009-09-04 18:25 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-31 18:49 . 2009-08-31 18:49 -------- d-sh--w- c:\documents and settings\Rosita\UserData
2009-08-31 17:47 . 2009-08-31 17:47 0 ----a-w- c:\windows\nsreg.dat
2009-08-31 17:35 . 2009-08-31 17:35 -------- d-----w- c:\archivos de programa\HP
2009-08-31 17:33 . 2009-08-31 17:33 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ESET
2009-08-31 17:21 . 2007-02-02 02:36 306560 ----a-w- c:\windows\system32\drivers\rtl8185.sys
2009-08-31 17:18 . 2009-08-31 17:19 -------- d-----w- c:\archivos de programa\ATI Technologies
2009-08-31 17:18 . 2009-08-31 17:19 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2009-08-31 17:18 . 2009-08-31 17:18 -------- d-----w- c:\archivos de programa\Archivos comunes\InstallShield
2009-08-31 17:17 . 2009-08-31 17:17 -------- d-----w- c:\archivos de programa\SP23455
2009-08-31 17:17 . 2001-08-18 00:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-08-31 17:17 . 2001-08-18 00:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-08-31 17:16 . 2009-08-31 17:16 -------- d-----w- c:\archivos de programa\CONEXANT
2009-08-31 17:16 . 2003-11-08 06:00 90112 ----a-w- c:\windows\system32\mdmxsdk.dll
2009-08-31 17:16 . 2003-11-08 06:00 65536 ----a-w- c:\windows\system32\carpdll.dll
2009-08-31 17:16 . 2003-11-08 06:00 631296 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2009-08-31 17:16 . 2003-11-08 06:00 4608 ----a-w- c:\windows\system32\carpserv.exe
2009-08-31 17:16 . 2003-11-08 06:00 30592 ----a-w- c:\windows\system32\drivers\strmdisp.sys
2009-08-31 17:16 . 2003-11-08 06:00 27765 ----a-w- c:\windows\system32\HSFCI006.dll
2009-08-31 17:16 . 2003-11-08 06:00 179712 ----a-w- c:\windows\system32\drivers\HSFHWALI.sys
2009-08-31 17:16 . 2003-11-08 06:00 11043 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2009-08-31 17:16 . 2003-11-08 06:00 1063040 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2009-08-31 17:16 . 2009-08-31 17:18 -------- d-----w- C:\SWSetup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 23:58 . 2009-09-04 17:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2009-09-04 23:49 . 2009-09-04 16:45 -------- d-----w- c:\archivos de programa\Java
2009-09-04 18:25 . 2009-09-04 18:00 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Lavasoft
2009-09-04 18:01 . 2009-09-04 18:01 -------- dc-h--w- c:\documents and settings\All Users\Datos de programa\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-04 18:00 . 2009-09-04 18:00 -------- d-----w- c:\archivos de programa\Lavasoft
2009-09-04 17:46 . 2009-09-04 17:43 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2009-09-01 15:51 . 2001-08-24 11:00 51266 ----a-w- c:\windows\system32\perfc00A.dat
2009-09-01 15:51 . 2001-08-24 11:00 362442 ----a-w- c:\windows\system32\perfh00A.dat
2009-08-31 16:30 . 2009-08-31 16:30 -------- d-----w- c:\archivos de programa\microsoft frontpage
2009-08-31 16:28 . 2009-08-31 16:28 -------- d-----w- c:\archivos de programa\Servicios en línea
2009-08-31 16:26 . 2009-08-31 16:26 21900 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:00 . 2004-08-19 13:42 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2004-08-19 13:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2001-08-24 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 08:23 . 2009-09-04 16:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:03 . 2004-08-19 13:41 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 15:21 . 2004-08-19 13:42 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:57 . 2004-08-19 13:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 14:49 . 2009-09-04 18:25 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-15 10:44 . 2004-08-19 13:43 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-19 13:43 81920 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:14 . 2004-08-19 13:41 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 12:21 . 2009-08-31 16:24 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-19 13:42 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-01 294912]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [04/09/2009 15:25 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [04/09/2009 22:12 28544]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 11:49 1029456]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVBOOT
*Deregistered* - CSIScanner

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\archivos de programa\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Rosita\Datos de programa\Mozilla\Firefox\Profiles\cjlbh170.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 12:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2408)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-09-05 12:43
ComboFix-quarantined-files.txt 2009-09-05 15:43

Pre-Run: 34.250.915.840 bytes libres
Post-Run: 34.219.896.832 bytes libres

178 --- E O F --- 2009-09-02 20:06

[Ried]

You're welcome. : )

The logs look fine, but I'd still recommend running this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

[WeirdRose]

Hello Ried, and thanks again for your time! I did what you instructed, but no report was generated, I mean, nothing infected or suspicious. I ran it with mozilla and with iexplorer, and went through critical areas and the my pc but the reports came back empty. I assume this is a great thing??? Thank you very much for your time and attention :D

[Ried]

Yes, that is a good thing.

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

- Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

- Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.

• How did I get infected in the first place?
• PC Safety and Security--What Do I Need?

- Most importantly, Think Prevention

-----------------------------------------------------


**Kindly respond one more time and let me know if we may consider this thread resolved.

[WeirdRose]

Raid, thanks thanks thanks!! My computer problems are solved. I just can't thank you enough. You are really kind and quick responding, and very clear. I thank you once more

[Ried]

You're welcome, and thank you for the kind words.

Take care, WeirdRose.