trouble with malware, adware...

[LisaWilliams]

When I search the internet and click on a link, my search bar is redirected to toseeka, shopica, securitytool, and several others, sometimes overlapping. I have run malware bytes and avg free, but nothing helps. I have run the diagnostics this site recommended and am goint to try to attach those reports. Please let me know if there is anything else I can do. I am sooooo frustrated!!


DDS (Ver_09-10-24.03) - NTFSx86
Run by Lisa at 17:52:58.17 on Sat 10/24/2009
Internet Explorer: 7.0.6001.18000

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-23 11:25:18 0 d-----w- c:\program files\EclipseCrossword
2009-10-18 03:13:49 218 ----a-w- c:\users\lisa\.recently-used.xbel
2009-10-18 02:57:27 0 d-----w- c:\users\lisa\appdata\roaming\Inkscape
2009-10-18 02:49:43 0 d-----w- c:\program files\Inkscape
2009-10-14 13:46:37 0 d-----w- c:\programdata\CanonIJPLM
2009-10-14 13:38:56 0 d--h--w- c:\programdata\CanonBJ
2009-10-14 13:36:57 223744 ----a-w- c:\windows\system32\CNMLM97.DLL
2009-10-14 13:35:44 0 d-----w- c:\program files\Canon
2009-10-12 13:18:49 0 d-----w- c:\programdata\CraftEdge
2009-10-12 13:18:46 0 d-----w- c:\program files\Craft Edge

==================== Find3M ====================

2009-10-14 13:38:13 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-14 13:38:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-14 13:38:03 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-20 01:40:45 2552 ----a-w- c:\users\lisa\appdata\roaming\wklnhst.dat
2009-02-13 00:17:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2003-03-21 18:45:22 250544 ----a-w- c:\program files\common files\keyhelp.ocx
2009-02-12 23:58:21 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:53:30.02 ===============

[thewall]

Hello LisaWilliams Welcome to the TSF Virus/Trojan/Spyware Help forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.




After 3 days if a topic is not replied to we assume it has been abandoned and it is closed.


This looks like a Vista OS although it is not showing in the Header. If it is not don't do the following before letting me know.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  
• Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.








Thanks,



thewall

[LisaWilliams]

Thanks for your help. I am running Vista on this computer. Let me know if this is not the way I need to add this report.

ComboFix 09-10-25.01 - Lisa 10/25/2009 13:39.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2038.1041 [GMT -5:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2347180839-3205931739-3509662-500
c:\$recycle.bin\S-1-5-21-3700960631-808204567-1717352646-500
c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\windows\system32\drivers\DnsFilter.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ddnsfilter
-------\Service_SfX
-------\Legacy_DnsFilter
-------\Service_DnsFilter


((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-23 11:25 . 2009-10-23 11:25 -------- d-----w- c:\program files\EclipseCrossword
2009-10-18 03:06 . 2009-10-18 03:06 -------- d-----w- c:\users\Lisa\AppData\Roaming\gtk-2.0
2009-10-18 02:57 . 2009-10-18 02:57 -------- d-----w- c:\users\Lisa\AppData\Roaming\Inkscape
2009-10-18 02:49 . 2009-10-18 02:55 -------- d-----w- c:\program files\Inkscape
2009-10-14 13:46 . 2009-10-14 13:46 -------- d-----w- c:\programdata\CanonIJPLM
2009-10-14 13:38 . 2009-10-14 13:38 -------- d--h--w- c:\programdata\CanonBJ
2009-10-14 13:38 . 2009-10-14 13:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-10-14 13:36 . 2007-10-22 05:00 223744 ----a-w- c:\windows\system32\CNMLM97.DLL
2009-10-14 13:36 . 2009-10-14 13:36 -------- d--h--w- c:\program files\CanonBJ
2009-10-14 13:35 . 2009-10-14 13:46 -------- d-----w- c:\program files\Canon
2009-10-12 13:18 . 2009-10-12 13:18 -------- d-----w- c:\programdata\CraftEdge
2009-10-12 13:18 . 2009-10-12 13:18 -------- d-----w- c:\program files\Craft Edge

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 13:31 . 2009-03-03 02:55 -------- d-----w- c:\program files\LogMeIn
2009-10-15 00:33 . 2009-03-09 22:57 5972 ----a-w- c:\users\Lisa\AppData\Local\d3d9caps.dat
2009-09-18 15:56 . 2009-03-03 13:10 -------- d-----w- c:\programdata\Roxio
2009-09-09 00:19 . 2009-03-03 23:21 105248 ----a-w- c:\users\Robbie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 03:22 . 2009-08-29 03:22 -------- d-----w- c:\program files\ESET
2009-08-29 03:17 . 2009-08-28 23:26 -------- d-----w- c:\programdata\avg8
2009-08-28 23:26 . 2009-08-28 23:26 -------- d-----w- c:\program files\AVG
2009-08-20 01:40 . 2009-02-19 03:04 2552 ----a-w- c:\users\Lisa\AppData\Roaming\wklnhst.dat
2009-08-03 18:36 . 2009-08-20 18:32 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-08-20 18:32 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2003-03-21 18:45 . 2009-08-02 11:29 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2009-02-12 23:58 . 2009-02-12 23:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-10 163840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 141848]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]

c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [5/14/2009 3:49 PM 93312]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [3/2/2009 9:55 PM 47640]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contents of the 'Scheduled Tasks' folder

2009-10-25 c:\windows\Tasks\User_Feed_Synchronization-{8313549B-F315-4FE6-B92B-33CA4AD8FE7B}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 16:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000037C43DDCAA15FC1C3C 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\WinX DVD Author 5.5\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\combofix\CF3101.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-25 16:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-25 21:42

Pre-Run: 157,444,268,032 bytes free
Post-Run: 157,816,049,664 bytes free

- - End Of File - - DE1C8B37266CF71338BE6C7D343ABD28

[thewall]

You're welcome and you did fine. Try this scan now, sometimes it's takes awhile.

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Open the Kaspersky WebScanner
  page.
• Click on the button on the main page.
• The program will launch and fill in the Information section on the left.
• Read the "Requirements and Limitations" then press the button.
• The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
• Once the files have been downloaded, click on the ...button.
  In the scan settings make sure the following are selected:
  • Detect malicious programs of the following categories:
    Viruses, Worms, Trojan Horses, Rootkits
    Spyware, Adware, Dialers and other potentially dangerous programs
  • Scan compound files (doesn't apply to the File scan area):
    Archives
    Mail databases
    By default the above items should already be checked.
  • Click the button, if you made any changes.
• Now under the Scan section on the left:
  
  Select My Computer
  
• The program will now start and scan your system. This will run for a while, be patient and let it finish.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• In the drop down box labeled Files of type change the type to Text file.
• Save the file to your desktop.
• Copy and paste that information in your next post.

You can refer to this animation by sundavis if needed.


.

[LisaWilliams]

Ok. That DID take a long time! Here is the Kaspersky report.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, October 26, 2009
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 26, 2009 01:18:50
Records in database: 3074434
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 106992
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:30:54


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\DDnsFilter\DDnsFilter.dll.vir Infected: Trojan.Win32.Agent.cupu 1
C:\Qoobox\Quarantine\C\Windows\System32\drivers\DnsFilter.sys.vir Infected: Trojan.Win32.Agent.cupu 1

Selected area has been scanned.

[thewall]

They do take a long time but it's a very through scanner. The only two things it picked up are already in quarantine and will be gone when we remove ComboFix.

How are things running now.

[LisaWilliams]

Well, I've been very careful about running the machine, but I have noticed that links I click on for the internet have not been redirected since last night. I'm assuming that's due to the scans and quarantine? My only question is how I got the problem. I deleted forwarded emails and try not to download anything that I'm not sure of. I change passwords regularly and do not use p2p websites. I just don't want to have this problem again.
Thanks so much for all your help. What is my next step?

[thewall]

I wish I could say exactly how you became infected but unluckily I can't. One area of vulnerability I see is although you have one fairly new version of Java you also have one that is very outdated. This is prime territory for exploitation. When we wrap up I will also give you the link to a program that will check other programs which may need updating.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
• Click the Download button to the right.
• Select your Platform: "Windows".
• Select your Language: "Multi-language".
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• Click Continue and the page will refresh.
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

[LisaWilliams]

Ok...I think I'm done. I deleted older versions and now have only my new version installed. My computer is running sooooo much better! What is my next step? Or...am I done?

[thewall]

Good to hear things are running better.

That should wrap us open. We'll remove our tools and I have some last suggestions.


Uninstall Combofix

• Press the Windows Key + R on your keyboard.
• Now copy & paste the green bolded text in the run-box and click OK.
  
  ComboFix /Uninstall
  
  <Notice the space between the "x" and "/".>
  

  

• The following will implement some very important cleanup procedures as well as reset System Restore points.

You can also delete both GMER and DDS from your Desktop.





Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented

1. Keep your non-Microsoft applications updated
   Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
2. Make Internet Explorer more secure
   Click Start > Run
   Type Inetcpl.cpl & click OK
   Click on the Security tab
   Click Reset all zones to default level
   Make sure the Internet Zone is selected & Click Custom level
   In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
   Next Click OK, then Apply button and then OK to exit the Internet Properties page.
3. Install SpywareBlaster & make sure to update it regularly
   SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
   If you don't know what activex controls are, see here
   You can download SpywareBlaster from here
4. Install the MVPs hosts file, and update it regularly
   You can use the HostMan host file manager to do this automaticly if you wish.
   For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts fileNote: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
   • Click Start > Run
   • Type services.msc & click OK
   • In the list, find the service called DNS Client & double click on it.
   • On the dropdown box, change the setting from automatic to manual.
   • Click OK & then close the Services window
5. Install a-squared Free & update and scan with it regularly
   a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
   Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
6. Finally, this is very important. It is absolutely essential to keep all of your security programs up to date
   

If you have any other questions or issues feel free to ask as I will be checking back on this topic.



Other than that if there is nothing else I can do for you then I wish you good luck in the future and thank you for using our forum. :)


thewall

[LisaWilliams]

You have been so much help -- I'm telling everyone I know about this site. Thank you, thank you, thank you!!!

[thewall]

You're welcome Lisa, I'm glad we could be of help.

[thewall]

Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.