1.

Solve : Vundo and Trojan Problems?

Answer»

After stupidly downloading questionable software I was immediately hit with a virus that changed my displays, throw up pop-ups and disallowed access to my C: drive. As soon as I saw what was happening I disconnected my internet and ran SuperAntiSpyware and CCleaner. I have followed the removing malware guide by whatever I have won't let me open up the sites for Malwarebytes and HijackThis.
I have attached the log from SuperAntiSpyware. I just don't know what to do next.
I have learned my lesson and would greatly, greatly appreciate any help.

[Saving space - attachment deleted by admin]We have seen a lot of this LATELY and know the process of removing it pretty well.

Please print these instructions as they will be needed later when Internet access is not available.
 
Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/151585130/SDFix.exe.html
 
When using this tool, you must use the Administrator's account or an account with Administrative rights

  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
.Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
 
Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next reply.
.
----------

Now go back and download MalwareBytes and HijackThis and post the logs from them.Alright, things are already looking much better.
Ran SDFix, MalwareBytes and HijackThis, here are the logs

SDFix: Version 1.231
Run by Administrator on Mon 10/06/2008 at 08:41 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
tdssserv

Path :
\systemroot\system32\drivers\TDSSserv.sys

tdssserv - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\system32\TFTP3716 - Deleted
C:\WINDOWS\fkebanrw.exe - Deleted
C:\Documents and Settings\Luna\Application Data\Adobe\crc.dat  - Deleted
C:\WINDOWS\system32\TDSSerrors.log  - Deleted
C:\WINDOWS\system32\tdssserf1.dll  - Deleted



Folder C:\Program Files\MicroAntivirus - Removed


Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 20:53:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:xpsp2res.dll,-22019"
"C:\\WINDOWS\\SYSTEM32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\SYSTEM32\\P2P Networking\\P2P Networking.exe:*:Disabled:P2P Networking"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\IVVIEW7.EXE"="D:\\IVVIEW7.EXE:*:Enabled:Image Vault Viewer"
"C:\\Program Files\\Team17\\Worms Armageddon\\wa.exe"="C:\\Program Files\\Team17\\Worms Armageddon\\wa.exe:*:Disabled:Worms Armageddon"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1142993994\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1142993994\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1142993994\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1142993994\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\earthlinkim\\aim.exe"="C:\\Program Files\\earthlinkim\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe:*:Disabled:MessageApp"
"C:\\Program Files\\SBC Self Support Tool\\SmartBridge\\MotiveSB.exe"="C:\\Program Files\\SBC Self Support Tool\\SmartBridge\\MotiveSB.exe:*:Enabled:SBC Self Support Tool Alerts"
"C:\\Program Files\\Real\\RealOne Player\\trueplay.exe"="C:\\Program Files\\Real\\RealOne Player\\trueplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Yahoo!\\YOP\\yop.exe"="C:\\Program Files\\Yahoo!\\YOP\\yop.exe:*:Disabled:Dashboard Module"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\earthlinkim\\aim.exe"="C:\\Program Files\\earthlinkim\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon  8 Nov 2004         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu  7 Aug 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri  8 Aug 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 24 Aug 2008    25,755,448 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d27c2900aa2705e008389ddae7c985e9\BIT22.tmp"

Finished!

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 2

10/6/2008 8:06:57 PM
mbam-log-2008-10-06 (20-06-57).txt

Scan type: Quick Scan
Objects scanned: 65460
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 16
Registry Data Items Infected: 18
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qaccess.tchongabho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a34fa88d-8437-4634-8a60-e913011ef2e5} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a34fa88d-8437-4634-8a60-e913011ef2e5} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur12.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur27.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur12.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur27.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55277-OEM-0011903-00102) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luna\Application Data\sp2\qaccess.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\evbo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\browser.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\YUR27.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\YURF.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAntivirus\microAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAntivirus\microAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAntivirus\microAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:18 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\AOL\1177204184\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hphmon04.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\common files\aol\1177204184\ee\aolsoftware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ElnkScamBHO Class - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {D628451C-14B1-4ACD-94AD-F871D12B3CAB} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177204184\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [] C:\Documents and Settings\Luna\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/04a30f04300bfbf27206/netzip/RdxIE2.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: pmnkKAPI - pmnkKAPI.dll (file missing)
O21 - SSODL: xgpsarbm - {497091B7-26C9-4AE0-A6CD-268DF4165292} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 13356 bytes
Looks pretty good but you are running two antivirus, Yahoo! Antivirus and Avast. This is never good and it is strongly suggested to uninstall one now. I recommend keeping Avast and uninstalling Yahoo! Antivirus.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O2 - BHO: (no name) - {D628451C-14B1-4ACD-94AD-F871D12B3CAB} - (no file)
- O4 - HKCU\..\Run: [] C:\Documents and Settings\Luna\Application Data\Adobe\Player.exe
- O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
- O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
- O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
- O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
- O20 - Winlogon Notify: pmnkKAPI - pmnkKAPI.dll (file missing)
- O21 - SSODL: xgpsarbm - {497091B7-26C9-4AE0-A6CD-268DF4165292} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Alright, moving along nicely
Here are the ComboFix and new HijackThis logs

ComboFix 08-10-06.05 - Luna 2008-10-06 21:32:03.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.135 [GMT -7:00]
Running from: C:\Documents and Settings\Luna\Desktop\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0000005739.exe
C:\Documents and Settings\Luna\Application Data\Adobe\Player.exe
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\P2P Networking
C:\xcrashdump.dat

.
(((((((((((((((((((((((((   Files Created from 2008-09-07 to 2008-10-07  )))))))))))))))))))))))))))))))
.

2008-10-06 20:37 . 2008-10-06 20:37      d--------   C:\WINDOWS\ERUNT
2008-10-06 20:27 . 2008-10-06 20:55      d--------   C:\SDFix
2008-10-06 19:55 . 2008-10-06 19:55      d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 19:55 . 2008-10-06 19:55      d--------   C:\Documents and Settings\Luna\Application Data\Malwarebytes
2008-10-06 19:55 . 2008-10-06 19:55      d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-06 19:55 . 2008-09-10 00:04   38,528   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-06 19:55 . 2008-09-10 00:03   17,200   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-06 19:33 . 2008-10-06 19:33      d--------   C:\Program Files\Sun
2008-10-06 19:33 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-06 19:32 . 2008-10-06 19:33      d--------   C:\Program Files\Java
2008-10-06 19:32 . 2008-10-06 19:32      d--------   C:\Program Files\Common Files\Java
2008-10-06 19:12 . 2008-10-06 20:06      d--------   C:\Documents and Settings\Luna\Application Data\sp2
2008-10-06 18:21 . 2008-10-06 18:21      d--------   C:\Program Files\Alwil Software
2008-10-05 21:40 . 2008-06-24 13:45   1,414,440   --a------   C:\WINDOWS\SYSTEM32\ShellManager310E2D762.dll
2008-10-05 21:40 . 2008-06-23 17:36   773,120   --a------   C:\WINDOWS\SYSTEM32\NEROINSTAEC43759.DB
2008-10-05 20:16 . 2008-10-05 20:16      d--------   C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\EarthLink Toolbar
2008-10-05 19:11 . 2008-10-05 19:11      d--------   C:\Documents and Settings\Luna\Application Data\AVS4YOU
2008-10-05 19:10 . 2008-10-05 19:10      d--------   C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-10-05 19:08 . 2008-10-05 19:45      d--------   C:\Program Files\Common Files\AVSMedia
2008-10-05 19:08 . 2008-10-05 19:45      d--------   C:\Program Files\AVS4YOU
2008-10-05 19:08 . 2007-02-27 19:36   1,700,352   --a------   C:\WINDOWS\SYSTEM32\GdiPlus.dll
2008-10-05 18:50 . 2008-10-05 18:50      d--------   C:\boilsoft_tmp
2008-10-05 18:49 . 2008-10-05 18:57   67   --a------   C:\WINDOWS\AVIConverter.INI
2008-10-05 18:23 . 2008-10-05 18:23      d--------   C:\Documents and Settings\All Users\Application Data\LightScribe
2008-10-05 17:52 . 2008-10-05 22:31   29   --a------   C:\WINDOWS\Irremote.ini
2008-10-05 17:24 . 2008-10-05 17:24      d--------   C:\Program Files\Common Files\LightScribe
2008-10-04 00:51 . 2008-10-04 00:51      d--------   C:\Program Files\DNA
2008-10-04 00:51 . 2008-10-06 21:38      d--------   C:\Documents and Settings\Luna\Application Data\DNA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 02:40   ---------   d-----w   C:\Program Files\CCleaner
2008-10-06 23:38   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-06 05:46   ---------   d-----w   C:\Program Files\Common Files\Nero
2008-10-06 04:42   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Nero
2008-10-06 04:25   ---------   d-----w   C:\Program Files\InterActual
2008-10-06 04:24   ---------   d-----w   C:\Documents and Settings\Luna\Application Data\Azureus
2008-10-06 02:03   ---------   d-----w   C:\Program Files\Soulseek
2008-10-06 01:23   ---------   d-----w   C:\Documents and Settings\Luna\Application Data\Nero
2008-10-06 00:50   ---------   d-----w   C:\Program Files\Nero
2008-10-05 22:37   ---------   d-----w   C:\Program Files\MediaFACE II
2008-09-06 15:29   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-09-02 08:54   1,739,459   ----a-w   C:\WINDOWS\Badge 1280x1024.scr
2008-09-02 08:54   ---------   d-----w   C:\Program Files\Badge 1280x1024
2008-08-31 22:51   ---------   d-----w   C:\Documents and Settings\Luna\Application Data\Yahoo!
2008-08-23 20:38   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-08-23 19:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-23 18:57   ---------   d-----w   C:\Documents and Settings\Luna\Application Data\Ahead
2008-08-18 06:11   ---------   d-----w   C:\Program Files\Common Files\Adaptec Shared
2008-08-18 06:02   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-16 13:24   ---------   d-----w   C:\Program Files\NOS
2008-08-16 13:24   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\NOS
2008-08-16 03:38   ---------   d-----w   C:\Program Files\Common Files\Adobe AIR
2008-08-16 03:37   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-08-14 01:55   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-08-14 01:39   ---------   d-----w   C:\Documents and Settings\Luna\Application Data\Simple Star
2008-08-14 01:35   ---------   d-----w   C:\Program Files\Common Files\Simple Star Shared
2008-08-10 04:49   ---------   d-----w   C:\Program Files\Common Files\Voyetra
2008-08-10 03:51   ---------   d-----w   C:\Documents and Settings\Luna\Application Data\Microsoft Web Folders
2008-08-10 03:50   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-08-10 03:32   ---------   d-----w   C:\Documents and Settings\Luna\Application Data\AOL
2008-08-09 13:20   ---------   d-----w   C:\Program Files\Free Audio Pack
2008-08-09 13:10   ---------   d-----w   C:\Program Files\Pure Networks
2008-08-09 06:45   ---------   d-----w   C:\Program Files\Trend Micro
2008-08-09 05:44   ---------   d-----w   C:\Documents and Settings\Luna\Application Data\Leadertech
2008-08-09 04:44   ---------   d-----w   C:\Documents and Settings\Luna\Application Data\SUPERAntiSpyware.com
2008-08-09 04:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-09 04:43   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-09 04:35   ---------   d-----w   C:\Program Files\SBC Self Support Tool
2008-08-09 04:32   ---------   d-----w   C:\Program Files\Yahoo!
2008-08-09 04:32   ---------   d-----w   C:\Program Files\Symantec
2008-08-09 04:32   ---------   d-----w   C:\Program Files\QuickTime
2008-08-09 04:32   ---------   d-----w   C:\Program Files\Modem Helper
2008-08-08 03:37   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-08-08 02:52   ---------   d-----w   C:\Program Files\HP Photosmart 11
2008-08-08 02:07   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-08 02:05   ---------   d-----w   C:\Program Files\Vuze
2008-08-08 01:49   ---------   d-----w   C:\Program Files\Common Files\Motive
2008-07-19 05:10   94,920   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 05:10   94,920   ----a-w   C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10   53,448   ----a-w   C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10   53,448   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 05:10   45,768   ----a-w   C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10   36,552   ----a-w   C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:10   36,552   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 05:09   563,912   ----a-w   C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09   563,912   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 05:09   325,832   ----a-w   C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09   325,832   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 05:09   205,000   ----a-w   C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09   205,000   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 05:09   1,811,656   ----a-w   C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09   1,811,656   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32   253,952   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2004-12-08 13:59   78,712   -c--a-w   C:\Documents and Settings\Luna\Application Data\GDIPFONTCACHEV1.DAT
2003-04-14 04:18   10,135,688   -c--a-w   C:\Program Files\mpsetupXP.exe
2002-12-30 09:30   3,286,795   -c--a-w   C:\Program Files\DivX502Bundle.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-10-26 4662776]
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [2006-06-11 1003520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-06 1576176]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-04 289088]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 5058560]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"Dell|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 270336]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-05-22 180269]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2004-02-02 495616]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-05-28 230512]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-05-28 185456]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"HostManager"="C:\Program Files\Common Files\AOL\1177204184\ee\AOLSoftware.exe" [2006-09-25 50736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 348160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\SYSTEM32\nwiz.exe]

C:\Documents and Settings\Luna\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 327680]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-11-20 45056]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2008-08-07 217088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-06 08:29 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe"=
"C:\\Program Files\\Real\\RealOne Player\\trueplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\YOP\\yop.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 38144]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-03 144768]
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-03 545088]
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys [2001-11-20 19968]

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-07-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-10-07 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2006-01-06 12:07]

2008-10-07 C:\WINDOWS\Tasks\HP Usg Login.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2006-01-06 12:07]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-windows auto update - (no file)
HKLM-Run-NWEReboot - (no file)
ShellExecuteHooks-{C7093DB8-D5FB-4FF9-851C-3E4C5C5BD4FD} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Luna\Application Data\Mozilla\Firefox\Profiles\0thcnx8q.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 21:41:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Dell|Alert = C:\Program Files\Dell\Support\Alert\bin\DAMon.exe?p?o?r?t?\?A?l?e?r?t?\?b?i?n?\?D?A?M?o?n?.?e?x?e???x???X???`???h???x????X???P?(?w'(?w???(?w???0?$?w7(?w?o?wS??w???w???X*???X??%?e??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-06 21:47:46
ComboFix-quarantined-files.txt  2008-10-07 04:47:24

Pre-Run: 59,436,740,608 bytes free
Post-Run: 59,537,301,504 bytes free

225   --- E O F ---   2008-10-06 07:04:41
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:18 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\AOL\1177204184\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1177204184\ee\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1177204184\ee\anotify.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ElnkScamBHO Class - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177204184\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11575 bytes
Still running two antivirus?

I (as well as Microsoft, McAfee and Symantec)  recommend that you DO NOT have more than one antivirus product installed and running on your computer at a time.

The real-time protection of two antivirus programs may conflict with each other and cause the following:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.

I strongly suggest you either configure only one antivirus program to enable automatic real-time scanning, and leave the rest disabled, using them for on-demand scanners or go to Start > Control Panel > Add or Remove Programs and uninstall all but one antivirus program.

----------

  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.

  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.
.
----------

Download OTMoveIt2 by OldTimer and save it to your Desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

1. Double-click OTMoveIt2.exe to run it.
2. Copy the lines in the codebox below.

Code: [Select][kill explorer]
C:\WINDOWS\SYSTEM32\ShellManager310E2D762.dll
C:\WINDOWS\SYSTEM32\NEROINSTAEC43759.DB
EmptyTemp
[start explorer]
3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
4. Click the red Moveit! button.
5. Copy everything in the Results window (under the green bar) and paste it in your next reply.
6. Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

After posting the OTmoveIt2 log...I probably won't be back online until tomorrow so go ahead and run the ESET scan.

First:

1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • When finished exit out of OTMoveIt2
.
----------

Next:

Run this online scan.

This scanner requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

Also let me know hoe the PC is now.Here is the MoveIt

Explorer killed successfully
C:\WINDOWS\SYSTEM32\ShellManager310E2D762.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\ShellManager310E2D762.dll moved successfully.
C:\WINDOWS\SYSTEM32\NEROINSTAEC43759.DB moved successfully.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_370.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10062008_224309

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_370.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.Here is the Eset log:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3499 (20081007)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=b787b4cf8586ad489e32522b146782ef
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-07 07:46:48
# local_time=2008-10-07 12:46:49 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=294414
# found=29
# scan_time=6093
C:\Documents and Settings\Luna\Application Data\Mozilla\Firefox\Profiles\0thcnx8q.default\Cache(3)\B750ACA1d01   Win32/Adware.WBug.A application (deleted)   00000000000000000000000000000000
C:\Documents and Settings\Luna\Application Data\Mozilla\Firefox\Profiles\0thcnx8q.default\Cache(3)\B750ACA1d01 »WISE »WxBug.EXE   Win32/Adware.WBug.A application (error while deleting - operation unavailable for this type of object - was a part of the deleted object)   00000000000000000000000000000000
C:\Documents and Settings\Luna\Application Data\Mozilla\Firefox\Profiles\0thcnx8q.default\Cache(3)\B750ACA1d01 »WISE »WxBug.EXE »WISE »MiniBugTransporter.dll   Win32/Adware.WBug.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)   00000000000000000000000000000000
C:\Documents and Settings\Luna\My Documents\Install_AIM.exe   Win32/Adware.WBug.A application (deleted)   00000000000000000000000000000000
C:\Documents and Settings\Luna\My Documents\Install_AIM.exe »WISE »WxBug.EXE   Win32/Adware.WBug.A application (error while deleting - operation unavailable for this type of object - was a part of the deleted object)   00000000000000000000000000000000
C:\Documents and Settings\Luna\My Documents\Install_AIM.exe »WISE »WxBug.EXE »WISE »MiniBugTransporter.dll   Win32/Adware.WBug.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\Download Manager\adm.exe   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\Download Manager\adm25.dll   Win32/Adware.BDE application (unable to clean - deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\Download Manager\admdata.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\Download Manager\admdloader.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\Download Manager\admfdi.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\adm.exe   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\adm25.dll   Win32/Adware.BDE application (unable to clean - deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\admdata.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\admdloader.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\admfdi.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\pmfiles.cab   Win32/Adware.BrilliantDigital application (deleted)   00000000000000000000000000000000
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp\pmfiles.cab »CAB »sysdetect.dll   Win32/Adware.BrilliantDigital application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)   00000000000000000000000000000000
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008696.exe   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008697.dll   Win32/Adware.BDE application (unable to clean - deleted)   00000000000000000000000000000000
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008698.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008699.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008700.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008701.exe   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008702.dll   Win32/Adware.BDE application (unable to clean - deleted)   00000000000000000000000000000000
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008703.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008704.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP116\A0008705.dll   Win32/Adware.Altnet application (unable to clean - deleted)   00000000000000000000000000000000
C:\WINDOWS\SYSTEM32\P2P Networking v125.cpl   Win32/Adware.P2PNet application (unable to clean - deleted)   00000000000000000000000000000000
After all the scans everything seems to be running smoothly, desktop icons restored and I have access to all drives. I had to unistall Avast as the Yahoo antivirus is blocking me from disabling or uninstalling.
Your help has been tremendous I can't thank you enough. Getting the all clear would make my day.Looks good.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
  • Go to Start > Programs > ACCESSORIES > System Tools and click System Restore
  • Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  • The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Next go to Start > Run and type Cleanmgr
  • Click OK
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Done and done. Thanks again, you guys are the best.No problem.

Safe surfing....


Discussion

No Comment Found

Related InterviewSolutions