automatic update problem

There's a whole lot more than that present!

  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\system32\xdatqlud.dll
C:\WINDOWS\system32\buuqrshl.dll
C:\WINDOWS\system32\yuhktmnk.dll
C:\WINDOWS\system32\AaJmnnpo.ini2
C:\WINDOWS\system32\AaJmnnpo.ini
C:\WINDOWS\system32\athhjdes.dll
C:\WINDOWS\system32\oitkvaao.dll
C:\WINDOWS\system32\ieegodhu.dll
C:\WINDOWS\system32\opnnmJaA.dll
C:\WINDOWS\system32\ycvojdjq.dll
C:\WINDOWS\system32\uhwwxpco.dll
C:\WINDOWS\system32\tyfxeirr.dll
C:\WINDOWS\system32\yugsbfxd.dll
C:\WINDOWS\system32\luqrursy.dll
C:\WINDOWS\system32\ehrduihp.dll
C:\WINDOWS\system32\aewwtfih.dll
C:\WINDOWS\system32\mslqidlt.dll
C:\WINDOWS\system32\igcwjxex.dll
C:\WINDOWS\system32\odydjqia.dll
C:\WINDOWS\system32\gcudnsql.dll
C:\WINDOWS\system32\svvvfnxa.dll
C:\WINDOWS\system32\gxcypxsu.dll
C:\WINDOWS\system32\pelhljaq.exe
C:\WINDOWS\system32\ajaadwvb.dll
C:\WINDOWS\system32\lltbupmn.dll
C:\WINDOWS\system32\ssobyovw.dll
C:\WINDOWS\system32\mlJAsTjj.dll
C:\WINDOWS\system32\vmwlhrun.dll
C:\WINDOWS\system32\rrbiaqgj.dll
C:\WINDOWS\system32\unrxxueh.exe
C:\WINDOWS\system32\jmmoeojn.dll
C:\WINDOWS\system32\oupqjkpm.dll
C:\WINDOWS\system32\tsoxjtas.dll
C:\WINDOWS\system32\sdfujewh.exe
C:\WINDOWS\system32\irwdyypt.dll
C:\WINDOWS\system32\ylohqjoy.dll
C:\WINDOWS\BMb3ebe41f.xml
C:\WINDOWS\system32\unqgxycu.dll
C:\WINDOWS\system32\mlJBSkLe.dll
C:\WINDOWS\system32\hgGawWQj.dll
C:\WINDOWS\system32\opnmkkig.dll
C:\WINDOWS\system32\jkkHARkI.dll
C:\WINDOWS\system32\ddcBTMcc.dll
C:\WINDOWS\TEMP\TMP00000045682C0731B8461486
C:\WINDOWS\system32\kkwhtouu.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11CFC3A7-B6B2-4BB1-AC0D-22F8C37D41F9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51239dbd-b31f-4bc3-9df6-f0c83e205e02}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7872A60F-9E46-454F-93DF-80DCE341A045}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E243A8E7-6244-49E0-A361-22DBF30FD46C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E243A8E7-6244-49E0-A361-22DBF30FD46C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4C6FEFD-DA3D-421B-9087-17DB2A3CA2D4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"b0d8d783"=-
"BMb3ebe41f"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E243A8E7-6244-49E0-A361-22DBF30FD46C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBTMcc]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,20,00,72,65,6c,6f,67,5f,61,70,00,00
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. How is your system running now?
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.
 
Last edited:
Lol *shame* but since I can't use ComboFix script I didn't even check the ComboFix log...my mistake...
Ceewi1 thanks for helping this case is yours.
 
wait...i tried running the avenger script twice and when my computer restarts and i ende up in the boot menu and when i try booting in normal mode it fails and i have to boot to last known good.....



edit: i tried the combo fix and it says the installation failed
 
Last edited:
I suspect the infection has changed since your ComboFix log was posted.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from Click the Scan for Vundo button. when VundoFix appears at reboot.

Delete the version of ComboFix you have and download a new one from one of the links in GameMaster's last post. Run it by double clicking on it and post the log it generates along with a new HijackThis log.

Please post
  • The VundoFix log
  • The ComboFix log
  • A new HijackThis log
 
EDIT: after running combofix and letting it fix the infections and reboot, my internet is back to normal. thanks so much...now i just need to get my auto updates turned on....

vundufix didnt find any infections and thats all the log says..as for the other 2:

combofix:

ComboFix 08-05-21.3 - Troncoso 2008-05-23 9:13:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.326 [GMT -4:00]
Running from: C:\Documents and Settings\Troncoso\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMb3ebe41f.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AaJmnnpo.ini
C:\WINDOWS\system32\AaJmnnpo.ini2
C:\WINDOWS\system32\aewwtfih.dll
C:\WINDOWS\system32\ajaadwvb.dll
C:\WINDOWS\system32\brxlpcbn.exe
C:\WINDOWS\system32\buuqrshl.dll
C:\WINDOWS\system32\ddcBTMcc.dll
C:\WINDOWS\system32\dhpyenuc.dll
C:\WINDOWS\system32\ehrduihp.dll
C:\WINDOWS\system32\ewklpbtv.dll
C:\WINDOWS\system32\gcudnsql.dll
C:\WINDOWS\system32\gxcypxsu.dll
C:\WINDOWS\system32\hgGawWQj.dll
C:\WINDOWS\system32\hqopiwat.exe
C:\WINDOWS\system32\ieegodhu.dll
C:\WINDOWS\system32\igcwjxex.dll
C:\WINDOWS\system32\irwdyypt.dll
C:\WINDOWS\system32\jkkHARkI.dll
C:\WINDOWS\system32\jmmoeojn.dll
C:\WINDOWS\system32\kkwhtouu.exe
C:\WINDOWS\system32\klStAJlm.ini
C:\WINDOWS\system32\klStAJlm.ini2
C:\WINDOWS\system32\lhsrquub.ini
C:\WINDOWS\system32\lksckixy.exe
C:\WINDOWS\system32\lltbupmn.dll
C:\WINDOWS\system32\lnyrgeaa.dll
C:\WINDOWS\system32\lpdmnjut.ini
C:\WINDOWS\system32\luqrursy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJAsTjj.dll
C:\WINDOWS\system32\mlJAtSlk.dll
C:\WINDOWS\system32\mlJBSkLe.dll
C:\WINDOWS\system32\mslqidlt.dll
C:\WINDOWS\system32\nvyehvso.ini
C:\WINDOWS\system32\odydjqia.dll
C:\WINDOWS\system32\oebmmyai.ini
C:\WINDOWS\system32\oitkvaao.dll
C:\WINDOWS\system32\okxuamqd.ini
C:\WINDOWS\system32\opnmkkig.dll
C:\WINDOWS\system32\opnnmJaA.dll
C:\WINDOWS\system32\oupqjkpm.dll
C:\WINDOWS\system32\qbfxykes.dll
C:\WINDOWS\system32\roppntfg.exe
C:\WINDOWS\system32\rrbiaqgj.dll
C:\WINDOWS\system32\svvvfnxa.dll
C:\WINDOWS\system32\tsoxjtas.dll
C:\WINDOWS\system32\tyfxeirr.dll
C:\WINDOWS\system32\uhwwxpco.dll
C:\WINDOWS\system32\unqgxycu.dll
C:\WINDOWS\system32\uvslacrs.dll
C:\WINDOWS\system32\vmwlhrun.dll
C:\WINDOWS\system32\wkauchcx.dll
C:\WINDOWS\system32\xdatqlud.dll
C:\WINDOWS\system32\ycvojdjq.dll
C:\WINDOWS\system32\ylohqjoy.dll
C:\WINDOWS\system32\yugsbfxd.dll
C:\WINDOWS\system32\yuhktmnk.dll
C:\WINDOWS\system32\yxijlmev.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-22 22:43 . 2008-05-22 22:43 114,176 --a------ C:\WINDOWS\system32\iaymmbeo.dll
2008-05-22 17:47 . 2008-05-22 17:47 <DIR> d-------- C:\VundoFix Backups
2008-05-22 09:55 . 2008-05-22 09:55 <DIR> d-------- C:\Program Files\Viewpoint
2008-05-22 08:53 . 2008-05-22 08:53 61,440 --a------ C:\WINDOWS\system32\drivers\szlwgwe.sys
2008-05-22 08:53 . 2008-05-22 08:53 19,286 --a------ C:\cleanup.exe
2008-05-21 18:39 . 2008-05-21 18:39 61,440 --a------ C:\WINDOWS\system32\drivers\vpsl.sys
2008-05-21 17:09 . 2008-05-21 17:50 4,294 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-21 17:08 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-21 17:08 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-21 17:08 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-21 17:08 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-21 17:08 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-21 17:08 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-21 17:08 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-21 17:08 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-21 11:46 . 2008-05-23 09:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-20 22:00 . 2008-05-22 09:22 4,194,371 --a------ C:\WINDOWS\pfirewall.log.old
2008-05-20 19:10 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-05-19 21:08 . 2008-05-19 21:08 294 --ahs---- C:\WINDOWS\system32\sedjhhta.ini
2008-05-19 10:29 . 2008-05-19 10:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 23:53 . 2008-05-18 23:33 211 --a------ C:\WINDOWS\wininit.ini
2008-05-17 22:24 . 2008-05-19 17:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-17 22:24 . 2008-05-19 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-16 18:37 . 2005-01-05 23:22 39,794 --a------ C:\WINDOWS\_detmp.1
2008-05-15 02:38 . 2008-05-15 02:38 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-15 02:38 . 2008-05-15 02:38 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-15 02:38 . 2008-05-15 02:38 22,328 --a------ C:\Documents and Settings\Troncoso\Application Data\PnkBstrK.sys
2008-05-15 02:37 . 2008-05-15 02:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-15 02:37 . 2008-05-15 02:37 319 --a------ C:\WINDOWS\game.ini
2008-05-15 02:04 . 2008-05-15 02:04 <DIR> d-------- C:\Program Files\Activision
2008-05-15 00:02 . 2008-05-16 13:57 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-14 00:23 . 2008-05-14 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-14 00:22 . 2008-05-14 00:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 23:49 . 2008-05-16 01:43 0 --a------ C:\WINDOWS\system32\pelhljaq.exe
2008-05-13 00:04 . 2008-05-13 00:04 <DIR> d-------- C:\Documents and Settings\Troncoso\Application Data\Lavasoft
2008-05-12 23:38 . 2008-05-16 01:43 0 --a------ C:\WINDOWS\system32\ssobyovw.dll
2008-05-11 19:59 . 2008-05-16 01:44 0 --a------ C:\WINDOWS\system32\unrxxueh.exe
2008-05-11 11:47 . 2008-05-11 11:47 <DIR> d-------- C:\Documents and Settings\Dude\Application Data\Lavasoft
2008-05-11 11:25 . 2008-05-16 01:43 0 --a------ C:\WINDOWS\system32\sdfujewh.exe
2008-04-30 00:22 . 2008-04-30 00:22 <DIR> d-------- C:\Documents and Settings\Troncoso\Application Data\dBpoweramp
2008-04-24 00:07 . 2008-04-28 06:03 <DIR> d-------- C:\Program Files\Warcraft III
2008-04-23 12:35 . 2008-05-04 12:40 23,542 --a------ C:\VETlog.dmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 13:31 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\DNA
2008-05-21 20:47 --------- d-----w C:\Program Files\NewTech Infosystems
2008-05-21 20:47 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\Yahoo!
2008-05-21 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-21 20:42 --------- d-----w C:\Program Files\Google
2008-05-21 20:38 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-05-21 20:37 --------- d-----w C:\Program Files\InterVideo
2008-05-21 02:15 --------- d-----w C:\Documents and Settings\Dude\Application Data\Yahoo!
2008-05-20 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-18 00:25 --------- d-----w C:\Program Files\World of Warcraft
2008-05-16 02:17 --------- d-----w C:\Program Files\Common Files\Scanner
2008-05-15 06:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 04:24 --------- d-----w C:\Program Files\Lavasoft
2008-05-14 04:24 --------- d-----w C:\Documents and Settings\1\Application Data\Lavasoft
2008-05-13 03:41 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\BitTorrent
2008-05-11 05:05 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\dvdcss
2008-05-11 02:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 05:28 --------- d-----w C:\Program Files\BitTorrent
2008-04-21 02:32 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-04-21 02:32 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\AccurateRip
2008-04-20 05:44 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\Skype
2008-04-20 05:39 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\skypePM
2008-04-17 02:06 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\Any Video Converter
2008-04-07 14:20 --------- d-----w C:\Documents and Settings\Giggles\Application Data\Skype
2008-04-02 01:26 --------- d-----w C:\Program Files\Any Video Converter
2008-04-02 01:16 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-31 01:28 --------- d-----w C:\Program Files\Audio Converter
2008-03-30 02:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-30 01:38 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\Apple Computer
2008-03-30 01:27 --------- d-----w C:\Program Files\DNA
2008-03-29 01:07 --------- d-----w C:\Program Files\Shockwave.com
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 02:22 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\Ahead
2008-03-25 01:06 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\MSN6
2008-03-25 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-25 00:46 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-23 15:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-23 15:25 --------- d-----w C:\Program Files\Common Files\Real
2008-03-23 15:24 --------- d-----w C:\Program Files\Real
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2005-04-01 06:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-19_21.07.24.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:33 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
- 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:39 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
- 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
- 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:22:56 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
- 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-03-06 01:23:47 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
- 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
- 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644_0$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644_0$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644_0$\tcpip.sys
- 2008-05-20 00:57:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 13:34:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 16:53:32 360,832 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 18:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-27 22:43:14 64,372 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-21 02:07:13 64,372 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-27 22:43:14 409,232 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-21 02:07:13 409,232 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-09-26 01:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7872A60F-9E46-454F-93DF-80DCE341A045}]
C:\WINDOWS\system32\urqrpoLb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4C6FEFD-DA3D-421B-9087-17DB2A3CA2D4}]
C:\WINDOWS\system32\ddcbAtQi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 21:13 3810544]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [ ]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 18:53 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 20:28 790528]
"IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2003-11-03 20:44 32768]
"SonicFocus"="C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.exe" [2003-04-17 01:16 1220608]
"HostManager"="C:\Program Files\Common Files\AOL\1104650641\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 10:59 73728]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33 99480]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 11:59 1169720]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 12:09 1945712]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 12:03 149024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-23 11:24 185896]
"b0d8d783"="C:\WINDOWS\system32\iaymmbeo.dll" [2008-05-22 22:43 114176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 23:29 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-11-03 01:35:18 573440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 03:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap C:\WINDOWS\system32\opnnmJaA
Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1104650641\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Common Files\\AOL\\1104650641\\EE\\aolsoftware.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2003-01-20 06:21]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 15:22]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 15:22]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 15:22]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{269dedf4-cf74-11dc-b6ea-00038a000015}]
\Shell\AutoRun\command - K:\Autorun.exe /run
\Shell\Shell00\Command - K:\Autorun.exe /run
\Shell\Shell01\Command - K:\Autorun.exe /action
\Shell\Shell02\Command - K:\Autorun.exe /uninstall


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 01:00:22 C:\WINDOWS\Tasks\DeFrag.job"
- C:\Documents and Settings\All Users\Start Menu\Programs\Diskeeper Lite.lnk
"2008-05-23 13:38:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-21 13:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 09:36:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\iaymmbeo.dll
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonNT.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
C:\Program Files\Common Files\AOL\1104650641\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-23 9:43:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-23 13:42:52
ComboFix2.txt 2008-05-20 01:08:40

Pre-Run: 40,044,204,032 bytes free
Post-Run: 40,009,109,504 bytes free

344 --- E O F --- 2008-05-16 08:26:16
 
Last edited:
highjack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:19 AM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\AOL\1104650641\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\common files\aol\1104650641\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1104650641\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7872A60F-9E46-454F-93DF-80DCE341A045} - C:\WINDOWS\system32\urqrpoLb.dll (file missing)
O2 - BHO: (no name) - {E4C6FEFD-DA3D-421B-9087-17DB2A3CA2D4} - C:\WINDOWS\system32\ddcbAtQi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104650641\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [b0d8d783] rundll32.exe "C:\WINDOWS\system32\iaymmbeo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153096552906
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9946 bytes
 
That's certainly gotten rid of most of it, but there are still a few leftovers that need to be removed. I know you had problems with CFScript before, but try running this one. If it doesn't work, we'll remove the leftovers another way. I'd like to make sure that all the infections are removed before we tackle your automatic update problem:

  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\system32\iaymmbeo.dll

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7872A60F-9E46-454F-93DF-80DCE341A045}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4C6FEFD-DA3D-421B-9087-17DB2A3CA2D4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"b0d8d783"=-
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.
 
OK, run Avenger again:
  • Copy everything in the Code box below, and paste it into the Input script here: part of the window. Please do not include the word Code:

    Code: 
    [b]Begin copying here: [/b]
[b]Files to delete:[/b]
C:\WINDOWS\system32\iaymmbeo.dll

Folders to delete:
C:\VundoFix Backups
  • Now click the Execute button.
  • Click Yes to the prompt to confirm you want to execute.
  • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
  • Your PC should reboot, if not, reboot it yourself.
  • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
  • Please post the content of the logfile.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:

  • [*]O2 - BHO: (no name) - {7872A60F-9E46-454F-93DF-80DCE341A045} - C:\WINDOWS\system32\urqrpoLb.dll (file missing)
    [*]O2 - BHO: (no name) - {E4C6FEFD-DA3D-421B-9087-17DB2A3CA2D4} - C:\WINDOWS\system32\ddcbAtQi.dll (file missing)
    [*]O4 - HKLM\..\Run: [b0d8d783] rundll32.exe "C:\WINDOWS\system32\iaymmbeo.dll",b
Please close all open windows except for HijackThis and choose Fix checked

Please reboot your PC and post a new HijackThis log along with the Avenger log.
 
well, avenger didnt work..after rebooting, i cant boot up in normal mode, i have to go to last known good

anyway, here's the highjackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:57 AM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\AOL\1104650641\ee\AOLSoftware.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1104650641\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1104650641\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104650641\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153096552906
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9632 bytes
 
Good, even though Avenger shouldn't have caused your system to behave like that, the offending entries are gone from your log, the infection seems to have been removed. Let's tackle that Windows Update problem:

Please run Notepad and copy the contents of the codebox below into a new Notepad document. Please do not include the word Code:
Code: 
del C:\WINDOWS\system32\sedjhhta.ini
del C:\WINDOWS\system32\pelhljaq.exe
del C:\WINDOWS\system32\ssobyovw.dll
del C:\WINDOWS\system32\unrxxueh.exe
del C:\WINDOWS\system32\sdfujewh.exe
net stop wuauserv 
regsvr32 comcat.dll /s
regsvr32 msxml3.dll /s
regsvr32 softpub.dll /s
regsvr32 shdoc401.dll /s
regsvr32 shdoc401.dll /i /s
regsvr32 asctrls.ocx /s
regsvr32 oleaut32.dll /s
regsvr32 shdocvw.dll /I /s
regsvr32 shdocvw.dll /s
regsvr32 browseui.dll /s
regsvr32 browseui.dll /I /s
regsvr32 msrating.dll /s
regsvr32 mlang.dll /s
regsvr32 hlink.dll /s
regsvr32 mshtmled.dll /s
regsvr32 urlmon.dll /s
regsvr32 plugin.ocx /s
regsvr32 sendmail.dll /s
regsvr32 scrobj.dll /s
regsvr32 mmefxe.ocx /s
regsvr32 corpol.dll /s
regsvr32 jscript.dll /s
regsvr32 msxml.dll /s
regsvr32 imgutil.dll /s
regsvr32 thumbvw.dll /s
regsvr32 cryptext.dll /s
regsvr32 rsabase.dll /s
regsvr32 inseng.dll /s
regsvr32 iesetup.dll /i /s
regsvr32 cryptdlg.dll /s
regsvr32 actxprxy.dll /s
regsvr32 dispex.dll /s
regsvr32 occache.dll /s
regsvr32 occache.dll /i /s
regsvr32 iepeers.dll /s
regsvr32 urlmon.dll /i /s
regsvr32 cdfview.dll /s
regsvr32 webcheck.dll /s
regsvr32 mobsync.dll /s
regsvr32 pngfilt.dll /s
regsvr32 licmgr10.dll /s
regsvr32 icmfilter.dll /s
regsvr32 hhctrl.ocx /s
regsvr32 inetcfg.dll /s
regsvr32 tdc.ocx /s
regsvr32 MSR2C.DLL /s
regsvr32 msident.dll /s
regsvr32 msieftp.dll /s
regsvr32 xmsconf.ocx /s
regsvr32 ils.dll /s
regsvr32 msoeacct.dll /s
regsvr32 inetcomm.dll /s
regsvr32 msdxm.ocx /s
regsvr32 dxmasf.dll /s
regsvr32 l3codecx.ax /s
regsvr32 acelpdec.ax /s
regsvr32 mpg4ds32.ax /s
regsvr32 voxmsdec.ax /s
regsvr32 danim.dll /s
regsvr32 Daxctle.ocx /s
regsvr32 lmrt.dll /s
regsvr32 datime.dll /s
regsvr32 dxtrans.dll /s
regsvr32 dxtmsft.dll /s
regsvr32 WEBPOST.DLL /s
regsvr32 WPWIZDLL.DLL /s
regsvr32 POSTWPP.DLL /s
regsvr32 CRSWPP.DLL /s
regsvr32 FTPWPP.DLL /s
regsvr32 FPWPP.DLL /s
regsvr32 WUAPI.DLL /s
regsvr32 WUAUENG.DLL /s
regsvr32 wuaueng1.dll /s 
regsvr32 ATL.DLL /s
regsvr32 WUCLTUI.DLL /s
regsvr32 WUPS.DLL /s
regsvr32 WUWEB.DLL /s
regsvr32 wshom.ocx /s
regsvr32 wshext.dll /s
regsvr32 vbscript.dll /s
regsvr32 scrrun.dll mstinit.exe /setup /s
regsvr32 msnsspc.dll /SspcCreateSspiReg /s
regsvr32 msapsspc.dll /SspcCreateSspiReg /s
net start wuauserv 
exit
Save the file as fix.bat and make sure the Save as type field says All files. Double click on fix.bat to run it.

Please tell me whether that fixes the problem.
 
holy crap. thank you so much, that has been killing me for so long. my computer is back to normal. thanks again.
 
You're most welcome, glad I could help.

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

I notice you have Ad-Aware, which is good. You may want to consider installing and running some of the following programs; they are either free or have free versions of commercial programs, and will work alongside Ad-Aware to protect you:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
You must log in or register to reply here.
Back
Top