HijackThis log help required - Malware causing system crash /hang /system slow

NineMilesHigh · Dec 1, 2009

MBAM results

Hi,
Ran MBAM as requested.
Results:-

Malwarebytes' Anti-Malware 1.41
Database version: 3268
Windows 5.1.2600 Service Pack 2

01/12/2009 21:00:10
mbam-log-2009-12-01 (21-00-10).txt

Scan type: Quick Scan
Objects scanned: 175686
Time elapsed: 9 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Bobbye · Dec 1, 2009

I'll let kritius handle this since he requested it. Might be a good idea to confer with all the users and ask who is putting what on the system!

NineMilesHigh · Dec 2, 2009

Quick reply

Hi -
There are only 4 users and only 2 of these would install anything.
There has always been a Firewall, AntiVirus (typically AVG) and Ad-Aware on the system.
Various other AntiVirus and Malware removal progs have been installed at various times and the previous one removed.
There is certainly a fair bit of music content on the PC related to Cubase and Reason.
Limewire (which you advised against) has been removed.
AOL and Internet Explorer have been uninstalled and reinstalled around the time the probs occurred, to try to clear any issues - but it would appear not all uninstalls were finished cleanly.
For the moment I have installed Avira as the AntiVirus prog and removed AVG.

As an aside we have a disk error at boot time. It checks the C: drive for consistency and fails due to 'an unexpected error occurred'. If you try to run chkdsk /f it cannot lock the drive as it says it is in use. If you run it without the /f it finds some errors, but obviously cannot fix them (without the /f).
After that error, the PC comes up fine and is running OK'ish.

Will await your advice - but at some stage I would like to clear out some of the ActiveX components you mentioned in a previous post, and consider what action we take on the possible rootkit MBR issue that came up earlier.

Pls advise.
Thanks.

W.

Bobbye · Dec 2, 2009

NMH, no rootkit showed in the last Combofix report.

When kritius has finished:

For the Active X Objects (016) I've listed the ones running below.This is something extra I help out with when I have time. Please print it out. Do a search for any processes you don't recognize. I've marked some. If you no longer use it delete it. If you're not using it now but might in the future, Disable it.For any you Delete, check Add/Remove Programs to see if there is a related program.

Open IE> Tools> Manage add-ons>> there are two settings for the dialog box: add-ons being used now and add-on previously used. Look in both sections. Change setting as appropriate to Disable or Delete. The fewer of these you have, the better the system security.
------------------------------------------------
You have 3 of these running:
Facebook Photo Uploader 5: Disable one
Face Book Photo Uploader 4: Disable two
Facebook Photo Uploader 5

You have 2 of these running:
MySpace Uploader Control- Disable one
MySpace Uploader Control

MSN Photo Upload Tool (file = MsnPUpld.dll")> used in Hotmail to select photos.

Reference the following site for handling these MSN Game Active X Objects:
http://zone.msn.com/en/support/article/support3800.htm

MessengerStatsClient
ZoneChess Object (MSN Messenger)
MSN Games - Installer

QDiagAOLCCUpdateObj Class) AOL Computer Check> Disable

For SimCity, look for patches here if still playing: http://simcity.ea.com/update/index_update.php
If not, delete both.
EARTPatchX Class- SimCity
MaxisSimCity4PatcherX Control Sim City

Online AV scans:
download.bitdefender- Disable
HouseCall Control- Disable

Java Runtime Environment 1.6.0> Disable> update to correct v6.u17>
[*]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.

AxisCamControl.ocx- Chesscam> unless you're really into chess and watch it all day. Disable.

ScorchPlugin Class

Auto_Installer/dwnldr.cab (Stopzilla)

Shockwave Flash Object?

getPlusPlus/1.6/gp.cab (Adobe)>> Disable. To quote an Adobe Forum member: "crapware' component stealth-installed by the Flash plugin"

kritius · Dec 2, 2009

Work away Bobbye, I'm done.

NineMilesHigh · Dec 2, 2009

Cleaned up ActiveX controls

Hi,
I have cleaned up the ActiveX controls (O16's) as advised.
I have posted the latest HijackThis below. I would be grateful if you could take another look.
The MBR rootkit issue appears to have gone, as you say.
Question:- At what point was this fixed? Was it on the previous Combofix run, because I was expecting to have to do an "mbr.exe -f" to fix it but at no time did we do that.
So I can only presume you guys did this from within Combofix. Can you confirm, as I just want to be sure we have taken specific action to get rid of it. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:04, on 02/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1175191946\ee\AOLSoftware.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\DOCUME~1\William\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: (no name) - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175191946\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{92297B56-E83F-4818-BDF8-39A7F355CEAA}: NameServer = 192.168.2.17,213.208.106.213
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7643 bytes

Bobbye · Dec 2, 2009

Thank you for the assistance kritius.

For the future, don't put here:

C:\DOCUME~1\William\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe

HJT backs up the entries that get removed. If temp files get deleted, so do they.

Active X section looks much better! Time to finish up. Regarding the 'rootkit', if you look at the first 2 Combofix reports, it is telling you 'there might be'. Since the last report does not have this, it was not a rootkit and whateven prompted Combofix is now gone.

There are several BHO (02) entries showing 'no file'. That does not mean there is no file. The ones I checked were all legitimate. If you want to see if any are for programs you've removed, copy the CID (example {CDEEC43D-3572-4E95-A2A5-F519D29F00C0}) into this site:
http://www.systemlookup.com/search.php?type=clsid

Remove all of the tools we used and the files and folders they created

DownloadOTCleanIt by OldTimer

Save it to your Desktop.

Double click OTCleanIt.exe.

Click the CleanUp! button.

If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.

You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:

Go to Start > All Programs > Accessories > System Tools and click "System Restore".

Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.

Click "OK" to select the partition or drive you desire.

Click the "More Options" Tab.

Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

You might want to delete all those AOL groups. then run this:

TFC (Temp File Cleaner)

Download TFC to your desktop

Open the file and close any other windows.

It will close all programs itself when run, make sure to let it run uninterrupted.

Click the Start button to begin the process. The program should not take long to finish its job

Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Empty the Recycle Bin

If I can help you in the future, please let me know. stay safe.

NineMilesHigh · Dec 3, 2009

Ran OTCleanIt - new problem which then cleared.

Hi, I followed your procedure to run OTCleanIt, which ran and requested a reboot.
After reboot system reports no Firewall is turned on (I have Windows Firewall). Security Center gives you an option to 'Enable Now' the Firewall - but it said it could not enable it.
Clicking on Windows Firewall in Control Panel said 'Windows could not display the Firewall settings'. I tried to stop the Windows Firewall service - in Admin Tools ( to then restart it) but it could not stop it. I then tried a procedure from MS to address this problem:- from cmd, to run dll32 setupapi,installHinfSection..etc... etc... and it failed to install.
Tried to open Internet Explorer -- double-click did nothing.
Then a few minutes later, for no reason that I could see, the Firewall suddenly turned on. This was about 15 mins after the reboot.
Any thoughts/advice?
Regards
William

Bobbye · Dec 3, 2009

Any thoughts/advice?

Yes. Disable the Windows firewall.

Get either of these free and good firewalls. Both are better than the Windows firwall:
You should have a bi-directional firewall:
A firewall is an important part of "layered security" in addition to an antivirus and anti-malware program for spyware/adware.

It can be a software program (Windows firewall, Comodo firewall, Zone Alarm firewall)

or hardware (as in a router) that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you have a bi-directional firewall, it will 'listen' at both the ports coming in and the ports going out. The means that if malware does get on the system and tries to access the internet from within your system, it will be blocked.

I recommend either of these software firewalls.- both are free- use only one:

Comodo

Zone Alarm

NineMilesHigh · Dec 3, 2009

Firewall problem still there

Hi,
Tried a reboot to see if Firewall problem had gone.
Problem is still there - this time nothing seems to bring it back on.
Tried the 'netsh winsock reset' from the cmd prompt mentioned in another thread - asks for a reboot, after which Firewall problem is still there.
W.
Oops - just before I went to post this, the firewall mysteriously turned on.
Any idea what's going on?
Thanks
W.

NineMilesHigh · Dec 3, 2009

More info

I understand why you recommend a better Firewall and I will certainly take your advice.
However this current problem I think is more than a Firewall problem.
When the problem is evident, I cannot even launch Internet Explorer or AOL.
Also I started up MalwareBytes AntiMalware to do a scan and it just sat 'Initialising the program' and wouldn't start the scan.
Any app seems to hang.
When the Firewall suddenly sorted itself, MBAM now works and IE now works - everything seems fine.
So I think the Firewall not working is symptom of a wider issue where apps are hanging.
What do you think?
Regards
W.

Bobbye · Dec 3, 2009

Please start a new thread for this problem in the Windows OS Forum.

kritius · Dec 5, 2009

Copy and paste the following into notepad.
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
Save it as firewall.reg, double click and merge it with your registry. Is the firewall started now?

NineMilesHigh · Dec 5, 2009

Firewall update

Hi. Thanks for suggestion.

I carried out this procedure and then checked in the registry that this Firewall parameter was indeed set to 1.
After a reboot, the problem is the same - no firewall turns on.
At this point, Word and other apps can run ok, but IE will not start.
After about 10 or 15 mins, the desktop flickers (like a kind of 'reset') and then the firewall turns on and IE (which I tried to start 10 mins ago) suddenly springs to life.
Regards
W.

NineMilesHigh · Dec 5, 2009

Original problem query

Whilst pondering the Firewall issue, can you tell me what fundamental issues were actually found with my original problem of hangs/slow/crashes?
I know we cleared up a number of apps (probably conflicting virus progs etc, which did not all show up in Add/Remove progs), got rid of Limewire, cleared away numerous ActiveX components etc, and this has helped the PC, no doubt. But it is not clear to me whether HijackThis and/or Combofix etc actually found and repaired any malware type issues.
Can you let me know?
Thanks
W.

Bobbye · Dec 5, 2009

The malware issues were resolved.

NineMilesHigh · Dec 7, 2009

Question...

Bobbye,
Thanks for help with the problem.
Can you tell me what malware was found and removed please?
This will help us to understand the main issue that caused the trouble.
Regards
W.

Bobbye · Dec 7, 2009

No, I can't William- I don't have time to go through all your logs again. You can do that.

What is more important is not what malware you got but some of the reasons you go it.
Three prime reasons:

Multiple antivirus programs running: RAV, Norton and Avira:
P2P or 'file sharing: Limewire
Excessive Active X Objects (016)

Plese see this for additional reasons:

Maintaince - what´s that?

I think many user do as described here:

14 ways to get Infected without trying

A little bit of humour but also based on fact.

1) Look for cracks, subdivided in illegal software and .....

2) Practice unsafe hex, browse the web for free pOrn

3) Look for software that adds smileys to your posts, mail etc

4) Look for kewl skins, screensavers etc

5) Look for spyware removers, concentrate on the kind that makes you pay before it removes anything

6) Install a P2P program and repeat all of the above

7) You always want the best; use p2p to download anti-virus/firewall software.

8) Do NOT pay for anything, the internet is a place where you can steal anything from everyone without even saying as much as thank you

9) Don't have/use/update antivirus/security software

10) Look for pokergames, slotmachines and other gambling outfits

11) Look for ringtones and other stuff to bling your phone

12) Click on those unexpected links and attachments in email, because you're curious...

13) Do loan your laptop to the next door neighbour for the weekend and give him your Admin account login so he can get his project done with no hassles

14) Let the Babysitter use your laptop for 'schoolwork'

Thanks to Metallica for most of those and CalamityJane, bitman, Lonny, shelf life. :

Please follow these simple steps to keep your computer clean and secure:
1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

System Restore Guide

2.Stay current on updates:

Visit the Microsoft Download Sitefrequently.
You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP2

Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.

Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

3.Make Internet Explorer safer. Follow the suggestions HERE
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

4.Remove Temporary Internet Files regularly: Use

ATF Cleaner by Atribune or

TFC

5. Use an AntiVirus Software(only one)

This can save you a lot of trouble with malware in the future.It should be kept updated and used to scan regularly.

See This link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources

6.Use a good, bi-directional firewall(one software firewall)
[*]See Understanding and Using Firewalls including links to download a firewall.

7.Consider these programs for Extra Security

Spywareblaster:

SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.

IE/Spyad

This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.

Google Toolbar Get the free google toolbar to help stop pop up windows.

If I can be of further assistance, please let me know. Help and support is only given in the forums but you can send a PM to me and bring my attention
back to the thread.

NineMilesHigh · Dec 8, 2009

Thanks. This is all useful advice - the vast majority of which I do by default (apart from Limewire and all those activeX objects - both of which I have now addressed).
PC much more stable. Very useful input from you and your colleagues.
A few other issues I am trying to address in other threads, but they are not showstoppers at the moment.

W.

TechSpot

HijackThis log help required - Malware causing system crash /hang /system slow

NineMilesHigh Newcomer, in training

Bobbye Helper on the Fringe

NineMilesHigh Newcomer, in training

Bobbye Helper on the Fringe

kritius Newcomer, in training

NineMilesHigh Newcomer, in training

Bobbye Helper on the Fringe

NineMilesHigh Newcomer, in training

Bobbye Helper on the Fringe

NineMilesHigh Newcomer, in training

NineMilesHigh Newcomer, in training

Bobbye Helper on the Fringe

kritius Newcomer, in training

NineMilesHigh Newcomer, in training

NineMilesHigh Newcomer, in training

Bobbye Helper on the Fringe

NineMilesHigh Newcomer, in training

Bobbye Helper on the Fringe

NineMilesHigh Newcomer, in training