Solved Malware Issues ( 8 Steps Completed)

Y

yh92

Posts: 11   +0
I started having malware problems since weeks ago when I accidentally downloaded and opened an unidentified program.
When I double clicked on it nothing happened, it was then that I realised my computer is infected for sure.

Firstly many IE pop ups started popping out randomly when I'm not even using IE.
That was weeks ago, I used avira but unfortunately it couldn't detect them.
And so I found them through the task manager and they were named Hch.exe, Hci.exe, Htiler.exe and many similar ones that I've forgotten under WINDOWS>Prefetch or system32.

I removed them by booting into safe mode, and they were gone after that.
Hope I didn't do the wrong thing cause I'm not really good with computers.

Things were okay until few days ago, when I started being redirected when I'm pressing the links in google search. I used avira again to scan and it detected sshnas21.dll several times. Even after quarantining them, they kept coming back.
I have no choice but to search online and came across this forum.

Please do help me.
I've completed the basic 8 steps and I need someone to help me make sure that my system is clean. Thanks!

I will paste the log files on my next reply.
 
Logs

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5676

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/5/2011 12:26:46 AM
mbam-log-2011-02-05 (00-26-46).txt

Scan type: Quick scan
Objects scanned: 151647
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\qvodplayer\QvodBand.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VXEG3ZNNE5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\qvodplayer\QvodBand.dll (Spyware.OnlineGames) -> Delete on reboot.
c:\WINDOWS\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.



===========================================================


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-05 16:25:37
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 Hitachi_HDS721616PLA380 rev.P22OA50U
Running: lbz2mme6.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\afeyiaoc.sys


---- System - GMER 1.0.15 ----

SSDT B86DDBDE ZwCreateKey
SSDT B86DDBD4 ZwCreateThread
SSDT B86DDBE3 ZwDeleteKey
SSDT B86DDBED ZwDeleteValueKey
SSDT spxj.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spxj.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT B86DDBF2 ZwLoadKey
SSDT spxj.sys ZwOpenKey [0xB7EB50C0]
SSDT B86DDBC0 ZwOpenProcess
SSDT B86DDBC5 ZwOpenThread
SSDT spxj.sys ZwQueryKey [0xB7ECE20A]
SSDT spxj.sys ZwQueryValueKey [0xB7ECE08A]
SSDT B86DDBFC ZwReplaceKey
SSDT B86DDBF7 ZwRestoreKey
SSDT B86DDBE8 ZwSetValueKey

INT 0x62 ? 8A5F0BF8
INT 0x73 ? 8A5F0BF8
INT 0x83 ? 8A5F0BF8
INT 0xB4 ? 8A367BF8
INT 0xB4 ? 8A367BF8
INT 0xB4 ? 8A367BF8
INT 0xB4 ? 8A367BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F10 80503B10 4 Bytes CALL 0508A8F0
? spxj.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F6C380, 0x3DF295, 0xE8000020]
.text USBPORT.SYS!DllUnload B6F4D62C 5 Bytes JMP 8A3671D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!ReadFile 7C80180E 7 Bytes JMP 011E87F9 c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011E872D c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!CloseHandle 7C809B77 5 Bytes JMP 011E8AB6 c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 011E8793 c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!GetFileSizeEx 7C810C21 5 Bytes JMP 011E8B3E c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!GetFileSize 7C810C8F 5 Bytes JMP 011E8AF7 c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!SetFilePointer 7C810DA6 5 Bytes JMP 011E89AB c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!WriteFile 7C810F9F 7 Bytes JMP 011E88AB c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!SetFilePointerEx 7C81F475 5 Bytes JMP 011E8A05 c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!GetOverlappedResult 7C81FCF4 5 Bytes JMP 011E8B85 c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 011E895D c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!ReadFileEx 7C8384C5 5 Bytes JMP 011E8852 c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)
.text C:\Program Files\PPStream\ppsap.exe[1904] kernel32.dll!WriteFileEx 7C85C4E1 5 Bytes JMP 011E8904 c:\Program Files\PPStream\1.1.0.2802\vodres.dll (PPS ???接?/PPStream Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spxj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spxj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spxj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spxj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spxj.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spxj.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5EF1F8
Device \Driver\usbohci \Device\USBPDO-0 8A3631F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6391F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6391F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6391F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6391F8
Device \Driver\usbohci \Device\USBPDO-1 8A3631F8
Device \Driver\usbehci \Device\USBPDO-2 8A3431F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5F11F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5F11F8
Device \Driver\Cdrom \Device\CdRom0 8A2F51F8
Device \Driver\atapi \Device\Ide\IdePort0 8A5F01F8
Device \Driver\atapi \Device\Ide\IdePort1 8A5F01F8
Device \Driver\atapi \Device\Ide\IdePort2 8A5F01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 8A5F01F8
Device \Driver\atapi \Device\Ide\IdePort3 8A5F01F8
Device \Driver\atapi \Device\Ide\IdePort4 8A5F01F8
Device \Driver\atapi \Device\Ide\IdePort5 8A5F01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-16 8A5F01F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A26E500
Device \Driver\NetBT \Device\NetbiosSmb 8A26E500
Device \Driver\usbohci \Device\USBFDO-0 8A3631F8
Device \Driver\usbohci \Device\USBFDO-1 8A3631F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A444500
Device \Driver\usbehci \Device\USBFDO-2 8A3431F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A444500
Device \Driver\Ftdisk \Device\FtControl 8A5F11F8
Device \FileSystem\Cdfs \Cdfs 8A28D500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986002950
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986002950@0023f12af4b4 0xAB 0x17 0x59 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0xDB 0x47 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001986002950 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001986002950@0023f12af4b4 0xAB 0x17 0x59 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0xDB 0x47 0xA1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPS@InstallLocation C:\Program Files\PPSGame
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1

---- EOF - GMER 1.0.15 ----



==========================================================




DDS (Ver_10-12-12.02) - NTFSx86
Run by user at 17:08:30.73 on 02/05/2011 Sat
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.950.886.1033.18.2046.1472 [GMT 8:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\user\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/?ref=hp
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [Flock Update] "c:\documents and settings\user\local settings\application data\flock\update\FlockUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\viikii~1.lnk - c:\program files\viikiidesktopplugin\ViiKiiDesktopPlugin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296789077718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\1ix7ps8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.my/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\1ix7ps8c.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\1ix7ps8c.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_221\npaosmgr.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Black Stratini: {b41cb5f0-2e52-11de-8c30-0800200c9a66} - %profile%\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de
FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-20 11608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-20 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-20 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-20 61960]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-9-11 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-9-11 13224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-05 04:41:00 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-05 04:37:58 266360 ----a-w- c:\windows\system32\TweakUI.exe
2011-02-04 16:14:33 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes
2011-02-04 16:14:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-04 16:14:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-04 16:14:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-04 16:14:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-04 03:22:45 -------- d-----w- c:\windows\system32\PreInstall
2011-02-04 03:12:27 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-02-04 03:12:25 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-02-04 03:12:22 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-02-04 03:12:21 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-02-04 03:12:20 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-01-25 07:58:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-01-25 06:47:09 -------- d-----w- c:\docume~1\user\applic~1\Local
2011-01-21 01:47:20 268800 ----a-w- c:\program files\windows media player\plugins\wmp_lyricsplugin.dll
2011-01-17 11:06:05 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Apple
2011-01-17 11:05:45 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Apple Computer
2011-01-10 13:06:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games

==================== Find3M ====================

2010-11-29 09:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 09:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-27 14:34:26 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-27 14:34:26 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-12 10:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 08:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

============= FINISH: 17:08:58.67 ===============



========================================================




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/31/2007 6:59:59 AM
System Uptime: 2/5/2011 3:01:41 PM (2 hours ago)

Motherboard: Intel Corporation | | D102GGC2
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2800/200mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 92 GiB total, 58.11 GiB free.
D: is FIXED (NTFS) - 61 GiB total, 61.163 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&29C049B9&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&29C049B9&0
Service: i8042prt

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X
Adobe Shockwave Player 11.5
AhnLab Online Security
AIO_Scan
Akamai NetSession Interface
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
BitTorrent
BufferChm
Combined Community Codec Pack 2009-09-09
Copy
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivX Setup
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
eSupportQFolder
F4100
F4100_Help
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB915865)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) PRO Network Connections
Java Auto Updater
Java(TM) 6 Update 23
Lyrics Plugin for Windows Media Player
Malwarebytes' Anti-Malware
MarketResearch
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 Parser and SDK
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
PCSX2 - Playstation 2 Emulator
PDF Settings CS5
PowerDVD
PPStream V2.7.0.1208 Final
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Scan
Segoe UI
SolutionCenter
Status
Toolbox
TrayApp
Tweak UI
UnloadSupport
Update for Windows XP (KB898461)
Update for Windows XP (KB932823-v3)
Update Service
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
WinZip 14.5
谷歌拼音?入法 2.3

==== Event Viewer Messages From Past Week ========

2/5/2011 2:54:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/5/2011 2:53:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/5/2011 2:53:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip
2/5/2011 2:53:37 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/5/2011 2:53:37 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/5/2011 2:53:37 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/5/2011 2:53:37 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/5/2011 2:52:15 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
2/5/2011 12:58:28 AM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
2/5/2011 12:48:55 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
2/5/2011 12:48:55 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
2/5/2011 12:48:55 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
2/5/2011 12:06:09 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
2/5/2011 12:06:08 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/5/2011 12:06:08 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/5/2011 11:55:32 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
2/4/2011 2:25:01 PM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: The specified module could not be found.

==== End Of File ===========================
 
Welcome to TechSpot!
Welcome_crash.gif

(Image courtesy animationplayhouse.com)

I'll try to help with your problem. I see you're another gamer who got spyware from downloading a game! Did you by chance do downloading and/or file sharing with BitTorrent that you have installed? That is pretty much a guarantee for malware!
============================================
While I finish checking these logs-I note entries that will need to be removed- please Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
======================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

By the way, is Avast the only security protection you have? No firewall? No antimalware ((spyware/adware) programs? The antivirus program isn' going to pick up all the malware, so relying on it alone to prevent/find/fix malware is not going to work.
 
Thanks a lot for your attention.

I'm sorry I have to tell you that I can't access the internet for too long today.
Please forgive my late actions, and I assure you that I will carry on the steps within 24 hours starting from now.

Also, I want to apologize because I've forgotten about the rule that we shouldn't install any new things while cleaning is in process. I've deleted flock browser and installed google chrome. Will that affect anything?
I'm really sorry for that.

Yes I'm quite a game addict myself, and I do download stuffs through BitTorrent, mainly animations.
It was my brother who introduced BitTorrent to me, should I delete it?

It is only Avira that I'm relying right now.
I'm simply afraid to use any other security programs as I've heard of cases like the antimalware program itself being a threat.
Can you suggest reliable protections that I can get my hands on?

That's all for now.
I will check back ASAP tomorrow.
Once again, I'm really grateful for your help and sorry for the trouble.
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=9c41e93402ff864c92345e48cb525bd1
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-06 03:03:20
# local_time=2011-02-06 11:03:20 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 94 0 62449179 185541 0
# compatibility_mode=8192 67108863 100 0 481 481 0 0
# scanned=56901
# found=0
# cleaned=0
# scan_time=1211



=======================================================



ComboFix 11-02-05.01 - user 6/2011 Sun 23:16:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.950.886.1033.18.2046.1366 [GMT 8:00]
執行位置: c:\my documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\user\Application Data\Local
c:\documents and settings\user\Application Data\PriceGong
c:\documents and settings\user\Application Data\PriceGong\Data\1.xml
c:\documents and settings\user\Application Data\PriceGong\Data\a.xml
c:\documents and settings\user\Application Data\PriceGong\Data\b.xml
c:\documents and settings\user\Application Data\PriceGong\Data\c.xml
c:\documents and settings\user\Application Data\PriceGong\Data\d.xml
c:\documents and settings\user\Application Data\PriceGong\Data\e.xml
c:\documents and settings\user\Application Data\PriceGong\Data\f.xml
c:\documents and settings\user\Application Data\PriceGong\Data\g.xml
c:\documents and settings\user\Application Data\PriceGong\Data\h.xml
c:\documents and settings\user\Application Data\PriceGong\Data\i.xml
c:\documents and settings\user\Application Data\PriceGong\Data\J.xml
c:\documents and settings\user\Application Data\PriceGong\Data\k.xml
c:\documents and settings\user\Application Data\PriceGong\Data\l.xml
c:\documents and settings\user\Application Data\PriceGong\Data\m.xml
c:\documents and settings\user\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\user\Application Data\PriceGong\Data\n.xml
c:\documents and settings\user\Application Data\PriceGong\Data\o.xml
c:\documents and settings\user\Application Data\PriceGong\Data\p.xml
c:\documents and settings\user\Application Data\PriceGong\Data\q.xml
c:\documents and settings\user\Application Data\PriceGong\Data\r.xml
c:\documents and settings\user\Application Data\PriceGong\Data\s.xml
c:\documents and settings\user\Application Data\PriceGong\Data\t.xml
c:\documents and settings\user\Application Data\PriceGong\Data\u.xml
c:\documents and settings\user\Application Data\PriceGong\Data\v.xml
c:\documents and settings\user\Application Data\PriceGong\Data\w.xml
c:\documents and settings\user\Application Data\PriceGong\Data\x.xml
c:\documents and settings\user\Application Data\PriceGong\Data\y.xml
c:\documents and settings\user\Application Data\PriceGong\Data\z.xml
c:\documents and settings\user\Recent\SYSTEM.CNF

----- BITS: Possible infected sites -----

hxxp://update.flock.com
.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( 2011-01-06 至 2011-02-06 的新的檔案 )))))))))))))))))))))))))))))))
.

2011-02-06 14:35 . 2011-02-06 14:35 -------- d-----w- c:\program files\ESET
2011-02-05 04:41 . 2011-02-05 04:41 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-05 04:37 . 2003-06-25 08:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2011-02-04 16:14 . 2011-02-04 16:14 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-02-04 16:14 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-04 16:14 . 2011-02-04 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-04 16:14 . 2011-02-04 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-04 16:14 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-04 03:12 . 2009-08-06 11:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-02-04 03:12 . 2009-08-06 11:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-02-04 03:12 . 2009-08-06 11:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-02-04 03:12 . 2009-08-06 11:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-02-04 03:12 . 2009-08-06 11:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-02-02 00:14 . 2011-02-02 00:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-01-25 07:58 . 2011-01-25 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-21 01:47 . 2011-01-21 01:47 268800 ----a-w- c:\program files\Windows Media Player\Plugins\wmp_lyricsplugin.dll
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\program files\Common Files\Apple
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\program files\Apple Software Update
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-01-17 11:05 . 2011-01-17 11:05 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2011-01-10 13:06 . 2011-01-10 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-25 06:57 . 2010-03-19 20:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-25 06:57 . 2010-03-19 20:05 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-29 09:38 . 2010-11-29 09:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 09:38 . 2010-11-29 09:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-27 14:34 . 2007-01-30 23:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-27 14:34 . 2007-01-30 23:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-12 10:53 . 2010-04-17 08:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 08:34 . 2010-03-19 20:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.

------- Sigcheck -------

[-] 2010-10-14 . EBEAB4C47642CD68D7FD23187EECA1B0 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\backup\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . 3BB4B08619C111C7BE8BDA07AA0DE6A2 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-02-05 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-06 1657376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-25 281768]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\documents and settings\user\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QvodPlayer\\QvodTerminal.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/6/2010 8:29 PM 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:56 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/20/2010 4:05 AM 135336]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [9/11/2010 8:00 PM 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [9/11/2010 7:59 PM 13224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
‘計劃任務’ 文件夾 裡的內容

2010-12-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-OEM-2FCA8EBCBEB-user.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-25 19:44]

2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-484763869-839522115-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-05 10:05]

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-484763869-839522115-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-05 10:05]

2011-02-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-484763869-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 03:33]

2011-02-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-484763869-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 03:33]

2011-02-06 c:\windows\Tasks\User_Feed_Synchronization-{100A6DD8-7525-46C1-B69C-F611E33E77E1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 20:31]
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\1ix7ps8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.my/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Black Stratini: {b41cb5f0-2e52-11de-8c30-0800200c9a66} - %profile%\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de
FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Flock Update - c:\documents and settings\user\Local Settings\Application Data\Flock\Update\FlockUpdate.exe
Notify-AtiExtEvent - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-06 23:22
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

掃描被隱藏的文件 ...

掃描完成
被隱藏的檔案: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'explorer.exe'(392)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\conime.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
完成時間: 2011-02-06 23:26:02 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2011-02-06 15:25

Pre-Run: 61,925,072,896 bytes free
Post-Run: 61,824,241,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A90F979A72B406422BEF974A8A707A4B
 
Let me bring a contradiction to your attention:
I'm simply afraid to use any other security programs as I've heard of cases like the antimalware program itself being a threat.
Click to expand...

First, regarding BitTorrent: File sharing is one of the biggest contributors of malware. Should you uninstall it? Read this and decide for yourself:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall BitTorrent for the following reasons:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

Second: about antimalware programs being a threat A well recommended spyware/adware program downloaded from a reliable, recommend site is an asset to the system. So is firewall. But if you go to a file sharing site to get a crack or keygen to run a security program without paying for it, if there is a charge, you will get malware.

The contradiction is that you're using file sharing but no spyware/adware security!
When we have finished, I will recommend free, good layered protection and the site to download it from.
==================================================
It appears that you may have a second language on the system- other than English. Is that right?

I can't find any English site to ID this. Do you know what it is?
谷歌拼音?入法 2.3

The files sshnas.dll and sshnas21.dll are part of a trojan that redirects search engine results in Google,

HCH.EXE is Trojan.Agent/Gen-CDesc

O4 - Startup: ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe Do you know what this entry is/does and do you use it?

If not unistall from Add/Remove program via control panel - ViiKiiDesktopPlugin
==========================================
Please decide on BitTorrent. There is a Registry entry I need to remove if you uninstall it.
 
Oh! I understand.
Haven't thought about it until now, thanks for bringing it up.
I will uninstall BitTorrent for good.

Yes, my system second language is Chinese.
谷歌拼音?入法 2.3 is a Chinese inputting tool by Google, namely Google Pinyin in English.

ViiKiiDesktopPlugin.lnk , I know that.
I got it when my friend used my computer to watch Korean Dramas last year.
It was already uninstalled sometime around the end of 2010.
I assume that I have to just remove the entries from the Startup and Application Data folder?
 
Okay, no problem. I can remove the entries with script in Combofix:

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
Extra::
File::
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Firefox::
Firefox-: - Profile- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\1ix7ps8c.default\
DDS::
StartupFolder: c:\docume~1\user\startm~1\programs\startup\viikii~1.lnk - c:\program files\viikiidesktopplugin\ViiKiiDesktopPlugin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uRun: [Flock Update] "c:\documents and settings\user\local settings\application data\flock\update\FlockUpdate.exe" /c
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"AdobeAAMUpdater-1.0"=
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
I removed some auto-updates you don't need. The Eset scan was clean. I'd like you to run one more scan to make sure there are no bad entries left:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
Should I uninstall BitTorrent now through the add or remove programs?

========================

ComboFix 11-02-07.01 - user 02/08/2011 15:28:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1466 [GMT 8:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

FILE ::
"c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}"
"c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}"
"c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}"
"c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}"
"c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk
c:\program files\adobe\reader 10.0\reader\Reader_sl.exe
c:\program files\common files\adobe\arm\1.0\AdobeARM.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
c:\program files\hp\hp software update\HPWuSchd2.exe
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))
.

2011-02-06 14:35 . 2011-02-06 14:35 -------- d-----w- c:\program files\ESET
2011-02-05 04:41 . 2011-02-05 04:41 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-05 04:37 . 2003-06-25 08:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2011-02-04 16:14 . 2011-02-04 16:14 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-02-04 16:14 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-04 16:14 . 2011-02-04 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-04 16:14 . 2011-02-04 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-04 16:14 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-04 03:12 . 2009-08-06 11:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-02-04 03:12 . 2009-08-06 11:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-02-04 03:12 . 2009-08-06 11:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-02-04 03:12 . 2009-08-06 11:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-02-04 03:12 . 2009-08-06 11:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-02-02 00:14 . 2011-02-02 00:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-01-25 07:58 . 2011-01-25 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-21 01:47 . 2011-01-21 01:47 268800 ----a-w- c:\program files\Windows Media Player\Plugins\wmp_lyricsplugin.dll
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\program files\Common Files\Apple
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\program files\Apple Software Update
2011-01-17 11:06 . 2011-01-17 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-01-17 11:05 . 2011-01-17 11:05 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2011-01-10 13:06 . 2011-01-10 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-25 06:57 . 2010-03-19 20:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-25 06:57 . 2010-03-19 20:05 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-29 09:38 . 2010-11-29 09:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 09:38 . 2010-11-29 09:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-27 14:34 . 2007-01-30 23:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-27 14:34 . 2007-01-30 23:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-12 10:53 . 2010-04-17 08:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 08:34 . 2010-03-19 20:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
.

------- Sigcheck -------

[-] 2010-10-14 . EBEAB4C47642CD68D7FD23187EECA1B0 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\backup\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . 3BB4B08619C111C7BE8BDA07AA0DE6A2 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-02-06_15.22.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-08 07:02 . 2011-02-08 07:02 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
+ 2011-02-08 07:03 . 2011-02-08 07:03 16384 c:\windows\Temp\Perflib_Perfdata_5b8.dat
+ 2007-01-30 14:49 . 2011-02-07 15:03 3640960 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-02-05 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-06 1657376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-25 281768]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QvodPlayer\\QvodTerminal.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1489:TCP"= 1489:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/6/2010 8:29 PM 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:56 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/20/2010 4:05 AM 135336]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [9/11/2010 8:00 PM 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [9/11/2010 7:59 PM 13224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-OEM-2FCA8EBCBEB-user.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-25 19:44]

2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2011-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-484763869-839522115-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-05 10:05]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-484763869-839522115-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-05 10:05]

2011-02-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-484763869-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 03:33]

2011-02-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-484763869-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 03:33]

2011-02-08 c:\windows\Tasks\User_Feed_Synchronization-{100A6DD8-7525-46C1-B69C-F611E33E77E1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\1ix7ps8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.my/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Black Stratini: {b41cb5f0-2e52-11de-8c30-0800200c9a66} - %profile%\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de
FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 15:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-02-08 15:34:38
ComboFix-quarantined-files.txt 2011-02-08 07:34
ComboFix2.txt 2011-02-06 15:26

Pre-Run: 61,651,345,408 bytes free
Post-Run: 61,639,938,048 bytes free

- - End Of File - - 319F1AD018F8F1AF256B9D42B2C6F467


===============================


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:41:18 PM, on 2/8/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296789077718
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 7226 bytes
 
You can go ahead and remove BitTorrent.

I removed these with the script in Combofix and they show deleted, but they are still on Firefox, so you will need to remove them manually:

Remove outdated Java plugin files from the Firefox plugins folder:
Note: It is recommended that you do not copy Java plugins from other locations to the Firefox plugins folder. Outdated Java plugins can cause Java not to work if you update Java and then uninstall the older Java version, if plugins from the old Java version are still in the Firefox plugins folder.
1. Open Firefox> Tools> Add-ons. The Add-ons window will open.
2. In the Add-ons window> select the Plugins panel, to display a list of installed plugins.
3. Select each Java plugin listed to make sure that all are enabled.
4. Check if the Java plugins are correctly detected. All Java plugins listed in the Add-ons window should match the version number of the currently installed JRE. There should be no plugins for earlier versions of Java.
5. Java plugin files that do not match your current version means that the Firefox plugins folder contains outdated Java plugin files which should be removed. This folder is typically in the following location: Use Windows Explorer to access> My Computer> Local Drive> Programs>>>
C:\Program Files\Mozilla Firefox\plugins
Java files from older versions in the Firefox plugins folder can prevent Java from working.

You do not need to put Java updates in FF extensions. The update you do on the OS will also cover Java. It is a vulnerability to have outdated versions of Java on the system.
==========================================================
Take the HP Digital Imaging processes off of Startup. Find the processes for all of these and uncheck them on Startup:
c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk
c:\program files\adobe\reader 10.0\reader\Reader_sl.exe
c:\program files\common files\adobe\arm\1.0\AdobeARM.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
c:\program files\hp\hp software update\HPWuSchd2.exe

To remove entries from Startup using the msconfig utility:
  • Click on Start> Run> type in msconfig> enter>
  • Click on Selective Startup
  • Choose the Startup tab:
    This is where you UNCHECK the Startup items. This does not remove the item or uninstall anything> it just stops it from starting on boot. It can be rechecked at any time if wanted.
  • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  • Click on Apply> OK when finished.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.'
Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.
==========================================
Remove all of these from Scheduled Tasks. They don't need to run:
c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-25 19:44]
c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 03:33]
c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 03:33] (2 entries)

Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.
Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
To change the settings for a task: right-click the Task> click Properties> do any of the following:
  1. To change the schedule for the task, click the Schedule tab.
  2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
  3. To delete a task> right-click the task> click Delete.
  4. To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.
Maintenance Scheduled Tasks such as defrag are in a separate category.
==========================================
There is a deleted file in Combofix that might indicate you used an infected flash drive. Did you use a flash drive while we were cleaning?
 
Done, I've removed BitTorrent.

The last time I remembered accessing my HDD, phone memory card, and flash drive (I accessed them at the same time) was around the first day of cleaning.
I think it's some time before I started my posting here.
Yesterday I did some printing, the printer is connected through a USB cable.
Other than these, I didn't use any flash drives.

About Java.
I have Java Deployment Toolkit 6.0.230.5 and Java (TM) Platform SE 6 U23 under my FF plugins. They are both enabled.
Are they alright? I don't really see anything that should be removed there.

Take the HP Digital Imaging processes off of Startup. Find the processes for all of these and uncheck them on Startup:
c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk
c:\program files\adobe\reader 10.0\reader\Reader_sl.exe
c:\program files\common files\adobe\arm\1.0\AdobeARM.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
c:\program files\hp\hp software update\HPWuSchd2.exe
Click to expand...
I have some problems regarding this.
All of the above are not found in the startup tab. Are they gone already?

==================================================
c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-25 19:44]
Click to expand...

I found and removed the other three in scheduled tasks but this was not seen.
Instead, I found AdobeAAMUpdater-1.0-OEM-2FCA8EBCBEB-user.

There are also two similar google tasks like below:
GoogleUpdateTaskUserS-1-5-21-1229272821-484763869-839522115-1003UA
GoogleUpdateTaskUserS-1-5-21-1229272821-484763869-839522115-1003Core
 
The Java entries are okay. I didn't mention the Google Updater because as long as you have the Google Toolbar, the updaters will enable themselves! I've done some setting myself that has helped, but it's a real pain!

What you found for Adobe AAMUpdated should be removed from the tasks.
=========================================
Regarding the following deletion in Combofix:
This did not appear in the first Combofix log:ComboFix 11-02-05.01 - user 6/2011 Sun 23:16:14.1.2 - x86
c:\windows\system32\AutoRun.inf

But it was deleted as an infected entry in the second Combofix scan on ComboFix 11-02-07.01 - user 02/08/2011 15:28:27.2.2 - x86

Did you do this in between?
(I accessed them at the same time) was around the first day of cleaning.
Click to expand...
Entries for this showing as Trojan.FakeAlert were found and quarantined in Mbam, but now you have a new entry and it came from somewhere!. Although the entry was deleted in Combofix, that does not give us the source.

Please run this: Flash disinfector
Threat Removal Procedure:

  • [1]. Download Flash_Disinfector and save it to your Desktop.
    [2]. After downloading, double-click on Flash_Disinfector to run it.
    [3]. Just follow the prompts and continue until it begin scanning.
    flash-disinfector.jpg

    [4]. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
    [5]. It will scan removable drives, wait for the scan to finish. Done.

What will Flash Disinfector Do
- Clean up junks created by flash malwares
- Deletes autorun.inf from every root folder
- Fix back damages done to your system
- Creates an autorun.inf folder in the root of your system drives

The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.

Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning and then exit the program. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
 
Sorry for all the troubles, I'm really grateful for your help. :)

=============================

I am sure that I didn't use any flash drives since I used Combofix.
The last time i used my USB was right after I posted my first post.
Which is of course, before I did the Combofix scanning.
The only external thing I remembered using was my printer.
 
I don't bleieve there is any malware remaining>

Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
LEt em know if you have any more questions.
 
Okay, thanks a lot!
Lastly, can you name me some useful protections tools that I should get?

==============

By the way, Happy Valentines Day. Just a side note :)
 
You're very welcome! These should help:
Tips for added security and safer browsing:
  1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
    This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
  2. Have layered Security:
    • Antivirus Software(only one):Both of the following programs are free and known to be good:
      [o]Avira Free
      [o]Avast Home
    • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    • Antispyware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
    IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
    Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
    [o]Replace the Host Files
    MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
  3. Stay current on updates:
    [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
    [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
  4. Reset Cookies to prevent Tracking Cookies:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
  5. Do regular Maintenance
    Remove Temporary Internet Files regularly:
    [o]ATF Cleaner by Atribune
    OR
    [o]TFC
    Disable and Enable System Restore:
    [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
  6. Practice Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Use a Site Advisor:
The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

Give it a try-:http://www.mywot.com/en/download
 

Similar threads

D
Verizon tries to win back T-Mobile customers with $500 credit and free iPhones
Replies
10
Views
165
netman
netman
A
Android users will soon be able to pause Google's anti-malware service for sideloading
Replies
1
Views
125
ZedRM
ZedRM
Cal Jeffrey
  • Locked
AI search engines fail accuracy test, study finds 60% error rate
2
Replies
38
Views
627
LisaEdits
L

Latest posts

Back