Malware I cannot remove

[jjcoolbud]

I have a Sony Vaio running WinXP SP2 and I have a virus I cannot remove.  I have tried many programs and none of them can find the virus.  When I start my computer I click on my user and a window comes up stating something about Netsky. 
I am using the most recent download of Avast and it wont run a scan, it tells me its not running and when I try to start the service, its not in the services list.
I have run Stinger and FixNetSky and they find nothing. 
I try to run Malwarebytes and it just never starts when i click on it. 
Task Manager is greyed out, my background has been changed to a message that my system has been infected.  No antivirus will run. 
I have used CCleaner to totally clean out my startup, program files, etc and still nothing.  I also get a message that the system has detected a potential hazard on your computer that may infect executable files. . .  and the Red X in my systray.  This all also happen in Safe Mode and I have spent about 4 days trying to fix this myself. 

I also get audio advertisements that run on their own.

I cannot re-install windows as my CD Rom drive is broke or hijacked by this virus.  Help Me Please.  here is my HJT log file.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:57 PM, on 2/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: COMServer - Unknown owner - C:\WINDOWS\system32\msapps\comsrvr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 8354 bytes

[Dr Jay]

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

[jjcoolbud]

DragonMaster,

I did download ComboFix and when I click on it to run it nothing happens and the malware throws an error that the exe cannot be run as it is infected.

Next steps?

[Dr Jay]

Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to blackpudding.bat


Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /StepDel

See if ComboFix will run now.

[jjcoolbud]

Jay, that worked quite well.  here is the log but I think all is well.  I am running Malwarebytes now.

Let me know if there is anything else you see or that I should do based on this log file.

Jason

ComboFix 10-02-09.03 - Jason 02/09/2010  20:06:33.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1014.624 [GMT -5:00]
Running from: c:\documents and settings\Jason\desktop\blackpudding.bat
Command switches used :: /StepDel
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\{58615CCB-EA43-4E1A-9D56-C05832FDA037}
c:\documents and settings\Jason\Local Settings\Application Data\{1C52963C-7C9D-4633-8EBD-9552FE1B0A05}
c:\recycler\S-1-5-21-1482476501-776561741-839522115-1003
c:\recycler\S-1-5-21-1612468630-89685085-3473688403-1003
c:\recycler\S-1-5-21-2380657726-3734598010-3631447877-1003
c:\recycler\S-1-5-21-2674361505-969318620-4082022749-1003
c:\recycler\S-1-5-21-2882666047-2457012616-4229916381-1003
c:\recycler\S-1-5-21-3160922839-1615166866-22790272-1003
c:\recycler\S-1-5-21-3484941415-612704084-3895702923-1003
c:\recycler\S-1-5-21-375101726-2659221895-3492569785-1003
c:\windows\system32\drivers\geyekrobmcpdvx.sys
c:\windows\system32\drivers\H8SRTlqjoewsftj.sys
c:\windows\system32\geyekrdayabxxf.dat
c:\windows\system32\geyekruowaqycu.dat
c:\windows\system32\geyekrwiyxamfy.dll
c:\windows\system32\geyekrxbryfibv.dll
c:\windows\system32\H8SRTpjdabwitmq.dll
c:\windows\system32\H8SRTpuhtappxtb.dat
c:\windows\system32\H8SRTqvpxvtwjbf.dll
c:\windows\system32\H8SRTuytkltqfwq.dll
c:\windows\system32\H8SRTxbvdoyqquw.dll
c:\windows\system32\lowsec
c:\documents and settings\Administrator\Local Settings\Application Data\{58615CCB-EA43-4E1A-9D56-C05832FDA037}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{58615CCB-EA43-4E1A-9D56-C05832FDA037}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{58615CCB-EA43-4E1A-9D56-C05832FDA037}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{58615CCB-EA43-4E1A-9D56-C05832FDA037}\install.rdf
c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\documents and settings\Jason\Local Settings\Application Data\{1C52963C-7C9D-4633-8EBD-9552FE1B0A05}\chrome.manifest
c:\documents and settings\Jason\Local Settings\Application Data\{1C52963C-7C9D-4633-8EBD-9552FE1B0A05}\chrome\content\_cfg.js
c:\documents and settings\Jason\Local Settings\Application Data\{1C52963C-7C9D-4633-8EBD-9552FE1B0A05}\chrome\content\overlay.xul
c:\documents and settings\Jason\Local Settings\Application Data\{1C52963C-7C9D-4633-8EBD-9552FE1B0A05}\install.rdf
c:\recycler\S-1-5-21-1482476501-776561741-839522115-1003\desktop.ini
c:\recycler\S-1-5-21-1482476501-776561741-839522115-1003\INFO2
c:\recycler\S-1-5-21-1612468630-89685085-3473688403-1003\desktop.ini
c:\recycler\S-1-5-21-1612468630-89685085-3473688403-1003\INFO2
c:\recycler\S-1-5-21-2380657726-3734598010-3631447877-1003\desktop.ini
c:\recycler\S-1-5-21-2380657726-3734598010-3631447877-1003\INFO2
c:\recycler\S-1-5-21-2674361505-969318620-4082022749-1003\desktop.ini
c:\recycler\S-1-5-21-2674361505-969318620-4082022749-1003\INFO2
c:\recycler\S-1-5-21-2882666047-2457012616-4229916381-1003\desktop.ini
c:\recycler\S-1-5-21-2882666047-2457012616-4229916381-1003\INFO2
c:\recycler\S-1-5-21-3160922839-1615166866-22790272-1003\desktop.ini
c:\recycler\S-1-5-21-3160922839-1615166866-22790272-1003\INFO2
c:\recycler\S-1-5-21-3484941415-612704084-3895702923-1003\desktop.ini
c:\recycler\S-1-5-21-3484941415-612704084-3895702923-1003\INFO2
c:\recycler\S-1-5-21-375101726-2659221895-3492569785-1003\desktop.ini
c:\recycler\S-1-5-21-375101726-2659221895-3492569785-1003\INFO2
C:\s
c:\windows\setup.exe
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\caybejjp.ini
c:\windows\system32\cxhkxtmn.ini
c:\windows\system32\drivers\geyekrobmcpdvx.sys
c:\windows\system32\drivers\H8SRTlqjoewsftj.sys
c:\windows\system32\geyekrdayabxxf.dat
c:\windows\system32\geyekruowaqycu.dat
c:\windows\system32\geyekrwiyxamfy.dll
c:\windows\system32\geyekrxbryfibv.dll
c:\windows\system32\guttcxac.ini
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTpjdabwitmq.dll
c:\windows\system32\H8SRTpuhtappxtb.dat
c:\windows\system32\H8SRTqvpxvtwjbf.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTuytkltqfwq.dll
c:\windows\system32\H8SRTxbvdoyqquw.dll
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\mcrh.tmp
c:\windows\system32\nobjyqwa.ini
c:\windows\system32\orAaHRqr.ini
c:\windows\system32\orAaHRqr.ini2
c:\windows\system32\qsrfooeh.ini
c:\windows\system32\spool\prtprocs\w32x86\00001bd6.tmp
c:\windows\system32\spool\prtprocs\w32x86\0000788d.tmp
c:\windows\system32\tmp.reg
c:\windows\system32\tsklnkwi.ini
c:\windows\system32\twain_32.dll
c:\windows\system32\warning.html
c:\windows\system32\wfnygyep.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekruiwatgfu
-------\Legacy_geyekruiwatgfu
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


(((((((((((((((((((((((((   Files Created from 2010-01-10 to 2010-02-10  )))))))))))))))))))))))))))))))
.

2010-02-10 01:08 . 2010-02-10 01:08   --------   d-----w-   c:\windows\LastGood.Tmp
2010-02-10 00:58 . 2010-02-10 01:00   --------   d-----w-   C:\32788R22FWJFW
2010-02-10 00:39 . 2010-02-10 00:39   --------   d-----w-   c:\documents and settings\Jason\Local Settings\Application Data\Mozilla
2010-02-09 04:50 . 2010-01-28 21:54   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-02-09 04:50 . 2010-01-28 21:57   163280   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-02-09 04:50 . 2010-01-28 21:54   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-02-09 04:50 . 2010-01-28 21:57   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-02-09 04:50 . 2010-01-28 21:54   100432   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-02-09 04:50 . 2010-01-28 21:54   94800   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-02-09 04:50 . 2010-01-28 21:53   28240   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-02-09 04:50 . 2010-01-28 22:09   38848   ----a-w-   c:\windows\system32\avastSS.scr
2010-02-09 04:50 . 2010-01-28 22:09   152672   ----a-w-   c:\windows\system32\aswBoot.exe
2010-02-09 04:50 . 2010-02-09 04:50   --------   d-----w-   c:\program files\Alwil Software
2010-02-09 04:00 . 2010-02-09 04:00   --------   d-----w-   c:\documents and settings\Jason\Local Settings\Application Data\Google
2010-02-09 02:33 . 2010-01-07 21:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-09 02:31 . 2010-02-09 02:31   --------   d-----w-   c:\documents and settings\Jason\Application Data\Yahoo!
2010-02-09 02:31 . 2010-02-09 02:45   --------   d-----w-   c:\program files\Yahoo!
2010-02-09 02:31 . 2010-02-09 02:31   --------   d-----w-   c:\program files\CCleaner
2010-02-09 02:28 . 2010-02-09 02:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-09 02:28 . 2010-01-07 21:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-30 19:51 . 2010-01-30 19:51   --------   d-----w-   c:\windows\system32\config\systemprofile\Local Settings\Application Data\{9CCD5FB9-BEF2-4366-85A6-BE1338698EC2}
2010-01-29 03:04 . 2010-02-09 02:34   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-29 02:33 . 2010-02-09 04:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-15 16:01 . 2010-02-08 23:07   0   ----a-w-   c:\windows\Upadakiwikis.bin
2010-01-15 16:01 . 2010-01-15 18:02   120   ----a-w-   c:\windows\Vhenewiyohupofuy.dat
2010-01-15 16:01 . 2010-01-15 16:01   --------   d-----w-   c:\documents and settings\KCarlson\Local Settings\Application Data\{742AA653-FF45-405D-B6BA-A473CBC09DEB}
2010-01-15 15:57 . 2010-01-15 15:57   --------   d-----w-   c:\windows\system32\msapps
2010-01-15 01:55 . 2010-01-15 01:55   --------   d-----w-   c:\program files\MSSOAP

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 00:41 . 2010-01-30 20:55   --------   d-----w-   c:\documents and settings\Jason\Application Data\Apple Computer
2010-02-09 23:22 . 2006-03-07 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
2010-02-09 12:41 . 2007-09-10 17:02   --------   d-----w-   c:\program files\Google
2010-02-09 12:41 . 2006-03-07 14:53   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-02-09 03:44 . 2007-11-01 02:50   --------   d-----w-   c:\program files\LimeWire
2010-02-09 01:21 . 2010-01-30 20:55   91744   ----a-w-   c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-15 01:57 . 2010-01-15 01:57   775168   ----a-w-   c:\windows\isRS-000.tmp
2010-01-15 01:22 . 2009-01-19 17:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-07 12:32 . 2007-11-01 02:50   --------   d-----w-   c:\documents and settings\KCarlson\Application Data\LimeWire
2010-01-06 21:45 . 2006-10-03 14:56   91744   ----a-w-   c:\documents and settings\KCarlson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 19:59 . 2007-09-10 01:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-05 09:42 . 2010-01-05 09:42   --------   d-----w-   c:\program files\MSXML 6.0
2010-01-05 05:42 . 2006-03-02 08:56   --------   d-----w-   c:\program files\Java
2010-01-05 05:18 . 2010-01-05 05:18   152576   ----a-w-   c:\documents and settings\KCarlson\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-05 05:16 . 2010-01-05 05:16   79488   ----a-w-   c:\documents and settings\KCarlson\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-30 14:08 . 2009-06-29 07:01   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-12-18 04:20 . 2009-12-16 17:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2009-12-11 01:29 . 2009-12-16 17:03   1782128   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2009-11-21 16:36 . 2006-03-02 06:20   470528   ----a-w-   c:\windows\AppPatch\aclayers.dll
2009-11-13 22:57 . 2009-11-13 22:57   922112   ------w-   c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57   426496   ------w-   c:\windows\system32\imapi2.dll
2009-11-13 22:57 . 2004-08-03 22:59   62592   ----a-w-   c:\windows\system32\drivers\cdrom.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42   73728   ----a-w-   c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      'autocheck autochk *'\0aswBoot.exe /M:2e95457852

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^KCarlson^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\KCarlson\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-14 00:58   177472   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 05:59   115816   ----a-w-   c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00   15360   -c----w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-08-05 17:56   77824   ----a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-08-05 17:56   114688   ----a-w-   c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-08-05 17:57   94208   ----a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12   32768   ----a-w-   c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39   292136   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24   1694208   ------w-   c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2007-01-14 07:11   771704   ----a-w-   c:\program files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18   413696   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2005-10-20 06:07   184320   ----a-w-   c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-01-07 10:36   81920   ----a-w-   c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17   149280   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08   28672   ----a-w-   c:\windows\SONYSYS\VAIO Recovery\Partseal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 05:36   151552   ----a-w-   c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/8/2010 11:50 PM 163280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/8/2010 11:50 PM 19024]
R2 COMServer;COMServer;c:\windows\system32\msapps\comsrvr.exe [1/15/2010 10:57 AM 12800]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/3/2009 11:38 AM 102448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\7xpkyi75.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {742AA653-FF45-405D-B6BA-A473CBC09DEB} - c:\documents and settings\KCarlson\Local Settings\Application Data\{742AA653-FF45-405D-B6BA-A473CBC09DEB}
FF - HiddenExtension: XULRunner: {9CCD5FB9-BEF2-4366-85A6-BE1338698EC2} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{9CCD5FB9-BEF2-4366-85A6-BE1338698EC2}\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-smss32 - c:\windows\system32\smss32.exe
MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 20:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-753292386-3990352988-2974378246-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
.
**************************************************************************
.
Completion time: 2010-02-09  20:30:17 - machine was rebooted
ComboFix-quarantined-files.txt  2010-02-10 01:30

Pre-Run: 38,954,151,936 bytes free
Post-Run: 39,102,414,848 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 886B04E05296F18D51DCE76D83D55AA1

[Dr Jay]

Hi again. Please do these steps in order.

1. Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

2. Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

5. Post the following in your next reply:

• MBAM log
• SAS log
• ESET log

And, please tell me how your computer is doing.

[jjcoolbud]

Jay, thanks for your time spent on this.  Attached are the log files you requested from the three programs.  i was quite surprised to see they all found some sort of malware.  Here I was thinking that all of it was gone as the puter was working awesome and still is.

Jason

[Saving space, attachment deleted by admin]

[Dr Jay]

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

[jjcoolbud]

Here is the quick scan.  It looks like all is well as it found nothing. I appreciate all your help.  Let me know if there is anything else I need to do.

Thanks for all of your help in getting this laptop out of the mess it was in.

Jason

[Saving space, attachment deleted by admin]

[mario21lv]

Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster Jay

[jjcoolbud]

Mario thank you for the reply however I did not find these files anywhere on the laptop.

Dragonmaster Jay do you see anything else?  All of the scans I run now return nothing so I think you fixed this for me.  Thanks again I appreciate your help.

Jason

[Dr Jay]

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[jjcoolbud]

Jay here is the log from security check

[Saving space, attachment deleted by admin]

[Dr Jay]

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

[jjcoolbud]

DMJ,

Thank you so much for your time, knowledge and expertise in fixing my computer.  I will certainly recommend computer hope to others which may have issues with theirs and who knows maybe I will become a malware removal specialist someday so I can help others.

Jason