computer definitely infected

OT View IT

OTViewIt logfile created on: 2008-08-30 17:19:07 - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\michele\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

511.48 Mb Total Physical Memory | 342.65 Mb Available Physical Memory | 66.99% Memory free
1.22 Gb Paging File | 1.08 Gb Available in Paging File | 88.27% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 64.85 Gb Free Space | 87.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELE
Current User Name: michele
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

===== Processes - Non-Microsoft Only =====

[06-25-2004 02:05 PM | 00,045,056 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE
[08-23-2001 05:52 PM | 00,331,830 | ---- | M] (Microsoft® Corporation) - C:\Program Files\Microsoft Works\wkssb.exe
[08-17-2001 12:41 AM | 00,028,738 | ---- | M] (Microsoft® Corporation) - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[09-12-2002 01:13 PM | 01,101,824 | ---- | M] (Copyright (C) ahead software gmbh and its licensors) - C:\Program Files\Ahead\InCD\InCD.exe
[07-20-2005 12:19 PM | 00,385,024 | ---- | M] (Motive Communications, Inc.) - C:\Program Files\Verizon Online\SmartBridge\MotiveSB.exe
[08-07-2001 07:06 PM | 00,024,633 | ---- | M] (Microsoft® Corporation) - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
[08-09-2002 06:00 PM | 00,221,184 | ---- | M] (Motive Communications, Inc.) - C:\Program Files\Verizon Online\bin\mpbtn.exe

===== Win32 Services - Non-Microsoft Only =====

(Autocomplete) AutoComplete Service [On_Demand | Stopped]
File not found - C:\PROGRA~1\SYSTEM~1\autocomp.exe

(WLTRYSVC) WLTRYSVC [Auto | Running]
[06-25-2004 02:05 PM | 00,045,056 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE

===== Driver Services - Non-Microsoft Only =====

(BsStor) InCD Storage Helper Driver [Boot | Running]
[06-05-2002 07:07 PM | 00,009,344 | ---- | M] (B.H.A Co.,Ltd.) - C:\WINDOWS\system32\drivers\bsstor.sys

(BsUDF) InCD UDF Driver [Auto | Running]
[09-13-2002 08:35 AM | 00,448,640 | ---- | M] (ahead software) - C:\WINDOWS\System32\drivers\bsudf.sys

(catchme) catchme [On_Demand | Stopped]
File not found - C:\ComboFix\catchme.sys

(GMSIPCI) GMSIPCI [On_Demand | Stopped]
File not found - E:\INSTALL\GMSIPCI.SYS

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped]
[08-04-2004 01:31 AM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys

(USBNET_XP) Instant Wireless XP USB Network Adapter ver.2.6 Driver [On_Demand | Stopped]
[02-19-2002 02:34 PM | 00,072,576 | R--- | M] (The LinkSys Group, Inc.) - C:\WINDOWS\system32\drivers\netusbxp.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD" = C:\Program Files\Ahead\InCD\InCD.exe [09-12-2002 01:13 PM | 01,101,824 | ---- | M] (Copyright (C) ahead software gmbh and its licensors)
"Microsoft Works Portfolio" = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers [08-23-2001 05:52 PM | 00,331,830 | ---- | M] (Microsoft® Corporation)
"Microsoft Works Update Detection" = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [08-17-2001 12:41 AM | 00,028,738 | ---- | M] (Microsoft® Corporation)
"Motive SmartBridge" = C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe [07-20-2005 12:19 PM | 00,385,024 | ---- | M] (Motive Communications, Inc.)
"NeroCheck" = C:\WINDOWS\system32\NeroCheck.exe [07-09-2001 04:50 AM | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [03-20-2003 08:13 AM | 04,616,192 | ---- | M] (NVIDIA Corporation)
"vptray" = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [05-21-2003 02:21 AM | 00,090,112 | ---- | M] (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Key does not exist or could not be opened.
"run" = Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM" = C:\Program Files\AIM\aim.exe -cnetwait.odl File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[04-23-2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[01-27-1998 02:10 AM | 00,055,296 | ---- | M] (Micrografx, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Gold\fmrmd32.exe
[08-07-2001 07:06 PM | 00,024,633 | ---- | M] (Microsoft® Corporation) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
[08-06-2002 11:07 AM | 00,204,800 | ---- | M] (Motive Communications, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe

[michele Startup Folder - C:\Documents and Settings\michele\Start Menu\Programs\Startup]

========== BHO's ==========

========== Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

========== AppInit_Dlls ==========

========== HKLM Security Providers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders]
"msapsspc.dllschannel.dlldigest.dllmsnsspc.dll" - File not found

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06-13-2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08-04-2004 03:56 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08-04-2004 03:56 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10-25-2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08-04-2004 03:56 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName" = C:\WINDOWS\system32\NavLogon.dll [05-21-2003 02:19 AM | 00,045,056 | ---- | M] ()

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"DisableRegistryTools" = 0
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========
Unable to open key or key not present!


========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[07-11-2003 01:27 AM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06eb2976-d4b1-11d7-93b9-000c410c8bb4}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{200abfe4-c03a-11da-945e-000e2e216509}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32754293-d6d6-11d9-9428-000e2e216509}\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4131139c-2877-11dd-94bf-000e2e216509}\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{565e4c3a-79b4-11db-947a-000f661bb2bb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{565e4c46-79b4-11db-947a-000f661bb2bb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6007a5f8-5b4a-11dc-94a1-000e2e216509}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{936fda1e-6cd0-11d9-9411-000f661bb2bb}\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d356454-8aeb-11db-947b-000e2e216509}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8a45af1-9592-11dc-94a6-000e2e216509}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8a45af2-9592-11dc-94a6-000e2e216509}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1c6be90-b839-11d9-941d-000f661bb2bb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efd0c32a-b37e-11d7-93a8-b0c80decdf80}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
"" = AutoRun

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{7C48A721-0A35-4753-BE40-E80EBE593471}]
Servers: | Description: Instant Wireless USB Network Adapter ver.2.6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{836D4178-AA3D-4AEA-8210-609376CBBB7A}]
Servers: | Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A6A5C012-00A3-4209-A6B7-1E6CA2BA5C11}]
Servers: | Description: Linksys Wireless-G PCI Adapter with SpeedBooster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AB0DBDA3-DFDA-495C-A2E7-A88BC5504E89}]
Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC

========== Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 30 days ==========

[1 C:\*.tmp files]
[08-28-2008 03:04 AM | 01,417,602 | ---- | C] () - C:\SDFix.exe
[08-28-2008 03:07 AM | ---D | C] - C:\SDFix
[08-30-2008 04:26 PM | ---D | C] - C:\ComboFix
[08-30-2008 04:26 PM | ---D | C] - C:\QooBox
[08-30-2008 05:09 PM | ---D | C] - C:\Avenger
[2 C:\WINDOWS\System32\*.tmp files]
[08-01-2008 05:29 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[08-13-2008 01:02 AM | 00,588,800 | ---- | C] () - C:\WINDOWS\System32\Psetup.exe
[08-16-2008 03:04 AM | 00,000,206 | ---- | C] () - C:\WINDOWS\System32\MRT.INI
[08-17-2008 01:08 PM | ---D | C] - C:\WINDOWS\System32\inf
[08-20-2008 11:23 PM | 00,125,804 | ---- | C] () - C:\WINDOWS\System32\newcool.exe
[08-23-2008 04:51 PM | ---D | C] - C:\WINDOWS\System32\1024
[08-24-2008 02:35 PM | 00,029,764 | ---- | C] () - C:\WINDOWS\System32\mf0824.exe
[08-28-2008 02:17 PM | 00,062,464 | ---- | C] () - C:\WINDOWS\System32\dwbins.exe
[3 C:\WINDOWS\*.tmp files]
[08-25-2008 11:13 AM | 00,001,409 | ---- | C] () - C:\WINDOWS\QTFont.for
[08-25-2008 11:13 AM | 00,054,156 | -H-- | C] () - C:\WINDOWS\QTFont.qfn
[08-28-2008 03:11 AM | ---D | C] - C:\WINDOWS\ERUNT
[08-29-2008 05:57 AM | 00,002,560 | ---- | C] () - C:\WINDOWS\_MSRSTRT.EXE
[08-30-2008 04:26 PM | 00,028,672 | ---- | C] (NirSoft) - C:\WINDOWS\Nircmd.exe
[08-30-2008 04:26 PM | 00,049,152 | ---- | C] () - C:\WINDOWS\VFind.exe
[08-30-2008 04:26 PM | 00,068,096 | ---- | C] () - C:\WINDOWS\zip.exe
[08-30-2008 04:26 PM | 00,080,412 | ---- | C] () - C:\WINDOWS\grep.exe
[08-30-2008 04:26 PM | 00,089,504 | ---- | C] (Smallfrogs Studio) - C:\WINDOWS\fdsv.exe
[08-30-2008 04:26 PM | 00,098,816 | ---- | C] () - C:\WINDOWS\sed.exe
[08-30-2008 04:26 PM | 00,136,704 | ---- | C] (SteelWerX) - C:\WINDOWS\swsc.exe
[08-30-2008 04:26 PM | 00,161,792 | ---- | C] (SteelWerX) - C:\WINDOWS\swreg.exe
[08-30-2008 04:26 PM | 00,212,480 | ---- | C] (SteelWerX) - C:\WINDOWS\swxcacls.exe
[08-30-2008 04:26 PM | ---D | C] - C:\WINDOWS\erdnt
[08-28-2008 03:05 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08-27-2008 12:30 AM | ---D | C] - C:\Documents and Settings\michele\Application Data\Help
[08-28-2008 03:05 AM | ---D | C] - C:\Documents and Settings\michele\Application Data\Malwarebytes
[08-30-2008 05:18 PM | ---D | C] - C:\Documents and Settings\michele\Application Data\InterVideo
[08-16-2008 10:50 PM | 00,000,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08-28-2008 03:05 AM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08-27-2008 12:48 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\michele\Desktop\HijackThis.lnk
[08-16-2008 10:49 PM | ---D | C] - C:\Program Files\Common Files\Wise Installation Wizard
[08-28-2008 03:05 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 days ==========

[1 C:\*.tmp files]
[08-28-2008 03:04 AM | 01,417,602 | ---- | M] () - C:\SDFix.exe
[08-23-2008 10:51 AM | 00,091,136 | ---- | M] () - C:\WINDOWS\System32\dllcache\msgsvc.dll
[08-29-2008 11:39 PM | 00,000,686 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[2 C:\WINDOWS\System32\*.tmp files]
[08-13-2008 01:02 AM | 00,588,800 | ---- | M] () - C:\WINDOWS\System32\Psetup.exe
[08-16-2008 03:04 AM | 00,000,206 | ---- | M] () - C:\WINDOWS\System32\MRT.INI
[08-26-2008 01:09 PM | 00,029,764 | ---- | M] () - C:\WINDOWS\System32\mf0824.exe
[08-29-2008 02:10 PM | 00,062,464 | ---- | M] () - C:\WINDOWS\System32\dwbins.exe
[08-29-2008 02:10 PM | 00,125,804 | ---- | M] () - C:\WINDOWS\System32\newcool.exe
[08-30-2008 05:12 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files]
[08-16-2008 03:05 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08-23-2008 01:34 PM | 00,000,049 | ---- | M] () - C:\WINDOWS\wpd99.drv
[08-25-2008 11:13 AM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08-25-2008 11:13 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08-28-2008 03:01 AM | 00,000,139 | ---- | M] () - C:\WINDOWS\msicpl.ini
[08-29-2008 05:57 AM | 00,002,560 | ---- | M] () - C:\WINDOWS\_MSRSTRT.EXE
[08-30-2008 05:09 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08-30-2008 05:10 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[1 C:\Documents and Settings\michele\My Documents\*.tmp files]
[08-11-2008 12:59 PM | 00,027,136 | ---- | M] () - C:\Documents and Settings\michele\My Documents\INFO.doc
[08-16-2008 10:50 PM | 00,000,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08-28-2008 03:05 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08-27-2008 01:19 PM | 00,002,483 | ---- | M] () - C:\Documents and Settings\michele\Desktop\Microsoft Word.lnk
[08-27-2008 12:48 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\michele\Desktop\HijackThis.lnk

< End of report >
 
Extras

OTViewIt Extras logfile created on: 2008-08-30 17:19:07 - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\michele\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

511.48 Mb Total Physical Memory | 342.65 Mb Available Physical Memory | 66.99% Memory free
1.22 Gb Paging File | 1.08 Gb Available in Paging File | 88.27% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 64.85 Gb Free Space | 87.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[08-04-2004 03:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[08-01-2006 04:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[10-10-2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[08-04-2004 03:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Abacast\Abaclient.exe" = C:\Program Files\Abacast\Abaclient.exe:*:Disabled:Abaclient
[11-20-2004 04:55 PM | 00,845,312 | ---- | M] (Abacast, Inc.)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
File not found

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found

"C:\Program Files\Common Files\AOL\1143661978\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1143661978\ee\aolsoftware.exe:*:Enabled:AOL Services
File not found

"C:\Program Files\Common Files\AOL\1143661978\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1143661978\ee\aim6.exe:*:Enabled:AIM
File not found

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[08-01-2006 04:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[10-10-2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

"C:\WINDOWS\system32\1024\SVCHOST.EXE" = C:\WINDOWS\system32\1024\SVCHOST.EXE:*:Enabled:SVCHOST.EXE
File not found

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = ComFile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /S

========== Winsock2 Catalogs ==========

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01001201-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B608EFA2-977B-4039-8C71-2DD823B058A6}" = Install Menu
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C1939820-A945-11D4-86F6-0001031E5712}" = MSI MSIDVD
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{D087F95B-5C55-4481-BA53-9618538EE098}" = MSN Encarta Right-Click Dictionary
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"Abacast Client" = Abacast Client
"Abacast Version 1.25f1" = Abacast Version 1.25f1
"AC3Filter" = AC3Filter (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AOL Instant Messenger" = AOL Instant Messenger
"Broadcom 802.11 Application" = Broadcom 802.11 Control Panel
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"CCleaner" = CCleaner (remove only)
"CreataCard Gold 2" = CreataCard Gold 2
"Half-Life" = Half-Life
"HijackThis" = HijackThis 2.0.2
"Httper" = Httper
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InCD!UninstallKey" = InCD (Ahead Software)
"KB834707" = Windows XP Hotfix - KB834707
"KB867282" = Windows XP Hotfix - KB867282
"KB870669" = Microsoft Data Access Components KB870669
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB883939" = Security Update for Windows XP (KB883939)
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB885884" = Windows XP Hotfix - KB885884
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890047" = Windows XP Hotfix - KB890047
"KB890175" = Windows XP Hotfix - KB890175
"KB890859" = Windows XP Hotfix - KB890859
"KB890923" = Windows XP Hotfix - KB890923
"KB891781" = Windows XP Hotfix - KB891781
"KB893066" = Windows XP Hotfix - KB893066
"KB893086" = Windows XP Hotfix - KB893086
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803" = Windows Installer 3.1 (KB893803)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB895316" = Windows Media Player 10 Hotfix - KB895316
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB896727" = Update for Windows XP (KB896727)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899588" = Security Update for Windows XP (KB899588)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB903235" = Security Update for Windows XP (KB903235)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922760" = Security Update for Windows XP (KB922760)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090" = Security Update for Windows XP (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929969" = Security Update for Windows XP (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768" = Security Update for Windows XP (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB933360" = Update for Windows XP (KB933360)
"KB933566" = Security Update for Windows XP (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936357" = Update for Windows XP (KB936357)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB937143" = Security Update for Windows XP (KB937143)
"KB937894" = Security Update for Windows XP (KB937894)
"KB938127" = Security Update for Windows XP (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653" = Security Update for Windows XP (KB939653)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615" = Security Update for Windows XP (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB942840" = Update for Windows XP (KB942840)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944338" = Security Update for Windows XP (KB944338)
"KB944533" = Security Update for Windows XP (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946627" = Update for Windows XP (KB946627)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864" = Security Update for Windows XP (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759" = Security Update for Windows XP (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838" = Security Update for Windows XP (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MySearchSearchAssistant" = Search Assistant - My Search
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Spyware Scan provided by Yahoo!" = Norton Spyware Scan provided by Yahoo!
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Pdf995" = Pdf995
"QuickTime" = QuickTime
"Sierra Utilities" = Sierra Utilities
"SysInfo" = Creative System Information
"Verizon.MCCInstall" = Verizon Online Support Center
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"Works2002Setup" = Microsoft Works 2002 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1

========== Last 10 Event Log Errors ==========


[ Application Events ]
Error - 2008-08-24 12:24:56 - Computer Name = MICHELE - User Name = User SID not found - Source = Norton AntiVirus
Description = Virus Found!Virus name: Trojan Horse in File: C:\WINDOWS\system32\mmchost.dll
by: Realtime Protection scan. Action: Clean failed : Delete failed : Access denied

Error - 2008-08-24 12:25:36 - Computer Name = MICHELE - User Name = User SID not found - Source = Norton AntiVirus
Description = Virus Found!Virus name: Trojan Horse in File: C:\WINDOWS\system32\mmchost.dll
by: Realtime Protection scan. Action: Clean failed : Delete failed : Access denied

Error - 2008-08-24 12:26:16 - Computer Name = MICHELE - User Name = User SID not found - Source = Norton AntiVirus
Description = Virus Found!Virus name: Trojan Horse in File: C:\WINDOWS\system32\mmchost.dll
by: Realtime Protection scan. Action: Clean failed : Delete failed : Access denied

Error - 2008-08-24 12:26:56 - Computer Name = MICHELE - User Name = User SID not found - Source = Norton AntiVirus
Description = Virus Found!Virus name: Trojan Horse in File: C:\WINDOWS\system32\mmchost.dll
by: Realtime Protection scan. Action: Clean failed : Delete failed : Access denied

Error - 2008-08-24 12:27:36 - Computer Name = MICHELE - User Name = User SID not found - Source = Norton AntiVirus
Description = Virus Found!Virus name: Trojan Horse in File: C:\WINDOWS\system32\mmchost.dll
by: Realtime Protection scan. Action: Clean failed : Delete failed : Access denied

Error - 2008-08-24 12:28:16 - Computer Name = MICHELE - User Name = User SID not found - Source = Norton AntiVirus
Description = Virus Found!Virus name: Trojan Horse in File: C:\WINDOWS\system32\mmchost.dll
by: Realtime Protection scan. Action: Clean failed : Delete failed : Access denied

Error - 2008-08-24 16:44:01 - Computer Name = MICHELE - User Name = User SID not found - Source = Norton AntiVirus
Description = Virus Found!Virus name: Trojan Horse in File: C:\WINDOWS\system32\mmchost.dll
by: Realtime Protection scan. Action: Clean failed : Delete failed : Access denied

Error - 2008-08-30 20:28:05 - Computer Name = MICHELE - User Name = User SID not found - Source = Norton AntiVirus
Description = Virus Found!Virus name: W32.Hitapop in File: C:\WINDOWS\system32\inf\scsys16_080828.dll
by: Realtime Protection scan. Action: Delete succeeded : Access denied

Error - 2008-08-30 20:28:05 - Computer Name = MICHELE - User Name = User SID not found - Source = Norton AntiVirus
Description = Virus Found!Virus name: W32.Hitapop in File: C:\WINDOWS\system32\inf\sppdcrs080828.scr
by: Realtime Protection scan. Action: Delete succeeded : Access denied

Error - 2008-08-30 20:28:06 - Computer Name = MICHELE - User Name = User SID not found - Source = Norton AntiVirus
Description = Virus Found!Virus name: W32.Hitapop in File: C:\WINDOWS\system\sgcxcxxaspf080828.exe
by: Realtime Protection scan. Action: Delete succeeded : Access denied


[ Internet Explorer Events ]

[ Security Events ]

[ System Events ]
Error - 2008-08-30 20:27:46 - Computer Name = MICHELE - User Name = User SID not found - Source = Service Control Manager
Description = The sotpeca Event propagation service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2008-08-30 20:27:46 - Computer Name = MICHELE - User Name = User SID not found - Source = Service Control Manager
Description = The tdxdowkc Event propagation service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2008-08-30 20:27:46 - Computer Name = MICHELE - User Name = User SID not found - Source = Service Control Manager
Description = The wsldoekd Settings storage service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2008-08-30 20:58:50 - Computer Name = MICHELE - User Name = User SID not found - Source = Service Control Manager
Description = The 6to4 service terminated with the following error: %%126

Error - 2008-08-30 20:58:50 - Computer Name = MICHELE - User Name = User SID not found - Source = Service Control Manager
Description = The Ias service terminated with the following error: %%126

Error - 2008-08-30 20:58:50 - Computer Name = MICHELE - User Name = User SID not found - Source = Service Control Manager
Description = The Symantec AntiVirus Client service terminated with the following
error: %%5

Error - 2008-08-30 21:10:16 - Computer Name = MICHELE - User Name = User SID not found - Source = Service Control Manager
Description = The 6to4 service terminated with the following error: %%126

Error - 2008-08-30 21:10:16 - Computer Name = MICHELE - User Name = User SID not found - Source = Service Control Manager
Description = The Ias service terminated with the following error: %%126

Error - 2008-08-30 21:10:16 - Computer Name = MICHELE - User Name = User SID not found - Source = Service Control Manager
Description = The Symantec AntiVirus Client service terminated with the following
error: %%5

Error - 2008-08-30 21:10:22 - Computer Name = MICHELE - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >
 
Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28, on 2008-08-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Gold\fmrmd32.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/features/dictionary/quickDictionary.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\SYSTEM~1\autocomp.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4464 bytes
 
Great! That's gotten rid of almost everything, there are a few more files to go and then I'd like you to run an online scan to check for any more leftovers.

  • Double click on avenger.exe to run it again
  • Do not change any check box options!!
  • Copy everything in the Code box below, and paste it into the Input script here: part of the window. Please do not include the word Code:

    Code: 
    Files to delete:
C:\WINDOWS\System32\newcool.exe
C:\WINDOWS\System32\mf0824.exe
C:\WINDOWS\System32\dwbins.exe
C:\WINDOWS\System32\Psetup.exe
C:\WINDOWS\system32\mmchost.dll

Folders to delete:
C:\WINDOWS\System32\1024

Registry values to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List | C:\WINDOWS\system32\1024\SVCHOST.EXE
  • Now click the Execute button.
  • Click Yes to the prompt to confirm you want to execute.
  • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
  • Your PC should reboot, if not, reboot it yourself.
  • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
  • Please post the content of the logfile.

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post
  • The Avenger log
  • The Kaspersky report
  • An update on how your system is running
 
Avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\System32\newcool.exe" deleted successfully.
File "C:\WINDOWS\System32\mf0824.exe" deleted successfully.
File "C:\WINDOWS\System32\dwbins.exe" deleted successfully.
File "C:\WINDOWS\System32\Psetup.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\mmchost.dll" not found!
Deletion of file "C:\WINDOWS\system32\mmchost.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\WINDOWS\System32\1024" deleted successfully.

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List|C:\WINDOWS\system32\1024\SVCHOST.EXE"
Deletion of registry value "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List|C:\WINDOWS\system32\1024\SVCHOST.EXE" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
 
Online scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 31, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 31, 2008 18:39:13
Records in database: 1172153
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 38045
Threat name: 23
Infected objects: 46
Suspicious objects: 0
Duration of the scan: 00:41:24


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C0002.VBN Infected: Trojan-Spy.Win32.Pophot.bzg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C0004.VBN Infected: Trojan-Spy.Win32.Pophot.cao 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C0005.VBN Infected: Trojan-Spy.Win32.Pophot.cbj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C0006.VBN Infected: Trojan.Win32.Agent.yvp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C0007.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C0008.VBN Infected: Trojan.Win32.Agent.zwy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C0009.VBN Infected: Trojan.Win32.Agent.yvv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C000A.VBN Infected: Trojan.Win32.Agent.yvv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C000B.VBN Infected: Trojan.Win32.Agent.zbc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C000C.VBN Infected: Trojan-Spy.Win32.Pophot.cap 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C000D.VBN Infected: Trojan-Spy.Win32.Pophot.cap 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C000E.VBN Infected: Trojan.Win32.Agent.yvp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C000F.VBN Infected: Trojan-Spy.Win32.Pophot.cbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\105C0010.VBN Infected: Trojan-Spy.Win32.Pophot.cbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\137C0003.VBN Infected: Trojan.Win32.Agent.yvp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\137C0004.VBN Infected: Backdoor.Win32.Small.flb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\137C0005.VBN Infected: Trojan.Win32.Agent.zwy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\137C0006.VBN Infected: Trojan.Win32.Agent.yvv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\137C0007.VBN Infected: Trojan.Win32.Agent.yvv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\137C0008.VBN Infected: Trojan.Win32.Agent.zbc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\137C0009.VBN Infected: Trojan.Win32.Agent.yvp 1
C:\QooBox\Quarantine\C\DOCUME~1\michele\LOCALS~1\Temp\WowInitcode.dll.vir Infected: Trojan-GameThief.Win32.WOW.bvz 1
C:\QooBox\Quarantine\C\WINDOWS\dcbdcatys32_080828a.dll.vir Infected: Trojan-Spy.Win32.Pophot.cdv 1
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall4_85.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_38.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_90.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e 1
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_98.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e 1
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_14.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e 1
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_22.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e 1
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_48.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e 1
C:\QooBox\Quarantine\C\WINDOWS\system32\123123.exe.vir Infected: Trojan-GameThief.Win32.WOW.bvw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\atsxyzd.sys.vir Infected: Trojan.Win32.DNSChanger.ign 1
C:\QooBox\Quarantine\C\WINDOWS\system32\oduxftw.sys.vir Infected: Trojan-Clicker.Win32.VB.brv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zordisa.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.syhe 1
C:\SDFix\backups\backups.zip Infected: Trojan.Win32.DNSChanger.ign 1
C:\SDFix\backups_old\backups.zip Infected: Trojan.Win32.Agent.yvp 2
C:\SDFix\backups_old\backups.zip Infected: Trojan.Win32.DNSChanger.icx 1
C:\SDFix\backups_old\backups.zip Infected: Trojan-Clicker.Win32.VB.bqi 1
C:\SDFix\backups_old\backups.zip Infected: Trojan.Win32.Agent.zjn 1
C:\SDFix\backups_old\backups.zip Infected: Trojan.Win32.Agent.zwy 1
C:\SDFix\backups_old\backups.zip Infected: Trojan.Win32.Agent.yvv 2
C:\SDFix\backups_old\backups.zip Infected: Trojan.Win32.Agent.zbc 1
C:\SDFix\backups_old\backups.zip Infected: Trojan.Win32.Agent.zmz 1
C:\WINDOWS\system32\fduvfct.sys Infected: Trojan-Clicker.Win32.VB.btw 1

The selected area was scanned.
 
Excellent, the Kaspersky scan shows only one remnant which we can remove now, the others are all quarantined items.
  • Please run avenger.exe again by double clicking on it.
  • Do not change any check box options!!
  • Copy everything in the Code box below, and paste it into the Input script here: part of the window. Please do not include the word Code:

    Code: 
    [b]Files to delete:[/b]
C:\WINDOWS\system32\fduvfct.sys
  • Now click the Execute button.
  • Click Yes to the prompt to confirm you want to execute.
  • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
  • Your PC should reboot, if not, reboot it yourself.

Please download OTCleanIt and save it to desktop. This will remove the tools we've used and the backups they've created.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the Begin cleanup Process? prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

You can keep Malwarebytes' Anti-Malware if you'd like, as it's one of the best anti-malware scanners available and a very good program for running on-demand scans.

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

I notice that you are running Ad-Aware, which is good. You might want to consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
You must log in or register to reply here.
Back
Top