TROJAN.BHO.H won't go away!

[frustratedinmpls]

DDS (Ver_09-12-01.01) - NTFSx86

Run by Elena at 9:44:54.75 on Sun 02/21/2010

Internet Explorer: 8.0.6001.18882

Microsoft

Edited February 21, 2010 by Maurice Naggar
Logs place In-Line

[Maurice Naggar]

Hello and welcome to MalwareBytes forums.

Please do not attach any logs (even if you may see that in other directions). Always Copy and Paste the contents of logs into the reply text-box. Otherwise, it adds extra steps for your helper and most of us hesitate to download files from infected systems.

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• IF prompted to Reboot, reply "Yes".
  

Now, Go back and re-run just the DDS utility-program. And just copy back & paste the DDS.txt

The one you had before got chopped somehow.

[frustratedinmpls]

Thank you so much for the clarification on cut/paste instead of attaching files.

I have followed your instructions and have cut/pasted the DDS log below:

mRunOnce: [Launcher] "%WINDIR%\SMINST\launcher.exe"

StartupFolder: c:\users\elena\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20100210.001\IDSvix86.sys [2010-2-13 286768]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-2-6 1201640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-3 102448]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-22 21504]

S3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\system32\drivers\9kdUSBXP.sys [2006-12-28 16000]

S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-9-21 1245064]

=============== Created Last 30 ================

2010-02-21 15:36:40 0 ----a-w- c:\users\elena\defogger_reenable

2010-02-19 00:53:46 0 d-----w- c:\users\elena\appdata\roaming\Malwarebytes

2010-02-19 00:53:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-19 00:53:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-19 00:53:28 0 d-----w- c:\programdata\Malwarebytes

2010-02-19 00:53:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-10 03:04:13 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-02-10 03:04:12 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-02-10 03:04:00 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-08 14:49:38 0 d-----w- c:\program files\iPod

2010-02-08 14:49:32 0 d-----w- c:\program files\iTunes

2010-02-06 19:40:34 0 d-----w- c:\program files\Ask.com

2010-02-06 19:39:24 1563008 ----a-w- c:\windows\WRSetup.dll

2010-02-06 19:39:24 0 d-----w- c:\users\elena\appdata\roaming\Webroot

2010-02-06 19:39:24 0 d-----w- c:\programdata\Webroot

2010-02-06 19:39:24 0 d-----w- c:\program files\Webroot

2010-02-06 19:35:47 164 ----a-w- c:\windows\install.dat

==================== Find3M ====================

2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-08 20:01:02 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-04 18:30:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-04 18:29:41 1314816 ----a-w- c:\windows\system32\quartz.dll

2009-12-04 18:28:52 22528 ----a-w- c:\windows\system32\msyuv.dll

2009-12-04 18:28:51 31744 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-04 18:28:51 123904 ----a-w- c:\windows\system32\msvfw32.dll

2009-12-04 18:28:49 13312 ----a-w- c:\windows\system32\msrle32.dll

2009-12-04 18:28:27 82944 ----a-w- c:\windows\system32\mciavi32.dll

2009-12-04 18:28:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2009-12-04 18:27:12 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-11-17 09:19:58 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-17 09:19:58 51200 ----a-w- c:\windows\inf\infpub.dat

2009-11-17 09:19:58 143360 ----a-w- c:\windows\inf\infstrng.dat

2009-11-17 09:19:58 143360 ----a-w- c:\windows\inf\infstor.dat

2008-09-17 18:44:29 174 --sha-w- c:\program files\desktop.ini

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:07:39.20 ===============

[Maurice Naggar]

No, you still have not copied ALL of the log. Go slow and careful. Used NOTEPAD to open the DDS.txt file

Then either from the menu, do a Edit > Select ALL, then COPY

or do the keyboard shortcuts

CTRL+A

then CTRL+C

I need to see the entire DDS.txt from beginning to end, so I can review.

[frustratedinmpls]

Hi there. This time I did Edit-Select All-Copy-Paste. I can't tell where it is cutting off, so I'm terribly sorry if I'm inadvertently doing something wrong. Pls take a look below and let me know if I've done something wrong.

***************************************************************************

DDS (Ver_09-12-01.01) - NTFSx86

Run by Elena at 12:03:45.10 on Sun 02/21/2010

Internet Explorer: 8.0.6001.18882

Microsoft

[Maurice Naggar]

Much better. We got the whole log this time. I'd like for you to insure MBAM is updated & then run a new scan.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy of MBAM latest log for my review. There will be more to do later.

[frustratedinmpls]

Thank you. I updated MBAM and ran a quick scan. I did Edit - Select All - Copy - Paste and have posted the log info below for your review.

I can't help but laugh at the last line where it says that it removed the Trojan Horse because I've seen that line in my last 4 scans....and then it's still there.

******************************************

Malwarebytes' Anti-Malware 1.44

Database version: 3772

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

2/21/2010 2:37:57 PM

mbam-log-2010-02-21 (14-37-57).txt

Scan type: Quick Scan

Objects scanned: 104248

Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Elena\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.

[Maurice Naggar]

It is a persistent re-occurence of that pest & it is in a temp area of yours. I'll have to do something a bit stronger.

You will want to print out or copy these instructions to Notepad for offline reference!

If you are a casual viewer, do NOT try this on your system!

If you are not frustratedinmpls and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Given that this is a Vista system, on most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

• Double-click FixPolicies.exe.
  
• Click the "Install" button on the bottom toolbar of the box that will open.
  
• The program will create a new Folder called FixPolicies.
  
• Open the new Folder, and then RIGHT-click the file within Fix_Policies.cmd and then select "Run as Administrator".
  
• A black box {command prompt} will briefly appear and then close.
  
• This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.
  

Step 2

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Please RIGHT-click OTL.exe and choose Run As Administrator to start it.
  
• Copy all the lines in between the **** stars lines **** below {including Blank lines } to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  :files
  C:\Users\Elena\AppData\Local\Temp\low\COUPON~1.DLL
  C:\Users\Elena\AppData\Local\Temp\*.*
  C:\recycler
  D:\recycler
  e:\recycler
  f:\recycler
  g:\recycler
  h:\recycler
  :Commands
  [purity]
  [emptytemp]
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• ! Close any browser(s) windows that may be open - close Internet Explorer & Firefox. Close any open user program (other than OTL).
  
• Using your mouse, click on the red-lettered button Run Fix.
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3

If you have a prior copy of Combofix, delete it now :!:

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

Link 3

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning. Type "1" (and Enter) to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with copy of OTL MovedFiles log

and C:\Combofix.txt

[frustratedinmpls]

I figured this was going to get nasty. I'm now on business travel until Thursday night with no access to my home computer. I'm hesitant to try to coach my spouse through this on the phone, so I'm going to suspend until Thursday night when I can try the steps that you note below. In the meantime, I will have my spouse disconnect my home computer from the internet so that things don't get more pernicious. I'll reply again on Thursday night, so pls don't interpret radio silence as my not being interested in getting this resolved. Thanks for your continued help.

[Maurice Naggar]

Ok. No worries. I'll await your reply after you get back.

[frustratedinmpls]

logs for OTL moved files and combofix are cut and pasted below

OTL MovedFile Log

********************************************************************************

****************************

All processes killed

========== FILES ==========

File\Folder C:\Users\Elena\AppData\Local\Temp\low\COUPON~1.DLL not found.

C:\Users\Elena\AppData\Local\Temp\Attach.txt moved successfully.

C:\Users\Elena\AppData\Local\Temp\BrowserPlusUpdater.log moved successfully.

C:\Users\Elena\AppData\Local\Temp\DDS.txt moved successfully.

C:\Users\Elena\AppData\Local\Temp\Elena.bmp moved successfully.

C:\Users\Elena\AppData\Local\Temp\jusched.log moved successfully.

C:\Users\Elena\AppData\Local\Temp\logger.log moved successfully.

C:\Users\Elena\AppData\Local\Temp\osCheck Vista Migration 2010-02-21 12h03m02s.log moved successfully.

C:\Users\Elena\AppData\Local\Temp\osCheck Vista Migration 2010-02-21 14h41m30s.log moved successfully.

C:\Users\Elena\AppData\Local\Temp\osCheck Vista Migration 2010-02-25 21h11m57s.log moved successfully.

File\Folder C:\recycler not found.

File\Folder D:\recycler not found.

File\Folder e:\recycler not found.

File\Folder f:\recycler not found.

File\Folder g:\recycler not found.

File\Folder h:\recycler not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Elena

->Temp folder emptied: 731136 bytes

->Temporary Internet Files folder emptied: 80078271 bytes

->Java cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 77.00 mb

OTL by OldTimer - Version 3.1.30.2 log created on 02252010_213154

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\JETEC9F.tmp not found!

File\Folder C:\Windows\temp\SST-AEED395D-A415-4833-8AF2-D95410C87ED8.tmp not found!

Registry entries deleted on Reboot...

********************************************************************************

*************************

ComboFix Log

********************************************************************************

*****************************

ComboFix 10-02-25.02 - Elena 02/25/2010 21:44:26.1.2 - x86

Microsoft

[Maurice Naggar]

It sure likes we squashed that "coupon" trash. Let's have you do a new MBAM scan.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy of that log ..... and ....

tell me, How is your system now ?

[frustratedinmpls]

OMG! It worked! Beautiful! Finally! I've pasted in the log below!

I see that combofix added another copy of internet explorer onto my desktop. May I delete that? If everything is working, I'd like to sort of clean up my desktop.

Thanks! You're a miracle worker!

Malwarebytes' Anti-Malware 1.44

Database version: 3795

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

2/26/2010 6:31:04 AM

mbam-log-2010-02-26 (06-31-04).txt

Scan type: Quick Scan

Objects scanned: 107007

Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Maurice Naggar]

Combofix does -not- put or add anything related to Internet Explorer. Do not delete anything until I give you final cleanup procedures ---which I should do this evening.

But, yes, miracles happen often enough. <w>

[Maurice Naggar]

Cleanups / removals

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after exe and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Click Start, then click Run. Then type in the following ( or copy/paste )
  ComboFix.exe /uninstall
  and then click OK.
  

IF you run into a hitch removing Combofix, continue forward anyway to the remaining steps.

• Please Right-click OTL.exe and select Run As Administrator to start it.
  
• Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.
  

• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Critical Updates offered.
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  
• Make certain that Automatic Updates is enabled.
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  Kaspersky Webscan Online Virus Scanner
  ESET Online Scanner
  Panda ActiveScan
  Trend Micro Housecall
  F-Secure Online Scanner
  
• Read Tony Klein's article How Did I Get Infected In The First Place
  
• Never, ever download free games, free tools, smileys, or anything free unless you can be absolutely sure the source is safe !
  

We are done here. Best regards.