irect, cloBad infection, google redses MWBAM,closes GMer

[duggyb]

Here is my DDS log, i have tried to run MWBAM but it closes 2 seconds into the scan, i have tried exehelper, r kill, etc and no luck, always closes program and then forces me to reinstall MBAM before opening again.

also closes GMer when trying to get logs, same situation as MWBAM

i have tried a system restore, no luck as it says my disk is corrupt.

looking for any insight at this point!

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.7600.16385

Run by dbrewster at 23:56:33 on 2011-11-07

Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.2356.1824 [GMT -6:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\21516547:4239308798.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\ctfmon.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://companyweb

uDefault_Page_URL = hxxp://companyweb

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=travelmate_8472t&r=270511109906l0423z2k5x6692n777

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=travelmate_8472t&r=270511109906l0423z2k5x6692n777

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

uWinlogon: Shell=c:\users\dbrewster\appdata\local\03514801\X

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s

uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

uRun: [Privacy Protection] c:\programdata\privacy.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe

mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"

mRun: [backupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -h -k

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [PLFSetI] c:\windows\PLFSetI.exe

mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe

mRun: [VitaKeyTSR] "c:\program files\acer bio protection\EgisTSR.exe" /run

mRun: [Launch LCore] "c:\program files\logitech gaming software\LCore.exe" /minimized

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [openvpn-gui] c:\program files\openvpn\bin\openvpn-gui.exe

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRunOnce: [Wrapper] runonce

mRunOnce: [GrpConv] grpconv -o

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\dbrews~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - file:///C:/Users/Dustin/Desktop/PNC%20temp/nshelp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 172.16.1.254

TCP: Interfaces\{5F6B72B3-A232-4A8D-9C4D-2DE56449984B} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{9B5794E7-BA7F-4D78-AC74-58CBF55B3045} : DhcpNameServer = 172.16.1.254

TCP: Interfaces\{9B5794E7-BA7F-4D78-AC74-58CBF55B3045}\4527166756C6F6467656 : DhcpNameServer = 192.168.1.1 192.168.0.1

TCP: Interfaces\{9B5794E7-BA7F-4D78-AC74-58CBF55B3045}\640574 : DhcpNameServer = 192.168.10.202

TCP: Interfaces\{C857FED3-8D3D-408F-B650-928B271CF4F9} : DhcpNameServer = 192.168.10.202

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-2-9 325672]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2010-12-19 19720]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S1 oodpxthi;oodpxthi;c:\windows\system32\drivers\oodpxthi.sys [2011-11-7 41680]

S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\drivers\vfilter.sys [2010-9-2 17920]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-5-18 312400]

S2 EgisTec Service;EgisTec Service;c:\program files\acer bio protection\EgisService.exe [2010-5-1 310128]

S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\common files\egistec\services\EgisTicketService.exe [2010-5-1 257904]

S2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-6-24 735776]

S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [2010-6-24 29232]

S2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-5-18 13336]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2010-3-8 252416]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-11-5 144640]

S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2010-5-18 129568]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-5-18 260640]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-6-24 2314240]

S2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-5-18 243232]

S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2010-3-12 25600]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-6-24 286248]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-24 33320]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-8-23 77624]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-18 132480]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2010-12-19 14856]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-11-5 50432]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-8-23 181432]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\drivers\virtualnet.sys [2010-9-2 13824]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-1 1343400]

.

=============== Created Last 30 ================

.

2011-11-08 05:50:26 41680 ----a-w- c:\windows\system32\drivers\oodpxthi.sys

2011-11-08 05:41:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-08 05:39:02 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2c7ae328-d285-46e9-8f65-9d84b8b25536}\offreg.dll

2011-11-07 07:54:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-07 07:54:29 -------- d-----w- c:\users\dbrewster\appdata\roaming\Malwarebytes

2011-11-07 07:46:00 -------- d-----w- c:\programdata\Malwarebytes

2011-11-07 07:45:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-06 20:51:04 841728 ----a-w- c:\programdata\privacy.exe

2011-11-06 20:51:04 836608 ----a-w- c:\programdata\9F5C.tmp

2011-11-06 20:51:04 836608 ----a-w- c:\programdata\1507.tmp

2011-11-06 20:51:04 834560 ----a-w- c:\programdata\8517.tmp

2011-11-06 20:51:04 834048 ----a-w- c:\programdata\DFB9.tmp

2011-11-06 20:51:04 834048 ----a-w- c:\programdata\7E4C.tmp

2011-11-06 20:51:04 833536 ----a-w- c:\programdata\C063.tmp

2011-11-06 20:46:54 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2c7ae328-d285-46e9-8f65-9d84b8b25536}\mpengine.dll

2011-10-26 06:37:57 6144 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-10-22 18:35:38 -------- d-----w- c:\program files\STOPzilla!

2011-10-22 18:35:36 -------- d-----w- c:\program files\common files\iS3

2011-10-22 18:35:34 -------- d-----w- c:\programdata\STOPzilla!

2011-10-22 18:28:55 48016 --sha-w- c:\windows\system32\c_95474.nl_

2011-10-19 22:12:37 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-19 22:07:09 -------- d-sh--w- c:\users\dbrewster\appdata\local\03514801

.

==================== Find3M ====================

.

2011-11-08 05:37:05 58288 ----a-w- c:\windows\system32\rpcnet.dll

2011-11-08 05:37:05 17920 ----a-w- c:\windows\system32\rpcnetp.dll

2011-11-08 05:35:09 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2011-11-08 05:35:01 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-22 18:28:38 387584 ----a-w- c:\windows\system32\drivers\csc.sys

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-06 02:38:14 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-08-27 04:43:07 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 04:43:06 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec

2011-08-17 04:26:02 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-08-17 04:22:23 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-08-17 04:22:23 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-08-17 04:22:23 59904 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-08-17 04:22:23 204288 ----a-w- c:\windows\system32\MSNP.ax

.

============= FINISH: 23:57:50.06 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/25/2010 11:22:24 PM

System Uptime: 11/7/2011 11:38:21 PM (0 hours ago)

.

Motherboard: Acer | | BAP40-CP

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU 1 | 2261/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 278 GiB total, 191.633 GiB free.

D: is Removable

G: is CDROM ()

I: is NetworkDisk (CSC-CACHE) - 278 GiB total, 191.633 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Shrew Soft Lightweight Filter

Device ID: ROOT\LEGACY_VFLT\0000

Manufacturer:

Name: Shrew Soft Lightweight Filter

PNP Device ID: ROOT\LEGACY_VFLT\0000

Service: vflt

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP142: 10/16/2011 3:00:11 AM - Windows Update

RP143: 10/18/2011 10:19:12 PM - Windows Update

RP145: 10/19/2011 4:33:35 PM - Windows Defender Checkpoint

RP146: 10/21/2011 8:15:27 AM - Windows Update

RP148: 10/21/2011 8:35:38 AM - Windows Defender Checkpoint

RP149: 10/22/2011 12:33:49 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

RP151: 10/22/2011 12:38:07 PM - Windows Defender Checkpoint

RP153: 10/23/2011 9:38:12 PM - Windows Defender Checkpoint

RP155: 10/23/2011 10:34:15 PM - Windows Defender Checkpoint

RP156: 10/26/2011 12:37:56 AM - Windows Update

RP158: 10/26/2011 12:45:16 AM - Windows Defender Checkpoint

RP159: 10/30/2011 2:24:08 AM - Windows Update

RP161: 10/30/2011 2:33:35 AM - Windows Defender Checkpoint

RP162: 11/6/2011 2:46:25 PM - Windows Update

RP164: 11/6/2011 2:52:26 PM - Windows Defender Checkpoint

RP165: 11/7/2011 2:12:13 PM - Removed Apple Application Support

RP167: 11/7/2011 2:13:19 PM - Configured eSobi v2

RP168: 11/7/2011 2:14:07 PM - Removed iTunes

RP169: 11/7/2011 2:16:15 PM - Removed Apple Mobile Device Support

RP170: 11/7/2011 2:17:08 PM - Removed Apple Software Update

RP171: 11/7/2011 2:18:31 PM - Removed Skype Toolbars

RP172: 11/7/2011 2:18:49 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

RP173: 11/7/2011 2:19:59 PM - Removed SupportSoft Assisted Service

RP175: 11/7/2011 3:09:36 PM - Windows Defender Checkpoint

.

==== Installed Programs ======================

.

3M Digital Designs II Web Demo (C:\3M Digital Designs II)

Acer Backup Manager

Acer Bio Protection

Acer Crystal Eye webcam Ver:1.1.167.331

Acer ePower Management

Acer eRecovery Management

Acer Registration

Acer ScreenSaver

Acer Updater

Acer VCM

Acrobat.com

Add or Remove Adobe Creative Suite 3 Master Collection

Adobe After Effects CS3 Presets

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Creative Suite 3 Master Collection

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Player 9 ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X (10.1.1)

Adobe Setup

Adobe SING CS3

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Video Profiles

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

Alcor Micro USB Card Reader

Apple Software Update

µTorrent

Backup Manager Advance

BlackBerry Desktop Software 6.1

Bonjour

Broadcom Gigabit Integrated Controller

Canon Inkjet Printer Driver Add-On Module

Conexant HD Audio

Corel Graphics - Windows Shell Extension

CorelDRAW Graphics Suite X5

CorelDRAW Graphics Suite X5 - Capture

CorelDRAW Graphics Suite X5 - Common

CorelDRAW Graphics Suite X5 - Connect

CorelDRAW Graphics Suite X5 - Custom Data

CorelDRAW Graphics Suite X5 - Draw

CorelDRAW Graphics Suite X5 - EN

CorelDRAW Graphics Suite X5 - Filters

CorelDRAW Graphics Suite X5 - FontNav

CorelDRAW Graphics Suite X5 - IPM

CorelDRAW Graphics Suite X5 - PHOTO-PAINT

CorelDRAW Graphics Suite X5 - Photozoom Plugin

CorelDRAW Graphics Suite X5 - Redist

CorelDRAW Graphics Suite X5 - Setup Files

CorelDRAW Graphics Suite X5 - VBA

CorelDRAW Graphics Suite X5 - VideoBrowser

CorelDRAW Graphics Suite X5 - VSTA

CorelDRAW Graphics Suite X5 - WT

CorelDRAW® Graphics Suite X5

Counter-Strike: Source

Cutting Master 2 1.81

Cutting Plotter Controller

D3DX10

Dead Space

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Fingerprint Solution

Ghostscript GPL 8.64 (Msi Setup)

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

Identity Card

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

InterVideo WinDVD 8

Java 6 Update 22

Junk Mail filter update

KONICA MINOLTA C360Series

Launch Manager

Logitech Gaming Software 7.00

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft MapPoint North America 2010

Microsoft Office Access database engine 2007 (English)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable Package

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Tools for Applications 2.0 Runtime

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

OpenVPN 2.1.3-gui-1.0.3

Optical Drive Power Management

PDF Settings

PowerISO

PrimoPDF -- brought to you by Nitro PDF Software

QuickTime

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2584066)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

Shrink Pic (remove)

Skype™ 5.0

Steam

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2493983)

Update for Microsoft Outlook Social Connector (KB2583935)

uTorrentBar Toolbar

Ventrilo Client

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

Welcome Center

WIDCOMM Bluetooth Software

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.00 (32-bit)

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

11/7/2011 9:16:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

11/7/2011 8:29:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

11/7/2011 8:28:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache is3srv SCDEmu spldr vflt Wanarpv6

11/7/2011 8:23:34 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 2 time(s).

11/7/2011 8:23:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

11/7/2011 8:23:33 AM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 7:30:41 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 5 time(s).

11/7/2011 4:16:25 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

11/7/2011 2:49:35 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 4 time(s).

11/7/2011 2:30:14 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

11/7/2011 2:27:13 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2011 2:26:44 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

11/7/2011 2:26:24 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Intel® Management and Security Application Local Management Service service, but this action failed with the following error: An instance of the service is already running.

11/7/2011 2:26:13 PM, Error: Service Control Manager [7034] - The Intel® Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 2:26:11 PM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 2:24:57 PM, Error: Service Control Manager [7034] - The Remote Procedure Call (RPC) Net service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 2:24:57 PM, Error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 2:24:57 PM, Error: Service Control Manager [7034] - The NTI Backup Now 5 Scheduler Service service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 2:24:57 PM, Error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 2:24:57 PM, Error: Service Control Manager [7034] - The Acer ODD Power Service service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 2:24:57 PM, Error: Service Control Manager [7034] - The Acer ePower Service service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 2:24:13 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2011 2:24:09 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 2:24:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt

11/7/2011 2:24:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

11/7/2011 2:24:08 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 2:21:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv.dll

11/7/2011 11:55:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/7/2011 11:51:01 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Acer.

11/7/2011 11:39:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/7/2011 11:39:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/7/2011 11:39:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/7/2011 11:39:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/7/2011 11:39:15 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21

11/7/2011 11:38:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SCDEmu spldr vflt Wanarpv6

11/7/2011 11:38:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

11/7/2011 11:38:57 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain farmpureseeds due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

11/7/2011 11:37:41 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

11/7/2011 11:37:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Updater Service service to connect.

11/7/2011 11:37:36 PM, Error: Service Control Manager [7000] - The Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 11:37:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Raw Socket Service service to connect.

11/7/2011 11:37:21 PM, Error: Service Control Manager [7000] - The Raw Socket Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 11:37:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NTI IScheduleSvc service to connect.

11/7/2011 11:37:05 PM, Error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the device specified.

11/7/2011 11:37:05 PM, Error: Service Control Manager [7000] - The NTI IScheduleSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 11:36:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the GREGService service to connect.

11/7/2011 11:36:49 PM, Error: Service Control Manager [7000] - The GREGService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 11:36:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dritek WMI Service service to connect.

11/7/2011 11:36:34 PM, Error: Service Control Manager [7000] - The Dritek WMI Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 11:36:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.

11/7/2011 11:36:18 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 11:36:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.

11/7/2011 11:35:50 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

11/7/2011 11:35:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EgisTec Ticket Service service to connect.

11/7/2011 11:35:48 PM, Error: Service Control Manager [7001] - The EgisTec Service service depends on the EgisTec Ticket Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 11:35:48 PM, Error: Service Control Manager [7000] - The EgisTec Ticket Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 11:30:10 PM, Error: Service Control Manager [7031] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

11/7/2011 11:30:07 PM, Error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/7/2011 10:43:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Office Source Engine service to connect.

11/7/2011 10:43:30 AM, Error: Service Control Manager [7000] - The Office Source Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 10:40:41 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0D0979B9-5FBC-4054-A57A-56C9C8F3E291} because another computer on the network has the same name. The server could not start.

11/7/2011 10:35:14 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

11/7/2011 10:14:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Service service to connect.

11/7/2011 10:14:38 AM, Error: Service Control Manager [7000] - The Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 10:13:37 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 10:13:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

11/7/2011 10:13:28 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 10:13:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

11/7/2011 10:12:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv vflt

11/7/2011 10:11:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

11/7/2011 10:11:02 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 10:10:15 AM, Error: Service Control Manager [7000] - The STOPzilla Service service failed to start due to the following error: Access is denied.

11/7/2011 1:00:24 AM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: The pipe has been ended.

11/6/2011 2:41:14 PM, Error: Service Control Manager [7034] - The Updater Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

[Elise]

Hello, and

Unfortunately you have a nasty rootkit on your computer. Before starting to clean it, please read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[duggyb]

elise, i have handed the laptop over to my IT department, its more serious and above my head than i thought, regardless the IT guy thinks he may just fix it, i am against this and showed him your response, he is weighing the options of just replacing the hard drive all together to avoid further corruption of the company network.

Thank you very much for your assistance.

[Elise]

As this is a company computer, having the IT department handle it is indeed the best thing you could do.

Please read these advices, in order to prevent reinfecting your PC:

1. Install and update the following programs regularly:
   • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
     A comprehensive tutorial and a list of possible firewalls can be found here.
     
   • an AntiVirus Software
     It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
     
   • an Anti-Spyware program
     Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
     SUPERAntiSpyware is another good scanner with high detection and removal rates.
     Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
     
   • Spyware Blaster
     A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
     

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!