[Kathy S.]

Hi, I've been trying to clean this computer for a number of days now. Every time I think I've gotten it cleaned it just seems things come back, and more stuff is added. This is a shared computer, and my sister isn't exactly computer savvy and seems to always infect it with even MORE things after using it. I've run various scans with Ewido and Spybot and nothing seems to do the trick. Help please?

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:24:19 PM, on 6/22/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Katie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.directson...s.asp?pc=GW102m
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [Microsoft Service] microsoft.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Panda_cleaner_262642] C:\WINDOWS\System32\ActiveScan\pavdr.exe xPanda ActiveScan 262642
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Regis\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: sdcard98 - sdcard98.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Panda Activescan log:


Incident Status Location

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[server.iad.liveperson.net/hc/89451406]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[server.iad.liveperson.net/hc/89451406]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\nh6dldby.default\cookies.txt[.toplist.cz/]
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Katie\Local Settings\Temp\h91746.exe
Virus:Trj/RootkitDrop.B Disinfected C:\Documents and Settings\Katie\Local Settings\Temp\spoolsvv.exe
Virus:Trj/RootkitDrop.B Disinfected C:\Documents and Settings\Katie\Local Settings\Temporary Internet Files\Content.IE5\RTTXVSQ9\spoolsvv[1].exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.go.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[64.62.232.6/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Regis\Application Data\Mozilla\Firefox\Profiles\iicam3sp.default\cookies.txt[hc2.humanclick.com/hc/71981182]
Virus:W32/Gaobot.batch Disinfected C:\Documents and Settings\Regis\Local Settings\Temp\r.bat
Virus:Trj/RootkitDrop.B Disinfected C:\Documents and Settings\Regis\Local Settings\Temp\spoolsvv.exe
Virus:Trj/RootkitDrop.B Disinfected C:\Documents and Settings\Regis\Local Settings\Temporary Internet Files\Content.IE5\89A5RAW9\spoolsvv[1].exe
Adware:adware/secure32 Not disinfected C:\Program Files\secure32.html
Virus:Trj/Unkma.A Disinfected C:\WINDOWS\__delete_on_reboot__comdlj32.dll

[Jag11]

Hello,

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1 for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here to get Service Pack 1

Warning: You must only update to Service Pack 1, and not Service Pack 2. Doing this before your computer is clean can cause Windows to become unstable. We will update to SP2 after the log is clean.

After you have updated your computer to SP1, please restart your computer and post a new HJT log.

[Kathy S.]

Sorry about the trouble. My sister had reformatted the computer about a month back because she had installed SP2 and crashed the computer, because I assume it conflicted with something (likely a virus). She never installed an anti-virus because she didn't like that they run in the background and pop up when she's doing things. I kinda assumed she installed SP1 again, but I assumed wrong.

Sorry I won't get to install SP1. She's being impatient and has decided she wants to reformatt the computer again.

[Jag11]

Ohh. Well if you'll reformat it, then there's no need for us to clean it because all the files (including the virus/spywares) will be wiped.

Just follow this to keep your computer clean and secure:

1.) Re-Hide System Files and Folders:

• Click Start
  
• Open My Computer
  
• Select the Tools menu and click Folder Options
  
• Select the View tab
  
• Deselect the Show hidden files and folders option
  
• Select the Hide protected operating system files option
  
• Click Yes to confirm
  
• Click OK

2.) Reset and Re-enable your System Restore

We need to do this to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

• Click Start » Run » ( type: SYSDM.CPL ) » OK
  
• Click the System Restore tab.
  
• Check - Turn off System Restore.
  
• Click Apply.
  
• Uncheck - Turn off System Restore.
  
• Click OK.

You have now flushed your previous System Restore points, so we will make a new one again since your computer is already clean.

• Go to Start » All Programs » Accessories » System Tools, and select System Restore
  
• In the System Restore prompt, select: Create a restore point
  
• Click Next
  
• Give a description to the new Restore Point. (Something like: Clean PC)
  
• Click Create
  
• Then close the window

3.) How to Prevent Re-Infection

Please take your time reading on this list, it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• Windows Updates (a must!) - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this, open Internet Explorer, then and select Tools » Windows Update, and follow the online instructions from there.
  
• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• Firewall (a must!) - It is definitely a must have. Two good free versions are Kerio and ZoneAlarm.
  
• Anti-Virus (a must!) - It is also a must have. Two good programs are Avast and AVG, they're both free.
  Note: You must only use 1 (one) AV because if you have 2 AVs, it will conflict with each other and will only make your system slow.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

[Jag11]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.