[Armodeluxe]

If it's only two computers and if there are no problems on the other computer, let's leave the file sharing alone for now. I guess you are running XP Home, not XP Pro, if that's the case simple file sharing in Home doesn't exist.

When the Tomtom setup.exe appears, is it still accompanied by autorun.inf?

I just realized that we ran a registry search for autorun.inf, but not setup.exe. I'm not familiar with the search tool you previously used, so please delete that one.

Please go here:
http://www.billsway.com/vbspage/

Scroll down the page
and download the "Registry Search Tool"

Unzip RegSrch.zip to the desktop

Double click on RegSrch.vbs

If you get a warning from your Anti Virus please ignore it and allow this to run.

When it starts, you will be prompted to enter a search phrase.

Please enter this:

"C:\\setup.exe"

Click OK, it will disappear and won't look as if it's doing anything. When it's done searching, a prompt will come up saying how many instances it found. Click OK, and a notepad will open up. Please copy the contents of that notepad and paste it here.

Please do the other steps in my previous post. Let's also have those two files scanned.

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  • C:\WINDOWS\choice.exe
• Click on the submit button
  
• Please post the results in your next reply.

Repeat the above for C:\WINDOWS\system32\deposit.dll

[Advertisements]

I guess you are running XP Home, not XP Pro

Yes, WinXP Home.

--------------------------------------

When the Tomtom setup.exe appears, is it still accompanied by autorun.inf?

Yes, but it may be that they aren't created at the same time, whereas the malware setup.exe is created exactly at the same time as the autorun.inf. Next time, I'll try to check if the tomtom setup.exe is created at the same time as the autorun.inf.

--------------------------------------

Please enter this:

"C:\\setup.exe"

I'didn't know whether to include the "" or not so I've done two seraches one with C:\\setup.exe and the other with "C:\\setup.exe".

Search for C:\\setup.exe

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "C:\\setup.exe" 22/09/2006 22:06:54

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\Shell\AutoRun\command]
@="C:\\setup.exe"

[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\_Autorun\DefaultIcon]
@="C:\\setup.exe,0"

--------------------------------------

Search for "C:\\setup.exe"

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string ""C:\\setup.exe"" 22/09/2006 22:14:25

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\Shell\AutoRun\command]
@="C:\\setup.exe"

--------------------------------------

Scan Report for choice.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 2e5832d56dcc6dc7ecb1cbe9ea350b9b
Packers detected: UPX
Results: ALL AntiViruses FOUND NOTHING

Note: In Post #19 Vikes told me to install IE-SPYAD and in the README.txt of the progie, there is mentioned (Quoted below) that it uses choice.exe and if it doesn't find it, ie-spyad will create it.

~~~~~~~~~~~~~~~~~~~~~
CHOICE.COM/CHOICE.EXE
~~~~~~~~~~~~~~~~~~~~~

The new IE-SPYAD Installer/Uninstaller, INSTALL.BAT, makes use of CHOICE.COM, a DOS utility which shipped with every version of MS DOS 6.0 and above as well as all versions of Win9x, including Windows 95, Windows 98, and Windows Me. Windows NT 4.0, Windows 2000, and Windows XP do not, however, include a copy of this file. Moreover, CHOICE.COM apparently has compatibility issues with the Windows XP command shell interpreter.

This distribution includes a copy of both CHOICE.COM (from Windows 95 B - OSR2) and CHOICE.EXE (from the Windows 2000 Professional Resource Kit), which has equivalent functionality to CHOICE.COM.

If INSTALL.BAT detects that you're running Windows NT/2000/XP, it will automatically install CHOICE.EXE to your Windows directory (usually \WINNT). (If you're running Windows 95/98*Guest and CHOICE.COM seems to be missing, INSTALL.BAT will instead install CHOICE.COM to \WINDOWS.)

If you're running Windows XP and INSTALL.BAT gives you errors every time you reach one of the menus, the problem is likely that a straight DOS version of CHOICE.COM is somewhere on your path. Even when CHOICE.EXE is installed in the Windows directory (\WINNT), if INSTALL.BAT finds CHOICE.COM, it will use CHOICE.COM instead of CHOICE.EXE. We want INSTALL.BAT to use CHOICE.EXE, which is compatible with Windows XP.

Check your Windows directory (usually \WINNT) as well as your System directory (\WINNT\SYSTEM32). If you find CHOICE.COM (as opposed to CHOICE.EXE), remove it. Also, if you downloaded an earlier version of this utility that included only CHOICE.COM, make sure that CHOICE.COM is not located in the top level installation directory (a copy is included in the \CHOICE sub-directory, but that's OK). In other words, make sure that there is no chance that CHOICE.COM will be used. On Windows XP, you should be using CHOICE.EXE instead.

Note: if you're running Windows 2003 Server, then INSTALL.BAT will not work with the version of CHOICE that is installed on your PC. See the "Windows 2003" section above in "Installation and Uninstallation" for tips on using IE-SPYAD with Windows 2003.

--------------------------------------

Scan Report for deposit.dll
Status: OK
MD5: 0046df045e2ff8e3a513b24ce762d72d
Packers detected: -
Results: ALL AntiViruses FOUND NOTHING

[help_me_pls]

I guess you are running XP Home, not XP Pro

Yes, WinXP Home.

--------------------------------------

When the Tomtom setup.exe appears, is it still accompanied by autorun.inf?

Yes, but it may be that they aren't created at the same time, whereas the malware setup.exe is created exactly at the same time as the autorun.inf. Next time, I'll try to check if the tomtom setup.exe is created at the same time as the autorun.inf.

--------------------------------------

Please enter this:

"C:\\setup.exe"

I'didn't know whether to include the "" or not so I've done two seraches one with C:\\setup.exe and the other with "C:\\setup.exe".

Search for C:\\setup.exe

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "C:\\setup.exe" 22/09/2006 22:06:54

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\Shell\AutoRun\command]
@="C:\\setup.exe"

[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\_Autorun\DefaultIcon]
@="C:\\setup.exe,0"

--------------------------------------

Search for "C:\\setup.exe"

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string ""C:\\setup.exe"" 22/09/2006 22:14:25

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\Shell\AutoRun\command]
@="C:\\setup.exe"

--------------------------------------

Scan Report for choice.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 2e5832d56dcc6dc7ecb1cbe9ea350b9b
Packers detected: UPX
Results: ALL AntiViruses FOUND NOTHING

Note: In Post #19 Vikes told me to install IE-SPYAD and in the README.txt of the progie, there is mentioned (Quoted below) that it uses choice.exe and if it doesn't find it, ie-spyad will create it.

~~~~~~~~~~~~~~~~~~~~~
CHOICE.COM/CHOICE.EXE
~~~~~~~~~~~~~~~~~~~~~

The new IE-SPYAD Installer/Uninstaller, INSTALL.BAT, makes use of CHOICE.COM, a DOS utility which shipped with every version of MS DOS 6.0 and above as well as all versions of Win9x, including Windows 95, Windows 98, and Windows Me. Windows NT 4.0, Windows 2000, and Windows XP do not, however, include a copy of this file. Moreover, CHOICE.COM apparently has compatibility issues with the Windows XP command shell interpreter.

This distribution includes a copy of both CHOICE.COM (from Windows 95 B - OSR2) and CHOICE.EXE (from the Windows 2000 Professional Resource Kit), which has equivalent functionality to CHOICE.COM.

If INSTALL.BAT detects that you're running Windows NT/2000/XP, it will automatically install CHOICE.EXE to your Windows directory (usually \WINNT). (If you're running Windows 95/98*Guest and CHOICE.COM seems to be missing, INSTALL.BAT will instead install CHOICE.COM to \WINDOWS.)

If you're running Windows XP and INSTALL.BAT gives you errors every time you reach one of the menus, the problem is likely that a straight DOS version of CHOICE.COM is somewhere on your path. Even when CHOICE.EXE is installed in the Windows directory (\WINNT), if INSTALL.BAT finds CHOICE.COM, it will use CHOICE.COM instead of CHOICE.EXE. We want INSTALL.BAT to use CHOICE.EXE, which is compatible with Windows XP.

Check your Windows directory (usually \WINNT) as well as your System directory (\WINNT\SYSTEM32). If you find CHOICE.COM (as opposed to CHOICE.EXE), remove it. Also, if you downloaded an earlier version of this utility that included only CHOICE.COM, make sure that CHOICE.COM is not located in the top level installation directory (a copy is included in the \CHOICE sub-directory, but that's OK). In other words, make sure that there is no chance that CHOICE.COM will be used. On Windows XP, you should be using CHOICE.EXE instead.

Note: if you're running Windows 2003 Server, then INSTALL.BAT will not work with the version of CHOICE that is installed on your PC. See the "Windows 2003" section above in "Installation and Uninstallation" for tips on using IE-SPYAD with Windows 2003.

--------------------------------------

Scan Report for deposit.dll
Status: OK
MD5: 0046df045e2ff8e3a513b24ce762d72d
Packers detected: -
Results: ALL AntiViruses FOUND NOTHING

[Armodeluxe]

Thanks for the info on choice.exe.

And since deposit.dll was found clean, let's leave it alone. It might belong to one of the games you have.

And finally we're on the right track for setup.exe!!

Please make a new registry search for

c59af793-37eb-11d9-b5b6-806d6172696f

and post the results.

[help_me_pls]

And finally we're on the right track for setup.exe!!

Wow, thats a good news

Search for c59af793-37eb-11d9-b5b6-806d6172696f

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "c59af793-37eb-11d9-b5b6-806d6172696f" 24/09/2006 03:32:08

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices]
"\\??\\Volume{c59af793-37eb-11d9-b5b6-806d6172696f}"=hex:1b,e6,1b,e6,00,7e,00,\

[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}]

[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\Shell]

[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\Shell\AutoRun]

[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\Shell\AutoRun\command]

[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\_Autorun]

[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}\_Autorun\DefaultIcon]

[HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c59af793-37eb-11d9-b5b6-806d6172696f}]

[Armodeluxe]

First delete all instances of setup.exe and autorun.inf from both under C:\ and C:\Documents and Settings\All Users\Documents

Now please copy the following text in the code box to Notepad. Make sure there is no empty line above REGEDIT4. In Notepad go to File > Save As. Name it Fixit.reg, in the drop down box at the bottom choose "All Files", and save it on your desktop. Then double click on Fixit.reg and let it merge with the registry..

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices]
"\\??\\Volume{c59af793-37eb-11d9-b5b6-806d6172696f}"=-

[-HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59af793-37eb-11d9-b5b6-806d6172696f}]

[-HKEY_USERS\S-1-5-21-507921405-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c59af793-37eb-11d9-b5b6-806d6172696f}]

Reboot and let's see if they still come back.

Edited by Armodeluxe, 24 September 2006 - 06:11 AM.

[Armodeluxe]

Forgot to mention, please make a backup of your registry first:

Go to Start > Run - type:

regedit

Click OK.

When you get into the registry, on the leftside, click to highlight My Computer at the top. Then go up to "File > Export" Make sure in that window there is a tick next to "All" under Export Branch. Leave the "Save As Type" as "Registration Files", then save it as backup to a convenient location. Remember where you put it (I don't recommend putting it on the desktop) This is so the registry can be restored to this point should anything be deleted by accident or something else happens. It may take a minute. Just let it go until it's done.

and just in case you are copying from your email instead of coming to the forum, I edited my previous post, so please come to the forum to do the copying.

[help_me_pls]

OK, done everything and now I'm waiting

BTW Bitdefender restarted to detect setup.exe as infected with Trojan.Proxy.Horst.CG

[help_me_pls]

Oops! it reappeared

I've given a look at the BitDefender Qurantine and I've found a bunch of setup.exe, I've noticed also that the file size is different and the name of the virus changes accordingly. So setup.exe is not always the same and currently it is infected with Trojan.Proxy.Horst.CG.

[Armodeluxe]

Ok then we will use some creativity to block it.

Copy the text in bold below into notepad and save it as Setup.exe

This file was put here to block the Setup.exe

Set the filetype to all files and save it to the folder C:\Documents and Settings\All Users\Documents\

Make and save another one of the same to your C:\ drive

Should you get a prompt that a file with that name already exists, replace it with yours.

Then find the files you just created and saved. Rightclick them and choose Properties.

Put a checkmark in the "Read Only" box.

You shouldn't have any more setup.exe files appearing.

[help_me_pls]

Its seems a good workaround.

I've got a question about a suspisious service called User Privilege Service. Is it legit?

Details:

• Service Name: usprserv
• Display Name: User Privilege Service
• Description:
• Path to executable: C:\WINDOWS\System32\svchost.exe -k netsvcs
• Startup type: Manual
• Service Status: Stopped
• Log on as: Local System Account
• Dependencies: It depends on no system components and no system components depend on it

[help_me_pls]

I've tried out Trend Micro System Cleaner, these are the results:



/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2006-09-26, 09:52:26, Auto-clean mode specified.
2006-09-26, 09:52:26, Running scanner "C:\Documents and Settings\User\Desktop\Sysclean\TSC.BIN"...
2006-09-26, 09:52:47, Scanner "C:\Documents and Settings\User\Desktop\Sysclean\TSC.BIN" has finished running.
2006-09-26, 09:52:47, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Tli Set 26 2006 09:52:28

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\User\Desktop\Sysclean\tsc.ptn" (version 788) [success]

Complete time : Tli Set 26 2006 09:52:47
Execute pattern count(2983), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-09-26, 09:53:14, An error was detected on "C:\Documents and Settings\User\My Documents\My Pictures\Camera\Kurt Gheneb\*.*": The system cannot find the path specified.
2006-09-26, 09:53:41, An error was detected on "C:\Documents and Settings\Kurt\My Documents\My Music\Backup ta' licenza\*.*": The system cannot find the path specified.
2006-09-26, 10:46:02, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/26/2006 09:54:46
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 791 (133410 Patterns) (2006/09/25) (379100)
Command Line: C:\Documents and Settings\User\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\User\Desktop\Sysclean

207368 files have been read.
207368 files have been checked.
182262 files have been scanned.
372244 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/26/2006 10:46:02
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-26, 10:46:02, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/26/2006 09:54:46
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 791 (133410 Patterns) (2006/09/25) (379100)
Command Line: C:\Documents and Settings\User\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\User\Desktop\Sysclean

207368 files have been read.
207368 files have been checked.
182262 files have been scanned.
372244 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/26/2006 10:46:02 51 minutes 16 seconds (3075.84 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-26, 10:46:02, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/26/2006 09:54:46
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 791 (133410 Patterns) (2006/09/25) (379100)
Command Line: C:\Documents and Settings\User\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\User\Desktop\Sysclean

207368 files have been read.
207368 files have been checked.
182262 files have been scanned.
372244 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/26/2006 10:46:02 51 minutes 16 seconds (3075.84 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-26, 10:46:02, Scanner "C:\Documents and Settings\User\Desktop\Sysclean\VSCANTM.BIN" has finished running.

[Armodeluxe]

Sysclean log is clean.

It is a very good program, especially for cleaning up infected system files, it was developed for that purpose. Other cleaning programs might delete an infected system file and then many problems occur because of the missing file.

User Privilege Service is a legit Microsoft service, but I couldn't find any useful info on what it does. Here it is advised to set it to manual:

http://www.masternew...eed_up_your.htm

I also found reference to it on some Cisco documents, it probably is used to secure a login.

Let me know if you still have any problems, if not we can mark this topic as resolved.

[help_me_pls]

Thanks for the info and link

No problems till now

THANKS to Vikesrock8411 and Armodeluxe

[Armodeluxe]

Now let's reset your restore points.

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'

Next goto Start Menu > Run > type

cleanmgr

click OK, when Disk Cleanup opens goto the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Please take the following into consideration to maintain a clean computer.

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Outpost
Sygate

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe

[help_me_pls]

Done all of the above except the firewall because BitDefender 9 Pro has a built-in firewall.

About Spywareguard, if its an ant-virus does it interfere with my anti-virus (BitDefender)?

THANKS for the helpful info.