[Leifgreen]

Hello! ^_^ I, if you don't mind, need your help,
Two days ago my computer went wacky!. I've been getting Windows Security Alerts/Pop ups, and the most common one continually alerts me that my computer is infected with the "Worm.Win32.NetSky" virus (so it says, when investigations reviled it's actually a Worm.)
When ever I click on in these popups/Alerts, it opens to a website: (
I also got a scary image that took over my monitor's background!

IT was the typical hazardous symbol, coated in red. The background was Red too, and underneath, it says:
"Your Security's in danger!"

A simply Virus Scan removed the image, but the annoying popus/Alerts, System Alerts, and Desktop icons continually reoccur at every restart. If you don't mind, Geeks on the go, I am requesting your unforgettable help!

Any logs, Hijack Logs, you will need to teach me how to access, for, I've no idea what a : "Hijack log" is, if you don't mind. But Scan logs are my thing. This isn't the first time my computer has been infected with malicious software!

I just wanted to say Thanks People! ^0^

Oh, and I'm new, my name's Leifgreen! HELLO! ^_^

- Little preacher man.

[Rorschach112]

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, a menu with options should appear;
  
• Select the first option, to run Windows in Safe Mode, then press "Enter".
  
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.




Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  
• Under Additional Scans on the bottom right, check the boxes for Reg - Disabled MS Config Items and Reg - BotCheck.
  
• Now click the Run Scan button on the toolbar.
  
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

[Leifgreen]

SmitFraudFix (As asked for in replie:)

SmitFraudFix v2.258

Scan done at 20:08:00.63, Tue 12/04/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\jetctrl.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{9A61A0F7-9B36-475D-ADC8-9FE947DF97EA}]
C:\WINDOWS\kopmet.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{F9446572-CD6B-4150-B3EB-FCB4EEDB792F}]
C:\WINDOWS\nretcip.exe Deleted
C:\WINDOWS\voipwet.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Bah, I removed the WinPFind3u Scan Text Report from the reply because it wouldn't fit. The attachment is still there, though! ^_^

Thank you for the help! So far, the annoying Alerts and Pop ups are gone, and the desktop icons aren't returning. But, I know not to celebrate until you look at the Scan reports and declare the situation "Cleaned!"

I'm waiting excitedly for the monument! Thanks again! ^_^

- Little preacher man.

Attached File(s)

•  WinPFind3.Txt (68.72K)
  Number of downloads: 100

[Rorschach112]

Hello

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Quote

[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ->
YN -> AOLAspSunset2 -> %AllUsersAppData%\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
YN -> ServicesNotify -> %ProgramFiles%\Defender Pro\Defender Pro Anti-Scam\ServicesNotify.exe
< RunOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> OOBEDDDemise -> cmd /x /c erase %System32%\oobe\msoobe.exe
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {0D555BC6-E331-48b3-A60E-AAC0DF79438A} -> Reg Data - Value does not exist [ButtonText: Popup Blocker]
YN -> {4982D40A-C53B-4615-B15B-B5B5E98D167C} -> Reg Data - Value does not exist [ButtonText: AOL Toolbar]
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.



Also post a new HijackThis log.

[Leifgreen]

I just wanted to know, What typically is the "Run Fix" Text document's name?
12042007_210438, or is it "patterns?"

I did as you said, and I ran the Run Fix, pasting the information you gave me and afterwards restarted the computer. It prompted me to do so, so if that wasn't a correct thing to do, please tell me, if you don't mind! ^_^

It also asked me if I wanted to view the text file of the scan, but I had already gave it the command to restart before the message, thus confusing me in the proper Text File. I apologize.

Thanks again, the next reply should have the information you need! ^_^

- Little preacher man.

[Leifgreen]

I'm sorry, but I have to go for an entire day.
Please don't close the forum down, for I'll be back as soon as possible.
Thanks for the support so far! ^_^

Sorry...

- Little preacher man.

[Rorschach112]

No problem, we don't close the topics that fast ! When you are back, just run WinPFind3 again and attach the report here.

[Leifgreen]

When I ran this scan, I checked the REG - BotCheck, and the REG - Disabled MS Config Items Boxes as I did last time. Was that something I should of done? If not, I'll happily run another scan, if required.

Thanks again! ^_^

- Little preacher man.

Attached File(s)

•  WinPFind3.Txt (67.34K)
  Number of downloads: 72

[Rorschach112]

Hello

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  
• An icon will be created on your desktop. Double-click that icon to launch the program.
  
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  
• Under "Configuration and Preferences", click the Preferences button.
  
• Click the Scanning Control tab.
  
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
    
  • Scan for tracking cookies.
    
  • Terminate memory threats before quarantining.
  
  
• Click the "Close" button to leave the control center screen.
  
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  
• On the left, make sure you check C:\Fixed Drive.
  
• On the right, under "Complete Scan", choose Perform Complete Scan.
  
• Click "Next" to start the scan. Please be patient while it scans your computer.
  
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  
• Make sure everything has a checkmark next to it and click "Next".
  
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  
• If asked if you want to reboot, click "Yes".
  
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
    
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    
  • Please copy and paste the Scan Log results in your next reply.
  
  
• Click Close to exit the program.

Also post a new HijackThis log.

[Leifgreen]

I did everything you said, and here is all which you asked for! ^_^
It found and deleted 7 Adware.Tracking cookies. Wow, Thanks for that! ^_^

Also, I'm unable to post any HijackThis Logs, for I have no money to buy the program to scan my computer. If it's free, could you provide me a link for it? If you don't mind, that is! ^_^

Thanks! ^_^


SUPERAntiSpyware Scan Log
Generated 12/06/2007 at 07:40 AM

Application Version : 3.6.1000

Core Rules Database Version : 3354
Trace Rules Database Version: 1353

Scan type : Complete Scan
Total Scan Time : 08:28:15

Memory items scanned : 420
Memory threats detected : 0
Registry items scanned : 5491
Registry threats detected : 0
File items scanned : 371861
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@protect.trustedantivirus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@protect.trustedantivirus[3].txt
C:\Documents and Settings\Owner\Cookies\owner@gomyhit[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sale.trustedantivirus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trustedantivirus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@gomyhit[3].txt

Trojan.Net-MSV/VPS-H
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP77\A0141322.DLL

- Little preacher man.

[Rorschach112]

HijackThis is free. I forgot we hadn't used it so far !

CLICK HERE to download the HijackThis Installer:

• Save HJTInstall.exe to your desktop.
  
• Double-click on HJTInstall.exe to run the program.
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis.
  
• Accept the license agreement by clicking the "I Accept" button.
  
• Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  
• Click "Save log" to save the log file and then the log will open in Notepad.
  
• Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  
• Come back here to this thread and paste the log in your next reply.
  
• Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Also let me know how your PC is running

[Leifgreen]

The PC is running Slow and Laggy. In the past, we wiped the computer out from an over-load of Malware, Spyware, Viruses, Trojans, etc. When the PC recovered the computer was impressively fast, and, of course, empty.

Since we installed DSL and downloaded a new Browser (Mozilla Firefox) all seemed great. Almost NO scans were done for Viruses and Spyware.
Over time, though, the computers performance was slowly decreasing with more files I was downloading. And after I installed a ActiveX Download to watch a video, (Which I later learned was a scam entirely) the next waking morning was the appearance of the Worm.Win32.NetSky.

Is that info enough for you, Rorschach112? If not, just let me know, if you don't mind! ^_^

- Little preacher man.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:36 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1193005311\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DefenderPro AntiSpy\TSAntiSpy.exe
C:\PROGRA~1\DEFEND~2\DEFEND~2\PopUpKiller.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
c:\program files\common files\aol\1193005311\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1193005311\ee\aolsoftware.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~2\DEFEND~2\PopUp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Defender Pro Anti-Scam - {102BAD8B-CD05-46ff-94FF-A2C1ABD5F7D5} - C:\Program Files\Defender Pro\Defender Pro Anti-Scam\mscoree.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1193005311\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LaunchAntiSpy] C:\Program Files\DefenderPro AntiSpy\TSAntiSpy.exe /startup
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~2\PopUpKiller.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6688 bytes

[Rorschach112]

Well your logs look good ! We need to do a few little things.

You can delete the tools that we used

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Have a read of this link for ways to speed up your PC
http://users.telenet.be/bluepatchy/miekiem...owcomputer.html



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

• Click Start > Run
  
• Type Inetcpl.cpl & click OK
  
• Click on the Security tab
  
• Click Reset all zones to default level
  
• Make sure the Internet Zone is selected & Click Custom level
  
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

[Leifgreen]

Thanks for the useful links and protection advice! I thank you A LOT! ^_^
Is the situation all clear now? OR are there further requests you need to ask of me? If not, just let me know, if you don't mind!

Thanks again! ^_^

- Little preacher man.

[Rorschach112]

The situation is all clear now. Your PC is clean. We can close this thread whenever you want