[Essexboy]

By heck you were a busy bee when I went to sleep

OK you have made progress, some of the windows files were restored from backup which has eased some of the errors

I have found another 2 files to remove

And then I would like you to update your video driver. The write errors at the moment lead me to think there may be a problem with your RAM... But to continue

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\IPH.PH
C:\emsf.bat

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

THEN

Go to this web page http://www.nvidia.co...aspx?lang=en-us and select option 2 for Graphics drivers. A small activex will determine your video card and offer the latest driver. Download and install that. Reboot

NEXT

We will do a sweep for orphan registry entries

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

If you could post the new Combofix log, MBAM log and a resume of the current situation

[Advertisements]

quick question here, should I? could I? restore my pc to even before I started having problems?

[8cimi]

quick question here, should I? could I? restore my pc to even before I started having problems?

[Essexboy]

Now you are nearly clean that could be a possibility. But before you try I would make a restore point of the current status before rolling back, in case you restore the start up problems. You would also lose the Antivirus and would need to re-install it. The choice is yours, but I would recommend completing the steps in my last post before doing that

[8cimi]

At stage 2-3 of combofix I got one error heading:
CF10390.exe
reading:
(0x0000005)


ComboFix 08-08-01.05 - Jesus 2008-08-04 16:59:56.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1642 [GMT -4:00]
Running from: C:\Documents and Settings\Jesus\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jesus\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\emsf.bat
C:\IPH.PH
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\emsf.bat
C:\IPH.PH

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-03 22:58 . 2008-08-03 22:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 18:30 . 2008-08-03 18:30 <DIR> d-------- C:\_OTMoveIt
2008-08-03 12:29 . 2008-08-03 12:29 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-03 11:11 . 2008-08-03 11:11 <DIR> d-------- C:\Program Files\OpenDNS Updater
2008-08-03 10:37 . 2008-08-03 10:37 <DIR> d-------- C:\Deckard
2008-07-07 13:47 . 2008-07-07 13:47 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-07 13:47 . 2008-07-07 13:47 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-07 13:47 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-07 10:50 . 2008-07-07 10:50 <DIR> d-------- C:\Program Files\StreamingStar
2008-07-07 10:50 . 2008-08-03 19:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 10:47 . 2008-07-07 10:47 <DIR> d-------- C:\WINDOWS\system32\WinFox
2008-07-07 10:47 . 2008-07-07 10:47 <DIR> d-------- C:\WINDOWS\system32\WinFast
2008-07-07 10:47 . 2008-07-07 10:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 23:34 --------- d-----w C:\Program Files\Opera 9
2008-08-01 05:45 --------- d-----w C:\Program Files\Bazooka Scanner
2008-07-31 20:42 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-07-07 14:50 --------- dc----w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-07 14:50 --------- d-----w C:\Documents and Settings\Jesus\Application Data\uTorrent
2008-07-07 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek
2008-07-07 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-07 14:47 --------- d-----w C:\Program Files\tamasoftware
2008-07-07 14:47 --------- d-----w C:\Documents and Settings\Jesus\Application Data\U3
2008-07-07 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-07 14:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 14:46 --------- d-----w C:\Program Files\Absolute Poker
2008-07-07 14:33 --------- d-----w C:\Program Files\QuickTime
2008-07-07 14:33 --------- d-----w C:\Program Files\Apple Software Update
2008-06-29 03:32 --------- d-----w C:\Documents and Settings\Jesus\Application Data\dvdcss
2008-06-23 21:23 --------- d-----w C:\Program Files\Widestep Software
2008-06-23 19:30 --------- d-----w C:\Program Files\Windows Live
2008-06-23 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-22 01:44 --------- d-----w C:\Program Files\DC++
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:37 --------- d-----w C:\Program Files\Saitek
2008-06-07 20:06 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2004-07-22 14:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-20 02:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-20 02:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-16 18:30 3,858 ----a-w C:\Program Files\directx redist.txt
2004-07-09 18:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 13:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 13:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 08:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 08:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 07:03 62,976 ----a-w C:\Program Files\DSETUP.dll
.

((((((((((((((((((((((((((((( snapshot_2008-08-03_21.05.58.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-04 20:49:36 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_658.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 10:10 131072]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 10:10 233472]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [2008-06-09 13:07 209408]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 10:38 78008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 11:29 40960 C:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ezShieldProtector for Px"=C:\WINDOWS\system32\ezSP_Px.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Documents and Settings\\Jesus\\Desktop\\SRO_NEW_Full-Client_Downloader.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 10:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 WUSB54GSSVC;WUSB54GSSVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GS.exe []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-07 13:47]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c594d57-6061-11dc-8e27-a4c471764370}]
\Shell\AutoRun\command - LinksysConnectPC.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-08-04 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 17:02:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-04 17:04:18
ComboFix-quarantined-files.txt 2008-08-04 21:03:33
ComboFix2.txt 2008-08-04 01:27:43
ComboFix3.txt 2008-08-04 01:07:15
ComboFix4.txt 2008-08-02 20:53:09
ComboFix5.txt 2008-08-04 20:59:35

Pre-Run: 102,776,942,592 bytes free
Post-Run: 102,764,236,800 bytes free

135 --- E O F --- 2008-08-04 00:48:26

[8cimi]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:30 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jesus\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jesus\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB1C4B0-D02D-42CE-8D8F-045DD03FDD02}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 4606 bytes


no problems running this.

[Essexboy]

Could you now update your video driver and run MBAM and then let me know how it is running

[8cimi]

Malwarebytes' Anti-Malware 1.24
Database version: 1025
Windows 5.1.2600 Service Pack 2

5:34:04 PM 8/4/2008
mbam-log-8-4-2008 (17-34-04).txt

Scan type: Quick Scan
Objects scanned: 39902
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dbe49762-874f-41ac-9409-ecdd4b3db4a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


this also went smoothly, It found 6 things all removed, I do not know if you want me to do another hijackthis,.

I also would like to say (again) how amazed I am , (and also very greatfull for all your help) this has been very interesting.
Oh and just becuase im curious, you dont actually type all these responses huh?

[8cimi]

I did everything just like you said in those steps. ran the:
combo
hijackthis
updated video card
MBAM

[Essexboy]

Oh and just becuase im curious, you dont actually type all these responses huh?

The basic reply is typed once and then saved for re-use and I just then need to add in the files etc that I want removed.. Except when it is an unusual case like this

Well MBAM only found some orphan registry entries.... So the big question is ... What problems remaiin

[8cimi]

what should I do to see if any more problems come up ?also what a bout a firewall you recommend? free of course since im so poor i probly should not even have the pc on -.-.

[8cimi]

uhmm when windows tried to update (before the last set of instructions) at boot up i got a window saying windows encountered a "serious" problem

[Essexboy]

What sort of problem -- is it working now

[8cimi]

well I cant remember what it said , but its not doing it now, + im not sure how to update manually to test it. ill try to restart the pc and see if everything is fine.

[8cimi]

ok it booted up perfect (at least i think so) so about a firewall?
I really cant stop thank you for all your time, help and patience.

[Essexboy]

Well if I read that right

Now the best part of the day ----- Your log now appears clean

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself. Erunt an MBAM are good tools to keep. However, if you wish to remove them it may be done via control panel


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Secunia Software inspector To check your programme update status
• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

*****And as for a free firewall ... look here *****