[mcchartman]

Good day,

I have had some problems in the past with some malwares and usually managed to fix them (as far as I know) by reading topics posted by other people on forums such as this one. This time however, I decided I might require a better cleanup adapted to my own condition.

The symptoms? Every other IE window I open, a pop-up appears offering me to install WinFixer 2005. I have always closed the windows, which would cause another IE window to open automatically at addresses such as www.trafficexplorer.com or the winfixer homepage (there may have been others, but these are the most reccurent ones)

I had never downloaded HijackThis before as I have heard mixed reviews, so please bear with me as this will be my first time giving a shot at this program. As I understand, the first step you require is seeing a log file as obtained from HJT (see below).

Can anyone be bothered to help me? Oh and please, if you detect any other problem in the log, would you be so kind as to inform me and perhaps guide me on how to remove them? Thanks in advance.

--------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:45:21 AM, on 8/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\pmnno.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/...of.cab34501.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab34842.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4E3AF39-2267-441E-91D3-AD8EDA7F7370}: NameServer = 206.47.244.89 206.47.244.14
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--------------------

[Advertisements]

Hello and welcome!

Can you start with running this online scan and posting the results here:

Panda Activescan

[Rawe]

Hello and welcome!

Can you start with running this online scan and posting the results here:

Panda Activescan

[mcchartman]

Ok, the scan is on its way... It has already detected 1 virus, 1 spyware and 1 suspicious file and apparently fixed the detected virus. I have to go shopping for a bit so I will leave the scan and see the results once I come back. I just basically wanted to say thanks for replying so fast. Hopefully something can be done.

[Rawe]

Yup, we'll get it sorted. Post the log whenever you have time.. I'll be around today..

[mcchartman]

Allright, so here is the report:

------------------

Incident Status Location

Possible Virus. No disinfected C:\WINDOWS\system32\pmnno.dll
Spyware:spyware/virtumonde No disinfected Windows Registry
Virus:Trj/Downloader.EGF Disinfected C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\time.class-480448a5-1f40e925.class
Virus:Trj/Downloader.EIC Disinfected C:\WINDOWS\system32\mljge.dll
Possible Virus. No disinfected C:\WINDOWS\system32\pmnno.dll
Virus:Trj/Mitglieder.DQ Disinfected [Beach.zip][f22-013.exe]
------------------

I haven't tried to edit the text to make it more legible as I am sure you have seen such reports hundreds of time. Apparently, two viruses, Mitglieder and Downloader were found and removed, and a spyware called virtumonde was found yet not removed (I obviously would have to buy their product for them to remove it for me). I'm not sure what shall be your feeling on this, but the description of virtumonde states that it basically causes pop-ups to appear without solicitation... any chance this is the source of my winfixer pop-ups? Oh and finally, there are two suspicious items (which appear to be one single file really: pmnno.dll. Could you give me any hints on how to proceed from there?
Thanks again for your pronto responses...

[Rawe]

Looks like Vundo to me.

Please download VundoFix.zip to your desktop.

• Double-click VundoFix.zip and extract it to your C:\ directory.
• Copy the instructions below and paste them into Notepad for reference.
  • All other windows need to be closed while doing this fix!
• Navigate to the new folder C:\VundoFix
• Double click on KillVundo.bat
  • When it starts running it will tell you that you need an active internet connection then ask you to press any key once you do.
• Please press any key to continue.
• Wait for HiJackThis to open.
• When HiJackThis opens, click Do a system scan only. Place a check next to the following items, if found:
  
  O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\pmnno.dll
  
  O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll
  
• Once they all have a check next to them, click the FIX CHECKED button, then close HiJackThis.

You will once again be prompted to press any key. Upon doing so this time you will receive a "Blue Screen Of Death". Don't worry, this is normal! Let the computer reboot. If it doesn't boot straight to windows, manually turn the computer off and then back on.

Once the computer is rebooted post a new HiJackThis log as well as the contents of vundofix.txt which can be found in this folder: C:\VundoFix

[mcchartman]

Right-o. I've followed all your instructions and everything worked out as you predicted (with the only exception that I didn't get a 'blue screen of death' but the computer skipped straight to reboot). Here is the Vundofix summary and my new HJT log as you wanted:

--------------

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Suspending PID 472 'smss.exe'
Threads [476][480][484]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1372 'explorer.exe'
Killing PID 1372 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 552 'winlogon.exe'
Killing PID 552 'winlogon.exe'
Killing PID 552 'winlogon.exe'
Sucessfully Deleted

--------------

Logfile of HijackThis v1.99.1
Scan saved at 12:43:11 PM, on 8/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/...of.cab34501.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab34842.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4E3AF39-2267-441E-91D3-AD8EDA7F7370}: NameServer = 206.47.244.89 206.47.244.14
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--------------

Somehow I have the feeling this worked out... There is something fresh about my computer (no joke). Hopefully from these logs you will feel the same. Thanks again for your help.

[Rawe]

Yup, Vundo got killed. (Nice job Atribune, it's his fix. )

Let's kill the leftovers.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
• Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directoy as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
  Disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
• Once the definitions are installed and shields disabled, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

- Rawe

[mcchartman]

It seems it found 4 'spy cookies'. Here is the log as pasted from spysweeper:

--------------------

********
12:59 PM: |··· Start of Session, Thursday, August 25, 2005 ···|
12:59 PM: Spy Sweeper started
12:59 PM: Sweep initiated using definitions version 521
12:59 PM: Starting Memory Sweep
1:02 PM: Memory Sweep Complete, Elapsed Time: 00:02:25
1:02 PM: Starting Registry Sweep
1:02 PM: Registry Sweep Complete, Elapsed Time:00:00:10
1:02 PM: Starting Cookie Sweep
1:02 PM: Found Spy Cookie: com.com cookie
1:02 PM: default@com[2].txt (ID = 2445)
1:02 PM: Found Spy Cookie: realmedia cookie
1:02 PM: default@realmedia[1].txt (ID = 3235)
1:02 PM: Found Spy Cookie: reliablestats cookie
1:02 PM: [email protected][1].txt (ID = 3254)
1:02 PM: Found Spy Cookie: zedo cookie
1:02 PM: default@zedo[1].txt (ID = 3762)
1:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:02 PM: Starting File Sweep
1:07 PM: File Sweep Complete, Elapsed Time: 00:04:54
1:07 PM: Full Sweep has completed. Elapsed time 00:07:31
1:07 PM: Traces Found: 4
1:08 PM: Removal process initiated
1:08 PM: Quarantining All Traces: com.com cookie
1:08 PM: Quarantining All Traces: realmedia cookie
1:08 PM: Quarantining All Traces: reliablestats cookie
1:08 PM: Quarantining All Traces: zedo cookie
1:08 PM: Removal process completed. Elapsed time 00:00:01
********
12:58 PM: |··· Start of Session, Thursday, August 25, 2005 ···|
12:58 PM: Spy Sweeper started
12:58 PM: Your spyware definitions have been updated.
12:59 PM: |··· End of Session, Thursday, August 25, 2005 ···|

--------------------

And while I'm at it, one quick question: With AdAware 6, AdWatch was included for free, which is no longer the case with AdAware SE. Because I didn't buy the pro version, I haven't had a real-time spyware check on my computer for a good while now. Any advice on other free programs I could download that have a real-time coverage? Or should I simply stop being a cheapo and buy the pro version of AdAware? Any feedback would be appreciated on the matter.

[Rawe]

AdWatch isn't included in the Personal/Free version. Then again, it comes added free in the Ad-aware SE Plus & Pro version both (As it was added in the Ad-aware 6 Plus/Pro versions as well). Myself, I like to use the free version of Ad-aware. I have NEVER used money for anti-spyware programs.. Since you can get just PERFECT free ones. Which throws us to the second subject,

Here's some tips for future to prevent spyware;

Detect and Remove Programs:

• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
• How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

• AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
• Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
• More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.

And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)

Visit;
http://www.windowsupdate.com and install ALL the critical updates available !

- Rawe

If you want to learn how to help people with malware problems like I helped you, feel free to take a look at this thread; http://www.geekstogo...here-t4817.html

[mcchartman]

Allright so the big question: Am I to conclude that my computer is free of malwares at this very moment? (sorry if it seems selfish, but I *really* have to get this confirmed as this is the reason I initialy posted).

Either way, THANK YOU VERY MUCH for your time and knowledge. Out of every 10 a$$holes you meet on the net, there is one incredibly helpful and knowledgeable person ready to assist other people in need and you - naturally - would fall under the second category.

*bows* *bows* and *bows again*

Furthermore, I will definitely have a read at the various topics and programs you have pointed to.

Kudos.

[Rawe]

Yup your log is clean

[mcchartman]

Effectively, the pop-ups have stopped appearing (and in fact I haven't seen them since I did the Panda Software scan) but either way, if this scan solved some problems, there were obviously other problems lurking in my computer. Thanks a bunch once again - and I mean it.

[Rawe]

And I'm glad to help.
Thanks for the nice words.. It means a lot. Those words are why I do this in this forum..