[gfinetin]

Jotti's malware scan Report:


File: skin.exe

Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)

MD5 0c4458fca78af6493509495cc0f48227

Packers detected: UPX

Scanner results :

AntiVir-------------------Found nothing
ArcaVir------------------Found nothing
Avast--------------------Found nothing
AVG Antivirus-----------Found nothing
BitDefender-------------Found nothing
ClamAV-----------------Found nothing
Dr.Web------------------Found nothing
F-Prot Antivirus---------Found nothing
Fortinet------------------Found nothing
Kaspersky Anti-Virus--Found nothing
NOD32-------------------Found nothing
Norman Virus Control--Found nothing
UNA----------------------Found nothing
VBA32-------------------Found nothing

Edited by gfinetin, 05 September 2005 - 04:27 AM.

[Advertisements]

Go ahead and uninstall Ewido, CureIt & A-squared if you want to.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
• Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directoy as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed and shields disabled, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

[Rawe]

Go ahead and uninstall Ewido, CureIt & A-squared if you want to.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
• Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directoy as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed and shields disabled, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

[gfinetin]

********
20:18: |··· Start of Session, ïîíåäåëíèê, 05 ñåïòåìâðè 2005 ···|
20:18: Spy Sweeper started
20:18: Sweep initiated using definitions version 526
20:18: Starting Memory Sweep
20:21: Memory Sweep Complete, Elapsed Time: 00:02:31
20:21: Starting Registry Sweep
20:21: Found Adware: winad
20:21: HKLM\software\adtools service\ (2 subtraces) (ID = 103252)
20:21: Found Adware: adtools
20:21: HKLM\software\adtools service\ (2 subtraces) (ID = 103252)
20:21: Found Adware: dluca
20:21: HKU\S-1-5-21-2000478354-492894223-1957994488-1003\software\program info\ (1 subtraces) (ID = 125223)
20:21: Found Adware: instafinder
20:21: HKU\S-1-5-21-2000478354-492894223-1957994488-1003\software\instafink\ (56 subtraces) (ID = 128666)
20:21: Found Adware: startnow
20:21: HKU\S-1-5-21-2000478354-492894223-1957994488-1003\software\microsoft\installer\features\b5890ede256d37548ae908c32b952774\ (2 subtraces) (ID = 142595)
20:21: HKU\S-1-5-21-2000478354-492894223-1957994488-1003\software\microsoft\installer\products\b5890ede256d37548ae908c32b952774\ (16 subtraces) (ID = 142596)
20:21: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\common files\hyperbar\ (ID = 142609)
20:21: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\startnow\ (ID = 142610)
20:21: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\startnow\navigation helper\ (ID = 142611)
20:21: HKLM\software\classes\adtoolsx.installer\ (3 subtraces) (ID = 147163)
20:21: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/adtoolsx.dll\ (2 subtraces) (ID = 147188)
20:21: Found Trojan Horse: trojan-downloader-ruin
20:21: HKLM\software\microsoft\windows\currentversion\urls\ (8 subtraces) (ID = 605127)
20:21: Found Adware: cydoor
20:21: HKU\WRSS_Profile_S-1-5-21-2000478354-492894223-1957994488-501\software\cydoor\ (26 subtraces) (ID = 639126)
20:21: Registry Sweep Complete, Elapsed Time:00:00:28
20:21: Starting Cookie Sweep
20:21: Found Spy Cookie: sandboxer cookie
20:21: as@0[1].txt (ID = 3282)
20:21: as@0[2].txt (ID = 3282)
20:21: as@0[3].txt (ID = 3282)
20:21: as@0[4].txt (ID = 3282)
20:21: as@0[5].txt (ID = 3282)
20:21: as@0[7].txt (ID = 3282)
20:21: Found Spy Cookie: 3 cookie
20:21: as@3[1].txt (ID = 1959)
20:21: as@3[2].txt (ID = 1959)
20:21: Found Spy Cookie: 64.62.232 cookie
20:21: [email protected][1].txt (ID = 1987)
20:21: [email protected][2].txt (ID = 1987)
20:21: Found Spy Cookie: 888 cookie
20:21: as@888[1].txt (ID = 2019)
20:21: Found Spy Cookie: websponsors cookie
20:21: [email protected][2].txt (ID = 3665)
20:21: Found Spy Cookie: accoona cookie
20:21: as@accoona[2].txt (ID = 2041)
20:21: Found Spy Cookie: com.com cookie
20:21: [email protected][1].txt (ID = 2446)
20:21: Found Spy Cookie: bannerbank cookie
20:21: [email protected][2].txt (ID = 2281)
20:21: Found Spy Cookie: hbmediapro cookie
20:21: [email protected][1].txt (ID = 2768)
20:21: Found Spy Cookie: precisead cookie
20:21: [email protected][2].txt (ID = 3182)
20:21: Found Spy Cookie: adrevolver cookie
20:21: as@adrevolver[2].txt (ID = 2088)
20:21: Found Spy Cookie: cc214142 cookie
20:21: [email protected][2].txt (ID = 2367)
20:21: Found Spy Cookie: adultfriendfinder cookie
20:21: as@adultfriendfinder[2].txt (ID = 2165)
20:21: Found Spy Cookie: about cookie
20:21: [email protected][1].txt (ID = 2038)
20:21: Found Spy Cookie: zone-media cookie
20:21: [email protected][2].txt (ID = 3765)
20:21: Found Spy Cookie: banner cookie
20:21: as@banner[1].txt (ID = 2276)
20:21: Found Spy Cookie: belnk cookie
20:21: as@belnk[2].txt (ID = 2292)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 3765)
20:21: Found Spy Cookie: ccbill cookie
20:21: as@ccbill[1].txt (ID = 2369)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 3765)
20:21: Found Spy Cookie: desktop kazaa cookie
20:21: [email protected][1].txt (ID = 2515)
20:21: [email protected][2].txt (ID = 2293)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][2].txt (ID = 2446)
20:21: [email protected][2].txt (ID = 2446)
20:21: [email protected][1].txt (ID = 2038)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 3765)
20:21: Found Spy Cookie: ic-live cookie
20:21: as@ic-live[1].txt (ID = 2821)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 2038)
20:21: Found Spy Cookie: passion cookie
20:21: as@passion[2].txt (ID = 3113)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 2446)
20:21: Found Spy Cookie: rightmedia cookie
20:21: as@rightmedia[1].txt (ID = 3259)
20:21: Found Spy Cookie: domainsponsor cookie
20:21: [email protected][1].txt (ID = 2534)
20:21: Found Spy Cookie: spywarestormer cookie
20:21: as@spywarestormer[2].txt (ID = 3417)
20:21: Found Spy Cookie: starware.com cookie
20:21: as@starware[2].txt (ID = 3441)
20:21: [email protected][2].txt (ID = 2038)
20:21: [email protected][1].txt (ID = 3765)
20:21: Found Spy Cookie: toplist cookie
20:21: as@toplist[2].txt (ID = 3557)
20:21: Found Spy Cookie: tracking cookie
20:21: as@tracking[2].txt (ID = 3571)
20:21: [email protected][1].txt (ID = 3765)
20:21: [email protected][1].txt (ID = 3765)
20:21: Found Spy Cookie: webpower cookie
20:21: as@webpower[1].txt (ID = 3660)
20:21: [email protected][2].txt (ID = 2042)
20:21: [email protected][1].txt (ID = 2446)
20:21: [email protected][1].txt (ID = 2446)
20:21: Found Spy Cookie: screensavers.com cookie
20:21: [email protected][2].txt (ID = 3298)
20:21: [email protected][1].txt (ID = 3765)
20:21: Found Spy Cookie: xiti cookie
20:21: as@xiti[1].txt (ID = 3717)
20:21: Cookie Sweep Complete, Elapsed Time: 00:00:04
20:21: Starting File Sweep
20:21: c:\program files\startnow (1 subtraces) (ID = -2147480227)
20:21: Found Adware: whenu
20:21: c:\program files\common files\whenu (1 subtraces) (ID = -2147480379)
20:21: c:\program files\adtools service (ID = -2147480021)
20:21: c:\documents and settings\as\application data\hyperbar (1 subtraces) (ID = -2147480231)
20:21: Found Trojan Horse: ukvideo
20:21: c:\windows\system32\dialersetup (ID = -2147480128)
20:21: Found Adware: multidial
20:21: c:\program files\dialers (ID = -2147480584)
20:21: Found Adware: bullguard popup ad
20:21: c:\windows\temp\bullguard (ID = -2147476409)
20:21: Found Adware: keenvalue/perfectnav
20:21: c:\program files\perfectnav (1 subtraces) (ID = -2147480782)
20:21: c:\documents and settings\all users\application data\hyperbar (2 subtraces) (ID = -2147480230)
20:24: Warning: Failed to read file "c:\documents and settings\as\local settings\temp\perflib_perfdata_6f4.dat". System Error. Code: 32.
The process cannot access the file because it is being used by another process
20:24: Warning: Failed to open file "c:\documents and settings\as\desktop\esc,t610,,,,,,\papa muntz\java\pictures\britney spears cameron diaz rose mcgowan kirsten dunst kate winslet renee zellweger catherine zeta-jones.jpg". The system cannot find the file specified
20:25: Found Adware: gain-supported software
20:25: gatorgaininstaller.log (ID = 61390)
20:29: Found Adware: hackerag dialer
20:29: coder.log (ID = 62064)
20:29: config.xml (ID = 76932)
20:29: File Sweep Complete, Elapsed Time: 00:08:13
20:29: Full Sweep has completed. Elapsed time 00:11:25
20:29: Traces Found: 215
20:30: Removal process initiated
20:30: Quarantining All Traces: winad
20:30: Quarantining All Traces: adtools
20:30: Quarantining All Traces: dluca
20:30: Quarantining All Traces: instafinder
20:30: Quarantining All Traces: startnow
20:30: Quarantining All Traces: trojan-downloader-ruin
20:30: Quarantining All Traces: cydoor
20:30: Quarantining All Traces: sandboxer cookie
20:30: Quarantining All Traces: 3 cookie
20:30: Quarantining All Traces: 64.62.232 cookie
20:30: Quarantining All Traces: 888 cookie
20:30: Quarantining All Traces: websponsors cookie
20:30: Quarantining All Traces: accoona cookie
20:30: Quarantining All Traces: com.com cookie
20:30: Quarantining All Traces: bannerbank cookie
20:30: Quarantining All Traces: hbmediapro cookie
20:30: Quarantining All Traces: precisead cookie
20:30: Quarantining All Traces: adrevolver cookie
20:30: Quarantining All Traces: cc214142 cookie
20:30: Quarantining All Traces: adultfriendfinder cookie
20:30: Quarantining All Traces: about cookie
20:30: Quarantining All Traces: zone-media cookie
20:30: Quarantining All Traces: banner cookie
20:30: Quarantining All Traces: belnk cookie
20:30: Quarantining All Traces: ccbill cookie
20:30: Quarantining All Traces: desktop kazaa cookie
20:30: Quarantining All Traces: ic-live cookie
20:30: Quarantining All Traces: passion cookie
20:30: Quarantining All Traces: rightmedia cookie
20:30: Quarantining All Traces: domainsponsor cookie
20:30: Quarantining All Traces: spywarestormer cookie
20:30: Quarantining All Traces: starware.com cookie
20:30: Quarantining All Traces: toplist cookie
20:30: Quarantining All Traces: tracking cookie
20:30: Quarantining All Traces: webpower cookie
20:30: Quarantining All Traces: screensavers.com cookie
20:30: Quarantining All Traces: xiti cookie
20:30: Quarantining All Traces: whenu
20:30: Quarantining All Traces: ukvideo
20:30: Quarantining All Traces: multidial
20:30: Quarantining All Traces: bullguard popup ad
20:30: Quarantining All Traces: keenvalue/perfectnav
20:30: Quarantining All Traces: gain-supported software
20:30: Quarantining All Traces: hackerag dialer
20:31: Removal process completed. Elapsed time 00:00:51
********
20:15: |··· Start of Session, ïîíåäåëíèê, 05 ñåïòåìâðè 2005 ···|
20:15: Spy Sweeper started
20:18: Your spyware definitions have been updated.
20:18: Messenger service has been disabled.
20:18: |··· End of Session, ïîíåäåëíèê, 05 ñåïòåìâðè 2005 ···|

[Rawe]

Can you post a fresh HiJackThis log and we'll clean up if there's anything left

[gfinetin]

Logfile of HijackThis v1.99.1
Scan saved at 20:48:42, on 05.09.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\AS\Desktop\emule.exe -AutoStart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - http://195.39.204.19.../Stealthnet.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{88CAE5D7-C852-45D3-93B2-6D583506FB53}: NameServer = 69.50.176.196 195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F5AE792-AE20-4565-956C-430A544A765A}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D497F01-8DFF-4ABF-B5BE-5E87915CE82B}: NameServer = 69.50.176.196,195.225.176.37
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[Rawe]

Go ahead and uninstall SpySweeper & TrojanHunter if you want to.

Next, run a scan with HiJackThis and check the following objects for removal:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\..\{88CAE5D7-C852-45D3-93B2-6D583506FB53}: NameServer = 69.50.176.196 195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F5AE792-AE20-4565-956C-430A544A765A}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D497F01-8DFF-4ABF-B5BE-5E87915CE82B}: NameServer = 69.50.176.196,195.225.176.37

Close ALL open windows except for HiJackThis and hit FIX CHECKED.

Then reboot and do this:

• Clean out temporary files:

• Click Start -> Run and type in: cleanmgr
• Click "Ok".
• Let it scan your system.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only ones checked.
• Click "OK" to remove them.
• Click "Yes" to confirm the deletion.

Then post back here and let me know how's the system running, if you have any problems.

[gfinetin]

The CD-Rom is not accept empty cd's. My dad is not understanding in computers so good and he says the internet explorer is very slow and for me everything is fine except the cd-rom (Sony CD-RW CRX185E3). I dont know , what you will sugest me , to find a man who will repair from here or to go in pc shop to repair or buy new .I dont know - YOU ARE THE MANIAC - for this stuff

Here's what the computer says after the burning with nero:


AURA SOFT
1502-4120-1246-0757-1137-5514

Windows XP 5.1
WinAspi: -
ahead WinASPI: File 'C:\Program Files\Ahead\Nero\Wnaspi32.dll': Ver=2.0.1.50, size=131072 bytes, created 25.06.2002 18:34:54
Nero Version: 5.5.9.9 (Nero Express)
Recorder: <SONY CD-RW CRX185E3> Version: L08f - HA 0 TA 1 - 5.5.9.9
Adapter driver: <atapi> HA 0
Drive buffer : 2048kB
Bus Type : default (0) -> ATAPI, detected: ATAPI
CD-ROM: <SONY CD-RW CRX185E3>Version: L08f - HA 0 TA 1 - 5.5.9.9
Adapter driver: <atapi> HA 0
Bus Type : default (0) -> ATAPI, detected: ATAPI

=== Scsi-Device-Map ===
DiskPeripheral : Maxtor 2F040J0 atapi Port 0 ID 0 DMA: On
CdRomPeripheral : SONY CD-RW CRX185E3 atapi Port 0 ID 1 DMA: Off
=======================

AutoRun : 1
Excluded drive IDs:
CmdQueuing : 1
CmdNotification: 2
WriteBufferSize: 34603008 (0) Byte
ShowDrvBufStat : 0
EraseSpeed : 0
BUFE : 0
Physical memory : 255MB (261616kB)
Free physical memory: 72MB (73784kB)
Memory in use : 71 %
Uncached PFiles: 0x0
Use Static Write Speed Table: 0
Use Inquiry : 1
Global Bus Type: default (0)
Check supported media : Enabled (1)
Wizard: On

5.9.2005
CD-ROM (ISO)
21:42:17 #1 Text 0 File Isodoc.cpp, Line 6003
Iso document burn settings
------------------------------------------
Determine maximum speed : FALSE
Simulate : FALSE
Write : TRUE
Finalize CD : FALSE
Multisession : TRUE
Multisession type: : Start multisession
Burning mode : TAO
Mode : 1
ISO Level : 1 (Max. of 11 = 8 + 3 char)
Character set : ISO 9660
Joliet : TRUE
Allow pathdepth more than 8 directories : TRUE
Allow more than 255 characters in path : TRUE
Write ISO9660 ;1 file extensions : TRUE

21:42:17 #2 Phase 94 File dlgbrnst.cpp, Line 1566
Power Burn activated

21:42:17 #3 Text 0 File Reader.cpp, Line 118
Reader running

21:42:17 #4 Text 0 File Writer.cpp, Line 134
Writer SONY CD-RW CRX185E3 running

21:42:17 #5 ISO9660GEN -11 File geniso.cpp, Line 4488
First writeable address = 0 (0x00000000)

21:42:17 #6 Text 0 File Burncd.cpp, Line 3542
Turn on Track-At-Once, using CD-R/RW media

21:42:17 #7 Text 0 File ThreadedTransferInterface.cpp, Line 663
Setup items (original item values)
0: TRM_DATA_MODE1 (CTransferItem)
2 indices, index0 (150) not provided
original CD pos #0 + 2926 (2926) = #2926/0:39.1
relocatable, CD pos for caching/writing not required/required, no patch infos
--------------------------------------------------------------

21:42:19 #8 Text 0 File DlgWaitCD.cpp, Line 199
Last possible write address on media: 359848 (79:59.73)
Last address to be written: 109974 (24:28.24)

21:42:19 #9 Text 0 File DlgWaitCD.cpp, Line 204
Write in overburning mode: FALSE

21:42:19 #10 Text 0 File DlgWaitCD.cpp, Line 1403
Recorder: SONY CD-RW CRX185E3;
CDRW code: 00 97 27 00; OSJ entry from: DIGITAL STORAGE TECHNOLOGY CO.,LTD
ATIP Data:
Special Info [hex] 1: D0 00 A0, 2: 61 1B 00 (LI 97:27.00), 3: 4F 3B 4A (LO 79:59.74)
Additional Info [hex] 1: 00 00 80 (invalid), 2: 00 80 00 (invalid), 3: 00 80 80 (invalid)

21:42:21 #11 Text 0 File ThreadedTransferInterface.cpp, Line 815
Prepare recorder SONY CD-RW CRX185E3 for write in TAO
DAO infos:
==========
MCN:
TOCTYPE: 0x0 Close Session
Tracks 1 to 1:
TRM_DATA_MODE1, 2048/0x0, ISRC "", FilePos 0 307200 6299648

21:42:21 #12 Text 0 File ThreadedTransferInterface.cpp, Line 843
Removed 2 run-out blocks from end of track 1.

21:42:21 #13 Text 0 File ThreadedTransferInterface.cpp, Line 663
Setup items (after recorder preparation)
0: TRM_DATA_MODE1 (CTransferItem)
2 indices, index0 (150) not provided
original CD pos #0 + 2926 (2926) = #2926/0:39.1
relocatable, CD pos for caching/writing not required/required, no patch infos
-> TRM_DATA_MODE1, 2048, config 0, wanted index0 0 blocks, length 2924 blocks [SONY CD-RW CRX185E3 ]
--------------------------------------------------------------

21:42:21 #14 Phase 24 File dlgbrnst.cpp, Line 1566
Caching of files started

21:42:21 #15 Phase 25 File dlgbrnst.cpp, Line 1566
Caching of files completed

21:42:21 #16 Phase 36 File dlgbrnst.cpp, Line 1566
Burn process started at 24x (3.600 KB/s)

21:42:21 #17 Text 0 File ThreadedTransferInterface.cpp, Line 1947
Verifying CD position of item 0 (relocatable, CD pos, no patch infos, orig at #0): write at #107049

21:42:21 #18 Text 0 File Mmc.cpp, Line 16973
Set BUFE: Power-Burn -> ON

21:42:21 #19 SCSI -1047 File Cdrdrv.cpp, Line 1415
SCSI Exec, HA 0, TA 1, LUN 0, buffer 0x02CB0000
Status: 0x04 (0x01, SCSI_ERR)
HA-Status 0x00 (0x00, OK)
TA-Status 0x02 (0x01, SCSI_TASTATUS_CHKCOND)
Sense Key: 0x05 (KEY_ILLEGAL_REQUEST)
Sense Code: 0x64
Sense Qual: 0x00
CDB Data: 0x2A 0x00 0x00 0x01 0xA2 0x29 0x00 0x00 0x1F 0x00 0x00 0x00
Sense Data: 0x71 0x00 0x05 0x00 0x00 0x00 0x00 0x0A
0x00 0x00 0x00 0x00 0x64 0x00

21:42:21 #20 MMC -1047 File Writer.cpp, Line 335
Illegal mode for this track

21:42:21 #21 Text 0 File ThreadedTransfer.cpp, Line 222
all writers idle, stopping conversion

21:42:21 #22 CDR -201 File WriterStatus.cpp, Line 188
Invalid write state

21:42:21 #23 TRANSFER -18 File WriterStatus.cpp, Line 188
Could not perform EndTrack

21:42:21 #24 SCSI -1176 File Cdrdrv.cpp, Line 1211
SCSI Exec, HA 0, TA 1, LUN 0
Status: 0x04 (0x01, SCSI_ERR)
HA-Status 0x00 (0x00, OK)
TA-Status 0x02 (0x01, SCSI_TASTATUS_CHKCOND)
Sense Key: 0x05 (KEY_ILLEGAL_REQUEST)
Sense Code: 0x72
Sense Qual: 0x03
CDB Data: 0x5B 0x01 0x02 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Sense Data: 0x70 0x00 0x05 0x00 0x00 0x00 0x00 0x0A
0x00 0x00 0x00 0x00 0x72 0x03

21:42:21 #25 MMC -1176 File WriterStatus.cpp, Line 227
Session fixation error

21:42:21 #26 TRANSFER -19 File WriterStatus.cpp, Line 227
Could not perform Fixation

21:42:21 #27 Text 0 File WriterStatus.cpp, Line 236
falling back to disc fixation

21:42:21 #28 SCSI -1176 File Cdrdrv.cpp, Line 1211
SCSI Exec, HA 0, TA 1, LUN 0
Status: 0x04 (0x01, SCSI_ERR)
HA-Status 0x00 (0x00, OK)
TA-Status 0x02 (0x01, SCSI_TASTATUS_CHKCOND)
Sense Key: 0x05 (KEY_ILLEGAL_REQUEST)
Sense Code: 0x72
Sense Qual: 0x03
CDB Data: 0x5B 0x01 0x02 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Sense Data: 0x70 0x00 0x05 0x00 0x00 0x00 0x00 0x0A
0x00 0x00 0x00 0x00 0x72 0x03

21:42:21 #29 MMC -1176 File WriterStatus.cpp, Line 227
Session fixation error

21:42:21 #30 TRANSFER -19 File WriterStatus.cpp, Line 227
Could not perform Fixation

21:42:21 #31 Phase 38 File dlgbrnst.cpp, Line 1566
Burn process failed at 24x (3.600 KB/s)

21:42:21 #32 Text 0 File Scsicmd.cpp, Line 395
SCSI not using temporary buffers
20 out of 20 temporary buffers allocated


Existing drivers:
File 'Drivers\atapi.sys': Ver=5.1.2600.1106 (xpsp1.020828-1920), size=86912 bytes, created 29.08.2002 03:27:50 (Adapter driver for rec)
File 'Drivers\atapi.sys': Ver=5.1.2600.1106 (xpsp1.020828-1920), size=86912 bytes, created 29.08.2002 03:27:50 (Adapter driver for src)

Registry Keys:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\AllocateCDROMs : 0 (Security Option)

Edited by gfinetin, 05 September 2005 - 01:45 PM.

[Rawe]

Looks like we got all the malware out of the machine, then.

I think you're better of explaining your current situation about the CD-rom here:

http://www.geekstogo...php?showforum=9

It's our Hardware forums.

Let them know your situation, system specs and all.

For this topic, can you please post a fresh HiJackThis log and we'll see if I can help you keep your system clean in the future

[gfinetin]

Logfile of HijackThis v1.99.1
Scan saved at 20:01:59, on 06.09.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\AS\Desktop\emule.exe -AutoStart
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - http://195.39.204.19.../Stealthnet.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{88CAE5D7-C852-45D3-93B2-6D583506FB53}: NameServer = 69.50.176.196 195.225.176.37
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[Rawe]

Looks clean.

• Clean out temporary files:

• Click Start -> Run and type in: cleanmgr
• Click "Ok".
• Let it scan your system.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only ones checked.
• Click "OK" to remove them.
• Click "Yes" to confirm the deletion.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:

• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
• How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

• AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
• Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
• More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.

And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)

REMEMBER Microsoft Updates!!

Visit;
http://www.windowsupdate.com and install Service Pack 2 along with ALL critical updates available!

If you want to learn how to help people with malware problems like I helped you, feel free to take a look at this thread; http://www.geekstogo...here-t4817.html

[gfinetin]

All this stuf's recomended by you is not slowing thi internet tell me?
I will downloaded all of them????
if you tell me

[Rawe]

Well, since you have Norton Anti-virus & firewall, you don't need to download ones from the list. And you already have Google toolbar installed, right?

Do you have a payed subscription for Spyware Doctor?

Basically, with the programs you're currently running, you wouldn't need too much more.. Your browsing will be 99% faster/safer/easier with Firefox (It also has loads of different themes/extensions to make it even better). IE is full of vulnerabilities and who knows what. Usually infections come out that way. SpywareBlaster doesn't take much memory. You don't even need to keep the program running when it's already protecting you. Just install it -> update -> Enable all protection and close the program.. Just update it from time to time.

That's about it. Of course.. I would install Ad-aware (free program as well) if I were you. Gives you effective scanner alongside of Spyware Doctor..

[Rawe]

And install that Service Pack 2 for XP, gives you some new features and patches you against most of the older viruses/vulnerabilities. So greatly recommended.

[gfinetin]

Thanks for all man you help me so much with this pc we will see ya

[Rawe]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.