Infected - win32:malware-gen

Last one...

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 22:33:10 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 15:44:34 3883856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 22:33:40 202240]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 16:42:46 53341]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 22:38:40 1008184]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 16:50:50 180224]
"SPIRunE"="SPIRunE.dll" [2009-03-05 04:55:42 18432]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-11-10 23:08:18 417792]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2010-01-22 19:16:42 141608]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 21:23:54 98304]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 10:43:18 248040]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 00:57:28 35760]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 14:57:56 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 09:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7c,1d,17,a0,9a,96,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2489726292-204379768-2849965232-1000]
"EnableNotificationsRef"=dword:00000001

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-06-21 14:19:36 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-30 18:17:00 79360]
R3 lgmcbus;LGE Mobile driver (WDM);C:\Windows\system32\DRIVERS\lgmcbus.sys [x]
R3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;C:\Windows\system32\DRIVERS\lgmcmdfl.sys [x]
R3 lgmcmdm;LGE Mobile USB WMC Modem Driver;C:\Windows\system32\DRIVERS\lgmcmdm.sys [x]
R3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\lgmcmgmt.sys [x]
R3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);C:\Windows\system32\DRIVERS\lgmcnd5.sys [x]
R3 lgmcobex;LGE Mobile USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\lgmcobex.sys [x]
R3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);C:\Windows\system32\DRIVERS\lgmcunic.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;C:\Windows\system32\D24C.tmp [x]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 10:15:58 12872]
S0 AVGIDSErHrvtx;AVG9IDSErHr;C:\Windows\System32\Drivers\AVGIDSvx.sys [2010-03-30 19:20:44 25096]
S0 AvgRkx86;avgrkx86.sys;C:\Windows\System32\Drivers\avgrkx86.sys [2010-03-30 19:20:44 52872]
S1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6x.sys [2010-03-30 19:19:16 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2010-03-30 19:20:38 216200]
S1 AvgTdiX;AVG Network Redirector;C:\Windows\system32\Drivers\avgtdix.sys [2010-03-30 19:20:44 242696]
S1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2008-12-09 14:26:50 20392]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 10:25:50 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 10:15:58 66632]
S1 SAVRKBootTasks;Boot Tasks Driver;C:\Windows\system32\SAVRKBootTasks.sys [2009-06-18 12:55:41 18816]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2010-03-03 04:11:58 172032]
S2 avg9emc;AVG E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-30 19:19:34 916760]
S2 avg9wd;AVG WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-30 19:19:28 308064]
S2 avgfws9;AVG Firewall;C:\Program Files\AVG\AVG9\avgfws9.exe [2010-03-30 19:19:51 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 04:22:26 5340160]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 03:07:16 152064]
S3 AVGIDSDrivervtx;AVG9IDSDriver;C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-03-30 19:19:20 122376]
S3 AVGIDSFiltervtx;AVG9IDSFilter;C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-03-30 19:19:20 30216]
S3 AVGIDSShimvtx;AVG9IDSShim;C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-03-30 19:19:20 27144]
S3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys [2009-05-06 01:35:16 413208]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 16:23:54 38400 ----a-w- C:\Windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50:50 30720 ----a-w- C:\Windows\System32\soundschemes2.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - C:\Users\Eroeen\AppData\Roaming\Mozilla\Firefox\Profiles\2llqcrk2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.brattas.org/pw/index.php
FF - component: C:\Program Files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Users\Eroeen\AppData\Roaming\Mozilla\Firefox\Profiles\2llqcrk2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Users\Eroeen\AppData\Roaming\Mozilla\Firefox\Profiles\2llqcrk2.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlayNC Launcher - (no file)
AddRemove-Ancient Quest Of Saqqarah_is1 - C:\Program Files\Ancient Quest Of Saqqarah\ReflexiveArcade\unins000.exe
AddRemove-HijackThis - D:\Documents and Settings\HP_Owner\My Documents\Downloads\HijackThis.exe

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

It's running a little quicker and no sign of the suspicious file. Thanks for all your help

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Hello again. Log below

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=86a49db9b373264abc9a234111a3f256
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-03 07:10:18
# local_time=2010-04-03 08:10:18 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 301152 301152 0 0
# compatibility_mode=1031 16777213 100 98 787 295280 0 0
# compatibility_mode=5892 16776574 100 100 663443 107804893 0 0
# compatibility_mode=8192 67108863 100 0 108 108 0 0
# compatibility_mode=9217 16777214 0 9 30842958 38560180 0 0
# scanned=210429
# found=4
# cleaned=4
# scan_time=6580
C:\Qoobox\Quarantine\C\Windows\System32\drivers\gvwbgda.sys.vir Win32/Rootkit.Kryptik.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Program Files\Ancient Quest Of Saqqarah\Saqqarah2.exe Win32/ReflexiveArcade application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Program Files\Jojos Fashion Show 2\JojosFashionShow22.exe Win32/ReflexiveArcade application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Hello.
One last log I want to check.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Her we go...

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AVG 9.0
AVI Codec Pack
Azada
Azada Ancient Magic
Bonjour
Bookworm Adventures Astounding Planet
Bookworm Adventures Fractured Fairytales
Catalyst Control Center - Branding
Creative ALchemy
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Empress of the Deep
ESET Online Scanner v3
Faerie Solitaire
Farm Frenzy
Farm Frenzy 2
Farm Frenzy 3
Fishdom
Fishdom Spooky Splash
HijackThis 2.0.2
Host OpenAL
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java DB 10.5.3.0
Java(TM) 6 Update 19
Java(TM) SE Development Kit 6 Update 19
Jojos Fashion Show
Jojos Fashion Show 2
Junk Mail filter update
Liong The Lost Amulets
Magic Farm
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Miriel The Magical Merchant
Miriels Enchanted Mystery
Mishap An Accidental Haunting
Money Tree
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Kingdom for the Princess
Mystic Emporium
NCsoft Launcher
Neverwinter Nights Platinum Edition
NVIDIA Drivers
Plants vs Zombies
Popcap Game Collection
QuickTime
Restoring Rhonda
Sallys Quick Clips
Samantha Swift and the Golden Touch
Skype 3.8
Sophos Anti-Rootkit 1.5.0
Sound Blaster X-Fi
Sprouts Adventure
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TeamSpeak 2 RC2
The Lord of the Rings FREE Trial
Ultimate Extras sounds from Microsoft Tinker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VideoLAN VLC media player 0.8.6h
Wandering Willows
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Sound Schemes
WinRAR archiver
World of Warcraft
Zombie Bowl-O-Rama
Zuma Deluxe
Zumas Revenge! - Adventure

I'm not sure if this si to do with something we have done but my desktop personalization has now stopped working and I can't put any pictures up.

Hello.
Your VLC Player needs updating.

Download and install VLC Player 1.0.5
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

Hi. All updated :smile2:

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Hi

System restore point set up again. I already have auto update on Windows and have been using Mozilla for as long as I can remember. Everything else is up to date too.

Thanks for all your help - hopefully I won't be back needing help!