ekcliv.dll and owjubj.dll

Okay, quite a lot of vundo leftovers.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\igiwubef.ini
  c:\windows\system32\urovimaz.ini
  c:\windows\system32\unotavus.ini
  c:\windows\system32\udapoway.ini
  c:\windows\system32\iyakepud.ini
  c:\windows\system32\ulivejit.ini
  c:\windows\system32\uzuzedat.ini
  c:\windows\system32\avadefir.ini
  c:\windows\system32\upagasos.ini
  c:\windows\system32\emujatev.ini
  c:\windows\system32\orituvak.ini
  c:\windows\system32\ovapupok.ini
  C:\windows\system32\ihiyeyem.ini
  c:\windows\system32\uyatevos.ini
  c:\windows\system32\opajegud.ini
  c:\windows\system32\esikekip.ini
  c:\windows\system32\utetepuh.ini
  c:\windows\system32\ihuwipip.ini
  c:\windows\system32\abehisam.ini
  c:\windows\system32\ogikohew.ini
  c:\windows\system32\olesaduh.ini
  c:\windows\system32\igategok.ini
  c:\windows\system32\evalojef.ini
  c:\windows\system32\ejiheyul.ini
  c:\windows\system32\ubabarob.ini
  c:\windows\system32\eraperut.ini
  c:\windows\system32\abiwakem.ini
  c:\windows\system32\ifigawat.ini
  c:\windows\system32\uzebisif.ini
  c:\windows\system32\ewikuwom.ini
  c:\windows\system32\ilekedih.ini
  c:\windows\system32\ujefipis.ini
  c:\windows\system32\ebohoyid.ini
  
  :commands
  [purity]
  [emptytemp]
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

i cant copy it after i've pressed the move it button.

Okay, the log is saved here
C:\_OTMoveIt\time-and-date.log

Post the log please.

wa?!...Sir, I wa so scared of the vundo, that I just used the malwarebytes that you made me download once. And it get rid of the vundo. I don't know if it was all of them so I've use the DDS again. So i'll post the DDS file here. I hope you don't mind if this topic get so long.




DDS (Ver_09-01-07.01) - NTFSx86
Run by Avie at 2:18:31.39 on Fri 01/23/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.467 [GMT 3.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\mod\Explorer.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Avie\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.yahoo.com/
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar =

hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
mURLSearchHooks: H - No File
mWinlogon: Shell=mod\Explorer.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DesktopX] "c:\progra~1\stardock\object~1\desktopx\DesktopX Builder.exe" -noui
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [L08AXLRD_1505921] "c:\program files\microsoft student\microsoft student with encarta premium

2008 dvd\EDICT.EXE" -m
uRun: [TransBar] c:\windows\bricopacks\vista inspirat 2\transbar\TransBar.exe /s
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe"

/StartedFromRunKey
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\multip~1.lnk - c:\program

files\multiply\autouploader\multiply autouploader\Multiply AutoUploader.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista

inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\transbar.lnk - c:\windows\bricopacks\vista

inspirat 2\transbar\TransBar.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista

inspirat 2\ubericon\UberIcon Manager.exe
StartupFolder: c:\docume~1\avie\startm~1\programs\startup\y'zsha~1.lnk - c:\windows\bricopacks\vista

inspirat 2\yzshadow\YzShadow.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common

files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program

files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program

files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\premie~1.lnk - c:\program

files\premier health partners\php vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program

files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program

files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Notify: igfxcui - igfxdev.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} -

c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program

files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli c:\windows\system32\goveyudi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\avie\applic~1\mozilla\firefox\profiles\9q3x8dwv.default\
FF - plugin: c:\program files\google\google updater\2.4.1425.4532\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll

============= SERVICES / DRIVERS ===============

R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-9-29 83008]
R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program

files\cyberlink\powerdvd\000.fcl [2007-11-3 41456]
R4 HopperP;WiFi Hopper;c:\windows\system32\drivers\hopperp.sys [2006-3-15 21376]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common

framework\FrameworkService.exe [2008-1-18 102463]
R4 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe

[2003-9-29 237657]
R4 McTaskManager;Network Associates Task Manager;c:\program files\network

associates\virusscan\VsTskMgr.exe [2003-9-29 69706]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-1-23 189792]
S4 Abel;Abel;c:\program files\cain\abel.exe --> c:\program files\cain\Abel.exe [?]
S4 gupdate1c95c4184f44380;Google Update Service (gupdate1c95c4184f44380);c:\program

files\google\update\GoogleUpdate.exe [2008-12-12 119280]

=============== Created Last 30 ================

2009-01-22 07:33 --d----- C:\_OTMoveIt
2009-01-22 05:05 167,696 a------- c:\windows\system32\amovie.ocx
2009-01-22 05:05 115,920 a------- c:\windows\system32\Msinet.ocx
2009-01-22 05:05 244,024 a------- c:\windows\system32\Msflxgrd.ocx
2009-01-22 05:05 --d----- c:\program files\Chikka
2009-01-21 10:48 --d----- c:\windows\mod
2009-01-20 08:04 --d----- c:\program files\ZhyperMU
2009-01-18 03:06 --d----- c:\docume~1\avie\applic~1\Malwarebytes
2009-01-18 03:06 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-18 03:06 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 03:06 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 03:06 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-17 04:42 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-17 04:42 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-17 04:00 7,680 ac-sh--- c:\windows\system32\dllcache\Thumbs.db
2009-01-17 03:58 10,752 a--sh--- c:\windows\system32\Thumbs.db
2009-01-16 16:08 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-16 16:08 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-16 16:08 --d----- c:\program files\iPod
2009-01-16 16:07 --d----- c:\program files\iTunes
2009-01-16 16:07 --d-----

c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 16:07 --d----- c:\program files\Bonjour
2009-01-15 09:54 --d----- c:\windows\RegisteredPackages
2009-01-15 09:35 --d----- c:\docume~1\avie\applic~1\Windows Search
2009-01-14 16:40 --d----- c:\program files\MSECache
2009-01-12 18:35 --d----- c:\docume~1\avie\applic~1\Windows Desktop Search
2009-01-12 18:34 --d----- c:\program files\Windows Desktop Search
2009-01-12 18:33 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-01-12 18:33 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-01-12 18:33 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-01-07 20:19 --d----- c:\docume~1\avie\applic~1\Any Video Converter
2009-01-07 20:16 --d----- C:\CFdownloads
2009-01-07 19:55 719,872 a------- c:\windows\system32\devil.dll
2009-01-07 19:55 318,976 a------- c:\windows\system32\avisynth.dll
2009-01-07 19:55 502,784 a------- c:\windows\x2.64.exe
2009-01-07 19:55 240,128 a------- c:\windows\system32\x.264.exe
2009-01-07 19:55 70,656 a------- c:\windows\system32\yv12vfw.dll
2009-01-07 19:55 70,656 a------- c:\windows\system32\i420vfw.dll
2009-01-07 19:55 66,560 a------- c:\windows\MOTA113.exe
2009-01-07 19:55 27,648 a------- c:\windows\system32\AVSredirect.dll
2009-01-07 19:55 217,073 a------- c:\windows\meta4.exe
2009-01-07 19:55 --d----- c:\program files\AviSynth 2.5
2009-01-07 19:54 186,880 ---shr-- c:\windows\system32\RLOgg.ax
2009-01-07 19:54 92,672 ---shr-- c:\windows\system32\RLVorbisDec.ax
2009-01-07 19:54 67,584 ---shr-- c:\windows\system32\RLTheoraDec.ax
2009-01-07 19:54 51,712 ---shr-- c:\windows\system32\RLSpeexDec.ax
2009-01-07 19:54 179,200 ---shr-- c:\windows\system32\DiracSplitter.ax
2009-01-07 19:54 81,920 ---shr-- c:\windows\system32\aac_parser.ax
2009-01-07 19:12 --d----- c:\program files\Total Video Converter
2009-01-07 13:09 --d----- c:\program files\uTorrent
2009-01-07 13:08 --d----- c:\docume~1\avie\applic~1\uTorrent

==================== Find3M ====================

2009-01-11 18:21 103,106 a--sh--- c:\windows\system32\papevili.dll
2008-12-21 03:16 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 14:27 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-09-14 14:34 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-09-14 14:34 88 ---shr-- c:\docume~1\alluse~1\applic~1\D01097A1C9.sys
2006-03-15 00:01 21,376 a------- c:\windows\inf\hopperp.sys
2001-08-18 08:29 28,160 a------- c:\program files\UnFREEz.exe
1601-01-01 03:42 62,464 a--sh--- c:\windows\system32\deporare.dll

============= FINISH: 2:19:35.37 ===============

............................................................................................

THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

Looks good, just do these two things then I'll flag the all clear.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

Delete this folder in bold:
C:\_OTMoveIt

How is the machine running now?

well....how do i check if they're all gone sir?should i use malwarebytes to scan my pc?

Yep.

oh ok...malwarbytes didn't detect any, that means theres nothing lurking in my pc?

Last edited by charvie on 22nd January 2009, 11:40 pm; edited 1 time in total

Keep in mind:

DDS only shows files created within the last MONTH, if the malware was created before a month today, then I wouldn't of seen it, and MBAM will get it for us.

malwarebytes didn't detect any.... this means, theres no more of vundo right?

What's with the unsure look face?
Not detecting anything is good, the vundo is gone, and aslong as we can get you secure and you stay safe, it's not coming back.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  
• Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  - Java 2 Runtime Environment, SE v1.4.2
  - J2SE Runtime Environment 5.0
  - J2SE Runtime Environment 5.0 Update 2
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
  

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa.
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

which one of this should i remove?

Unless you programme in Java language, all 3 need uninstalling.

wa!...i program in java...so i don't need to uninstall those 3 then?

Sir, the download for the "1232669283451-integrated.jnlp" failed....what shoul i do?

Waaaa....it's too late. run javara and i think the other 2 was removed....what to do now sir?

Last edited by charvie on 23rd January 2009, 12:27 am; edited 1 time in total

Okay, keep SE Development kit, and uninstall the other two, because the development kit needs another installer for the latest updates.

Sir, the download for the "1232669283451-integrated.jnlp" failed....what shoul i do?

Well the two old versions are gone, now we need tp update the development kit.
Select the second installer on the Java website that says "Java SE Development Kit (JDK) 6 Update 11"
Download that installer and run it, it will install the latest development kit.

done it!..yey!..thank you for reminding me of that unupdated software. Doesn't it update by itself? I don't really update softwares often, cause i forget about them. So i was expecting that since i already have an internet connection, they'll just update on their own. Oh well, maybe not all.

Thanx Sir Belahzur for helping me with this I really hope this virus won't come back anymore.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

installed them all already!.....i'll run kerio later

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.