WiredWX Hobby Weather ToolsLog in

 


descriptionwindows live signing itself in and sending out messages Emptywindows live signing itself in and sending out messages

more_horiz
I am not sure if I have a virus or not my windows live messagner signed itself in and sent out messages to a few of my contacts telling them to go check out my weight loss. I also had my virus scanner find on virus the other day and I quarantined it but things started acting up since then. here is my hijack this log

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:50 AM, on 3/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Ashley%20Jones%20and%20the%20Heart%20of%20Egypt/Images/stg_drm.ocx
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://clubgames.pogo.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/html - {edbcc3a8-1658-427c-872f-028b921124f2} - C:\WINDOWS\system32\mst123.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11242 bytes
NOt sure what to do with this or what it means please help

descriptionwindows live signing itself in and sending out messages EmptyRe: windows live signing itself in and sending out messages

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
    O18 - Filter hijack: text/html - {edbcc3a8-1658-427c-872f-028b921124f2} - C:\WINDOWS\system32\mst123.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionwindows live signing itself in and sending out messages EmptyRe: windows live signing itself in and sending out messages

more_horiz
Here is the log when I finished my scan
Malwarebytes' Anti-Malware 1.34
Database version: 1884
Windows 5.1.2600 Service Pack 3

3/22/2009 11:28:15 AM
mbam-log-2009-03-22 (11-28-15).txt

Scan type: Quick Scan
Objects scanned: 66151
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{edbcc3a8-1658-427c-872f-028b921124f2} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mst123.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.

descriptionwindows live signing itself in and sending out messages EmptyRe: windows live signing itself in and sending out messages

more_horiz
Hello.

Please delete this folder in bold:
C:\Program Files\Common

Note:
DO NOT delete "Common Files" folder.

Lets have one final look around.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
    Link 3
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionwindows live signing itself in and sending out messages Emptydds report

more_horiz
Here is my dds report I thought I posted it but when I looked I dont see it here . ok it says it is to big to post so I am doing it in a couple sections
DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Owner at 11:39:57.76 on Sun 03/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.295 [GMT -6:00]

AV: Shaw Secure 8.00 *On-access scanning enabled* (Updated)
FW: Shaw Secure 8.00 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\shaw secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Ashley%20Jones%20and%20the%20Heart%20of%20Egypt/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://clubgames.pogo.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

=

descriptionwindows live signing itself in and sending out messages EmptyRe: windows live signing itself in and sending out messages

more_horiz
================ FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\j5clppy6.default\
FF - plugin: c:\program files\mozilla firefox\extensions\npmozax@real.com\plugins\npmozax.dll

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-2-26 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-2-26 79904]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-20 28544]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\shaw secure\hips\drivers\fshs.sys [2009-2-26 66720]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\shaw secure\anti-virus\fsgk32st.exe [2009-2-26 215648]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys [2009-2-26 84616]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\shaw secure\orsp client\fsorsp.exe [2009-2-26 55904]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys [2009-2-26 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\shaw secure\anti-virus\win2k\fsrec.sys [2009-2-26 25184]

=============== Created Last 30 ================

2009-03-22 11:18 --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-03-22 11:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-22 11:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-22 11:18 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-22 11:18 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 22:47 --d----- c:\docume~1\alluse~1\applic~1\Sandlot Games
2009-03-20 18:56 --d----- c:\program files\Trend Micro
2009-03-20 11:45 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-03-20 11:43 --d----- c:\program files\Panda Security
2009-03-19 16:59 --d----- c:\docume~1\compaq~1\applic~1\Total Eclipse
2009-03-19 10:44 --d----- c:\docume~1\compaq~1\applic~1\Lost in the City
2009-03-17 15:42 --d----- c:\docume~1\alluse~1\applic~1\WotT
2009-03-15 20:54 --d----- c:\program files\Games
2009-03-14 10:23 --d----- c:\program files\uTorrent
2009-03-14 10:23 --d----- c:\docume~1\compaq~1\applic~1\uTorrent
2009-03-11 20:45 --d----- c:\docume~1\compaq~1\applic~1\Boolat Games
2009-03-11 12:46 --d----- C:\ProgramData
2009-03-10 15:16 --d----- c:\docume~1\alluse~1\applic~1\PlayPond
2009-03-04 10:25 --d----- c:\program files\iPod
2009-03-04 10:25 --d----- c:\program files\iTunes
2009-03-04 10:25 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-04 10:24 --d----- c:\program files\Bonjour
2009-03-03 20:53 --d----- c:\docume~1\compaq~1\applic~1\SpinTop Games
2009-03-03 20:52 --d----- c:\docume~1\compaq~1\applic~1\SpinTop
2009-03-02 16:07 --d----- c:\docume~1\alluse~1\applic~1\HoverBee Studios
2009-03-02 16:04 --d----- C:\My Games
2009-03-02 16:03 --d----- C:\users
2009-03-02 16:02 --d----- c:\program files\RealArcade
2009-03-02 10:27 --d----- c:\docume~1\alluse~1\applic~1\Gogii
2009-03-02 08:57 --d----- c:\docume~1\compaq~1\applic~1\BrandX Games
2009-03-01 10:39 --dsh--- c:\windows\ftpcache
2009-03-01 10:37 --d----- c:\program files\Oberon Media
2009-02-28 12:45 --d----- c:\docume~1\compaq~1\applic~1\funkitron
2009-02-28 09:21 --d----- c:\docume~1\compaq~1\applic~1\SerpentOfIsis
2009-02-28 08:02 --d----- c:\windows\system32\scripting
2009-02-28 08:02 --d----- c:\windows\l2schemas
2009-02-28 08:02 --d----- c:\windows\system32\en
2009-02-28 08:02 --d----- c:\windows\system32\bits
2009-02-28 07:58 --d----- c:\windows\ServicePackFiles
2009-02-28 07:47 --d----- c:\windows\EHome
2009-02-27 18:12 --d----- c:\program files\Hidden Expedition - Amazon
2009-02-27 17:59 --d----- c:\program files\Slingo Quest Hawaii
2009-02-27 11:42 --d----- c:\docume~1\compaq~1\applic~1\GameInvest
2009-02-27 11:41 4,096 a------- c:\windows\d3dx.dat
2009-02-27 10:51 --d----- c:\program files\bfgclient
2009-02-27 10:50 --d----- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2009-02-27 02:34 412,160 -------- c:\windows\system32\photometadatahandler.dll
2009-02-27 02:33 36,352 -------- c:\windows\system32\drivers\intelppm.sys
2009-02-26 16:38 33,408 a------- c:\windows\system32\drivers\fsbts.sys
2009-02-26 16:28 79,904 a------- c:\windows\system32\drivers\fsdfw.sys
2009-02-26 16:27 --d----- c:\program files\Shaw Secure
2009-02-26 16:27 --d----- c:\docume~1\alluse~1\applic~1\fssg
2009-02-26 16:26 --d----- c:\docume~1\alluse~1\applic~1\f-secure
2009-02-26 14:29 19,500 a------- c:\windows\hpqins13.dat
2009-02-26 14:02 --d----- c:\docume~1\compaq~1\applic~1\EleFun Games
2009-02-26 14:02 --d----- c:\program files\ReflexiveArcade
2009-02-26 07:49 --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-26 07:36 --d----- c:\program files\MSXML 4.0
2009-02-26 07:28 24 a------- c:\windows\SWImport Xtra.PRF
2009-02-26 07:28 --d----- c:\windows\SWImport Xtra Cache
2009-02-26 07:28 --d----- c:\program files\Shockwave.com
2009-02-26 04:13 208,744 a------- c:\windows\system32\muweb.dll
2009-02-26 04:13 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-26 04:13 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-26 00:06 --d-h--- C:\$AVG8.VAULT$
2009-02-25 19:20 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-25 09:51 --d----- c:\windows\system32\Adobe
2009-02-25 09:39 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-25 09:39 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-02-25 09:36 --d----- c:\documents and settings\compaq_owner\Tracing
2009-02-25 09:35 --d----- c:\program files\Windows Live SkyDrive
2009-02-25 09:34 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-25 09:32 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-02-25 09:31 --d----- c:\program files\common files\Windows Live
2009-02-25 09:31 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-02-25 09:31 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-25 09:31 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-25 09:31 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-25 09:31 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-25 09:30 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-02-25 09:24 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-25 09:16 --d----- c:\windows\network diagnostic
2009-02-25 09:07 --dshr-- C:\cmdcons
2009-02-25 09:07 --d----- c:\windows\setup.pss
2009-02-25 09:07 --d----- c:\windows\setupupd
2009-02-25 09:03 --d----- c:\windows\system32\PreInstall
2009-02-25 09:02 --d----- c:\program files\ASUSTeK
2009-02-25 09:01 176,128 a------- c:\windows\system32\nvudisp.exe
2009-02-25 09:01 14,403 a------- c:\windows\system32\nvdisp.nvu
2009-02-25 09:01 --d----- c:\windows\nview
2009-02-25 09:01 9,472 a----r-- c:\windows\system32\drivers\EIO.sys
2009-02-25 09:00 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-25 09:00 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-25 08:57 215,040 a------- c:\windows\system32\CNMLM8Z.DLL
2009-02-25 08:56 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-02-25 08:54 --d----- c:\program files\Microsoft
2009-02-25 08:54 221,184 a------- c:\windows\system32\wmpns.dll
2009-02-25 08:53 1,776 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_ED865AA-ABA SR1610NX NA540_YC_0Pres_QCNN543_E54NAheRED4_48_IAMETHYST-M_SMSI_V1.0_B3.35_T050930_WXH2_L409_M767_J80_7AMD_8Sempron_91.79_#090225_N10EC8139_Z11C1048C_G_OTSSTcorp CDW DVD TS-H492C_D.MRK
2009-02-25 08:52 --d----- c:\docume~1\compaq~1\applic~1\Intuit
2009-02-25 08:52 --d----- c:\documents and settings\compaq_owner\WINDOWS
2009-02-25 08:52 --d----- c:\docume~1\compaq~1\applic~1\Symantec
2009-02-25 08:52 --d----- c:\documents and settings\Compaq_Owner
2009-02-25 08:50 --d----- c:\windows\system32\SoftwareDistribution
2009-02-25 08:49 183 a------- c:\windows\system\hpsysdrv.DAT
2009-02-25 08:48 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-02-25 08:48 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-02-25 08:47 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-02-25 08:47 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-02-25 08:42 --d----- c:\windows\I386

==================== Find3M ====================

2009-02-28 08:07 81,867 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-28 08:06 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-02-28 08:06 287,310 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2009-02-28 08:06 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-02-28 08:06 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-02-28 08:06 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-02-28 08:06 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-02-28 08:06 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-02-28 08:06 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-02-25 09:27 3,649 a------- c:\windows\viassary-hp.reg
2009-02-09 05:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll

============= FINISH: 11:41:03.81 ===============

descriptionwindows live signing itself in and sending out messages EmptyRe: windows live signing itself in and sending out messages

more_horiz
I see that you are running uTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.
Should you choose to remove them, but you are having trouble doing so, please let me know in your next post here and I will aid you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • uTorrent
Then please find and delete this folder in bold (if present):
C:\Program Files\uTorrent

This looks okay, how's the machine running?

descriptionwindows live signing itself in and sending out messages EmptyRe: windows live signing itself in and sending out messages

more_horiz
So far it seems to be running very well, this morning it seems to be constantly running or processing something., but since doing the malware and hijack scans it is pretty quiet again. Thank you so much I will be recommending you to my friends

descriptionwindows live signing itself in and sending out messages EmptyRe: windows live signing itself in and sending out messages

more_horiz
Hello.
Let me know if the msn problem returns, because there is one msn hijacker -not infecter- going around, where instead of infecting a machine to get the password, they phish you, using a fake page that looks real. Always check the page URL and don't click suspicious looking links.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

descriptionwindows live signing itself in and sending out messages EmptyRe: windows live signing itself in and sending out messages

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum