win32/nuqel.e and bankerfox.a

I contracted a virus that pops up antivirus pro 2010 and says that my computer is under attack and I need to purchase this product to fix it. It also loads adult.org and viagra.com browser pages. It says that my computer is infected by win32/nuqel.e and bankerfox.a. at first my computer was totally locked down and I could not open any applications or programs. but I was able to finally download malwarebytes and run it. I deleted the items that it detected and everything seemed normal for a few minutes, but when I got back on the internet and was searching google, the result page that i clicked on started going to random sites. How do I get rid of this stuff?

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

ComboFix 09-12-06.07 - BEN 12/06/2009 14:40.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.198 [GMT -6:00]
Running from: c:\documents and settings\BEN\desktop\commy.exe
Command switches used :: /stepdel
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\xcrashdump.dat

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-05 22:48 . 2009-12-05 22:48 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-29 21:58 . 2009-11-29 21:58 -------- d-----w- c:\documents and settings\BEN\Application Data\Malwarebytes
2009-11-29 21:58 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 21:58 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 21:58 . 2009-11-29 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 21:58 . 2009-12-05 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 02:50 . 2009-12-05 23:16 -------- d-----w- c:\documents and settings\BEN\Local Settings\Application Data\edhqjo
2009-11-19 02:06 . 2009-11-19 02:06 -------- d-----w- c:\documents and settings\JENA\Local Settings\Application Data\Apple Computer
2009-11-11 14:58 . 2009-11-11 14:58 1794456 ----a-w- c:\documents and settings\BEN\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 20:37 . 2004-12-10 01:30 -------- d-----w- c:\program files\McAfee
2009-12-06 20:21 . 2007-08-31 01:11 -------- d-----w- c:\program files\Google
2009-12-05 20:48 . 1980-01-01 06:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-05 19:55 . 2008-07-03 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-29 20:24 . 2009-06-01 22:40 -------- d-----w- c:\documents and settings\BEN\Application Data\Move Networks
2009-11-20 00:19 . 2008-10-01 03:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-19 05:13 . 2009-03-29 02:05 256 ----a-w- c:\windows\system32\pool.bin
2009-11-14 04:38 . 2009-10-13 14:48 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-11-11 14:58 . 2009-10-19 23:01 143976 ----a-w- c:\documents and settings\BEN\Application Data\Move Networks\uninstall.exe
2009-11-11 14:58 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\BEN\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-10-22 00:54 . 2009-07-28 23:49 -------- d-----w- c:\documents and settings\BEN\Application Data\Roxio
2009-10-19 23:02 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\BEN\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-10-18 19:22 . 2009-04-25 02:14 -------- d-----w- c:\documents and settings\BEN\Application Data\Apple Computer
2009-10-18 19:16 . 2009-10-18 19:15 -------- d-----w- c:\program files\iTunes
2009-10-18 19:16 . 2009-10-18 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-18 19:15 . 2009-10-18 19:15 -------- d-----w- c:\program files\iPod
2009-10-18 19:15 . 2009-04-25 02:09 -------- d-----w- c:\program files\Common Files\Apple
2009-10-18 19:12 . 2009-10-18 19:12 -------- d-----w- c:\program files\QuickTime
2009-10-18 19:06 . 2009-10-18 19:06 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\BEN\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-10-13 14:48 . 2004-12-02 22:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 22:05 . 2009-09-30 22:05 97600 ----a-w- c:\documents and settings\JENA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-30 22:05 . 2009-09-30 22:05 127872 ----a-w- c:\documents and settings\JENA\Application Data\Move Networks\uninstall.exe
2009-09-30 22:05 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\JENA\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-16 15:22 . 2009-08-18 01:30 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2009-08-18 01:30 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2009-08-18 01:30 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2009-07-08 18:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 15:22 . 2009-08-18 01:11 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:33 . 2004-08-04 11:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" [X]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe Autorun" [X]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-25 36864]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"Lexmark X83 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 40960]
"Lexmark X83 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-05-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-04 344064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-12-2 156784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/17/2009 7:33 PM 210216]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [12/9/2004 12:48 AM 15104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2009 11:01 AM 133104]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\SYSTEM32\DRIVERS\nwusbser2.sys [4/19/2007 10:09 AM 99200]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\DRIVERS\PTDWBus.sys --> c:\windows\system32\DRIVERS\PTDWBus.sys [?]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\DRIVERS\PTDWMdm.sys --> c:\windows\system32\DRIVERS\PTDWMdm.sys [?]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\DRIVERS\PTDWVsp.sys --> c:\windows\system32\DRIVERS\PTDWVsp.sys [?]
S3 PWCTLDRV;The NECHostController Filter Driver; [x]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\DRIVERS\pwi_bus.sys --> c:\windows\system32\DRIVERS\pwi_bus.sys [?]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\DRIVERS\pwi_mdfl.sys --> c:\windows\system32\DRIVERS\pwi_mdfl.sys [?]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\DRIVERS\pwi_mdm.sys --> c:\windows\system32\DRIVERS\pwi_mdm.sys [?]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\DRIVERS\pwi_oflt.sys --> c:\windows\system32\DRIVERS\pwi_oflt.sys [?]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\pwi_serd.sys --> c:\windows\system32\DRIVERS\pwi_serd.sys [?]
.
------- Supplementary Scan -------
.
mSearch Bar =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {7C42B751-DF90-4186-B03C-C57492B55AE6} = 216.180.99.2,216.180.122.2
FF - ProfilePath - c:\documents and settings\BEN\Application Data\Mozilla\Firefox\Profiles\u69bc9i6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: c:\documents and settings\BEN\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\BEN\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Atoms, Bonding and Structure - c:\program files\Atoms
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
AddRemove-{00180409-78E1-11D2-B60F-006097C998E7} - c:\program files\Microsoft Office\ART\uninstall.exe {00180409-78E1-11D2-B60F-006097C998E7}



**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-06 14:56
ComboFix-quarantined-files.txt 2009-12-06 20:55

Pre-Run: 54,559,252,480 bytes free
Post-Run: 54,917,603,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C27DD09EA02F4E46F6CE71130FF7895F

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

i have previously (before I posted this topic) run malwarebytes, do you want those logs as well? Nothing turned up malicious on this last attempt. But my computer is still acting funny, i.e. 30 internet explorer pages opening on their own. I will post the most recent log first.

Malwarebytes' Anti-Malware 1.42
Database version: 3307
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/6/2009 8:20:15 PM
mbam-log-2009-12-06 (20-20-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201396
Time elapsed: 27 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

I ran kaspersky, and it made it to 90% and froze. it was not scanning and it was not finished, so I was unable to save the log or even view the full log. So I started over and let it run again. eight hours later it was at 90% and froze up again. Now my computer types backwards. so far in the kaspersky scan it says that there are 3 infected items. they are rootkit.win32.TDSS. and two Trojan-Downloader.Ja...

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ad88fc9336bd2a44b1511579c90020b9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-08 05:19:09
# local_time=2009-12-07 11:19:09 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5121 16776869 100 96 1240210 12252622 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=84352
# found=1
# cleaned=1
# scan_time=2051
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\atapi.sys.vir Win32/Olmarik.RF virus (deleted - quarantined) 00000000000000000000000000000000 C

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Jotti File Submission:

• Please go to Jotti's malware scan
  
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  
  • C:\WINDOWS\SYSTEM32\lxas2kpm.dll
  
  
  
• Click on the submit button
  
  
• Please post the results (URL) in your next reply.

==

Please open Malwarebytes' Anti-Malware, and click More Tools tab. Under FileASSASSIN, click Run Tool.

For each file listed below (this process only handles one file at a time), find its location, and you will see the name of the file in the Filename box, then click Open.

File to delete using FileASSASSIN:
C:\WINDOWS\SYSTEM32\lxas2kpm.dll


The FileASSASSIN will then delete the file, or ask you to reboot your computer in order to delete it. Please allow it to reboot, if necessary.\

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
McAfee SecurityCenter
McAfee Shredder
McAfee Shredder
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Spy Sweeper
Java 2 Runtime Environment, SE v1.4.2_03
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
America Online 9.0 aoltray.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

So, other than the recommended updates, I am clean and ready to go?

Indeed.