Spyware Protect 2009

Part 2

.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\program files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-01-21 21:21:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-21 20:21:10
ComboFix2.txt 2009-01-21 19:39:35

Pre-Run: 88,215,420,928 bytes free
Post-Run: 88,140,382,208 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
222 --- E O F --- 2009-01-14 23:11:47

Spybot is yet again sitting there asking if it should allow a change to userinit.exe

Keep denying it, we left something behind.

Open Firefox.
In the URL bar, type about:config
Press the "I'll be careful button"
Locate this: keyword.URL

Change it from wcsearch to www.google.com
Close Firefox.

Does TeaTimer give you an exact value it wants to change it to? does it want to add something like twex.exe to the value?

I've changed keyword.url.

TeaTimer didn't react to that particular change. The earlier ones were mostly saying they were going to be deleted and the previous entry ran beyond the edge of the box so I didn't see.

Windows is wanting me to download updates. Is it all right to do that, or should I wait a bit?

Do them now, we need to keep the infection out.

They are in progress, but they were entirely up to date before this happened. It's one thing I'm OK on at least.

Were gonna reset TeaTimer once Windows Updates is done, it may help and it might stop bothering you about deleting a registry value.

OK, I installed Service Pack3 and 26 updates. There were one or two reboots along the way. I denied all Tea Timer's prompts. No problem until I got to the very end of the 26 updates, rebooted - and I was back where I started. Logging off as soon as I logged in.

It's now midnight here and I need to go. Any thoughts of what I should do next, tomorrow for me? Do you sleep?

Darn it.

Okay, next step, to rule out if it Spybot causing this.
Tomorrow, do a repair install again, and as soon as you get back on, uninstall Spybot.
Then do updates again, and see if it happens again.

And no, I don't sleep, I'm a robot.

Repaired, uninstalled Spybot (though it seems to have left the teatimer running and I have to cancel that each time). All updates now done, and all seems well. I have re-booted several times now.

Will it be all right to re-install Spybot? Anything else I should do?

No, don't install Spybot, we might have found the reason for the damage but I don't want to replace the problem, keep it uninstalled for now.

Aslong as you read this and install one or two security programs, you should be fine.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

OK the new restore point has been set. I have most of those security programs already, and always do keep updates on automatic, which is why it has been so irritating that this happened.

Never mind, all is OK now. Many thanks for your help.

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.