Desperately seeking help to remove nuqel.e and others

Hi,

I would really welcome some help in removing Bankerfox.A, Spyware protect 2009 and nuqel.e ASAP.

I've run the DDS and Avenger and I have copied the resulting text in below. I am hoping that somebody can help me or advice me what to do as I am now balding from tearing my hair out.

Much appreciated
Bx

AVENGER TEXT:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gaopdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\gaopdxewnsxrqt.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

Hello.
We ask that you do not run tools on your own, the avenger is VERY powerful. But since you have used it, we may as well remove the rootkit.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
gaopdxserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gaopdxewnsxrqt.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Hi and many thanks,

I've followed the instructions and the following text came up at the end.

Do I need to repeat the process again, or am I cured?

humble thanks

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "axbfrlycf" found!
DisplayName: axbfrlycf
ImagePath: \??\C:\WINDOWS\system32\drivers\spqhemlxobtb.sys
Driver disabled successfully.

Rootkit scan completed.

Driver "gaopdxserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\gaopdxewnsxrqt.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hmmm.
Another rootkit jumped onto your machine.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
axbfrlycf

Files to delete:
C:\WINDOWS\system32\drivers\spqhemlxobtb.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

OK Ive followed your instructions and no text came up at the end. Is this a good sign. Dare I hope that I am cured?
Many many thanks for helping me on this one

Nope, probably not.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Hi
Ive run Malwarebytes' Anti-Malware on a quick scan and a full scan and followed the instructions to clear infected objects. Is there anything else I can do to ensure Im clear?

Please post the MBAM report.
I want to have a look around to make sure we aren't missing anything.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

Here is the report. I will download DDS now.
You will get bored of me thanking you but I really appreciate your advice
Malwarebytes' Anti-Malware 1.34
Database version: 1792
Windows 5.1.2600 Service Pack 3

22/02/2009 19:58:03
mbam-log-2009-02-22 (19-58-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 165925
Time elapsed: 49 minute(s), 57 second(s)

Memory Processes Infected: 5
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\LocalService\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Rebecca Gilkes\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\winlogin.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\SVCHOST.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\synsend (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wgabejarivewava (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iqoru (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Rebecca Gilkes\My Documents\InstallAVg_770522166350.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\protect.sys (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Ecudexobeditexet.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\apipirano.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndetect.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rebecca Gilkes\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogin.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SVCHOST.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Sorry about that. I dont know how to create a zip file so will send the DDS text tomorrow with the help of a friend.

Hello.
Bad news. You have an infection known as Virut. Virut is a file infector, it infects every .exe and .scr files on the machine.
I ask that you backup any files you do not want to lose, because Virut cannot be fixed and to get out of this mess, you'll have to reformat the machine.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

• Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  
• Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  
• Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  
• From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
  

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Hi again,

Firstly many thanks for your comprehensive reply. I would welcome help to clean it up properly and I don't have anything on it that needs backing up as I did so a while back. I don't however have access to a disk to restore the computer so how do I go about it or what is the best next step.

I have contacted all companies and changed passwords etc from my friends computer.

Many thanks.

Okay, but as I said, this infection cannot be 100% fixed. The damage is already done and can't be reversed.

Please run DDS and the post the log.

Hi again

As I can't fit the whole log in one message I'll send it in the next two consecutive messages.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Rebecca Gilkes at 21:47:25.07 on 22/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.204 [GMT 0:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Tiscali\Tiscali Internet\DialerOEM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Rebecca Gilkes\Local Settings\Temporary Internet Files\Content.IE5\XDPQJDMR\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.firefox.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: []
uRun: [Clip] Recycled.exe -mon
uRun: [jsf8uiw3jnjgffght] c:\docume~1\rebecc~1\locals~1\temp\winlognn.exe
uRun: [tezrtsjhfr84iusjfo84f] c:\docume~1\rebecc~1\locals~1\temp\csrssc.exe
uRun: [nfr] rundll32.exe nfr.dll,ServiceMain /pid=6007
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [YeppStudioAgent] c:\program files\samsung\samsung media studio\SamsungMediaStudioAgent.exe
mRun: [EPSON Stylus DX5000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibve.exe /fu "c:\windows\temp\E_S9D.tmp" /EF "HKLM"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [jsf8uiw3jnjgffght] c:\docume~1\rebecc~1\locals~1\temp\winlognn.exe
mRun: [winlogin] winlogin.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\rebecc~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\rebecc~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\xccstart.lnk - c:\windows\system\xccef090131.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mahjong%20Escape/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
TCP: {194897B6-09F6-426F-874F-6B63386D22D1} = 212.139.132.24 212.139.132.25
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,jbsobl.dll,c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUljKaA

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rebecc~1\applic~1\mozilla\firefox\profiles\5akhjr8g.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {95F9D201-CECB-4C81-9D02-EFD26F8908FF} - c:\documents and settings\rebecca gilkes\local settings\application data\{95F9D201-CECB-4C81-9D02-EFD26F8908FF}
FF - HiddenExtension: XUL Cache: {AC013CF3-BAE3-42F2-8B16-9118A06692DB} - c:\documents and settings\anya gilkes-furness\local settings\application data\{ac013cf3-bae3-42f2-8b16-9118a06692db}\

============= SERVICES / DRIVERS ===============

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-2-20 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-2-20 35584]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-9-22 90112]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-8-21 118784]
S0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys --> c:\windows\system32\drivers\fsdfw.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys [2009-2-9 138336]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys [2009-2-9 138336]
S2 bvmsfjada;bvmsfjada;\??\c:\windows\system32\drivers\wwowuwxj.sys --> c:\windows\system32\drivers\wwowuwxj.sys [?]
S2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-30 29744]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\tfnetmon.sys [2009-2-9 138336]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-2-20 14976]

============== File Associations ===============

txtfile="c:\windows\system32\nxtepad.exe" "%1"

=============== Created Last 30 ================

2009-02-22 21:39 67,585 a------- c:\windows\system32\5A.tmp
2009-02-22 21:38 24,577 a------- c:\windows\system32\59.tmp
2009-02-22 21:38 168 a------- c:\windows\system32\55.tmp
2009-02-22 20:11 67,585 a------- c:\windows\system32\77.tmp
2009-02-22 20:11 38,913 a------- c:\windows\system32\76.tmp
2009-02-22 20:11 168 a------- c:\windows\system32\75.tmp
2009-02-22 20:10 67,585 a------- c:\windows\system32\71.tmp
2009-02-22 20:10 38,913 a------- c:\windows\system32\70.tmp
2009-02-22 20:10 168 a------- c:\windows\system32\6F.tmp
2009-02-22 20:09 67,585 a------- c:\windows\system32\6B.tmp
2009-02-22 20:09 38,913 a------- c:\windows\system32\6A.tmp
2009-02-22 20:09 168 a------- c:\windows\system32\69.tmp
2009-02-22 20:08 67,585 a------- c:\windows\system32\65.tmp
2009-02-22 20:08 38,913 a------- c:\windows\system32\64.tmp
2009-02-22 20:08 168 a------- c:\windows\system32\63.tmp
2009-02-22 20:07 0 a------- c:\windows\system32\61.tmp
2009-02-22 20:06 67,585 a------- c:\windows\system32\5D.tmp
2009-02-22 20:06 25,601 a------- c:\windows\system32\5C.tmp
2009-02-22 20:06 168 a------- c:\windows\system32\5B.tmp
2009-02-22 20:05 47,104 a------- c:\windows\system32\reader_s.exe
2009-02-22 20:04 67,585 a------- c:\windows\system32\53.tmp
2009-02-22 20:04 25,601 a------- c:\windows\system32\4F.tmp
2009-02-22 20:04 168 a------- c:\windows\system32\4D.tmp
2009-02-22 18:27 67,585 a------- c:\windows\system32\58.tmp
2009-02-22 18:27 24,577 a------- c:\windows\system32\57.tmp
2009-02-22 18:27 168 a------- c:\windows\system32\56.tmp
2009-02-22 18:26 11,294 a------- c:\windows\system32\54.tmp
2009-02-22 18:26 67,585 a------- c:\windows\system32\52.tmp
2009-02-22 18:26 24,577 a------- c:\windows\system32\51.tmp
2009-02-22 18:26 168 a------- c:\windows\system32\50.tmp
2009-02-22 18:25 4,094 a------- c:\windows\system32\4E.tmp
2009-02-22 18:25 67,585 a------- c:\windows\system32\4C.tmp
2009-02-22 18:25 7,041 a------- c:\windows\system32\4B.tmp
2009-02-22 18:25 168 a------- c:\windows\system32\4A.tmp
2009-02-22 17:21 67,585 a------- c:\windows\system32\49.tmp
2009-02-22 17:20 38,913 a------- c:\windows\system32\48.tmp
2009-02-22 17:20 168 a------- c:\windows\system32\2B.tmp
2009-02-22 16:50 130,104 a------- c:\windows\system32\sdccoinstaller.dll
2009-02-22 16:49 --d----- c:\program files\common files\Cisco Systems
2009-02-22 16:49 23,552 a------- c:\windows\system32\SophosBootTasks.exe
2009-02-22 16:49 --d----- c:\program files\Sophos
2009-02-22 16:49 --d----- c:\docume~1\alluse~1\applic~1\Sophos
2009-02-22 16:21 67,585 -------- c:\windows\system32\40.tmp
2009-02-22 16:21 25,601 -------- c:\windows\system32\3F.tmp
2009-02-22 16:21 212 -------- c:\windows\system32\22.tmp
2009-02-22 16:04 0 -------- c:\windows\system32\47.tmp
2009-02-22 16:04 0 -------- c:\windows\system32\46.tmp
2009-02-22 16:04 0 -------- c:\windows\system32\45.tmp
2009-02-22 16:04 0 -------- c:\windows\system32\44.tmp
2009-02-22 16:04 6,974 -------- c:\windows\system32\43.tmp
2009-02-22 16:03 212 -------- c:\windows\system32\42.tmp
2009-02-22 15:52 --d----- c:\docume~1\rebecc~1\applic~1\Malwarebytes
2009-02-22 15:48 406,016 -------- c:\windows\system32\tmpxccacj0.exe
2009-02-22 12:58 33,351 a------- c:\windows\system32\drivers\str.sys
2009-02-22 12:58 67,585 -------- c:\windows\system32\41.tmp
2009-02-22 12:58 32,768 -------- c:\windows\system32\umtcdtw.sys
2009-02-22 12:57 212 -------- c:\windows\system32\3D.tmp
2009-02-22 11:34 67,585 -------- c:\windows\system32\3E.tmp
2009-02-22 11:34 168 -------- c:\windows\system32\3B.tmp
2009-02-22 11:11 67,585 -------- c:\windows\system32\3C.tmp
2009-02-22 11:11 168 -------- c:\windows\system32\3A.tmp
2009-02-22 11:03 130 -------- c:\windows\adobe.bat
2009-02-22 11:03 67,585 -------- c:\windows\system32\39.tmp
2009-02-22 11:03 25,601 -------- c:\windows\system32\38.tmp
2009-02-22 11:03 168 -------- c:\windows\system32\35.tmp
2009-02-22 10:26 67,585 -------- c:\windows\system32\37.tmp
2009-02-22 10:26 25,601 -------- c:\windows\system32\36.tmp
2009-02-22 10:26 212 -------- c:\windows\system32\34.tmp
2009-02-22 10:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-22 10:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 10:16 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 10:16 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-22 10:14 2,524 a------- C:\autorun.PNF
2009-02-21 16:24 33,792 -------- c:\windows\syssvc.exe
2009-02-21 16:18 67,585 -------- c:\windows\system32\33.tmp
2009-02-21 16:18 25,601 -------- c:\windows\system32\30.tmp
2009-02-21 16:18 168 -------- c:\windows\system32\2F.tmp
2009-02-21 16:11 0 -------- c:\windows\system32\nfr.gpref
2009-02-21 16:11 0 -------- c:\windows\system32\nfr.assembly
2009-02-21 16:11 67,585 -------- c:\windows\system32\2E.tmp
2009-02-21 16:11 25,601 -------- c:\windows\system32\20.tmp
2009-02-21 16:11 168 -------- c:\windows\system32\1F.tmp
2009-02-21 15:54 67,585 -------- c:\windows\system32\1D.tmp
2009-02-21 15:54 0 -------- c:\windows\system32\1C.tmp
2009-02-21 15:54 168 -------- c:\windows\system32\1B.tmp
2009-02-21 15:37 --d----- c:\program files\common files\ODBC
2009-02-21 15:31 --d----- c:\windows\SHELLNEW
2009-02-21 15:23 10,752 -------- c:\windows\system32\nfr.dll
2009-02-21 15:12 676,352 -------- c:\windows\system32\rtl60.bpl
2009-02-21 15:12 406,016 -------- c:\windows\system32\tmpxccacj1.exe
2009-02-21 15:11 67,585 -------- c:\windows\system32\1A.tmp
2009-02-21 15:11 24,577 -------- c:\windows\system32\19.tmp
2009-02-21 15:11 168 -------- c:\windows\system32\18.tmp
2009-02-21 14:08 --d----- c:\docume~1\alluse~1\applic~1\Avg8
2009-02-20 18:34 104,704 a------- c:\windows\system32\drivers\savonaccesscontrol.sys
2009-02-20 18:34 35,584 a------- c:\windows\system32\drivers\savonaccessfilter.sys
2009-02-20 18:34 14,976 a------- c:\windows\system32\drivers\SophosBootDriver.sys
2009-02-20 18:34 --d----- C:\escwsa
2009-02-20 10:22 5,044 -------- c:\windows\system32\tmp.reg
2009-02-19 12:04 28,573 -------- c:\windows\system32\32.tmp
2009-02-19 12:04 8,704 -------- c:\windows\system32\31.tmp
2009-02-19 12:04 128 -------- c:\windows\system32\2C.tmp
2009-02-19 12:04 217 -------- c:\windows\system32\xcchit32.ini
2009-02-19 10:11 182,656 -------- c:\windows\system32\dllcache\ndis.sys
2009-02-19 10:10 --d----- c:\windows\system32\inf
2009-02-19 10:10 156,733 -------- c:\windows\system32\2D.tmp
2009-02-19 10:10 599 -------- c:\windows\xccwinsys.ini
2009-02-19 10:10 8,192 -------- c:\windows\system32\24.tmp
2009-02-19 10:10 25,601 -------- c:\windows\system32\21.tmp
2009-02-19 10:10 168 -------- c:\windows\system32\1E.tmp
2009-02-18 15:08 181,248 a--shro- c:\windows\Recycled.exe
2009-02-10 15:44 162,397 -------- c:\windows\system32\2A.tmp
2009-02-10 15:44 32,256 a---h--- c:\documents and settings\rebecca gilkes\xmxwug.exe
2009-02-10 15:44 24,577 -------- c:\windows\system32\26.tmp
2009-02-10 15:44 128 -------- c:\windows\system32\23.tmp
2009-02-09 19:38 164,708 -------- c:\windows\system32\29.tmp
2009-02-09 19:38 29,184 -------- c:\windows\system32\28.tmp
2009-02-09 19:38 172 -------- c:\windows\system32\27.tmp
2009-02-09 19:26 0 -------- c:\windows\system32\25.tmp
2009-02-09 19:21 32,256 a---h--- c:\documents and settings\rebecca gilkes\jixv.exe
2009-02-09 19:15 164,708 -------- c:\windows\system32\17.tmp
2009-02-09 19:15 29,184 -------- c:\windows\system32\15.tmp
2009-02-09 19:15 172 -------- c:\windows\system32\13.tmp
2009-02-09 19:10 32,256 a---h--- c:\documents and settings\rebecca gilkes\bjgicy.exe
2009-02-09 19:10 66,560 -------- c:\windows\system32\secupdat.dat
2009-02-09 19:10 616 -------- c:\windows\system32\16.tmp
2009-02-09 19:08 138,336 -------- c:\windows\system32\drivers\wanatw4.sys
2009-02-09 19:08 138,336 -------- c:\windows\system32\drivers\tfsysmon.sys
2009-02-09 19:08 138,336 -------- c:\windows\system32\drivers\tfnetmon.sys
2009-02-09 19:08 138,336 -------- c:\windows\system32\drivers\tffsmon.sys
2009-02-09 19:03 164,708 -------- c:\windows\system32\12.tmp
2009-02-09 19:03 29,184 -------- c:\windows\system32\11.tmp
2009-02-09 19:03 172 -------- c:\windows\system32\10.tmp
2009-02-03 19:56 4 -------- c:\windows\system32\gaopdxcounter
2009-02-02 19:16 285 a------- c:\windows\system32\MRT.INI
2009-02-01 18:57 43,008 -------- c:\windows\system32\stu2.exe
2009-01-29 17:01 388,944 -------- c:\windows\system32\AaKjlUvw.ini2
2009-01-29 17:01 388,944 -------- c:\windows\system32\AaKjlUvw.ini

==================== Find3M ====================

2009-02-19 10:11 182,656 -------- c:\windows\system32\drivers\ndis.sys
2009-02-06 17:41 5,852 -------- c:\windows\system32\KGyGaAvL.sys
2009-02-02 13:19 26,112 -------- c:\windows\system32\userinit.exe
2009-01-19 17:21 129,024 -------- c:\windows\system32\wbaeeurq.dll
2009-01-19 17:21 129,024 -------- c:\windows\system32\_jbsobl.dll
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2006-09-09 12:17 0 ac------ c:\docume~1\rebecc~1\applic~1\wklnhst.dat
2006-09-13 15:43 181,248 a--shro- c:\windows\Recycled.exe

============= FINISH: 21:48:33.82 ===============

Omg, what a mess.
DDS tells me Sophos is outdated, you can't expect to stay safe if your AV isn't upto date.

I'm not sure what do say here. There is so much damage done here, I'm not sure we can clean it at all.

Please download GooredFix and save it to your Desktop. Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

I've downloaded it on my friends computer and copied it onto a usb pen but it won't let me copy it from the usb pen onto the infected computer.

Lets see if we can get this running. Please read very carefully.

• Download combofix from here
  Link 1
  Link 2
  
• Before you start the download, please rename Combofix seen like below.
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  
• Tools->Options->Main tab
  
• Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
• Please disable your local AV (Anti-virus) See HERE for how to disable your AV. (Sophos)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

thats great. Really dumb question though as I'm working two computers at the moment....

Do I download combofix (or combo-fix once renamed) to friends computer and then copy file onto usb pen and transfer it to infected computer and follow instructions from then on...

I know it may seem like a dumb question but as I can't connect infected computer to internet then thats my only option, unless I carry on tomorrow night. Let me know as I don't want to waste your time if it has to be downloaded onto infected computer.

Don't take this the wrong way, but as I said, Virut cannot be fixed, and I would rather you format than go through this because it just seems like a waste of time to me. But, I'll do it anyway.

Protect the stick using this: Plug the stick into the clean machine.

Please download Flash_Disinfector from HERE

• First, download it to your desktop.
  
• Now double click it to run it and will tell it you what to do when you open it.
  
• It will temporarily kill explorer.exe and your desktop will go blank.
  
• Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
  
• It will make a dummy autorun.inf in the root of every drive.
  
• You can now delete Flash_Disinfector.exe.
  

Then transfer Combo-fix onto it and use it on the infected machine if it will run.

If its a waste of time then I would rather format to be honest as I'd rather not flog a dead horse. I do appreciate your patience so please let me know what to do to format. My only question is if Virut can't be fixed etc then is there any point to format, i.e. will I be able to use my computer without any risks in future or will it still have virus in it. Sorry, yet again, for seeming so dumb, but I am really really new to all this and find it quite scary.

Formatting will wipe the machine clean and replace all the bad files now with clean files once the format is done.
I posted some links here for you back on page 1.
http://www.geekpolice.net/virus-spyware-malware-removal-f11/desperately-seeking-help-to-remove-nuqele-and-others-t6933.htm#42649

So, am I right in thinking that as my computer is a Dell, I should go on to their website and check how to format the computer, and then just follow instructions?

If they have a guide for that, then yes.
If not, I can supply a link or two.

I've found a "how to restore your computer software to factory settings", would that be the same as formating it?

That should do, hopefully.
Give it a try.

I've followed the instructions and it seems to have worked. Can I assume that the computer is now not infected or will there be some underlying threats still hidden. If it is fine to go, I will sort out the internet connection, download anti malware, a good AV, super anti spyware etc before I do anything else.

Yep, it should be fine now.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

thank you thank you thank you thank you thank you thank you...........

You are worth your weight in gold. I will complete the feedback form now.

"If your computer is down and not working at all, who you gonna call? GEEKPOLICE!"