Everything starts to crash, maybe a virus? [HJT log]

OK, Try this

Download BFU.zip from Merijns site:
http://www.merijn.org/files/bfu.zip

UNZIP/extract it.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html

Place BFU.exe in next folder:
C:\Fixwareout\Sub <== this folder

Then open the C:\Fixwareout-folder and doubleclick FixIt.bat
This will start the tool.

Then make sure your internet is set as before.

As for you AV.
Are you useing? F-Secure Anti-Virus
Is a free version or paid for? We may have to uninstall and reinstall. But don't do that yet, Because the HJT log shows it installed and with no missing files.

Geri

 

Just so you'll know, P2P file sharing is not a good idea, It is a very good way to get infected.
I would refrain from doing this.

Geri

 

Hi

Could you tell me what this is for?
"Automatic LiveUpdate Scheduler - Symantec Corporation "

What if any Symantec or Norton programs do you have?

Geri

 

Hi Geri, Well I downloaded bfu and I TRYED to get to http://metallica.geekstogo.com/xpcom...planation.html
but I got 404 - Not found and I was using F-secure until it stopped showing up in my toolbar..I don't know if it's working or not and it came free with my internet. And as for Automatic LiveUpdate Scheduler - Symantec Corporation I always thought that belonged to Windows Live Messenger

 

Hi AshesOfTheWake

OK, The link confuses me? If I click on the one you posted, I also get the 404 message. When I click on the one I posted it takes me to the web site?

So here it is again, so try this one.
http://metallica.geekstogo.com/xpcompressedexplanation.html

Now a few more questions.
If you get the wareout tool to run please post the log and let me know how it went and if it helped your internet problem.

Also, Is the virus protection you received from your IP on a disk that you could reinstall if it is not working? or a download from their site?

To check and see it your AV is working go here....
http://eicar.com/anti_virus_test_file.htm

Download the file "eicar.com" to your desktop and then scan that file with your AV, It should detect it as a virus and quarantaine it.

Read the web site before doing this, so you know what could and will happen.

No it is not part of messenger. When you bought your computer did it have Norton AV already installed on it?

Geri

 

Hey Geri, Firstly here is my wareout tool report and it didn't fix my internet problem, still slow as ever.


Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.


And I can download my AV off their site but I didn't choose to test to see if it was working because I was unsure if I wanted to be responsable for any damage done to my computer... And I did have a 3 month Norton AV trial installed at one point but I deleted it. My computer did not come with a AV... I think

 

Hi

OK Lets run this and see if it shows us anything...

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Geri

 

Hey Geri, here's my combofix log

Owner - 06-10-21 12:11:21.56 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner\Desktop "

((((((((((((((((((((((((((((((( Files Created from 2006-09-21 to 2006-10-21 ))))))))))))))))))))))))))))))))))


2006-10-15 16:39 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-10-15 16:39 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-10-15 16:39 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-10-15 16:39 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-10-15 16:39 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-10-15 16:39 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2006-10-15 16:38 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-10-09 14:19 70,224 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2006-10-09 14:19 33,840 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2006-10-09 14:19 1,716,224 --a------ C:\WINDOWS\system32\winsflte.dll
2006-10-09 14:19 1,236,992 --a------ C:\WINDOWS\system32\cfgmig32.dll
2006-10-09 14:19 1,187,840 --a------ C:\WINDOWS\system32\winsflt.dll
2006-10-09 14:07 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-9867844L.exe
2006-10-06 11:54 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-10-05 15:35 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2006-10-05 15:31 94,208 -ra------ C:\WINDOWS\system32\HPZipt12.dll
2006-10-05 15:31 65,536 -ra------ C:\WINDOWS\system32\HPZipm12.exe
2006-10-05 15:31 61,440 -ra------ C:\WINDOWS\system32\HPZinw12.exe
2006-10-05 15:31 57,344 -ra------ C:\WINDOWS\system32\HPZisn12.dll
2006-10-05 15:31 50,960 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2006-10-05 15:31 237,624 -ra------ C:\WINDOWS\system32\HPZidr12.dll
2006-10-05 15:31 172,032 -ra------ C:\WINDOWS\system32\HPZipr12.dll
2006-10-05 15:31 16,080 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2006-10-05 15:30 237,568 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2006-10-05 15:30 22,384 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2006-10-05 15:19 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-05 15:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-18 17:47 -------- d-------- C:\Program Files\HJT
2006-10-17 07:38 -------- d-------- C:\Program Files\McAfee
2006-10-15 18:27 -------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2006-10-15 18:26 -------- d-------- C:\Program Files\Grisoft
2006-10-15 16:30 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-15 16:30 -------- d-------- C:\Program Files\Electronic Arts
2006-10-14 22:40 -------- d---s---- C:\Program Files\Xfire
2006-10-13 22:14 -------- d-------- C:\Program Files\Google
2006-10-13 12:06 -------- d-------- C:\Program Files\New Folder
2006-10-10 22:01 -------- d-------- C:\Program Files\Debugging Tools for Windows
2006-10-09 16:00 -------- d-------- C:\Program Files\Lavasoft
2006-10-09 16:00 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-10-09 15:44 -------- d-------- C:\Program Files\CleanUp!
2006-10-09 14:18 -------- d-------- C:\Program Files\COGECO Security Services
2006-10-09 13:32 -------- d-------- C:\Program Files\Diablo II
2006-10-08 19:50 -------- d-------- C:\Program Files\Groove Games
2006-10-08 14:07 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-10-06 23:18 -------- d-------- C:\Program Files\Microsoft Games
2006-10-06 16:12 -------- d-------- C:\Program Files\SwiftSwitch
2006-10-05 15:37 -------- d-------- C:\Documents and Settings\Owner\Application Data\Hewlett-Packard
2006-10-05 15:35 -------- d-------- C:\Program Files\Hewlett-Packard
2006-10-05 15:33 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-10-05 15:33 -------- d-------- C:\Program Files\Common Files
2006-10-02 17:54 -------- d-------- C:\Program Files\iTunes
2006-10-02 17:54 -------- d-------- C:\Program Files\iPod
2006-10-02 17:52 -------- d-------- C:\Program Files\QuickTime
2006-10-02 17:51 -------- d-------- C:\Program Files\Apple Software Update
2006-09-28 15:36 -------- d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2006-09-26 11:56 -------- d-------- C:\Program Files\GameSpy Arcade
2006-09-19 15:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-10 20:38 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-01 13:15 -------- d-------- C:\Program Files\MSN Messenger
2006-08-31 14:53 -------- d-------- C:\Program Files\EA GAMES
2006-08-31 13:52 -------- d-------- C:\Program Files\WinRAR
2006-08-30 14:56 -------- d-------- C:\Program Files\Roger Wilco
2006-08-28 14:21 -------- d-------- C:\Program Files\ICQLite
2006-08-28 14:19 -------- d-------- C:\Documents and Settings\Owner\Application Data\F-Secure
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 16:59 -------- d-------- C:\Program Files\Dreamcatcher
2006-08-23 15:52 -------- d-------- C:\Documents and Settings\Owner\Application Data\PEX
2006-08-23 15:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\ispnews
2006-08-23 14:34 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-23 14:32 -------- d-------- C:\Program Files\Symantec
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam "=" "
"MessengerPlus3 "= "\ "C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart "
"MSMSGS "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"msnmsgr "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
"swg "= "C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl "= "\ "C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\" "
"NeroFilterCheck "= "C:\\WINDOWS\\system32\\NeroCheck.exe "
"ATICCC "= "\ "C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"F-Secure Manager "= "\ "C:\\Program Files\\COGECO Security Services\\Common\\FSM32.EXE\" /splash "
"F-Secure TNB "= "\ "C:\\Program Files\\COGECO Security Services\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW "
"F-Secure Startup Wizard "= "\ "C:\\Program Files\\COGECO Security Services\\FSGUI\\FSSW.EXE\" /reboot "
"News Service "= "\ "C:\\Program Files\\COGECO Security Services\\FSGUI\\ispnews.exe\" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange "= "1 "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,a2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001
"InstallVisualStyle "=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme "=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "=" "
"hkey "= "HKLM "
"command "=" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "zHotkey "
"hkey "= "HKLM "
"command "= "zHotkey.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ehtray "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\ehome\\ehtray.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "hkcmd "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\hkcmd.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ICQLite "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "igfxtray "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\igfxtray.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "IntelAudioStudio "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Intel Audio Studio\\IntelAudioStudio.exe\" BOOT "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "igfxpers "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\igfxpers.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RECGUARD "
"hkey "= "HKLM "
"command "= "%WINDIR%\\SMINST\\RECGUARD.EXE "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Remind_XP "
"hkey "= "HKLM "
"command "= "%WINDIR%\\Creator\\Remind_XP.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "sttray "
"hkey "= "HKLM "
"command "= "sttray.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "shwiconem "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Digital Media Reader\\shwiconem.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1160076936.job
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 06-10-21 12:12:07.50
C:\ComboFix.txt ... 06-10-21 12:12

 

Hi AshesOfTheWake

I don't see anything malicious, But I asked TeMerc to look it over also. I will let you know what he says.

In the mean time I think I would contact your ISP and see what they say about your connection speed.

I also would go through your start up list and the web site I posted before and check what you don't need at start up.

I'll let you know what TeMerc says.

Geri

 

Hi AshesOfTheWake

Well TeMerc also looked over the log and didn't find anything.

So this problem is not malware related. I would post in the "General Internet" form here The people there are more able to deal with internet problems, or contact you ISP.

There are a few things left to do here.

You can delete any tool you downloaded....Wareout, combofix.

Your system restore points are infected so,

We need to turn off and on system restore.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
Make a new restore point.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
   
6. ATF Cleaner by Atribune.
   This program is for XP and Windows 2000 only
   Cleans temporary files
   
7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
   
9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Surf Safely
Geri

 

Hey Geri, thanks for all your help, means a bunch that you'd take the time to help me out anyway I did turn off and on my restore points and made a new one. I sent an email to my internet provider but I haven't gotten anything yet. And I will take your advice and take those links to keep my computer malware-free and thanks again

 

Hi AshesOfTheWake

Glad to help out. I would post on our General Internet forms while your waiting for your ISP, They could have a answer.

Geri