Amaena / Broadcaster.com Virus

Hello everybody. I was traying to fix my problem but i couldn´t.

I let you my Logfile of HijackThis v1.99.1. If you can help me i would apppreciate. (Sorry by the english)

Logfile of HijackThis v1.99.1
Scan saved at 10:28:55 a.m., on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NVATray.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\ARCHIV~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Archivos de programa\TuneUp Utilities 2007\MemOptimizer.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\No-IP\DUC20.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Hijackthis\HJT.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: MSEvents Object - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\gebyawx.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {914E21CD-21B8-444A-9FB7-F60870AE3E06} - C:\WINDOWS\system32\ddayv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: (no name) - {AAAD468C-CA3E-4E94-B437-B9C904F571Db} - C:\WINDOWS\system32\tcahooqn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Barra de Herramientas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar\01.01.1601.0\msgr.es.es-la\msntb.dll
O3 - Toolbar: Asistente para Internet de Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\ARCHIV~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\gakrwckk.dll ",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Archivos de programa\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - Startup: No-IP DUC.lnk = C:\Archivos de programa\No-IP\DUC20.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {462D5053-2D60-4022-B583-7E34AA0F90B7} (ExPopupMenu ActiveX Control) - https://marketplace.deloitte.com/marketplace/Downloads/ExPMenu.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://napolif.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {E796C089-509F-43A8-994F-6AA840171ECF} (DPFileTransferServer.FileDownload) - https://www.deloitteaudit.com/HTML/DPFileTransferServer.CAB
O16 - DPF: {F757B9F8-26DD-46BE-B57A-73A4744B7AFB} (DPFileTransferServer.FileUpload) - https://www.deloitteaudit.com/HTML/DPFileTransferServer.CAB
O16 - DPF: {FAE28553-6D86-4EFB-ACA9-05A8ACEBDEE4} (Explorador de Fotos Rollpix v2.0) - http://www.imagena.com/MisFotos/ExploradorNuevo/Exploradorv20.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\mltext35.dll (file missing)
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll
O20 - Winlogon Notify: gebyawx - C:\WINDOWS\SYSTEM32\gebyawx.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Archivos de programa\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

 

While waiting for the "Mavens ".

Cleanup with atf-cleaner http://www.atribune.org/content/view/25/2/

the following are generally recognised as being at the top

Its free
http://www.superantispyware.com/

A 2 week fully working trial
http://www.sunbelt-software.com/Home-Home-Office/CounterSpy/Download/

Very deep scan, if it pauses wait it will tell you when it is complete. Requires no installation just run it
ftp://ftp.microworldsystems.com/download/tools/mwav.exe

All in safe mode then reboot and send them a new HJT log.

Bob

 

Hello and welcome to the forums fbnapoli.

Please disregard the advice offered by bbobbins. Downloading those tools will not clean you at all.

What you have here appears to be a Vundo infection.

What you have there is a Vundo infection, please do as instructed below.
Please download VundoFix.exe to your desktop.

• Double-click *VundoFix.exe* to run it.
• Click the *Scan for Vundo* button.
• Once it's done scanning, click the *Remove Vundo* button.
• You will receive a prompt asking if you want to remove the files, click *YES*
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click *OK*.
• Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when
VundoFix appears at reboot.

bbobins as we well appreciate your efforts to offer advice, the malware landscape is no longer a 'run this scanner and that scanner, clean out your temps' kind of thing any longer. Specific infections require some specific tools.

 

Thank you TeMerc.

Here I let you the VundoFix report and the new HijackThis. After de reboot i got this message at start "RUNDLL Error to load : C:\WINDOWS\system32\gakrwckk.dll" Just in case..
Thanks agian

VUNDO



VundoFix V6.3.18

Checking Java version...

Sun Java not detected
Scan started at 05:44:48 a.m. 28/03/2007

Listing files found while scanning....


VundoFix V6.3.18

Checking Java version...

Sun Java not detected
Scan started at 05:46:34 a.m. 28/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\cbxywwt.dll
C:\WINDOWS\system32\gakrwckk.dll
C:\WINDOWS\system32\gebyawx.dll
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\hggffcb.dll
C:\WINDOWS\system32\kkcwrkag.ini
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.tmp
C:\WINDOWS\system32\oljetyqu.dll
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\tuvspmj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxywwt.dll
C:\WINDOWS\system32\cbxywwt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gakrwckk.dll
C:\WINDOWS\system32\gakrwckk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gebyawx.dll
C:\WINDOWS\system32\gebyawx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\geeda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggffcb.dll
C:\WINDOWS\system32\hggffcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kkcwrkag.ini
C:\WINDOWS\system32\kkcwrkag.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.tmp
C:\WINDOWS\system32\mlnmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\oljetyqu.dll
C:\WINDOWS\system32\oljetyqu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnlm.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tuvspmj.dll
C:\WINDOWS\system32\tuvspmj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbxywwt.dll
C:\WINDOWS\system32\cbxywwt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gakrwckk.dll
C:\WINDOWS\system32\gakrwckk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyawx.dll
C:\WINDOWS\system32\gebyawx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oljetyqu.dll
C:\WINDOWS\system32\oljetyqu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnlm.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tuvspmj.dll
C:\WINDOWS\system32\tuvspmj.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.3.18

Checking Java version...

Sun Java not detected
Scan started at 02:51:15 p.m. 02/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\gebyawx.dll
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyawx.dll
C:\WINDOWS\system32\gebyawx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebyawx.dll
C:\WINDOWS\system32\gebyawx.dll Has been deleted!

Performing Repairs to the registry.
Done!

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 03:43:48 p.m., on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NVATray.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\ARCHIV~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Archivos de programa\TuneUp Utilities 2007\MemOptimizer.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\No-IP\DUC20.exe
C:\Archivos de programa\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Hijackthis\HJT.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {914E21CD-21B8-444A-9FB7-F60870AE3E06} - C:\WINDOWS\system32\ddayv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: (no name) - {AAAD468C-CA3E-4E94-B437-B9C904F571Db} - C:\WINDOWS\system32\tcahooqn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Barra de Herramientas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar\01.01.1601.0\msgr.es.es-la\msntb.dll
O3 - Toolbar: Asistente para Internet de Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\ARCHIV~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\gakrwckk.dll ",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Archivos de programa\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - Startup: No-IP DUC.lnk = C:\Archivos de programa\No-IP\DUC20.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {462D5053-2D60-4022-B583-7E34AA0F90B7} (ExPopupMenu ActiveX Control) - https://marketplace.deloitte.com/marketplace/Downloads/ExPMenu.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://napolif.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {E796C089-509F-43A8-994F-6AA840171ECF} (DPFileTransferServer.FileDownload) - https://www.deloitteaudit.com/HTML/DPFileTransferServer.CAB
O16 - DPF: {F757B9F8-26DD-46BE-B57A-73A4744B7AFB} (DPFileTransferServer.FileUpload) - https://www.deloitteaudit.com/HTML/DPFileTransferServer.CAB
O16 - DPF: {FAE28553-6D86-4EFB-ACA9-05A8ACEBDEE4} (Explorador de Fotos Rollpix v2.0) - http://www.imagena.com/MisFotos/ExploradorNuevo/Exploradorv20.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\mltext35.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Archivos de programa\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

 

OK, looks like we have a few left overs.

Download the Killbox from here and save it to the desktop.

• Double-click the KillBox icon on your desktop to open it
• Select "Delete on Reboot "
• Then select "All files ".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\tcahooqn.dll
C:\WINDOWS\system32\gakrwckk.dll
C:\WINDOWS\system32\mltext35.dll

Return to Killbox

• Go to the File menu, and choose "Paste from Clipboard ".
• Click the red-and-white [Delete File] button.
• Click "Yes" at the Delete on Reboot prompt. Click "No" at the 'Pending Operations' prompt.

Do not allow a reboot yet.


Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)

O2 - BHO: (no name) - {914E21CD-21B8-444A-9FB7-F60870AE3E06} - C:\WINDOWS\system32\ddayv.dll (file missing)

O2 - BHO: (no name) - {AAAD468C-CA3E-4E94-B437-B9C904F571Db} - C:\WINDOWS\system32\tcahooqn.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)


O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\gakrwckk.dll ",setvm


O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


O16 - DPF: {462D5053-2D60-4022-B583-7E34AA0F90B7} (ExPopupMenu ActiveX Control) - https://marketplace.deloitte.com/mar...ds/ExPMenu.cab


O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\mltext35.dll (file missing)


O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\


Reboot system post new HJT and advise of any problems please.

 

Here is the new Hijackthis report. Until now the problem has disapeared.Thanks for the help, your work is excelent.

Logfile of HijackThis v1.99.1
Scan saved at 08:45:07 p.m., on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NVATray.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\ARCHIV~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\TuneUp Utilities 2007\MemOptimizer.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\No-IP\DUC20.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\Hijackthis\HJT.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Barra de Herramientas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar\01.01.1601.0\msgr.es.es-la\msntb.dll
O3 - Toolbar: Asistente para Internet de Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\ARCHIV~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Archivos de programa\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - Startup: No-IP DUC.lnk = C:\Archivos de programa\No-IP\DUC20.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://napolif.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {E796C089-509F-43A8-994F-6AA840171ECF} (DPFileTransferServer.FileDownload) - https://www.deloitteaudit.com/HTML/DPFileTransferServer.CAB
O16 - DPF: {F757B9F8-26DD-46BE-B57A-73A4744B7AFB} (DPFileTransferServer.FileUpload) - https://www.deloitteaudit.com/HTML/DPFileTransferServer.CAB
O16 - DPF: {FAE28553-6D86-4EFB-ACA9-05A8ACEBDEE4} (Explorador de Fotos Rollpix v2.0) - http://www.imagena.com/MisFotos/ExploradorNuevo/Exploradorv20.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Archivos de programa\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Archivos de programa\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

 

Ok, that log looks good(one minor line to fix), and glad to hear things are running properly.

Run HJT and fix the following line:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

Reboot, no need to repost, it should be gone and even if it's not, it's no threat.

We have 3 more things to do, mostly maintenance and then our recommendations:

Empty the TIF (Temporary Internet Files)
Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
The app below will help with temp files.
Index.dat Suite

Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion. It is very rare that anything significant is ever found.

Here is a link which describes how security apps work with WIN XP machines.
XP User Accts Security Apps Operation

To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

SpywareBlaster
With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

To avoid known malware infested sites from loading in IE install IESPY ADS.
And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

And to prevent unknown applications from being inserted to start up on your machine install WinPatrol 2007 v11.1.2007.

Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

Links for tutorials for all the apps I mentioned can be found on my site as well.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Subscribe to update alerts for all the above security apps here.

You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
TeMerc Test Box Forum

Happy surfing!!
Tom