Mendoza Trojan Dropper [HijackThis Log]

Following is the output.

---------------------------
Start Time= 27/07/2006 19:05:20.66
Running from: C:\Documents and Settings\Test\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-16 16:54:42 39437 ( ..... ) "C:\WINDOWS\system32\efcbywu.dll "
2006-07-08 15:22:54 83208 ( A.... ) "C:\WINDOWS\system32\S32EVNT1.DLL "
2006-06-25 08:00:00 ( .D... ) "C:\Documents and Settings\Test\Application Data\Lavasoft "
2006-06-25 07:58:00 ( .D... ) "C:\Program Files\SpywareBlaster "
2006-06-25 07:57:18 ( .D... ) "C:\Program Files\Lavasoft "
2006-06-17 04:58:54 91563 ( A...R ) "C:\WINDOWS\system32\telcoms.exe "
2006-06-10 06:14:58 ( .D... ) "C:\Program Files\corn link memo "
2006-06-10 05:49:38 24576 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll "
2006-06-07 18:55:52 3753 ( A.... ) "C:\Program Files\html2.htm "
2006-06-07 18:55:52 3626 ( A.... ) "C:\Program Files\html1.htm "
2006-06-03 17:28:44 ( .D... ) "C:\Program Files\HFXP "
2006-03-21 11:58:40 262144 ( A.... ) "C:\Program Files\NTUSER.DAT "
2006-03-21 11:58:40 1024 ( A..H. ) "C:\Program Files\NTUSER.DAT.LOG "
2006-03-21 11:55:36 262144 ( A.... ) "C:\Program Files\NTUSER.DAT.RMC.backup "


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-16 16:54 39,437 C:\WINDOWS\system32\efcbywu.dll
2006-06-17 04:58 91,563 C:\WINDOWS\system32\telcoms.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1 "= "C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 "
"MSPY2002 "= "C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC "
"PHIME2002ASync "= "C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC "
"PHIME2002A "= "C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName "
"NvCplDaemon "= "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize "
"00THotkey "= "C:\\WINDOWS\\System32\\00THotkey.exe "
"000StTHK "= "000StTHK.exe "
"Tpwrtray "= "TPWRTRAY.EXE "
"TFncKy "= "TFncKy.exe /Type 20 "
"TosHKCW.exe "= "\ "C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe\" "
"TFNF5 "= "TFNF5.exe "
"Apoint "= "C:\\Program Files\\Apoint2K\\Apoint.exe "
"TouchED "= "C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe "
"CyberArmorLoader "= "pcsldr.exe "
"PC-Duo System Snapshot "= "C:\\PCD32\\CLBOOT32.EXE "
"windows auto update "=" "
"Microsoft Works Update Detection "= "C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe "
"SpyHunter "=" "
"vptray "= "C:\\Program Files\\NavNT\\vptray.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe "= "C:\\WINDOWS\\System32\\ctfmon.exe "
"RealPlayer "= "\ "C:\\Program Files\\Real\\RealOne Player\\realplay.exe\" /RunUPGToolCommandReBoot "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Telecoms Center "= "telcoms.exe "

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Microsoft Telecoms Center "= "telcoms.exe "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} "=" "



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A2C88CAC919F007C.job

Completion time: 27/07/2006 19:05:35.30
ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-27.190520.txt
--------------------------------------

 

OK, I'm thinking its the telcoms.exe

1) Please download the Killbox.
Save it to the desktop and run it.

2) Select "Delete on Reboot ", and then select "All files ".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\telcoms.exe
C:\WINDOWS\system32\efcbywu.dll
C:\WINDOWS\system32\rmoc3260.dll
C:\Program Files\html2.htm
C:\Program Files\html1.htm
C:\Program Files\corn link memo


4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard ".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Reboot the PC, repost a fresh HJT log file please.

Also, you may want to uninstall SpyHunter, it's rep is less than stellar.

 

Following is the HJT log

-------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 16:42:58, on 30/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PCD32\Client32.exe
C:\PROGRA~1\CYBERA~1\casvc.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\progra~1\notes\ntmulti.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
c:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gd.db.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe "
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [CyberArmorLoader] pcsldr.exe
O4 - HKLM\..\Run: [PC-Duo System Snapshot] C:\PCD32\CLBOOT32.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://gd.db.com
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://dbrasweb-hh1.uk.db.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E10F5D1-B3E1-4BC2-8E6F-DD859F10F66F} (CAgentLauncher Class) - http://rctoolbox2.uk.db.com/dbras-compliance/cgagent/web/ie/CGAgentATL.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B2FB195-3A7B-4768-AB73-AD8A4F02BEAF}: NameServer = 192.168.1.1,61.1.96.71
O20 - AppInit_DLLs: cahooknt.dll
O23 - Service: Client32 - Productive Computer Insight Ltd - C:\PCD32\Client32.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - Unknown owner - C:\PROGRA~1\CYBERA~1\casvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\progra~1\notes\ntmulti.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-------------------------------

 

OK, that appears to have been made in 'safe mode', if so, please give me a fresh log in 'normal mode' so we can see everything that loads up.

Are you experiencing any more problems?

 

Not facing any more problems like the ones encountered before, but would like to know whats the preventive option on this going forward. Also one other thing, if you could help - whenever I go to the user accounts in the control panel - I get an error - "Wrong number of arguements or invalid property assigned ". Not sure why I get this error. Thanks a lot for all the help so far.

Attached is a fresh log of HJT :

--------------------
Logfile of HijackThis v1.99.1
Scan saved at 19:26:26, on 03/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PCD32\Client32.exe
C:\PROGRA~1\CYBERA~1\casvc.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\progra~1\notes\ntmulti.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
c:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gd.db.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe "
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [CyberArmorLoader] pcsldr.exe
O4 - HKLM\..\Run: [PC-Duo System Snapshot] C:\PCD32\CLBOOT32.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://gd.db.com
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://dbrasweb-hh1.uk.db.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E10F5D1-B3E1-4BC2-8E6F-DD859F10F66F} (CAgentLauncher Class) - http://rctoolbox2.uk.db.com/dbras-compliance/cgagent/web/ie/CGAgentATL.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{408D495B-8713-49BF-9262-504777F001D6}: NameServer = 218.248.255.145 61.1.96.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B2FB195-3A7B-4768-AB73-AD8A4F02BEAF}: NameServer = 192.168.1.1,61.1.96.71
O20 - AppInit_DLLs: cahooknt.dll
O23 - Service: Client32 - Productive Computer Insight Ltd - C:\PCD32\Client32.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - Unknown owner - C:\PROGRA~1\CYBERA~1\casvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\progra~1\notes\ntmulti.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
---------------------

 

OK, looks like everything is looking good, except of course you are way out of date with your OS patches, I strongly suggest you go and update immediately or risk getting reinfected almost as soon as you hit the Net.

For the error your having with the user accounts, try the fix on this page

We have 3 more things to do, to help ensure you have removed all the little 'leftovers' which may be hiding:

Empty the TIF (Temporary Internet Files)
Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
The app below will help with temp files.
Index.dat Suite

Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion.

Here is a link which describes how security apps work with WIN XP machines.
XP User Accts Security Apps Operation

To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

SpywareBlaster
With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

To avoid known malware infested sites from loading in IE install IESPY ADS.
And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.1.

Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

Links for tutorials for all the apps I mentioned can be found on my site as well.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Subscribe to update alerts for all the above security apps here.

You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
TeMerc Test Box Forum

Happy surfing!!
Tom

 

Thanks for the detailed info on preventive options. I have done most of the things suggested.

The problem with the User Accounts still exists even after trying the link that was suggested. Any other ideas on that one? Also I tried to install the latest windows updates and the Service Pack 2 could not install successfully due to an internal error. Not sure what is the issue with that one.

 

That was my best guess on the error, I would suggest you post something over in the Windows XP forum, the users there are more knowledgeable about those things. I'm just the resident malware killer.

Due to resolution this topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.