Stops A.V.programs. redirects IE away from A.V.sites

I am very grateful to have found this website and people willing to help. I bought this HP Pavillion ze4100 used. I believe just before I purchased it they surfed the web with no protection. I first ran Advanced System Care which I had copied onto a CD as I had no Internet at the time and it did make the laptop shut down quicker and run better. I then temporarily hooked in to my home router with a patch cord and downloaded AVG anti virus from Download.com, tried to install and could not open the file. I also downloaded something called Avenger but didn't use it and I remembered seeing that in my program files, first folder said avenger and inside was something called sdra64.exe, in more searching I found sdra64.exe was probably a malicious program or virus.Downloaded some more malware programs Malwarebytes etc. Couldn't run any of them, more research on the web and came across some help that said if you can't run Malwarebytes (mbam) rename it "winlogon.exe" which I did and it actually worked and found some infected files which I deleted looked in program files and first folder, avenger and sdra64.exe were gone. No malware program or anti virus was really fixing the problem though couldn't run them unless I named them "winlogon.exe" so I ran the recovery discs that came with the laptop because I read it would restore it to factory new settings with no problems (viruses) which it seemed to do, everything was running very good. I got a wireless adaptor and downloaded Avira Anti virus (free) Iobit security 360, Pc Doctor, malwarebytes wanted no more trouble was good for two days then it all started again couldn't run malwarebytes the avira umbrella would be in the tray closed up if I ran my cursor over it, it would disappear and if I try to go to most any anti virus website IE would just disappear, gone! Thank you in advance for taking the time to look at this stuff and I hope I have given you something to help your effort.
Thanks
rickytick


DDS (Ver_09-09-24.01) - NTFSx86
Run by Rick at 20:19:31.32 on Fri 09/25/2009
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.188 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\RangeBooster G WNA-2330\acs.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Documents and Settings\Rick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://srch-us4nb.hpwis.com/
uDefault_Search_URL = hxxp://srch-us4nb.hpwis.com/
uSearch Bar = hxxp://srch-us4nb.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/info/e-center-p
uInternet Settings,ProxyOverride = hxxp://localhost;
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: &hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [Sup_SmartRAM.exe] c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [CARPService] carpserv.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QT4HPOT] c:\progra~1\utilit~1\one-to~1\OneTouch.EXE
mRun: [Presentation Ready] c:\program files\utilities\presentation ready\PresRdy.exe -r
mRun: [hp Silent Service] c:\windows\system32\HpSrvUI.exe
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\winlogon.exe.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~2\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252717418609
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab
DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: fbfaddcdfbfd - c:\windows\system32\fbfaddcdfbfd.dll

============= SERVICES / DRIVERS ===============

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-9-11 22360]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-23 206256]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-9-11 45416]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-11 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-11 185089]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-9-12 305936]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-23 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-23 1097096]
R3 CALIAUD;HP ALI 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [1980-1-1 321504]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [1980-1-1 225504]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [1980-1-1 16512]
S0 add0fe9df8dbb4099046bde46aeab4e8;add0fe9df8dbb4099046bde46aeab4e8;c:\windows\system32\add0fe9df8dbb4099046bde46aeab4e8.sys --> c:\windows\system32\add0fe9df8dbb4099046bde46aeab4e8.sys [?]
S3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [1980-1-1 26112]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;c:\windows\system32\drivers\Express.sys [1980-1-1 57344]

=============== Created Last 30 ================


==================== Find3M ====================

2009-09-25 19:21 2,048 a--s---- c:\windows\bootstat.dat
2009-09-25 19:21 527,486,976 a--sh--- C:\hiberfil.sys
2009-09-25 19:21 792,723,456 a--sh--- C:\pagefile.sys
2009-09-24 23:43 2,097,152 a---h--- c:\documents and settings\rick\NTUSER.DAT
2009-09-22 19:21 312,172 a------- c:\windows\system32\perfh009.dat
2009-09-22 19:21 40,394 a------- c:\windows\system32\perfc009.dat
2009-09-22 19:20 17,801 a------- c:\windows\system32\drivers\AegisP.sys
2009-09-13 23:56 6,009 a------- c:\program files\INSTALL.LOG
2009-09-13 10:19 238,352 a------- c:\windows\system32\FNTCACHE.DAT
2009-09-11 22:46 262,144 a------- c:\documents and settings\all users\NTUSER.DAT
2009-09-11 22:12 4,286 a------- c:\windows\pchealth\helpctr\packagestore\SkuStore.bin
2009-09-11 22:12 97,119 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-11 22:09 9,492 a------- c:\windows\pchealth\helpctr\config\Cntstore.bin
2009-09-11 21:58 47,564 a--shr-- C:\NTDETECT.COM
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 18,520 a------- c:\windows\system32\drivers\mbam.sys
2009-08-28 14:38 24,689,600 a------- c:\windows\system32\MRT.exe
2009-08-24 14:05 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-19 11:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-14 06:58 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-08-13 11:16 512,000 a------- c:\windows\system32\jscript.dll
2009-08-13 11:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 00:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-29 00:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-29 00:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-19 19:03 3,597,824 a------- c:\windows\system32\mshtml.dll
2009-07-19 19:03 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 a------- c:\windows\system32\ieframe.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-14 07:03 46,080 -------- c:\windows\system32\tzchange.exe
2009-07-13 02:18 233,472 -------- c:\windows\system32\wmpdxm.dll
2009-07-13 02:18 233,472 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 02:18 4,960,256 -------- c:\windows\system32\wmp.dll
2009-07-13 02:18 4,960,256 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 09:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-29 07:07 13,824 a------- c:\windows\system32\ieudinit.exe
2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 07:07 70,656 -------- c:\windows\system32\ie4uinit.exe
2009-06-29 07:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 04:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 04:33 2,452,872 a------- c:\windows\system32\ieapfltr.dat
2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 04:33 161,792 -------- c:\windows\system32\ieakui.dll
2009-06-29 04:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
1998-02-10 17:34 128,000 a------- c:\program files\UNWISE.EXE
2001-08-18 08:00 94,784 a--sh--- c:\windows\twain.dll
2004-08-04 03:56 50,688 a--sh--- c:\windows\twain_32.dll
2004-08-04 03:56 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2004-08-04 03:56 54,784 a--sh--- c:\windows\system32\msvcirt.dll
2004-08-04 03:56 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2004-08-04 03:56 11,776 a--sh--- c:\windows\system32\regsvr32.exe

============= FINISH: 20:21:33.83 ===============

Hi just wanted to let somebody know that I couldn't wait any longer to get an answer on this problem. I know You guys must be really swamped I first posted this 09/25/09 and it is now 10/12/09. So, I ran the recovery discs that came with the computer had to re-install everything but it got rid of the virus. Thank you very much for your time and consideration and I am sure I will be back to visit your website again as you have alot of interesting info.

Hello rickytick,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.:

Please take the time to read below to secure your machine and take the necessary steps to keep it Clean, some of the following you may already have, So. just disregard them.

• Make sure that you keep your anti-virus updated
  New viruses come out every minute, so it is essential that you have the latest signatures for your anti-virus program to provide you with the best possible protection from malicious software.
  Note: You should only have one anti-virus installed at a time. Having more than one anti-virus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  
• Install and use a firewall with outbound protection
  The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
  Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  
• Security Updates for Windows, Internet Explorer & Microsoft Office
  Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
  Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  
• If you are using Windows XP or earlier
  Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  
  
• Secure Your Software: Update Non-Microsoft Programs:
  
  Microsoft isn't the only company whose products can contain security vulnerabilities.
  
  Is your computer really secure? If you have antivirus software, malware scanners and a firewall, you might think you'e safe from hackers, crackers and identity thieves. But chances are, you're missing one critical piece of the security puzzle. Read on to learn how to secure your software and truly lock down your computer:
  
  What's the Missing Link in Computer Security?
  
  You may feel safe behind a firewall and anti-virus software. But you're not. Bad guys can still get to your personal information stored on your computer, and even take over your computer and run it as if it was their own. The gap in your armor? It's the application software you use every day. Let's look at just one recent example.
  
  Do you ever read Adobe PDF files, in your browser or with Adobe Reader after downloading? Tens of millions of people do; PDF is one of the most widely used file formats. In July 2009, hackers found a way to embed malware in PDF files using the equally popular Adobe Flash animation format. Even anti-virus software developers like Symantec were caught off-guard by this obscure vulnerability. New vulnerabilities are discovered in application software every hour, it seems.
  
  Software developers issue patches and updates that close these doors to hackers in a never-ending game of Whack-A-Mole. Vulnerability pops up here, hit it with a patch. Another pops up over there, hit it with another patch. Developers provide the patches, but it's up to you, the end user, to whack the moles.
  Staying on Top of Application Security
  
  It's vital to keep all your software up to date with the latest patches and upgrades. But the average computer holds about 80 application programs! How can you keep up with it all?
  
  _First, concentrate on the programs that are most often targeted by bad guys. They are the most commonly used programs: Microsoft Office, Adobe Reader, Internet Explorer, etc. The more people there are using a program, the more targets there are for a hacker's arrows. Naturally, the hacker goes after the biggest potential "market" for his malware.
  
  _Second, activate automatic update
  features when they are available. Then your software will check its home site for patches and upgrades every day, or week, or whatever. It can download and install updates without bothering you at all, or tell you when updates are available and give you the choice of when to install them.
  
  Some security experts tell you to turn off automatic updates because a connection to a server is an open line through which hackers can invade your computer. But turning off auto-update closes one door while leaving untold numbers of others wide open. Who are you kidding? You're not going to remember to check for updates manually on a regular basis. You'll let it slide until your software is so outdated it contains dozens of vulnerabilities. Leave auto-update on and let the software remember for you.
  
  _Third, you can check all the software on your computer for vulnerabilities using something like the Secunia Personal Software Inspector (PSI). This free program comes from a trusted security site, and scans your software for known vulnerabilities. It will tell you which programs need updating and provide links to sites where you can download patches.
  
  I ran PSI while researching the issue of software security, and I was very surprised by the results. I have security software in place, and I thought I was keeping up with all my patches. I felt pretty confident about the security of my computer. But PSI flagged Adobe Reader, Flash, Skype, iTunes, QuickTime, Java and a few others as needing updates. At least SIX of the vulnerabilities were marked Critical, meaning that under certain circumstances, an Evil Hacker could exploit them to gain complete control over my computer. Yikes.
  
  Bottom line... the software you use every day is the biggest source of danger to your personal information. Keeping your software up to date is your best defense. You cannot afford to let vulnerabilities go unpatched.
  
  
• Make Internet Explorer More Secure
  You are using Internet Explorer, Therefore please read and follow the recommendations at this SITE
  
• Backup regularly.
  You never know when your PC will become unstable or get infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.
  Alternatively, you can use 3rd-party programs to back up your data. It can be found at Bleeping Computer.
  
  
• To stay secure is to stay updated.
  Calendar of Updates.

=============================***=============================

Recommended Programs:

To help protect your computer in the future I would recommend the download and installation of some or all of the following free programs (if not already present), and the updating of them on a regular basis:.

• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE.
• WinPatrol
  As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  
• McAfee Site Advisor --free version.
  To give you an indication of which sites may contain bad links or suspect downloads. It loads an icon to the taskbar of your browser (versions for IE and Firefox), As you browse, a small button on your browser toolbar changes color based on SiteAdvisor's safety results indicating the trustworthiness of the site you are on. Green for safe and Red for suspicious. Click on the icon to access details that SiteAdvisor has about the site. It also gives the same colour indications in the results page when you do a Google search, making it easier to decide which sites are safe to visit. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. Safety ratings from McAfee SiteAdvisor appear next to search results. Works with Google, Yahoo!, Live Search, AOL or ASK.
  This is a utility that can be downloaded and installed it from: HERE
  
• ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• SpywareBlaster
  SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
  
• TFC: (Temp File Cleaner) Good temp file cleaner that could do the job safely and without removing files that are crucial to windows.
  TFC will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  (TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
  You can download this utility from: HERE
  NOTE:
  _It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  
• Malwarebytes' Anti-Malware or SuperAntiSpyware
  These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
  You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
  You can download SuperAntiSpyware from HERE.
  
• Hosts File - Hosts file is one such file that can be used to replace the Hosts file on your computer and help you to avoid accidentally visiting known nasty web sites.
  For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  
  Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
  If this isn't done first, the next reboot may take a VERY LONG TIME.
  This is how to do it. First be sure you are signed in as a user with administrative privileges:
  

  Stop and Disable the DNS Client Service
  Go to Start, Run and type Services.msc and click OK.
  Under the Extended Tab, Scroll down and find this service.
  DNS Client
  Right-Click on the DNS Client Service. Choose Properties
  Select the General tab. Click on the Stop button.
  Click the Arrow-down tab on the right-hand side at the Start-up Type box.
  From the drop-down menu, click on Manual
  Click the Apply tab, then click OK

  Prevention:
  The Hosts file can be made read only and monitored for changes, or attempted changes. Programs such as >WinPatrol< do this very well.
  
  Cure:
  If your Hosts file becomes infected, it can be reset by installing >HostsXpert<.
  • Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click "Restore Microsoft's Hosts file" and then click "OK".
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
• Use an alternative Internet Browser
  Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
  Firefox
  Opera
  
• ERUNT (Emergency Recovery Utility NT):
  This utility allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  You can get this utility from: HERE and instructions how to Practice "Safe Computer" with regular automated Registry Backups with ERUNT from: HERE
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

Please take your time to read: "Grinler's list in how to Practice Safe Internet":

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

• If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  
• If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  
• If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  
• If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
  
  There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  
• Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  
  
• Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  
• When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  
• Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  
• Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  
• DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

To find out more information about how you got infected in the first place? and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

That's it, happy surfing!

Cheers,
Net_Surfer

Stay clean and be safe

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.