[Binx18]

Hello techs...

I was looking around on this site to see if someone had already solved my problem and I believe I found some answers. I'm not sure if they apply to my case specifically, so I'd be really glad if someone would help. I use Trend Micro as a normal every day scan, but I've never run HijackThis specifically. Anyway, the problem I'm having is two fold:

1) Every few seconds, a little window pops up from the bottom right side of the screen saying, "Your computer is infected! Windows has detected spyware infection! It is recomended to use special antispyware tools to pervent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware!"

Now, I found people with the same problem, so I downloaded HijackThis to start the process. This brought me to the second problem.

2) After downloading HijackThis to the desktop, I tried to open it and it wouldn't open! Are there any things that would prevent that? Everything else seems to be working ok. I'm just hoping to get someone to look at that log to see what could be causing this horrible pop-up.

I have Windows XP HE Version 2002 SP3

Thanks so much,
Kristy

[Binx18]

bump

[Binx18]

bump

[sjpritch25]

Welcome to TSG

Do you still need assistance?

[Binx18]

Yes! I'm just not sure why when I click on HijackThis on the desktop (after I've downloaded and saved it there) it's not even opening. As I said before, I already have Trend Micro on my computer, but everything else seems to be working ok. Hmmm...

[sjpritch25]

On your desktop, Right-click on Hijackthis.exe, Click on Properties, click on rename, type scan.exe and press Enter. Let me know if it will run or not.

[Binx18]

I'm so frustrated. It still didn't work. An hour glass comes up for about a millisecond like something's about to work, then nothing. I'm wondering if the virus is preventing me from opening it. Is there any other way to get you some info to help me with the virus besides HijackThis? I know that some of these malware things can affect scanners, but I know there's got to be something out there that works!

Thank you so much for your time...I realize this might be a lost cause...

[Binx18]

So I ran ComboFix the way that bleepingcomputer.com said to. I was able to run it after I renamed it funstuff.exe. Anyway, here is the log that came up. After it ran, my clock didn't restore to the original format, but the virus did not come up again on the system tray! I'm not sure if this means it's gone. Can you take a look at the log? Thank you so much!


ComboFix 08-12-07.04 - Al 2008-12-09 14:51:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.288 [GMT -8:00]
Running from: c:\documents and settings\Al\Desktop\funstuff.exe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\brastk.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\karna.dat
c:\windows\system32\brastk.exe
c:\windows\system32\bszip.dll
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\karna.dat
c:\windows\system32\kb2006a.exe
c:\windows\system32\usbmons.dll
c:\windows\system32\usbmons.exe
c:\windows\system32\wini10895.exe
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{8F041B17-D47B-4B07-8E2E-F5EB74D7F5B1}\RP270\A0018258.sys

.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-09 14:53 . 2008-12-09 14:53 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-12-03 07:58 . 2008-12-03 07:58 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-12-01 11:43 . 2008-12-01 11:43 <DIR> d-------- c:\documents and settings\Al\Application Data\Uniblue
2008-11-29 05:43 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2008-11-29 05:43 . 2001-08-17 13:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
2008-11-17 12:04 . 2008-11-17 12:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-12 05:40 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 05:38 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 22:56 --------- d-----w c:\documents and settings\Al\Application Data\OpenOffice.org2
2008-12-01 20:10 --------- d-----w c:\program files\Trend Micro
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 18:38 --------- d-----w c:\documents and settings\Al\Application Data\Nero
2008-10-16 18:20 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2008-10-16 18:15 --------- d-----w c:\program files\Common Files\LightScribe
2008-10-16 18:12 --------- d-----w c:\program files\Common Files\Nero
2008-10-16 18:08 --------- d-----w c:\program files\Nero
2008-10-16 18:08 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-16 14:22 --------- d-----w c:\program files\QuickTime
2007-11-13 20:01 3,395,343 ----a-w c:\program files\openofficeorg4.cab
2007-11-13 20:00 67,695,863 ----a-w c:\program files\openofficeorg3.cab
2007-11-13 19:49 17,646,967 ----a-w c:\program files\openofficeorg2.cab
2007-11-13 19:48 18,827,152 ----a-w c:\program files\openofficeorg1.cab
2007-11-13 19:47 4,364,800 ----a-w c:\program files\openofficeorg23.msi
2007-11-13 19:47 217 ----a-w c:\program files\setup.ini
2007-11-01 20:57 319,488 ----a-w c:\program files\setup.exe
2002-03-11 09:06 1,822,520 ----a-w c:\program files\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w c:\program files\instmsia.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 455968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

c:\documents and settings\Al\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Trend Micro Anti-Spyware.lnk - c:\program files\Trend Micro\Tmasy\Tmasy.exe [2008-01-14 1406480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2004-06-16 28672]
officejet 6100.lnk - c:\program files\HP\Digital Imaging\bin\hposol08.exe [2004-06-16 147456]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-04-15 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1200428857.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Picasa Media Detector - c:\documents and settings\Al\My Documents\Picasa2\PicasaMediaDetector.exe
HKCU-Run-brastk - c:\windows\system32\brastk.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 14:56:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2008-12-09 15:03:17 - machine was rebooted [Al]
ComboFix-quarantined-files.txt 2008-12-09 23:02:46

Pre-Run: 61,298,364,416 bytes free
Post-Run: 61,241,290,752 bytes free

131 --- E O F --- 2008-11-13 05:00:29

[sjpritch25]

Okay, lets make sure nothing else i hiding

Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply with a fresh Hijackthis log too.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

[Binx18]

Ok, here is the MBAM log:

Malwarebytes' Anti-Malware 1.31
Database version: 1483
Windows 5.1.2600 Service Pack 3

12/10/2008 2:49:45 PM
mbam-log-2008-12-10 (14-49-45).txt

Scan type: Quick Scan
Objects scanned: 47451
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.



And here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hposol08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 5671 bytes


***It found one infected rogue file and deleted it. Also, just two more small things. After running ComboFix, the clock format did not return to it's original format. Secondly, now when I put a CD into the CD-ROM drive, it doesn't play automatically. I have to go into My Computer and open it up. Even though these are not critical problems, I wasn't sure if they were signs of something else going on. Thanks again for all your help!

[sjpritch25]

You can fix the clock easily

To reset your clock:

• Click My Computer
• Open the Control Panel
• Select Time Options
• Classic View: Open Reginal and Language Options or Category View: Date, Time, Language and Regional Options.
• Click Change the format of numbers, dates, and times.
• Select the Regional Options tab.
• Next to the box that shows your selected language click "Customize".
• Click the "Time" tab.
• In the "Time Format" box enter:
• Standard Format: "h:mm:ss:tt"
• Military Format: "HH:mm:ss"

Everything is changed by ComboFix and its a security feature.

How is everything else?

[Binx18]

Everything else is great! Other than the CD ROM drive not automatically running when you put a CD in, it's running beautifully! Unless there is anything else in those logs that you see I will mark this solved. I will also make a donation...I appreciate your time!

[sjpritch25]

Nope

Your Welcome!!!!

Go to Start ---> Run ---> Type ComboFix /u and press Enter.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6u11.
  
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Check the box that says: "Accept License Agreement".
  
• The page will refresh.
  
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java version.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on the download to install the newest version.
  

Here is some useful information on keeping your computer clean:

1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
2. Here are two great Preventive programs

:

1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
2. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.

1. Red for Warning
2. Yellow for Use Caution
3. Green for Safe
4. Grey for Unknown

Here are the link to install SiteAdisor in Internet Explorer and Firefox

• Anti-Spyware Programs I Recommend:

• Free Anti-Spyware Programs

1. MalwareBytes Anti-Malware
2. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place

[Binx18]

You guys are unbelievable. This is amazing! I'm going to use this info on my sister's computer as well as she is having WAY more malware issues than I ever did. Thanks again, sjpritch25...you are frickin' awesome...

[sjpritch25]

Please don't. Create a thread someone can help you. ComboFix shouldn't be used unsupervised by a trained person. Thanks