Anyone interested in the UPS Bundle of Viruses

[DavidR]

Following up on my MBAM -> Trojan Removal -> Avast bootScan. Each has found nasties. Here is the Avast bootScan log:
<snip>

The C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt providers a more user friendly summary of the boot-time scan and it should list any detections.

[funke]

DavidR: Yes, I posted the Avast bootScan in Reply #13.

wrmryder: I have done a F-Prot scan as suggested by the UPS thread (http://support.bicester-computers.com/showthread.php?t=18) and a CClean at your suggestion. SpyBot S & D is next.

F-Prot only found malware in the HoseCall Quarantine folder. Here is its log:

-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.4.4
Virus signature file from: 28/04/2008, 1:17 PM

Scan name: [My Computer]
Path to scan: [My Computer]

Normal scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 30/07/2008, 10:08:34 AM
---------------------------------------------------------------------

[Warning]   <Could not open file>   C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[Warning]   <Could not open file>   C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[Warning]   <Could not open file>   C:\Documents and Settings\LocalService\NTUSER.DAT
[Warning]   <Could not open file>   C:\Documents and Settings\LocalService\ntuser.dat.LOG
[Found security risk]   <W32/WinReanimator.B (exact, not disinfectable)>   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\Binaries2.zip.bac_a02348->(XORCrypt)->XPSecurityCenter.dll
[Contains infected objects]   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\Binaries2.zip.bac_a02348
[Quarantined]   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\Binaries2.zip.bac_a02348->(XORCrypt)->pthreadVC2.dll
[Found possible security risk]   <W32/Heuristic-XEN!Eldorado (not disinfectable)>   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\cru629.dat.bac_a00280->(XORCrypt)
[Quarantined]   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\cru629.dat.bac_a00280->(XORCrypt)
[Found possible security risk]   <W32/Heuristic-XEN!Eldorado (not disinfectable)>   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\karina.dat.bac_a00280->(XORCrypt)
[Quarantined]   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\karina.dat.bac_a00280->(XORCrypt)
[Found possible security risk]   <W32/Heuristic-XEN!Eldorado (not disinfectable)>   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\karina.dat.bac_a02348->(XORCrypt)
[Quarantined]   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\karina.dat.bac_a02348->(XORCrypt)
[Found security risk]   <W32/WinReanimator.B (exact)>   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\XPSecurityCenter.dll.bac_a02352->(XORCrypt)
[Deleted]   C:\Documents and Settings\Mike\.housecall6.6\Quarantine\XPSecurityCenter.dll.bac_a02352->(XORCrypt)
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\FRISK Software\F-PROT Antivirus for Windows\ReportFiles\2008-07-30T10-08-34 - [My Computer].txt
[Unscannable]   <File is damaged>   C:\Documents and Settings\Mike\Application Data\Opera\Opera\profile\cache4\opr00E8G.htm->(packed)
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\call256.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\callmember256.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\chat512.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\chatmember256.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\chatmsg1024.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\chatmsg256.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\chatmsg4096.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\chatmsg512.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\contactgroup256.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\index2.dat
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\profile256.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\user1024.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\user16384.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\user256.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Application Data\Skype\bob.furber\voicemail256.dbb
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\NTUSER.DAT
[Warning]   <Could not open file>   C:\Documents and Settings\Mike\ntuser.dat.LOG
[Warning]   <Could not open file>   C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[Warning]   <Could not open file>   C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[Warning]   <Could not open file>   C:\Documents and Settings\NetworkService\NTUSER.DAT
[Warning]   <Could not open file>   C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->ABORT.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->ABS.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->ALLOC.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->ATOI.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->CTYPE.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->LIB.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->MEMCHR.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->MEMCMP.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->MEMCPY.C

[funke]

-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows   ctd...

[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->MEMMOVE.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->MEMSET.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->MODF.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->NEWHEAP.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->PRINTF.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->PUTS.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->RAND.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->SPRINTF.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STDIO.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRCAT.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRCHR.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRCMP.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRCSPN.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRLEN.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRNCAT.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRNCMP.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRNCPY.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRPBRK.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRRCHR.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRSPN.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRSTR.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRTOL.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRTOUL.C
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->atol.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->fmod.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->fp2long.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->fpabs.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->fpatrig.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->fplong.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->iochar.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->itoa.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->long2fp.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->ltoa.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->serial.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->stdarg.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->ulong2fp.c
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->CRT16EVB.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->CRT16MF.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->CRT16MNF.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FP.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FP2INT.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPADD.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPBUF.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPCMP.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPDIV.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPEXP.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPFLTSTR.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPINTFLT.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPLOG.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPMODMUL.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPSQRT.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPSTRFLT.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPSUB.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->FPTRIG.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->STRCPY.S
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->cnstutil.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->crt16.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->crtsevb.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->div.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->end16.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->io.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->long.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->longarth.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->setjmp.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->setup.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->util.s
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->_ALLOC.H
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->fperr.h
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->hc16_icc.h
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->long.h
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->rtevb16.h
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->rtevb16l.h
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->rtmitef.h
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->rtmitenf.h
[Unscannable]   <File is encrypted>   C:\Mailbox\F16-mite-RTL\F16\ICC\libsrc.16\libsrc.zip->makefile.16
[Unscannable]   <File is encrypted>   C:\Program Files\Advanced Serial Port Monitor\aspmon.pdb->aspmon.pdb
[Unscannable]   <File is damaged>   C:\Program Files\Microsoft Visual Studio .NET 2003\CompactFrameworkSDK\v1.0.5000\Windows CE\sqlce20sql2ksp1.exe->(CAB)->\CONNECT.CAB->sqlredis.exe.F26FFD4A_05B4_4969_A552_30C7F9BAB1F4->(CAB)->mdacxpak.cab
[Unscannable]   <File is damaged>   C:\Program Files\MSDN\2004JAN\1033\dnacc.hxs->(ZIP)->DCM_Document.doc
[Unscannable]   <Unknown format or compression method>   C:\Program Files\Wise InstallBuilder 8.1\RUNTIME\ODBC30\40COMUPD.EXE
[Warning]   <Could not open file>   C:\WINDOWS\system32\config\DEFAULT
[Warning]   <Could not open file>   C:\WINDOWS\system32\config\default.LOG
[Warning]   <Could not open file>   C:\WINDOWS\system32\config\SAM
[Warning]   <Could not open file>   C:\WINDOWS\system32\config\SAM.LOG
[Warning]   <Could not open file>   C:\WINDOWS\system32\config\SECURITY
[Warning]   <Could not open file>   C:\WINDOWS\system32\config\SECURITY.LOG
[Warning]   <Could not open file>   C:\WINDOWS\system32\config\SOFTWARE
[Warning]   <Could not open file>   C:\WINDOWS\system32\config\software.LOG
[Warning]   <Could not open file>   C:\WINDOWS\system32\config\SYSTEM
[Warning]   <Could not open file>   C:\WINDOWS\system32\config\system.LOG
[Unscannable]   <File is encrypted>   D:\UPS_Invoice.zip->UPS_INVOICE_978172.zip
[Unscannable]   <File is encrypted>   D:\UPS_Invoice.zip->Padding.txt

---------------------------------------------------------------------
Scan ended:   30/07/2008, 3:44:03 PM
Duration:   5:35:28

Scan result:

Scanned files:       481076
Infected objects:    5
Disinfected objects:    1
Quarantined files:    4
---------------------------------------------------------------------

[DavidR]

DavidR: Yes, I posted the Avast bootScan in Reply #13.
<snip>

No you didn't, you posted the C:\Program Files\Alwil Software\Avast4\DATA\log\aswBoot.log file not the C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt.

Check it and you will see it is a much more user friendly report.

07/09/2008 14:04
Scan of all local drives

Number of searched folders: 876
Number of tested files: 11214
Number of infected files: 0

----------------------------------------
07/30/2008 09:51
Scan of C:\

Scan of E:\

File E:\zz-avast-Exclude\breakout-mozilla-firefox.exe is infected by Win32:Agent-MP [trj]
File E:\zz-avast-Exclude\breakout.exe is infected by Win32:Trojan-gen {Other}
File E:\zz-avast-Exclude\UnInstaller.exe is infected by Win32:Adware-gen [Adw]
File E:\zz-avast-Exclude\zabypass\zabypass.exe is infected by Win32:FWBypass [Tool]
File E:\zz-avast-Exclude\zEicarTests\eicar.com is infected by EICAR Test-NOT virus!!
Number of searched folders: 2493
Number of tested files: 26725
Number of infected files: 5

[funke]

Thanks for 'C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt' tip. I shall post that next.

I did a CCleaner Scan and it removed 6 years of temp files and cookies. The log file is 422,636 characters, so it is not practical to upload it. Perhaps someone could suggest what I should be looking for.

The HJT log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:24 PM, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
D:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Validate XML - C:\WINDOWS\web\msxmlval.htm
O8 - Extra context menu item: View XSL Output - C:\WINDOWS\web\msxmlvw.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{69752F42-1B23-4437-BB67-3E92CC00B86C}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5374 bytes

[wyrmrider]

half a meg of crap  you computer must be feeling better now  nothing worth looking at
good news on the F-Protect second opinion
if you run spybot update to today's updates and include beta definitions
if the box will not check go into mode>advanced>settings and check beta box
go into safe mod and run scan with all the options checked
perhaps someone will look at your latest HJT
if not post one after your SBS&D scan
avast is till showing clean - right?

[funke]

I had to reinstall Avast to get a C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt:

07/30/2008 18:00
Scan of all local drives

Number of searched folders: 75146
Number of tested files: 469305
Number of infected files: 0


I then tried running SpyBot S&D, but got an error:

SpyBot.exe - Unable to locate Component
This application has failed to start because framedyn.dll was not found. Reinstalling the application may fix this.

The problem persisted after reinstalling SD&E.

[wyrmrider]

Both F-protect and Avast negative- good news

I'd post the spybot  problem in the spybot forum
http://forums.spybot.info/forumdisplay.php?f=4
register is in the upper left
on thing you might try yourself is rename spybot.exe
spyfunke.exe and see if it runs
if it does
well as they said in Apollo 13
Houston we have a problem
did you google that dll?
no use mentioning spyware problems over there- if there are they'll spot it

meanwhile
try Malware Bytes Anti Malware

STRIKE THAT YOU ALREADY DID IT and it worked

TRY SUPERANTISPY SAS
quarantine any hits do not remove/delete


post the log and a fresh HJT

do NOT run CCleaner again (till all done) as logs and other needed things may be removed

[funke]

The SpyBotS&D problem was resolved by searching their forum for "framedyn.dll". Several threads. The answer for me was to add the path to framedyn.dll in the Windows Path Environment Variable.

SpybotS&D found some cookies and some Registry problems. I deleted the cookies, but left the registry problems because I do not understand them. The log file is a mile long, so I have just included the beginning, which seems to list the problems:


--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()
 

Win32.Agent.pz: [SBI $C8DD69EE] Settings (Registry value, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

Win32.Agent.pz: [SBI $7EC6899E] Settings (Registry value, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

Win32.Agent.pz: [SBI $8980C6CD] Settings (Registry value, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

HitBox: Tracking cookie (Opera 7+: Mike) (Cookie, nothing done)
 

HitBox: Tracking cookie (Opera 7+: Mike) (Cookie, nothing done)
 

HitsLink: Tracking cookie (Opera 7+: Mike) (Cookie, nothing done)
 

WebTrends live: Tracking cookie (Opera 7+: Mike) (Cookie, nothing done)
 

WebTrends live: Tracking cookie (Opera 7+: Mike) (Cookie, nothing done)
 


--- Spybot - Search & Destroy version: 1.6.0  (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
 :                       :

[funke]

Ah! SpybotS&D has Full Report which is 240K and Report which is pretty short:

Hint of the Day: Click the bar at the right of this to see more information! ()
 

Win32.Agent.pz: [SBI $C8DD69EE] Settings (Registry value, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

Win32.Agent.pz: [SBI $7EC6899E] Settings (Registry value, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

Win32.Agent.pz: [SBI $8980C6CD] Settings (Registry value, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\UID


--- Spybot - Search & Destroy version: 1.6.0  (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-07-30 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-07-22 Includes\Adware.sbi (*)
2008-07-15 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-07-29 Includes\DialerC.sbi (*)
2008-07-22 Includes\HeavyDuty.sbi (*)
2008-07-10 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-07-29 Includes\Keyloggers.sbi (*)
2008-07-29 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-07-23 Includes\Malware.sbi (*)
2008-07-29 Includes\MalwareC.sbi (*)
2008-07-23 Includes\PUPS.sbi (*)
2008-07-29 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-07-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-07-22 Includes\Spyware.sbi (*)
2008-07-29 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-07-30 Includes\Trojans.sbi (*)
2008-07-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[wyrmrider]

Spybot found something that MBAM did not- this is not a one size fits all fix

did you google Win32.Agent.pz??

you can re-run spybot and fix the Win32.agent.pz
I'd update spybot and then run in safemode

again quarantine do not remove/delete
post the top of the spybot scan- you can also nuke the tracking cookies

reboot back into regular mode

Methinks it is time to post a Hijack This- HJT is not as effective in safe mode

FileHippo Download -
http://filehippo.com/download_hijackthis/
HiJackThis and post the contents of the HJT log file here. This file is an executable installation file so you won't have to unzip and extract the files it will create its own program folder.

Here is a helpful tutorial - HJT Information HiJackThis Tutorial.
http://www.bleepingcomputer.com/forums/tutorial42.html

Run HijackThis and select Do a system scan and save the logfile then when in Notepad click on Edit then Select all ( Ctrl+A ) then Copy ( Ctrl+C ) then Paste ( Ctrl+V ) into an open reply to your post here.

How To Copy n Paste:
http://www.royhooper.com/copy.html

now just run the scan and post DO NOT FIX ANYTHING

Depending on which sets of hidden malware you have other fixes may be needed
Combofix may be next but do not run this on your own- we need to have a more recent set of eyes look at this

[funke]

While I research Win32.Agent.pz, here is the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:04 AM, on 01/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
D:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Validate XML - C:\WINDOWS\web\msxmlval.htm
O8 - Extra context menu item: View XSL Output - C:\WINDOWS\web\msxmlvw.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{69752F42-1B23-4437-BB67-3E92CC00B86C}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5972 bytes

[DavidR]

Other than these I don't see anything obvious.

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
This one relates to McAfee virus scan, I don't know if this is a remnant of McAfee or an on-line scan. Did you previously have McAfee installed ?

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
This one related to Real player and I don't know if it really needs to be active.

You don't appear to have an active firewall a problem when trying to deal with malware infections. It should be capable of blocking unauthorised outbound Internet Connections. What is your firewall ?

Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

- There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.

See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.

[wyrmrider]

Thanks DavidR

OK marching orders
nothing serious shown by HJT
if you want to FIX these post back

Get the firewall installed
run secunia advisor and get all your software updated

sometime you could try the SAS scan
you are using IE
-right?
did I say install Spywareblaster?
install MVPS or HPhosts
use spybots immunize- update every Wednasday

wait awhile then run ccleaner again
set a new restore point
defrag

[funke]

DavidR:
Thanks for advice. My quick research into firewalls indicates that "Online Armor Personal Firewall" and Comodo are highly considered.

I removed the 2 items you mentioned with HJT.

Also, I should mention that I asked SpybotS&D to fix the Win32.Agent.pz items that it did not like. No smoke came out of my PC, so I am hoping no damage was done.

wyrmrider:
Thanks for advice. I shall get back to you once I have followed it.

I use IE very rarely now that I have switched to Firefox. Same with Outlook, now that I have switched to Thunderbird.

I am a bit overwhelmed after using over 1/2 dozen anti-malware products, removing them so I can test the next, etc. And you have added 4 more to the list. Now, I have to start thinking about ongoing malware protection. But, as I have found out, one product does not do everything. And multiple products could get messy if they do not play well together and with the firewall s/w. It would seem to me that playing with too many anti-malware products could get dangerous ..and costly. It is a little like playing the stock market.

Any suggestions on what I should stick with for the long term? While you are at it, any stock suggestions? ;o)