Requested by Derek

[JCNP7777]

I redid the Combofix//CFScript scan. Also included in attachment the Hijack Log which was taken after the Combofix scan.

http://thespykiller.co.uk/index.php/topic,8958.0.html

ComboFix 09-11-21.01 - Jon Chen 11/21/2009 19:47.1.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6000.0.1252.1.1033.18.3071.2176 [GMT -5:00]
Running from: c:\users\Jon Chen\Desktop\ComboFix.exe
Command switches used :: c:\users\Jon Chen\Desktop\CFScript.txt
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}

file zipped: c:\windows\srcdll.exe
file zipped: c:\program files\0x0409.ini
file zipped: c:\program files\1033.MST
file zipped: c:\windows\System32\drivers\SI3132.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\srcdll.exe

.
(((((((((((((((((((((((((   Files Created from 2009-10-22 to 2009-11-22  )))))))))))))))))))))))))))))))
.

2009-11-22 00:53 . 2009-11-22 00:53   --------   d-----w-   c:\users\Jon Chen\AppData\Local\temp
2009-11-22 00:53 . 2009-11-22 00:53   --------   d-----w-   c:\users\Public\AppData\Local\temp
2009-11-22 00:53 . 2009-11-22 00:53   --------   d-----w-   c:\users\Incomplete\AppData\Local\temp
2009-11-22 00:53 . 2009-11-22 00:53   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2009-11-22 00:53 . 2009-11-22 00:53   --------   d-----w-   c:\users\Default\AppData\Local\temp
2009-11-22 00:53 . 2009-11-22 00:53   --------   d-----w-   c:\users\Cassandra Chen\AppData\Local\temp
2009-11-20 19:27 . 2007-10-04 02:55   80424   ----a-w-   c:\windows\system32\drivers\SI3132.sys
2009-11-20 19:27 . 2007-10-26 02:51   110624   ----a-w-   c:\windows\system32\drivers\nvstor32.sys
2009-11-20 19:27 . 2007-01-06 01:59   35920   ----a-w-   c:\windows\system32\drivers\nvstor.sys
2009-11-20 19:27 . 2009-06-28 08:41   21560   ----a-w-   c:\windows\system32\drivers\atapi.sys
2009-11-19 17:43 . 2009-06-28 08:58   258232   ----a-w-   c:\windows\system32\drivers\acpi_2.sys
2009-11-18 06:44 . 2009-11-18 06:44   --------   d-----w-   c:\program files\Trend Micro
2009-11-18 06:14 . 2009-11-18 06:14   --------   d-----w-   c:\programdata\PC Tools
2009-11-18 06:14 . 2009-11-18 06:13   160792   ----a-w-   c:\windows\system32\drivers\pctfw2.sys
2009-11-18 06:13 . 2009-11-18 06:14   --------   d-----w-   c:\program files\Common Files\PC Tools
2009-11-18 06:09 . 2009-11-18 06:09   --------   d-----w-   c:\users\Jon Chen\Pavark
2009-11-13 16:23 . 2009-11-16 15:31   --------   d-----w-   c:\programdata\SITEguard
2009-11-13 16:23 . 2009-11-13 16:23   --------   d-----w-   c:\program files\Common Files\iS3
2009-11-13 16:23 . 2009-11-18 04:22   4096   d-----w-   c:\programdata\STOPzilla!
2009-11-13 16:15 . 2009-10-07 21:56   872960   ----a-w-   c:\users\Jon Chen\AppData\Roaming\Mozilla\Firefox\Profiles\516jbl7i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-13 16:15 . 2009-10-07 21:56   43008   ----a-w-   c:\users\Jon Chen\AppData\Roaming\Mozilla\Firefox\Profiles\516jbl7i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-13 16:15 . 2009-10-07 21:56   340480   ----a-w-   c:\users\Jon Chen\AppData\Roaming\Mozilla\Firefox\Profiles\516jbl7i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-13 16:15 . 2009-10-07 21:55   346624   ----a-w-   c:\users\Jon Chen\AppData\Roaming\Mozilla\Firefox\Profiles\516jbl7i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-12 21:11 . 2009-11-18 04:20   4096   d-----w-   c:\program files\PopUpBlockerPro
2009-11-04 15:30 . 2009-11-04 15:30   16384   ----a-w-   c:\users\Jon Chen\AppData\Roaming\blank.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 00:44 . 2007-08-30 00:55   --------   d-----w-   c:\programdata\NVIDIA
2009-11-22 00:41 . 2007-05-13 08:37   495616   d-----w-   c:\users\Jon Chen\AppData\Roaming\uTorrent
2009-11-22 00:29 . 2007-05-13 07:28   36864   d-----w-   c:\program files\Spyware Doctor
2009-11-22 00:23 . 2009-06-22 01:53   8192   d-----w-   c:\program files\Steam
2009-11-19 01:36 . 2009-05-11 19:23   127325   ----a-w-   c:\users\Jon Chen\AppData\Roaming\Move Networks\uninstall.exe
2009-11-19 01:36 . 2009-08-13 19:21   4187512   ----a-w-   c:\users\Jon Chen\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2009-11-19 01:36 . 2007-10-26 20:21   4096   d-----w-   c:\users\Jon Chen\AppData\Roaming\Move Networks
2009-11-18 04:20 . 2009-11-18 04:19   736   ----a-w-   c:\windows\system32\drivers\kgpcpy.cfg
2009-11-18 04:15 . 2009-05-11 04:50   117760   ----a-w-   c:\users\Jon Chen\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-17 23:14 . 2007-05-13 05:50   99424   ----a-w-   c:\users\Jon Chen\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-16 06:45 . 2009-05-11 04:50   4096   d-----w-   c:\program files\SUPERAntiSpyware
2009-11-15 00:36 . 2008-09-05 13:34   --------   d-----w-   c:\program files\Common Files\SupportSoft
2009-11-15 00:36 . 2009-09-22 17:31   --------   d-----w-   c:\programdata\SupportSoft
2009-11-10 09:37 . 2009-11-10 09:37   3558013   ----a-w-   c:\users\Jon Chen\AppData\Roaming\Rihanna - Russian Roulette.zip
2009-11-07 21:30 . 2009-09-22 17:32   --------   d-----w-   c:\users\Jon Chen\AppData\Roaming\CallingID
2009-11-01 12:12 . 2009-06-22 01:53   --------   d-----w-   c:\program files\Common Files\Steam
2009-10-21 01:10 . 2007-06-17 03:43   8192   d-----w-   c:\program files\iTunes
2009-10-11 16:55 . 2007-11-23 20:04   57415   ----a-w-   c:\windows\War3Unin.dat
2009-10-09 16:35 . 2007-05-13 05:56   16384   d--h--w-   c:\program files\InstallShield Installation Information
2009-10-09 16:24 . 2007-05-13 08:22   12288   d-----w-   c:\users\Jon Chen\AppData\Roaming\IGN_DLM
2009-10-09 01:25 . 2009-10-09 01:08   --------   d-----w-   c:\programdata\Blizzard Entertainment
2009-09-28 14:20 . 2009-09-24 23:54   4096   d-----w-   c:\programdata\NOS
2009-09-27 16:38 . 2007-06-10 00:54   4096   d-----w-   c:\program files\Common Files\Adobe
2009-09-27 16:37 . 2009-09-27 16:37   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2009-09-26 23:56 . 2009-09-26 23:56   --------   d-----w-   c:\programdata\McAfee
2009-09-24 23:56 . 2009-09-24 23:56   --------   d-----w-   c:\programdata\McAfee Security Scan
2009-09-24 23:56 . 2009-09-24 23:56   86016   ----a-w-   c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-09-19 18:59 . 2007-05-13 05:50   1356   ----a-w-   c:\users\Jon Chen\AppData\Local\d3d9caps.dat
2009-09-04 22:44 . 2009-11-10 17:18   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2009-09-04 22:44 . 2009-11-10 17:18   238936   ----a-w-   c:\windows\system32\xactengine3_5.dll
2009-09-04 22:44 . 2009-11-10 17:18   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2009-09-04 22:29 . 2009-11-10 17:18   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2009-09-04 22:29 . 2009-11-10 17:18   235344   ----a-w-   c:\windows\system32\d3dx11_42.dll
2009-09-04 22:29 . 2009-11-10 17:18   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2009-09-04 22:29 . 2009-11-10 17:18   5501792   ----a-w-   c:\windows\system32\d3dcsx_42.dll
2009-09-04 22:29 . 2009-11-10 17:18   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2008-04-15 16:28 . 2008-04-15 16:29   5515   ----a-w-   c:\program files\0x0409.ini
2008-04-15 16:28 . 2008-04-15 16:29   15872   ----a-w-   c:\program files\1033.MST
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-16 06:45   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Pop Up Blocker Pro 2004.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Pop Up Blocker Pro 2004.lnk
backup=c:\windows\pss\Pop Up Blocker Pro 2004.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jon Chen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AdsGone.lnk]
path=c:\users\Jon Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdsGone.lnk
backup=c:\windows\pss\AdsGone.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jon Chen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\Jon Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jon Chen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\users\Jon Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jon Chen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\users\Jon Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jon Chen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK]
path=c:\users\Jon Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jon Chen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK]
path=c:\users\Jon Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jon Chen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\Jon Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

R1 pctfw2;pctfw2;c:\windows\System32\drivers\pctfw2.sys [11/18/2009 1:14 AM 160792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 10:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 10:33 AM 74480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [6/10/2009 5:33 AM 232960]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [7/21/2007 11:04 PM 685816]
S3 LycoFltr;Lycosa Keyboard;c:\windows\System32\drivers\Lycosa.sys [1/17/2009 5:29 PM 16128]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 10:33 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/6/2008 8:25 AM 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2248097604-1366708096-3786799696-1000Core.job
- c:\users\Jon Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 23:11]

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2248097604-1366708096-3786799696-1000UA.job
- c:\users\Jon Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 23:11]

2009-11-21 c:\windows\Tasks\User_Feed_Synchronization-{FBD7A7EA-E0F8-410F-BBC5-092E26CC8DEE}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchURL = hxxp://internetsearchservice.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: download.microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
FF - ProfilePath - c:\users\Jon Chen\AppData\Roaming\Mozilla\Firefox\Profiles\516jbl7i.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\users\Jon Chen\AppData\Roaming\Mozilla\Firefox\Profiles\516jbl7i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Jon Chen\AppData\Roaming\Mozilla\Firefox\Profiles\516jbl7i.default\extensions\sokmildownloader@sokmil.com\components\VidexDownloader.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Jon Chen\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Jon Chen\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\Jon Chen\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 19:53
Windows 6.0.6000  NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2248097604-1366708096-3786799696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*d*t*s*-*E*S*ýVñ‚   Nó—h6eÏ…Hr\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2248097604-1366708096-3786799696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*F*O*X*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2248097604-1366708096-3786799696-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:07,8e,d6,44,d7,3e,97,4e,ea,34,a7,e8,cd,88,ae,a4,cc,f2,03,f0,e0,9c,55,
   19,f4,b5,40,3a,3e,9c,22,be,a8,c4,3d,9a,3a,95,52,1d,a4,c5,a2,2c,c9,af,43,07,\
"??"=hex:56,cd,63,1e,25,56,20,1f,c0,f0,58,a5,e2,b4,ce,3b

[HKEY_USERS\S-1-5-21-2248097604-1366708096-3786799696-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,d9,c0,0a,61,43,31,36,25,7e,ee,f6,3d,8f,d3,2d,6e,51,47,b7,61,
   f2,c7,51,f7,26,c0,7a,df,4c,cf,fd,2f,2e,07,ba,5d,72,04,06,5d,62,e9,17,12,4f,\
"rkeysecu"=hex:55,b2,00,93,56,ca,a9,08,e9,76,ae,1d,7f,7a,94,d3
.
Completion time: 2009-11-21 19:55
ComboFix-quarantined-files.txt  2009-11-22 00:55
ComboFix2.txt  2009-11-19 00:44

Pre-Run: 7,892,725,760 bytes free
Post-Run: 7,846,121,472 bytes free

- - End Of File - - DFB4846331E6885A1F0B276C0EBCFCA5
Upload was successful

[Would you do all this for nothing?]

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts

[Information]

  
  Information
   Security & Protection Blog
   Prevention
   Using Autoruns
     System Restore
  Rss feeds
     Microsoft at Home
     MSRC
     Malware blog

Take the Kaspersky Challenge: See what your current antivirus is missing. Our free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one.

Kaspersky Online Scanner

Most importantly, you can see what viruses your current antivirus software let slip through! Now works with ANY Java enabled browser