Community Forum

HJT log please check

Xfinity Forum Archive
About the archive project

Xfinity Forum Archive...

This is an archived section of the community.

Content in this area has been identified as outdated or irrelevant.

This change was done in an effort to make the forum easier to use and to keep only the most helpful and recent content active.

Post your questions in the Xfinity Community

Contributor

HJT log please check

Logfile of HijackThis v1.99.1
Scan saved at 2:18:55 PM, on 1/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpC805.tmp
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /installquiet
O4 - HKLM\..\Run: BCMSMMSG.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Bronze Problem Solver

Re: HJT log please check

hmm more smitfraud.. Seems to be going around again...

Here's where to start:
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Please download, install, and update the free version of Ewido Security Suite:

  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main Ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes, the status bar at the bottom will display "Update successful"
  • Exit Ewido. DO NOT run a scan yet.


    If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
    Ad-Aware SE Setup
    Again, do NOT run a scan yet.


    Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
    Now scan with HJT and place a checkmark next to each of the following items:

    ===================================================
    HijackThis entries here if needed. Delete any other malware files not associated with the smitfraud variants and SpySheriff.
    ===================================================

    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
    Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

    Next, run Ad-aware and perform a full scan. Remove everything found.

    Now open Ewido Security Suite

    • Click on Scanner
    • Click on Complete System Scan and the scan will begin.
    • NOTE: During some scans with ewido it is finding cases of false positives. You will need to step through the process of cleaning files one-by-one. If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop
    • Close Ewido


    Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.


    Restart your computer in normal mode.

    Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

    - Once you are on the Panda site click the Scan your PC button
    - A new window will open...click the Check Now button
    - Enter your Country
    - Enter your State/Province
    - Enter your e-mail address and click send
    - Select either Home User or Company
    - Click the big Scan Now button
    - If it wants to install an ActiveX component allow it
    - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    - When download is complete, click on Local Disks to start the scan
    - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

    Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
    Let us know if any problems persist.
  • TANSTAAFL!!


    Bronze Problem Solver

    Re: HJT log please check

    JG52276 I am posting your HJT log back into the original thread.. It makes it much easier to interpret what was fixed and what was not
    Here are the results of what you told me to do.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:17:04 AM, on 1/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp8481.tmp
    O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: nwiz.exe /installquiet
    O4 - HKLM\..\Run: BCMSMMSG.exe
    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
    O4 - HKLM\..\Run: C:\Program Files\SpywareStrike\SpywareStrike.exe /h
    O4 - HKLM\..\Run: C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKCU\..\Run: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    O4 - HKCU\..\Run: "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    Here is the smit file:


    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP
    The current date is: Sun 01/29/2006
    The current time is: 9:18:44.51

    Running from
    C:\Documents and Settings\John\Desktop\smitRem
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SpywareStrike © by noahdfear

    SpywareStrike directory present

    SpywareStrike uninstaller present

    Starting SpywareStrike uninstaller

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    REGEDIT4


    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Existing Pre-run Files


    ~~~ Program Files ~~~

    SpywareStrike
    Security Toolbar


    ~~~ Shortcuts ~~~

    Online Security Guide.url
    Security Troubleshooting.url


    ~~~ Favorites ~~~

    Antivirus Test Online.url


    ~~~ system32 folder ~~~

    replmap.dll
    1024 dir
    msvol.tlb
    ld****.tmp
    mssearchnet.exe
    ncompat.tlb
    nvctrl.exe
    mscornet.exe
    hp***.tmp
    logfiles


    ~~~ Icons in System32 ~~~

    ts.ico
    ot.ico


    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 772 'explorer.exe'
    Killing PID 772 'explorer.exe'

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    REGEDIT4


    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Deleting files


    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~



    ~~~ Miscellaneous Files/folders ~~~




    ~~~ Wininet.dll ~~~

    CLEAN! Smiley Happy

    The Ewido Scan:

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:13:13 AM, 1/29/2006
    + Report-Checksum: 10BEA1C2

    + Scan result:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoActiveDesktopChanges -> Trojan.Small : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\John\Cookies\john@adbrite.txt -> Spyware.Cookie.Adbrite : Cleaned with backup


    ::Report End

    And the Panda in case you wanted to see it b/c it did find malacious content:


    Incident Status Location

    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\Cache\3EFBEAA3d01
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zrbhnwos.default\cookies.txt[]
    Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\John\Cookies\john@ask.txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\John\Cookies\john@banner.txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@belnk.txt
    Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\John\Cookies\john@c.enhance.txt
    Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\John\Cookies\john@c.goclick.txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John\Cookies\john@ccbill.txt
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\John\Cookies\john@ct.360i.txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\John\Cookies\john@did-it.txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@dist.belnk.txt
    Spyware:Cookie/go Not disinfected C:\Documents and Settings\John\Cookies\john@go.txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\John\Cookies\john@i.screensavers.txt
    Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\John\Cookies\john@spywarestormer.txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\John\Cookies\john@target.txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\John\Cookies\john@toplist.txt
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\John\Cookies\john@webpower.txt
    Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\John\Cookies\john@www.seeq.txt
    Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\John\Cookies\john@www47.buydomains.txt
    Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\John\Cookies\john@www48.seeq.txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John\Cookies\john@xiti.txt
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\John\Cookies\john@yadro.txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\John\Desktop\smitRem\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\John\Desktop\smitRem.exe
    Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\65E71DC2-EDEA-4ED3-AF35-AF8230\8AC7C967-679A-4928-9DD5-FB0AD7
    Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\65E71DC2-EDEA-4ED3-AF35-AF8230\8C96987D-067B-4647-B89F-B567ED
    Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\65E71DC2-EDEA-4ED3-AF35-AF8230\F7CD6C11-FC5D-4329-B215-0B347B
    Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\65E71DC2-EDEA-4ED3-AF35-AF8230\FF5B0A7C-A912-4184-A939-28413B
    Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\96A30936-C82F-4200-8DD4-639680\2203A61D-8F46-4323-8AC7-A4EEA0
    Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\96A30936-C82F-4200-8DD4-639680\245776EF-6BB9-469B-9C12-F7D56A
    Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\96A30936-C82F-4200-8DD4-639680\5B880778-5D91-4949-ABD8-98AD39
    Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\96A30936-C82F-4200-8DD4-639680\604FD93C-2185-4286-B7E7-D1859A
    TANSTAAFL!!


    Bronze Problem Solver

    Re: HJT log please check

    JG52276

    These lines should have been addressed by the smitfraud removal utility..
    Let's find out if they were..
    first under add/remove programs look for AdwareAlert, or SpywareStrike, and if there remove them with add/remove programs

    If not then scan again with HJT, place a check by each of these lines, close all browser windows except HJT and click on fix.

    O4 - HKLM\..\Run: C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot

    O4 - HKLM\..\Run: C:\Program Files\SpywareStrike\SpywareStrike.exe /h

    Reboot, and post a new HJT log.. In this thread
    TANSTAAFL!!


    Contributor

    Re: HJT log please check

    Logfile of HijackThis v1.99.1
    Scan saved at 11:52:08 AM, on 1/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
    O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: nwiz.exe /installquiet
    O4 - HKLM\..\Run: BCMSMMSG.exe
    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKCU\..\Run: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: C:\Program Files\IE New Window Maximizer\iemaximizer.exe
    O4 - HKCU\..\Run: "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    Bronze Problem Solver

    Re: HJT log please check

    Looks much better, are you having any problems?
    and as I am interested, were you able to move those entries (adwarealert and spywarestrike) with add/remove programs? Or did you fix them with HJT? If you fixed them with HJT you will also need to delete those files as well..

    Navigate to:
    C:\Program Files\

    and delete the following in bold

    AdwareAlert\AdwareAlert.Exe
    SpywareStrike\SpywareStrike.exe


    reboot and post one more log..
    TANSTAAFL!!


    Contributor

    Re: HJT log please check

    These programs were not in there because I already deleted them from add/remove and also from the HJT log. Thanks for all your help and your super fast responses. Now is there a way to get rid of all the stuff panda found, or do I have to buy there antivirus?

    Thanks,

    JG52276
    Bronze Problem Solver

    Re: HJT log please check

    Nah... Most of that stuff was already taken care of..

    as an example

    This one was in MSAS Quarantine already
    Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\65E71DC2-EDEA-4ED3-AF35-AF8230\8AC7C967-679A-4928-9DD5-FB0AD7
    This one was part of the smitrem tool (You can delete that now, if we ever need it again it will likely be updated)
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\John\Desktop\smitRem\Process.exe

    The other cookies can be removed for free.. You can use ccleaner from http://www.ccleaner.com and remove them..

    Note: Some of these items you likely already do.. This little speech is somewhat (well completely) generic..

    Then there is the prevention speech..

    1. Visit Windows Update:
    Make sure that you have all the Critical Updates recommended for your operating system and

    Internet Explorer. This includes SP1 and SP2 if you use Windows XP. The first defense

    against infection is a properly patched Operating System.
    a. Windows Update: http://windowsupdate.microsoft.com/

    Also, download and install Microsoft Baseline Analyzer.(Note that MBSA is only for Win 2000 SP3 or later and Office XP or later) When run, it will check system for security exposures,

    including missing updates. I suggest running it weekly. You can obtain more information

    here: http://www.microsoft.com/technet/security/tools/mbsahome.mspx


    2. Adjust your security settings for ActiveX:
    Select Internet Options from the Control Panels, or from Internet Explorer (Tools -> Internet Options)
    Press 'default level', then OK
    Now press "Custom Level."

    In the ActiveX controls and plug-ins section set these options:
    'Download signed ActiveX controls' - Prompt
    'Download unsigned ActiveX controls' - Disable
    'Initialize and script ActiveX controls not maked as safe'- Disable
    All other options accept the default

    For Windows XP2 SP2 users, check this link for additional steps you can take to secure

    Internet Explorer: http://www.microsoft.com/technet/Security/default.mspx
    Also,for Sp2 SP2 and IE users, in IE, Tools -> Manage Add-ons will give you a list of all

    BHO's, Extensions, and ActiveX modules installed on your computer. You can update, enable

    or disable them.
    3. Download and install the following free programs
    a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
    b. IE/Spyad: http://www.spywarewarrior.com/uiuc/main.htm



    4. Install Spyware Detection and Removal Programs:
    You may also want to consider installing one (or more) of the following:
    a. Microsoft AntiSpyware:
    NOTE: MS AntiSpyware only runs on Windows 2000, XP, and 2003.
    b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download
    c. AdAware Personal: http://www.lavasoft.de/

    Use these programs to regularly scan your system for and remove many forms of

    spyware/malware. I recommend a combination of Microsoft Spyware and TeaTimer from Spybot

    S&D.

    If you use, or plan on using, additional spyware/malware detection and/or removal programs,

    please check Items 8 and 9.

    5. Install 'Spoofstick"
    Spoofstick is a simple browser extension that helps users detect spoofed (fake) websites.

    This extension is free and installs in Internet Explorer and Mozilla Firefox.
    a. http://www.corestreet.com/spoofstick

    6. Reset System Restore
    If you are using Windows ME or Windows XP, please reset your System Restore. See Windows

    help for information.You should do this now

    7. Clean Temporary Files and Folders
    Download and install the disk cleanup utility called Cleanup! from here:
    http://cleanup.stevengould.org/
    http://www.hijackthislogs.com/dl/CleanUp312.exe

    Cleanup! will get rid of any malware which may be hiding in your temp folders (a common

    hiding place). You may also regain a massive amount of disk space.
    Here is a tutorial which describes its usage:
    http://www.bleepingcomputer.com/forums/tutorial93.html

    Run the disk cleanup utility called Cleanup! that you have already downloaded and installed
    Check the custom settings to your liking under options, but be sure to delete temporary

    files and temporary internet files for all user profiles. Also, cleanout the prefetch

    folder and the recycle bin.
    Then reboot into normal mode to let it clean out the remaining files.

    8. Rogue/Suspect Anti-Spyware
    Before using or purchasing any Spyware/Malware protection/removal program, always check the

    Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are

    thinking of purchasing. Here is the link:

    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    9. Anti-Spyware Programs Compared
    Want to know just how effective your anti-spyware program is? Wonder how well any of the

    "rogue" programs listed above work? Check this link for an independent comparison of

    several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

    10. Alternate Browser
    Consider using an alternate browser as your default. I recommend and use Firefox as my

    primary browser another excellent choice is Opera. It is still necessary to keep Internet

    Explorer current and protected in order to use Windows Update. For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check

    out this link: http://forum.gladiator-antivirus.com/index.php?showtopic=9857

    "It is your responsibility to read and adhere to the End User Licensing Agreement (EULA) of all software and services mentioned."

    Good luck, and thanks for coming to our forums for help with your security and malware issues.
    TANSTAAFL!!