My computer recently fell victim to massive amounts of malware, spyware and Trojans. I cant even remember half of the names of the things I was infected with, the biggest problem I had was with SurfSidekick 3, which(as far as I know) I have removed. Now every time I run Ad-Aware SE it detects AbetterInternet.Nail along with something called WINDOWS, also I have never ran Ad-Aware and had it detect so many objects, even with back to back system scans. I have downloaded the VX2 plug-in and it always comes up clean. Any help would be very much appreciated.

Here is an Ad-Aware Log and I can post a HiJack This log if needed.

Ad-Aware SE Log:

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, July 21, 2006 7:58:44 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R115 18.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ABetterInternet.Nail(TAC index:5):1 total references
MRU List(TAC index:0):3 total references
Tracking Cookie(TAC index:3):8 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-21-2006 7:58:44 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-682003330-1085031214-725345543-1006\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-682003330-1085031214-725345543-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 536
ThreadCreationTime : 7-21-2006 10:42:00 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 7-21-2006 10:42:04 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 7-21-2006 10:42:04 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 7-21-2006 10:42:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 7-21-2006 10:42:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 840
ThreadCreationTime : 7-21-2006 10:42:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 908
ThreadCreationTime : 7-21-2006 10:42:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1004
ThreadCreationTime : 7-21-2006 10:42:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1048
ThreadCreationTime : 7-21-2006 10:42:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1256
ThreadCreationTime : 7-21-2006 10:42:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1388
ThreadCreationTime : 7-21-2006 10:42:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 196
ThreadCreationTime : 7-21-2006 10:42:14 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 368
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal
FileVersion : 5.1.0.29
ProductVersion : 5.1.0.29
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:14 [wzcsldr.exe]
FilePath : C:\Program Files\Alpha Networks\ANIWZCS Service\
ProcessID : 524
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal
FileVersion : 1, 0, 2, 20724
ProductVersion : 1, 0, 2, 20724
ProductName : ANIWZCS Service Launcher (9x)
CompanyName : Alpha Networks Inc.
FileDescription : ANIWZCS launcher for Windows.
InternalName : ANIWZCS9X
LegalCopyright : Copyright © 2003, Alpha Networks Inc.
OriginalFilename : ANIWZCS9X.exe

#:15 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 108
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal
FileVersion : 3.0.0.166
ProductVersion : 3.0.0.166
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:16 [reschangerxp.exe]
FilePath : C:\Program Files\ResChanger XP\
ProcessID : 568
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal
FileVersion : 1.4.1.1
ProductVersion : 1.4.1.0
ProductName : ResChanger XP
CompanyName : eVGA.com Corp.
FileDescription : ResChangerXP
InternalName : ResChXP
LegalCopyright : Copyright 2002, eVGA.com Corp.
LegalTrademarks : DirectX and Windows are owned by Microsoft Corp.

#:17 [aircfg.exe]
FilePath : C:\Program Files\D-Link\Air Utility\
ProcessID : 592
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal
FileVersion : 3, 1, 6, 31028
ProductVersion : 3, 1, 6, 31028
ProductName : Wireless LAN Monitor
CompanyName : D-Link
FileDescription : D-Link Wireless LAN Monitor
InternalName : WlanMonitor
LegalCopyright : Copyright 2003©, D-Link. All Rights Reserved.
LegalTrademarks : D-Link
OriginalFilename : WlanMon.EXE
Comments : ANIO

#:18 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 744
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : QuickTime 7.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:19 [navapw32.exe]
FilePath : C:\PROGRA~1\NORTON~2\NORTON~1\
ProcessID : 720
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:20 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 684
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:21 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_03\bin\
ProcessID : 824
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal


#:22 [update.exe]
FilePath : C:\Program Files\Common Files\{E0D7D2A7-07D8-1033-0922-040409040001}\
ProcessID : 868
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal


#:23 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 848
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:24 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 944
ThreadCreationTime : 7-21-2006 10:42:15 PM
BasePriority : Normal
FileVersion : 5.9.3861
ProductVersion : 5.9.3861
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2005 America Online, Inc.
OriginalFilename : AIM.EXE

#:25 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 964
ThreadCreationTime : 7-21-2006 10:42:16 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor

#:26 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ProcessID : 1332
ThreadCreationTime : 7-21-2006 10:42:17 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:27 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ProcessID : 1444
ThreadCreationTime : 7-21-2006 10:42:17 PM
BasePriority : Normal
FileVersion : 15.03.0.36
ProductVersion : 15.03.0.36
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2002 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:28 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 7-21-2006 10:42:17 PM
BasePriority : Normal
FileVersion : 6.14.10.5655
ProductVersion : 6.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:29 [snmp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1712
ThreadCreationTime : 7-21-2006 10:42:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe

#:30 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~2\SPEEDD~1\
ProcessID : 1748
ThreadCreationTime : 7-21-2006 10:42:20 PM
BasePriority : Normal
FileVersion : 6.03.0.36
ProductVersion : 6.03.0.36
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll

#:31 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1800
ThreadCreationTime : 7-21-2006 10:42:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [ulcdrsvr.exe]
FilePath : C:\Program Files\Common Files\Ulead Systems\DVD\
ProcessID : 1844
ThreadCreationTime : 7-21-2006 10:42:21 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : Ulead Systems ULCDRSvr
CompanyName : Ulead Systems, Inc.
FileDescription : ULCDRSvr
InternalName : ULCDRSvr
LegalCopyright : Copyright © 2002 Ulead Systems, Inc.
OriginalFilename : ULCDRSvr.exe

#:33 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1868
ThreadCreationTime : 7-21-2006 10:42:21 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:34 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 1976
ThreadCreationTime : 7-21-2006 10:42:21 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1524
ThreadCreationTime : 7-21-2006 10:42:23 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:36 [hpqste08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 1576
ThreadCreationTime : 7-21-2006 10:42:23 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP CUE Status
InternalName : HPQSTS00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQSTS00.EXE
Comments : HP CUE Status

#:37 [hprblog.exe]
FilePath : C:\Program Files\HP\Digital Imaging\Product Assistant\bin\
ProcessID : 2440
ThreadCreationTime : 7-21-2006 10:42:24 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : HPRBLOG
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPRBLOG.EXE
Comments : Hewlett-Packard Product Assistant

#:38 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2644
ThreadCreationTime : 7-21-2006 10:42:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:39 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3008
ThreadCreationTime : 7-21-2006 11:25:55 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:40 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office\
ProcessID : 3864
ThreadCreationTime : 7-21-2006 11:53:33 PM
BasePriority : Normal


#:41 [agentsvr.exe]
FilePath : C:\WINDOWS\msagent\
ProcessID : 3788
ThreadCreationTime : 7-21-2006 11:53:47 PM
BasePriority : Normal
FileVersion : 2.00.0.3422
ProductVersion : 2.00.0.3422
ProductName : Microsoft Agent Server
CompanyName : Microsoft Corporation
FileDescription : Microsoft Agent Server
InternalName : AgentServer
LegalCopyright : Copyright © Microsoft Corp. 1997-98
OriginalFilename : AgentSvr.exe

#:42 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2956
ThreadCreationTime : 7-21-2006 11:58:35 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ABetterInternet.Nail Object Recognized!
Type : RegData
Data : explorer.exe, c:\windows\system32\ibykg.exe
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, c:\windows\system32\ibykg.exe

Windows Object Recognized!
Type : RegData
Data : explorer.exe, c:\windows\system32\ibykg.exe
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, c:\windows\system32\ibykg.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 5


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stupid garrett@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:stupid garrett@ads.pointroll.com/
Expires : 12-31-2009 8:00:00 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stupid garrett@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:stupid garrett@hitbox.com/
Expires : 7-21-2007 7:27:26 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stupid garrett@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:stupid garrett@atdmt.com/
Expires : 7-19-2011 8:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stupid garrett@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:stupid garrett@doubleclick.net/
Expires : 7-20-2009 7:43:10 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stupid garrett@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:stupid garrett@tribalfusion.com/
Expires : 12-31-2037 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stupid garrett@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:stupid garrett@server.iad.liveperson.net/
Expires : 7-21-2007 7:26:16 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stupid garrett@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:stupid garrett@mediaplex.com/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stupid garrett@ehg-pcsecurityshield.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:stupid garrett@ehg-pcsecurityshield.hitbox.com/
Expires : 7-21-2007 7:27:26 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 13



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 13




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

8:16:28 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:43.453
Objects scanned:174881
Objects identified:10
Objects ignored:0
New critical objects:10

Hello garrettTFL

Apologies for the late reply, we are a bit backlogged here as you can probably see.

Are you still needing help? I'm now subscribed to this thread and if you reply back here, I'll get an automated notice of your response and get back to you very quickly now.

I know this bundled infection well, it is indeed a nasty one and very difficult for automated scanners to remove.

I'll be glad to help if you still need us.

Unfortunately yes, I am still in need of help. Any help would be greatly appreciated no matter how long it takes.

Hello garrettTFL,

That's a difficult combo for automated scanners to remove, but I do have some special tools that we can use.

1. Download this file - combofix.exe by sUBs!
http://download.bleepingcomputer.com/sUBs/combofix.exe

2. Double click on combofix.exe & follow the prompts.

Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)
Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)

Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.

3. When finished, it shall produce a log for you. Post that log in your next reply

..........................
I'll also need a log from this free diagnostic tool by Merijn

Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216

Here is the log from ComboFix, followed by my HijackThis log. Also upon restart of my computer a Norton alert poped up. "Malicious script detected. Object: Windows Script Host Shell Object. Activity: Send Keys. Your computer is halted and needs to do something about this script: File: C:\sUBs\enter.vbs" The recommended action is to stop this script. What should i do?

ComboFix:
Start Time= Fri 07/28/2006 22:10:08.45
Running from: C:\Documents and Settings\STUPID GARRETT\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

22:11:16.29

Qoologic uninstaller found and executed
Registry entries fixed


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-23 12:57:56 ( .D... ) "C:\Program Files\Abexo"
2006-07-23 12:06:44 ( .D... ) "C:\Program Files\Registry Medic"
2006-07-21 21:11:26 59392 ( ....R ) "C:\WINDOWS\streamhlp.dll"
2006-07-21 21:11:22 ( .D... ) "C:\Program Files\TrojanHunter 4.0"
2006-07-18 19:08:50 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-17 15:31:28 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE"
2006-07-16 16:54:20 ( .D... ) "C:\Program Files\a-squared Anti-Malware"
2006-07-16 16:45:32 2 ( A.... ) "C:\WINDOWS\system32\wapicc.exe"
2006-07-16 16:45:30 ( .D... ) "C:\Documents and Settings\STUPID GARRETT\Application Data\F?nts"
2006-07-16 14:11:26 ( .D... ) "C:\Program Files\??crosoft"
2006-07-15 21:58:58 ( .D... ) "C:\Program Files\Common Files\??mantec"
2006-07-15 21:58:38 ( .D... ) "C:\Program Files\Common Files\{E0D7D2A7-07D8-1033-0922-040409040001}"
2006-06-29 23:07:40 ( .D... ) "C:\Documents and Settings\STUPID GARRETT\Application Data\Walgreens"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-16 16:20:28 24575 ( A.... ) "C:\WINDOWS\system32\pusengwinsyspio.dll"
2006-06-16 16:20:16 24575 ( A.... ) "C:\WINDOWS\system32\Susengwinsyspio45.dll"
2006-06-15 22:39:48 ( .D... ) "C:\Program Files\Mihov Image Resizer"
2006-06-04 19:46:22 ( .D... ) "C:\Program Files\QuickTime"
2006-06-04 19:44:26 ( .D... ) "C:\Program Files\iTunes"
2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-15 18:24:34 466944 ( A.... ) "C:\WINDOWS\system32\capicom.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-23 00:30 478,720 C:\WINDOWS\WRUninstall.dll
2006-07-22 20:42 684,032 C:\WINDOWS\libeay32.dll
2006-07-22 20:42 155,648 C:\WINDOWS\ssleay32.dll
2006-07-22 16:39 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-17 15:31 2,560 C:\WINDOWS\_MSRSTRT.EXE
2006-07-15 21:58 2 C:\WINDOWS\system32\wapicc.exe
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll
2006-06-16 16:15 24,575 C:\WINDOWS\system32\pusengwinsyspio.dll
2006-06-15 22:09 24,575 C:\WINDOWS\system32\Susengwinsyspio45.dll
2006-06-15 22:08 61,440 C:\WINDOWS\system32\LFGIF14N.DLL
2006-06-15 22:08 57,344 C:\WINDOWS\system32\lfbmp14N.dll
2006-06-15 22:08 487,424 C:\WINDOWS\system32\LTKRN14n.DLL
2006-06-15 22:08 303,104 C:\WINDOWS\system32\LTDIS14n.DLL
2006-06-15 22:08 274,432 C:\WINDOWS\system32\LTEFX14n.DLL
2006-06-15 22:08 180,224 C:\WINDOWS\system32\LTFIL14n.DLL
2006-06-15 22:08 1,126,400 C:\WINDOWS\system32\LTIMG14n.DLL


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SoundMan"="SOUNDMAN.EXE"
"ANIWZCSService"="\"C:\\Program Files\\Alpha Networks\\ANIWZCS Service\\WZCSLDR.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"ResChangerXP"="\"C:\\Program Files\\ResChanger XP\\ResChangerXP.exe\""
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"D-Link Air Utility"="\"C:\\Program Files\\D-Link\\Air Utility\\AirCFG.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NAV Agent"="C:\\PROGRA~1\\NORTON~2\\NORTON~1\\navapw32.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe\""
"Microsoft Works Portfolio"="\"C:\\Program Files\\Microsoft Works\\WksSb.exe\" /AllUsers"
"nwiz"="nwiz.exe /install"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
"issearch.exe"="issearch.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{E0D7D2A7-07D8-1033-0922-040409040001}"="\"C:\\Program Files\\Common Files\\{E0D7D2A7-07D8-1033-0922-040409040001}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e1,00,00,00,00,00,00,00,1f,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,e1,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Fri 07/28/2006 22:12:33.90
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 10:14:28 PM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\ResChanger XP\ResChangerXP.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\{E0D7D2A7-07D8-1033-0922-040409040001}\Update.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\STUPID GARRETT\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ANIWZCSService] "C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ResChangerXP] "C:\Program Files\ResChanger XP\ResChangerXP.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link Air Utility] "C:\Program Files\D-Link\Air Utility\AirCFG.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120492327406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153538132828
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{459F5EB9-9984-42B1-89D5-9CE52910772F}: NameServer = 85.255.115.20,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA3199D-F371-4154-B841-DC44A36C2D91}: NameServer = 85.255.115.20,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7FEDBF-A975-48D8-8EB7-F31181152A13}: NameServer = 85.255.115.20,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43E60C9-95CD-4A53-8747-824823C437EB}: NameServer = 85.255.115.20,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{459F5EB9-9984-42B1-89D5-9CE52910772F}: NameServer = 85.255.115.20,85.255.112.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Please choose *allow* that is ComboFix by sUBs is a vbs file yes - it is a safe script we are using, it is trying to make fixes for the infections found. Norton can't tell the difference between a "safe" script and a harmful one, so that is why the alert (thinks I need to add this to my future instructions)

Ok I chose to allow the script.

1. Open HijackThis and choose to do a *system scan only*
When it finishes, place a checkmark next to these entries, then press the *fix checked* button

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)

O2 - BHO: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

After pressing the *fix checked* button, close HijackThis

........................................

2. Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt).
Please post back with the results of that report.txt
..................................
Copy these next instructions so you have them handy and this last step will be done in SAFE MODE, so you won't be viewing this window.

3. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

How to extract (decompress) zipped or compressed files
http://www.lvsonline.com/compresstut/index.shtml

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


4. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

5. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

6. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

Logs needed in your next post are:

report.txt from the FixWareout tool

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

Fresh HijackThis log

Ok, heres everything. Also, everytime i start my computer now a prompt comes up to install something called 'TrayApp' but then says it need to disk to finish. Im not sure if this has anything to do with my problem or is just another problem all together, just wondering.

report.txt:

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32

[b]rapport.txt[/b]
SmitFraudFix v2.76

Scan done at 11:50:42.57, Sat 07/29/2006
Run from C:\Documents and Settings\STUPID GARRETT\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\msupdate32.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

and a fresh HijackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 12:00:18 PM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\ResChanger XP\ResChangerXP.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\{E0D7D2A7-07D8-1033-0922-040409040001}\Update.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\STUPID GARRETT\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ANIWZCSService] "C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ResChangerXP] "C:\Program Files\ResChanger XP\ResChangerXP.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link Air Utility] "C:\Program Files\D-Link\Air Utility\AirCFG.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120492327406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153538132828
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{459F5EB9-9984-42B1-89D5-9CE52910772F}: NameServer = 85.255.115.20,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA3199D-F371-4154-B841-DC44A36C2D91}: NameServer = 85.255.115.20,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7FEDBF-A975-48D8-8EB7-F31181152A13}: NameServer = 85.255.115.20,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43E60C9-95CD-4A53-8747-824823C437EB}: NameServer = 85.255.115.20,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{459F5EB9-9984-42B1-89D5-9CE52910772F}: NameServer = 85.255.115.20,85.255.112.132
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Open Hijackthis and do a *system scan only*

When it finishes, checkmark these entries, then press the *fix checked* button:

O17 - HKLM\System\CCS\Services\Tcpip\..\{459F5EB9-9984-42B1-89D5-9CE52910772F}: NameServer = 85.255.115.20,85.255.112.132

O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA3199D-F371-4154-B841-DC44A36C2D91}: NameServer = 85.255.115.20,85.255.112.132

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7FEDBF-A975-48D8-8EB7-F31181152A13}: NameServer = 85.255.115.20,85.255.112.132

O17 - HKLM\System\CCS\Services\Tcpip\..\{C43E60C9-95CD-4A53-8747-824823C437EB}: NameServer = 85.255.115.20,85.255.112.132

O17 - HKLM\System\CS1\Services\Tcpip\..\{459F5EB9-9984-42B1-89D5-9CE52910772F}: NameServer = 85.255.115.20,85.255.112.132

Also, let's get a report from this free tool:

Download the free beta trial of this tool from F-Secure called Blacklight
F-Secure Blacklight:
https://europe.f-secure.com/blacklight/try.shtml
Doubleclick on bibeta.exe to run it.
Click the *I accept* button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new text file near blacklite.Post it please. The text file is named:
fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
!!Do not rename any files yet

fsbl-20060730151523

07/30/06 11:15:23 [Info]: BlackLight Engine 1.0.42 initialized
07/30/06 11:15:23 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/30/06 11:15:23 [Note]: 7019 4
07/30/06 11:15:23 [Note]: 7005 0
07/30/06 11:15:29 [Note]: 7006 0
07/30/06 11:15:29 [Note]: 7011 476
07/30/06 11:15:30 [Note]: 7026 0
07/30/06 11:15:30 [Note]: 7026 0
07/30/06 11:15:34 [Note]: FSRAW library version 1.7.1019
07/30/06 11:19:22 [Note]: 7007 0

Thanks. That's OK - no hidden files found. I just needed to check.

Can you post a fresh HijackThis log please ?

I think you are good to go unless you're seeing any remaining problems on your end.

OK heres my fresh HijackThis log below. Everything does seem to be fine to me, but the only problem I am still having is everytime I restart, or turn my computer on I am prompted to install 'TrayApp'. I have no clue what this is and I cannot cancel the instal normaly I have to end it in the Task Manager. Other than that everything seems fine.

Logfile of HijackThis v1.99.1
Scan saved at 11:43:25 AM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\ResChanger XP\ResChangerXP.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\{E0D7D2A7-07D8-1033-0922-040409040001}\Update.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\STUPID GARRETT\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ANIWZCSService] "C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ResChangerXP] "C:\Program Files\ResChanger XP\ResChangerXP.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link Air Utility] "C:\Program Files\D-Link\Air Utility\AirCFG.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120492327406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153538132828
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

The trayapp error isn't a malware problem. It appears to be a problem of misconfiguration of some sort. Search for possible causes and solutions:
http://www.google.com/search?hl=en&q=+...G=Google+Search

Some final cleanup and prevention recomendations follow.

I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!

Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.

You can go ahead and delete any special tools we used (SmitRem, SmitfraudFix, ComboFix, etc). They won't serve a future purpose and are replaced with updated versions frequently, so the copies you have are probably already out of date and no need to keep them.

Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr
Wait while Windows scans your system for files to delete.
Make sure these 3 are checkmarked and press *ok* to delete them.

Temporary Files
Temporary Internet Files
Recycle Bin

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help .
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/

And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

Also visit this Free Online Scanner from Microsoft for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.

Ok, everything seems to be good so far. I followed all of your final recommendations and nothing seems to have come back. I just wonder with how common my problem was (especially on this forum) why the tools you had me use, which were all free are not more know about. I did a great deal of searching on my own before I cam here for help, and found nothing about any of the tools you had me use. Just wondering, but that you for all of your help!

p.s. The ‘TrayApp’ problem was something to do with my printer. I believe I used a registry cleaner a little while ago and I must have mistakenly deleted one of the HP keys. I uninstalled and reinstalled and everything is fine.

Thanks again!

You're quite welcome. Glad we could help. Certain types of malware like you had are quite prevelent but always changing constantly with new variants which makes it difficult for the automated scanners to keep up. Some of them, like this one are very difficult to remove once installed, and we have to use a special tool to dig it out. Volunteer malware fighters often follow these difficult menaces and will develop a tool or method we can use to help vicitms. So it is always a catch-up task to keep up with them. Prevention is really the key!

I saw several references to a FP by registry cleaner - I'm suprised they haven't fixed that yet. Glad to hear you got that sorted anyway

Some final cleanup and prevention recomendations follow.

I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!

Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.

You can go ahead and delete any special tools we used (SmitRem, SmitfraudFix, ComboFix, etc). They won't serve a future purpose and are replaced with updated versions frequently, so the copies you have are probably already out of date and no need to keep them.

Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr
Wait while Windows scans your system for files to delete.
Make sure these 3 are checkmarked and press *ok* to delete them.

Temporary Files
Temporary Internet Files
Recycle Bin

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help .
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/

And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

Also visit this Free Online Scanner from Microsoft for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.

Well thanks for all of your help, all seems well on my part.

Great! Glad we could help

I'll go ahead and put this topic into the "Resolved" (read only) section. If you should have any further issues, please feel free to start a new topic